PFA
Lab 1 Introduction to Security 1Page 8 of 9 MN502 Network Security Laboratory 1: Introduction to Security 1 Submission Due: End of laboratory class, submit the file on the Moodle at least 10 minutes before the end of laboratory class. Total Marks = 5 marks for 10 weeks Marks will be given only to students who attend and participate during 2 hours laboratory class. Submission on Moodle is mandatory as an evidence of participation. Description of the laboratory exercise: In this lab · you will also install Oracle VM VirtualBox with Kali Linux OS iso. · you will do a research on basic security topics like password attacks, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Task 1: Install VM OS (Kali Linux) Exercise 1: Install Kali Linux by following steps: 1) Download “kali-linux-2018.1-amd64.iso” image from Student Software Resources on the Moodle page. 2) Open Oracle VM VirtualBox from location below: Start>All Programs> Oracle VM VirtualBox> Oracle VM VirtualBox. a. If Oracle VM VirtualBox is not installed on your personal computer or laptop, then download from https://www.virtualbox.org/wiki/Downloads for the particular operating system installed on your device. 3) Click on “Machine> New” and type details as shown below for Kali Linux. You can also select Debian (64- bit as well) 4) Click next for each upcoming windows until you see the window shown below. Click ‘create’ in this window and you will see your virtual operating system is created. 5) 6) Double click on Kali2 link. It opens a window and attempt to load the operating system. However, we have not supplied the image file (.iso or .vdk). It will appear with an option to choose the .iso file for the operating system. 7) Locate and copy the Kali Linux ISO on your disk. Choose the kali-linux-2018.1-amd64.iso image location and click start to continue installation steps. 8) Start the Kali Linux Virtual Machine and from the Boot Menu select the “Graphical Install” option as shown in the picture 9) On the Language screen select your preferred language, e.g. “English – English” and your Location, e.g. “Australia” 10) Select your Locals, e.g. “NSW or Victoria” and your Keyboard type, e.g. “English” 11) On the Network Configuration Screen select “Configure Network Manually” (if you have a DHCP Server available on the same network you may use the automatic configuration, on my lab I’ll do a manual network configuration) 12) Define your IP address and network mask, e.g. “10.0.0.100/24” and your gateway, e.g. “10.0.0.254” (make a choice for your lab) 13) Configure your name server, e.g. “192.168.0.1” and your hostname, e.g. “Kali” 14) Use the default the domain name 15) Define the root user password 16) Configure the clock 17) On the Partition Disks setup window select “Guided – Use entire disk and set up encrypted LVM” Select the appropriate partition disk and click continue, e.g. “SCSI 3 (0,0,0) (sda) – 32,2 GB Msft Virtual Disk” 18) On the Partition Disks partitioning window select “All files in one partition (recommended for new users)”, for the purpose of this lab this is the simplest option so do that for now. Later (in real life) you can define separate partitions for /home, /usr, /var, etc, etc. 19) Confirm the Logical Volume Manager configuration, on “Write the changes to disks and configure LVM” Select “Yes” 20) Review the Partition disks window with the Logical Volume Manager, partitions and mount point details, select the option “Finish partitioning and write changes to disk” and click on “Continue”. 21) Confirm the changes and configuration of the Partition Disk on “Write the changes to disks” and select “Yes” 22) On the Configure the package manager window on “Use a network mirror” select “Yes”. The intent of this process is to update the Kali Linux packages during the OS install, so make sure that you have Internet connectivity to accomplish this task 23) When you go ahead with the packages updates with the last step you may configure a proxy server ip address. Leave default (empty) 24) On the Install the Grub boot loader on a hard disk on “Install the GRUB boot loader to the master boot record?” select “Yes” After GRUB boot loader installation the Kali Linux installation is complete and you should see the Finish Installation window, click on “Continue” to boot up Kali Linux Exercise 2: Boot Kali Linux in Oracle VM Boot Kali GNU/Linux [username: root and password: toor] Exercise 3: Updating and patching (If Required) Update the machine with the following commands on terminal. apt-get update apt-get upgrade To dual home the machine, you’ll need to add a network adapter to it, and edit the /etc/network/interfaces file. We’ll use static addressing on our ‘hacking’ network. Edit the interfaces file to read allow-hotplug eth0 iface eth0 inet dhcp allow-hotplug eth1 iface eth1 inet static address 192.168.23.100 netmask 255.255.255.0 network 192.168.23.0 broadcast 192.168.23.255 Then reboot the machine (a service networking restart doesn’t seem to do it). Check the correct network setup with a route –nve command. The 192.168.23.0/24 network should be connected to eth1, all the others, especially the default gateway, to eth0. Task 2: Password attacks Research on Password attacks on the internet and answer the following questions. 1. What are the different types of password attacks? 2. What can a systems administrator do to protect against them? Task 3: IDS and IPS Research the topics Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) on the Internet and write one-page report on them. Your report should include the following: 1. Host based Intrusion Detection System (HIDS) 2. Network based Intrusion Detection System (NIDS) 3. Comparison of HIDS and NIDS 4. Host-Based Intrusion Prevention System (HIPS) 5. Network base Intrusion Prevention System (NIPS) 6. Comparison of HIPS and NIPS For Kali Linux installation, Provide final snapshot of installed machine. After completing the tasks upload your report on Moodle. Prepared by: Dr Wanod Kumar Moderated by: Prof Savitri Bevinakoppa T2, 2021 Prepared by: Dr Wanod Kumar Moderated by: Prof Savitri BevinakoppaT2 2021 Lab 2 Introduction to Security 2: NMap Page 2 of 2 MN502 Network Security Laboratory 2: Introduction to Security 2 Submission Due: End of laboratory class, submit the file on the Moodle at least 10 minutes before the end of laboratory class. Total Marks = 5 marks for 10 weeks Marks will be given only to students who attend and participate during 2 hours laboratory class. Submission on Moodle is mandatory as an evidence of participation. Description of the laboratory exercise: In this laboratory, student will analyse a security tool (Nmap on Kali Linux), and also analyse and discuss common threats/attacks and mitigation techniques for networked information systems. Student needs to complete the exercises in the manual and do the following tasks related to Nmap tool in Kali Lab Exercise: After completing the exercises in manual (which is based on Kali Linux running on Virtual Box), answer the following questions. (1) From your observations how many hosts are running in LAN? Please list IP addresses of at least five running hosts. (2) For the five identified running hosts in question 1, which services (TCP and UDP) are open on those machines? (3) Can you determine the Operating system and its possible version that is running on those five machines? Analysis 1: From your experience with Nmap discuss and analyse the potential security threats we all face while connected in the network. Analysis 2: Propose suitable risk mitigation techniques for the threats identified in the previous part. Write your answers as a report and submit the report on Moodle 10 minutes before the laboratory class. Prepared by: Dr Wanod Kumar Moderated by: Prof Savitri Bevinakoppa T2 2021 Prepared by: Dr Wanod Kumar Moderated by: Prof Savitri Bevinakoppa T2 2021 Lab 2 - Manual Nmap Page 5 of 5 MN502 Network Security NMap Lab Manual [1] [2] Description: After the lab exercises, the students should be able to use NMAP in command line to scan a host/network, so to find out the possible vulnerable points in the hosts. You should be using the Kali Linux on VM. Pre-work: 1. Launch Virtual Box 2. Launch your Kali Linux VM 3. Do all your exercises in the VM NMAP - the Network MAPper Nmap is the scanning tool that provides the ability to crack a computer system by finding a target machine vulnerable to attacks. Intruders can scan for UDP and TCP listening ports and can design their attacks accordingly. Our lab exercise will focus on using Nmap in the command-line. How to use NMAP? Nmap is a simple tool to use and is accessed via command line. Usage syntax is: Nmap –sflag IP-address/network address Flag are according to the purpose, for example: Icmp ping # nmap -sP 172.16.63.0/24 tcp ping # nmap -sP -PT80 172.16.63.0/24 TCP connect # nmap -sT 172.16.63.n Stealth Scanning # nmap -sS 172.16.63.n UDP Scanning # nmap -sU 172.16.63.n Stealth FIN # nmap -sF 172.16.63.n (n is the host number) To run most commands in Nmap, root privileges are required. Task 1: Ping Sweeping: To check what hosts are UP Ping sweeping can be used with option of ”-sP” for finding all the running hosts in the network. The network address and the subnet mask need to be given. Nmap sends an ICMP echo and a TCP ACK to each host it scans. Hosts that respond to either are considered to be up. You need to use ifconfig on the terminal to find your host address and then use that to figure out your network address. Example output is shown in the following figure for port scanning using Nmap: TCP ping sweep with flag of “-sP –PT” can be used to check the hosts responding to TCP connection request and to find out the running hosts as some hosts may not reply back to ICMP messages. Example output is shown in the following figure for port scanning with TCP using Nmap: Once intruder knows which machines on a network are up, ususlly the next step is port scanning. Task 2: Port Scanning Different types of port scans are provided by Nmap: TCP connect, TCP SYN, Stealth FIN, UDP scans. TCP connect One form of port scanning is TCP connect which uses the connect() system call to open connections to interesting ports on the target host and complete the 3-way TCP handshake. An important issue is that the probe is easily detected by the target host. "-sT" flag is used for this purpose. Example output is shown in the following figure for TCP