AssessmentEvidence BhuwanGhimire 6335586 ICTNWK601 - Design and implement a security system
advertisement
2020 ICTNWK601 - Design and implement a security system | Bhuwanghimire | 6335586 STUDENT ASSESMENT BHUWAN GHIMIRE | 6335586 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Assessment Task 1 - Unit Knowledge Test (UKT) Question 1: Answer the Following Questions: A. What do you understand from Access Control Lists? Write your response in 50-100 words. Access Control Lists "ACLs" are network traffic filters capable of monitoring incoming or exit traffic. ACLs operate on a collection of rules that describe whether a packet can be forwarded or blocked at the router interface. An ACL is the same as a Stateless Firewall that limits, blocks or requires packets to flow from source to destination only. ACLs are common in routers or firewalls but they can also be installed from hosts, network devices , servers, etc. on any system running on the network. B. What are the steps involved in the configuration of the Access Control Lists. Use Screenshots in your answer. The steps involved in the configuration of the Access Control Lists 1. Build a MAC ACL with a name specified. 2. Build an ACL for the IP by entering a number. 3. Adds new ACL guidelines. 4. Configure the rules match requirements. 5. Apply the ACL to a single interface or more. P a g e 1 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 C. What are the Four (4) steps involved in the troubleshooting of the Access Control Lists? 1. Determine Which Interfaces have ACLs :Take a look at all the configurations of the router first, to see if ACLs are still being applied to problems with the network. Two Cisco IOS commands can aid in deciding that. Commands • show run • show ip interfaces (Interface) 2. Determine can ACL statements have traffic effects: A kind of a dumb word, ACLs still work on traffic. What I mean by this, though, is to decide the ACL that affects the traffic in which we are experiencing or are investigating problems. Below are a few commands for displaying the detail. Commands • • show access-lists show ip access-lists 3. Analyze the ACLs to Match Traffic: Now that we've found the ACLs that suit traffic we can take a closer look at now. What sort of traffic does UDP TCP or ICMP send? Do we have any advanced ACLs that would shift the traffic? Recall that ICMP is regarded as its own type and not TCP or UDP traffic. 4. Facts to Remeber about ACLs: • ACLs will be handled on a first match logic, meaning ACL 1 before ACL 2 and ACL 2 before ACL 3. • TCP or UDP shall be included in the ACL command if the port numbers are tested Using an explicit deny to display percentages in ACL counters • P a g e 2 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 2: What are the different Authentication Protocols? Explain two (2) Authentication Protocols.Write your answer in 150-200 words. The different authentication protocols are as: A. PAP - Password Authentication Protocol. B. Kerberos (protocol) A. Pap-password authentication protocol PAP is an Authentication Protocol password used to validate users via PPP connections. PAP authentication requires user name and password to access the calling system. If the credentials suit the so-called device's local database or in the remote AAA database then access is refused otherwise. B. Kerberos (protocol) Kerberos is a protocol for Network authentication. This is designed using secretkey cryptography to provide good authentication for client / server applications. The Massachusetts Institute of Technology pays for free implementation of this protocol. Kerberos is also used in other consumer goods. MIT developed Kerberos as a solution to these Network Security issues. The Kerberos protocol uses strong cryptography to allow a client to prove their identity to a server (and vice versa) over an insecure network connection. Once a client and server have used Kerberos to prove their identity, all of their messages can also be encrypted to ensure privacy and data integrity as they move. Question 3: What are the four (4) most secured encryption techniques? Write 50100 words for each technique? Four (4) most secured encryption techniques are as: A. Advanced Encryption Standard (AES): Advanced Encryption Standard is a symmetric algorithm for the encryption of fixed data blocks (of 128 bits) at a time. The keys that were used to decode the text can be 128-, 192-, or 256-bit. The 256-bit key encrypts the data into 14 rounds, the 192-bit key in 12 rounds and the 128-bit key in 10 rounds. B. Rivest-Shamir-Adleman (RSA): Rivest-Shamir-Adleman is an asymmetric encryption algorithm, which is centered on two large prime numbers factorizing the product. Any one who knows these numbers will be able to decode successfully. RSA is widely used in digital signatures but works slowly when large quantities of data require encryption C. Triple Data Encryption Standard (TripleDES): Triple Data Encryption Standard is a symmetrical encryption and modified DES method type which encrypts data blocks using a 56bit key. TripleDES apply the DES cipher algorithm to any block of data three times. TripleDES is also used for the protection of ATM PINs and UNIX passwords. P a g e 3 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 D. Twofish: Twofish is a license-free encryption method that encrypts 128-bit data blocks. The successor to the Blowfish encryption method is considered to have encrypted 64-bit message blocks. Twofish always encrypts data in 16 rounds, regardless of the size of the key. Although it is slower than AES, the Twofish encryption method continues to be used by a number of file and folder encryption software solutions. Question 4: Summarise the following terms: A. Intrusion Detection System (IDS) An Intrusion Detection System (IDS) is a system that tracks network traffic for suspicious behavior and issues warnings upon detecting such activity. This is a software program that scans a device or network for malicious behavior or breaches of policy. Any malicious venture or violation is usually recorded either to an administrator or centrally collected using a program for security information and event management (SIEM). A SIEM framework incorporates multi-source outputs and uses warning filtering methods to differentiate malicious behavior from false positives. B. Intrusion Prevention System (IPS) An intrusion prevention system (IPS) is an instrument for network protection and prevention of attacks. The concept behind prevention of intrusion is to create a preventive approach to computer security in order to identify and respond to potential threats quickly. Therefore, intrusion prevention systems are used to analyze network traffic flows to detect malicious software and to stop exploits of insecurity. P a g e 4 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 5: Explain the following terms: A. Network Models: A network model is a database model, built to represent objects and their relationships as a scalable approach. The network model 's special attribute is its schema, which is presented as a graph where relationship types are arcs and entity types are nodes. Like other database models, the structure of the network model is not limited to being a lattice or structure; the hierarchical tree is replaced by a graph that allows for more simple node connections. B Internet Protocol The Internet Protocol ( IP) is a protocol, or collection of rules, for routing and addressing data packets so they can pass through networks and get to the right destination. Data via the Internet is broken down into smaller bits, called packages. An IP address is allocated to any device or domain that connects to the Internet, and as packets are directed to the IP address attached to them, data arrives where it is required. Question 6: Answer the following: A. What are the different wireless regulations and standards? The different wireless regulation and standards are: IEEE 802.11: Initial one! This now-defunct standard was created in 1997 and backed a blazing fast maximum connection speed of megabits per second ( Mbps) Devices that use this have not been made for more than a decade, and do not operate with the devices of today. IEEE 802.11b: This standard, also developed in 1999, uses the more common 2.4GHz band, which can reach a maximum speed of 11Mbps. The protocol that kickstarted the adoption of Wi-Fi was 802.11b. IEEE 802.11g: The 802.11 g standard, introduced in 2003, increased the maximum data rate to 54Mbps while maintaining stable 2.4GHz band use. This contributed to widespread adoption of the standard. IEEE 802.11ax: First up is the ax specification for router and wireless devices. As ax completes its rollout, \ will have access to 10Gbps theoretical network throughput — around an upgrade of 30-40 per cent over the ac standard. B. List Wireless Network Certifications. The wireless network certification are as: • • • • • Cisco Certified Network Associate (CCNA) Wireless: Cisco Certified Network Professional (CCNP) Wireless Certified Wireless Network Administrator (CWNA) Aruba Certified Mobility Associate (ACMA) Certified Wireless Security Professional (CWSP) P a g e 5 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 7: What are the steps involved implementations of the following: A. Local Area Network – LAN Steps involved in implementation of LAN are: • Firstly, we require the proper equipment like: computer, router, Ethernet cable, modem and other necessary devices. • Secondly, connection of these devices is very essential. PC setup needed to done at the very beginning to connect the router through Ethernet cable and from the center area of the network we can find the setup wizard. • Then Wi-Fi connection is very important to run the devices which can be done with the help of the setup wizard. • Each of the devices that is connected to the internet require internal connections like passwords setup. This makes the internet connection successful. Lastly, we need to connect all the other devices to the LAN and it is ready to be used. B. Wide Area Network –WAN Steps involved to implement the WAN are as follows: • First of all, it is necessary to find the service provider in that particular area and should install the equipment to create demarcation point. • Then connect the router to the WAN link. Although the service provider provides the router but also we need separate router for the LAN. • Lastly, need to connect all the switches connection to the router which will pile up all connection to the LAN and make connection with router. P a g e 6 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 8: Answer the following questions: A. What are the five (5) malicious network attacks and their prevention techniques? Write 50- 100 words for each. Five network attacks are as follow: • • • • • Replay: Reply attack occur when an attacker copies a stream of messages between two parties and reply stream to one or more of the parties Reply attack is also known as a playback attack. Main function of the reply attack is to help attacker to gain access to the information which would not have been easily accessed. Snooping: spoofing is the type of attack in which the attackers pretend to be a trusted communicator and makes the user to share their confidential information. This attack is mainly done by phone calls, emails, and attachments. Phishing attacks: Phishing is called a type of social engineering attack which is mainly used to steal data including login details, credit card information etc. it happens if the victim opens the instant text or messages from unknown resources. Trojans horse attack: Trojan horse is a malware software that is mostly used by the hackers or cyber-thief to get access to the user’s system. Here victims are usually tricked by some email attachments. Man-in-middle attack: Man-in-the-middle is a kind of cyberattack where conversation between two applicants happen, where the victim believes in their direct communication but the attacker gains the information of the victim. Prevention techniques are: • Use of Virtual Private Network to encrypt web traffic. • Make sure that softerware in the systems are updated regularly. • Installation of anti-viruses’ software to prevent \ system from viruses. • Use of strong authentication like strong login details and so on. • Using cloud is the safest way to keep organizational data secured. P a g e 7 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 B. What are the three (3) types of security to use as a methodical approach to protect a network infrastructure? Write your answer in 100-150 words. The three types of security to use as a methodical approach to protect a network infrastructure are as follow: • • • Running network security audit: In this process any organization can investigate their policies and can easily identify the threats that might lead to the network breaches. This can be also run by internal cybersecurity teams. This audits contains firewall configurations, security policies and risk assessment. Awareness training regarding cybersecurity: Every employee of the organization should be trained regarding cyberattacks and threats. If they are not trained then they might fall for attacks, end up downloading viruses and may lose confidential information. Patching software: Unpatched software may be dangerous for network security. Ensure we are finding and fixing software in regular basis which will make hackers job hard. After checking the software in system, make sure to use strong security patches for them to defense the attack. Question 9: What are the eight (8) famously used network management tools? Write your response in 100-150 words. The 8 netwok management tools are as: 1 Solar winds network performance monitor: This framework is built from the ground up to make the monitoring process for network as painless as possible. 2 Paessler PRTG : Until now, one of PRTG's biggest selling points has been its versatility. It tracks everything from bandwidth to web sites, cloud providers, servers, traffic and databases making it one of the most robust monitoring tools on the network. 3 ManageEngine OpManager: ManageEngine OpManager targets at certain Organization searching for a solution for catch-all control of the network. Unlike PRTG, this device embodies all the key differentiators that a top-of-therange company would expect from it. Users can track the network in real-time and view their live network behavior through a variety of dashboards and graphs. To track performance metrics such as CPU, disk space and memory usage, we can conduct physical and virtual server monitoring. 4 Zabbix: Zabbix is a network management system that incorporates hardware, cloud services and KPI / SLA management to give the network access a full P a g e 8 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 perspective. Some find this device to be a monitor of network performance but it can also fulfill a variety of administrative functions. 5 Icinga: The multithreaded architecture helps to run thousands of checks per second, without impacting computer 's output adversely. Icinga has plenty to sell, in terms of warnings. If any problems are found on network, a notification will be sent via e-mail or SMS. When we need a segmented network event response may appoint additional users to receive those warnings. 6 Nagios XI: Nagios XI is another very well-known monitoring device constructed with ease of use in mind. This will track network infrastructure and carry out preparation of longterm capacities. The GUI can be modified to fit a number of different views, making its use fairly straightforward. 7 WhatsUp Gold: Ipswitch’s WhatsUp Gold from pswitch has built a reputation for itself as a strong and refined network management platform for mid- to large-scale organisations. Its undeniably greatest appeal must be its rigorous monitoring of application performance. This allows the user to track their network down to the level of their computer. 8 NETCRUNCH: NetCrunch is excellent as performance management solution. We can display the output of network in graph or dial format and the processing time. These track the real-time success metrics. The software GrafCrunch produces live dashboards of results. If this is not enough, we can also view details about the network in widget format. P a g e 9 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 10: What are the steps involved in the setup of a Virtual Private Network- VPN in Windows 10? The steps involved in the setup of a Virtual Private Network- VPN in Windows 10 A. II. III. IV. V. VI. VII. Click Windows, then go to Settings > Network & Internet > VPN. Click on the connection Add VPN. For your VPN provider pick Windows (built-in) in the fields on the tab. Offer a name for your VPN under the name Connection. Enter the name or address of the server, type of VPN and type of sign-in detail. For extra protection, add a user name and password (this is optional but recommended). You can opt to have your sign-in information remembered by the machine. Click Save Go back to Settings > Network & Internet > VPN to log in to your VPN. Tap your name on your VPN. You can select Advanced Options to edit the link properties at this stage, clear your sign-in data, or set up a VPN proxy if you wish. If you have set one, select Link, and enter a password. Question 11: What do you understand from Routing Protocols and what are its types? Write your answer in 100-150 words. A routing protocol defines how prefer to communicate on a computer network to relay information that enables them to pick routes between any two nodes. Routers perform on the Internet the "traffic controlling" functions; data packets are transmitted from router to router via the Internet networks before they reach their destination device. Types of routing protocols are as: A. Distance-vector routing protocols: Routers running distance-vector routing protocols transmit routing and accessibility information from all active interfaces on a periodic basis. Through their active interfaces they also obtain the same information from their neighbours. Distance-vector protocols use timers to relay information on the routing. When their periodic timer has expired, they transmit their routing information from all active interfaces, regardless of whether or not the routing information has changed since the previous transmission. B. Link-state routing protocols: The link-state routing protocols, unlike distance-vector routing protocols, do not share routing and accessibility information with others. Routers running connection-state protocols only share routing information with neighbours. Linkstate protocols use a special protocol known as the hello protocol to discover the neighbors. P a g e 10 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 12: What are the network security threats and five (5) techniques that can be used for their mitigation? Write 30-50 words for each mitigating technique. Network Security threats may be numerous, such as cyber attacks, data theft, identity theft, equipment or computer theft, sabotage and extortion of computer. Attacks by machines means attacks by malware, worms , trojan horses etc. The five techniques that can be used for the mitigation are as: 1. Risk Acceptance: Risk tolerance comes down to "risking it." The risk is coming to terms and there is nothing we are going to do to minimize it or change it. Instead, it acknowledges the probability that it will happen, and accepts the potential consequences. 2. Risk Avoidance: If a risk is too large to consider from starting a project, launching a product, moving company, etc., it might be easier to avoid it. Risk avoidance in this case means failure to conduct the activity which causes the risk. 3. Risk Reduction: Businesses may prescribe an appropriate level of risk which is called the residual level of risk. Risk management is the most common technique, as there is generally a way of reducing risk at least. This includes taking countermeasures to reduce the effect of the outcomes. For example, risk transfer, like that of purchasing insurance, is one type of risk reduction. 4. Risk Mitigation: If evaluating risks, it's best not to prevent or embrace those risks. Risk reduction in this instance is being discussed. Risk reduction applies to threat management procedures and methods. By assessing risk and its probability, will assign administrative capital. 5. Risk Transfer: As already stated, the transfer of risk includes transferring the risk to another third party or agency. Risk transfers may be outsourced, passed to an insurance provider or turned over to a new company as is occurring when leasing properties. Risk shifts do not necessarily contribute to lower costs. Alternatively a transfer of risk is the better choice if it can be used to reduce potential harm. P a g e 11 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 13: Answer the following questions: A.Explain the ten (10) commands of CISCO Command Line Interface to configure and test different network elements? Write your 30-50 words for each command. Ten commands of CISCO Command Line Interface to configure and test different network elements are as follow: 1. Show running-configuration: Show running-configuration shows the router, switch and firewalls recent configuration. We can change this configuration if any changes are made to router. 2. show interface: it provides the following output; • Interface status • Protocol status • Utilization • Errors • MTU 3. show ip interface: It shows the ip interface briefly and provide the useful information about the configuration and the status of the IP protocol. They are providing capable quick information of the interface. 4. no shutdown: No shutdown enables the interface which is mostly used in the interface configuration mode. It is very useful for troubleshooting. 5. Show ip route: This command is used to show the routers routing table. We can use the parameters like sh ip ro, s hip ro ospf and so on. 6. show version: This command provides the details of the router configuration register. We can use this command as ‘sh ver’. 7. debug: Debug command will allow us to know if any router is added or removed from the network. It can be a dangerous process as it has control over all others. 8. config terminal: This command takes us to the global configuration mode where we can change the global parameters. 9. Enable: In the very beginning if we want to enter the privileged mode, we enter enable command. 10. Interface: This command is required to change the parameter in the interface mode like; IP address. P a g e 12 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 B.List five (5) software tools to secure network routers. The five software tools to secure network routers are as: a. PRTG b. Nagios c. Solar Winds Network Insights d. Icings e. Zenoss Question 14: Answer the following questions: A.What is the importance and functions of the Authentication, Authorisation and Accounting? The importance and functions of the Authentication, Authorization and Accounting are given as below: • AAA will help us to implement identify management if we get the proper understanding of Authentication, Authorization and Accounting. • AAA helps in keeping the records of the user in the network system and monitors their activity. AAA identify the right access and grant the access if they have correct username, passwords and also their unique login details is required. • • • AAA provides strict security in granting access to the network system. Proper accounting in AAA enables network and system to review and monitor the access attempting and granting B.What do you understand from authorisation and accounting (AAA) protocols? Write 100150 words? Authorization: Authorization in AAA is simply responsible for the users logging in the system and gaining access. Authorization policies determine what kind of activities, resources and the service can user get or are permitted. User can only be permitted to their sources only if they contain their proper login in detail and identity. Accounting: Accounting in AAA is totally about the monitoring the resources that the user is permitted in network access. This also can include the amount of time in the system or the sending and receiving of the data packets. Mainly accounting focus after the billing, analysis, utilization of the resources and for the data flow planning. It is highly used in the business operation where more logging session are attempted. P a g e 13 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 C.Compare the common features of Terminal Access Controller AccessControl System Plus (TACACS+) and Remote Authentication Dial In User Service (RADIUS) authentication.Write 150-200 words for each. Some of the features of RADIUS and TACAS+ are given below: The process is start by Network Access Device (NAD – client of TACACS+ or RADIUS). NAD contact the TACACS+ or RADIUS server and transmit the request for authentication (username and password) to the server. First, NAD obtain username prompt and transmit the username to the server and then again the server is contact by NAD to obtain password prompt and then the password is send to the server. The server replies with access-accept message if the credentials are valid otherwise send an access-reject message to the client. Further authorisation and accounting is different in both protocols as authentication and authorisation is combined in RADIUS. Question 15: What are steps involved in the configuration, verification and troubleshooting the following: A.Switch with virtual local area networks (VLANs) and inter-switching communications Step 1: Enable the routing on the switch using the 'ip routing' command Step 2: note the VLAN that are routing Step 3: Use the command "show vlan" to verify VLANs that exists in VLAN database Step 4: Determine the ip address that we want to assign to VLAN Step 5: Configure the VLAN interfaces with the IP address. Step 6: configure interface to Default router Step 7: Configure the default route for the switch. Step 8: configure end devices to use VLAN interface as their default gateway. For the verification of the switch configuration following can be used: • • show ip route show ip interface brief For the troubleshooting following can be done: a. Performed ICMP pings in order to verify we have Layer 2 connectivity. b. Start the ICMP ping from the end device connected to the Catalyst 3350 to its corresponding VLAN interface. c. Imitate the ICMP ping from the end device of one VLAN to other interface VLAN on another VLAN to verify the switch routes between the VLANs. d. End device of one VLAN to end device of another VLAN should be ping P a g e 14 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 e. If unable to connect to the internet or other cooperate network, verify the IP address and subnet mask on the switches are correctly configured. B.Router Step 1: enter the global configuration mode using ‘configuration terminal’ command Step 2: use command 'router rip' to enter the configuration mode and to enable RIP on the router Step 3: specify the use of RIP version Step 4: specify the list of networks on which RIP can be applied using network address by command ‘network ip-address’. Step 5: Disable ‘no-autosummary’ Step 6: exit the configuration mode Verification: For the verification process use the command 'show ip route' and look for the routes. Troubleshooting: a. b. c. d. e. check by rebooting the router Check if there is any overheating check for connections verify the wireless channels try resetting the router Question 16: Answer the following questions: A. What are the five (5) steps involved in the configuration of SSH Router for secure management. The steps involved in the configuration of the SSH router for secure management are as: 1. Configuring the host name using following commands; yourname#configure terminal Enter configuration commands, one per line. End with CNTL/Z. yourname (config)#hostname LabRouter LabRouter(config)# 2. Using 'ip domain-name' command where we can put any domain name. 3. Use 'crypto key generate rsa' command to encrypt the SSH packets 4. Configure vty lines for SSH and identify the databse used to provide authentication to the device. 5. Creating the account on local routerusing command ‘username xxxxx privilege 15 secret xxxx’ P a g e 15 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 B. Explain the configuration of the Cisco Router to send log messages to Remote Syslog Server? Network having any size can will be manageable if all the log messages are centralized to the syslog server. It will improve the network and also reduces the time response which is taken to solve the problems. But while sending the router log messages to a remote server it will allows the long archiving of the messages then the actual routers limitation storage. Those messages which are stored by the syslog have permanence whereas the router does not have it. And if the router is again reloaded then all the messages that log contains will be erased. For sending the message to the syslog server at 192.168.51.5, should use the command “conf t logging 192.168.51.4”.to accept the messages from the router, remote server must be configured Question 17: Answer the following questions: A.What are seven (7) Layer 2 attacks? Write 30-50 words for each. The seven layer 2 attacks are as: Seven layer 2 attacks are as follow: a. Address resolution protocol (ARP) attack: ARP are used by internet protocol to map the ip network address. It is very important to translate the host and to determine the hardware address of another host. b. Spinning tree protocol (STP) manipulation attack: they usually occur in LAN-switched networks because in layer 2 LAN works without STP. Without STP layer 2 LAN simply do not function. c. Media access control (MAC) spoofing: In MAC spoofing attack, the attacker tried to sniffs the valid MAC address and also they behave as one of the trusted MAC addresses. Eventually they access they copy of the data through default gateway. d. Cisco discovery protocol (CDP) reconnaissance: CDP contains information regarding the network device and when this information granted by the attacker they can directly attack network. It is usually like a denial of service attack. e. VLAN hopping: VLAN hopping consist of two different types (switch spoofing and double tagging) but they both have the same aim of sending the traffic from one VLAN to the another one. f. Dynamic host configuration protocol (DHCP) spoofing: DHCP spoofing is an attack where attackers pretend to be the trusted resources and attempt to get access to personal information. Whereas, DHCP is important because if we lose it might be difficult. g. Conant addressable memory (CAM) table overflows: CAM table overflow is the attacks that normally occur when the attacker connects to the single or multiple ports. After reaching the limits of P a g e 16 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 MAC address the traffic from the unknown MAC address start to flood. B. Summarise the prevention of any two (2) layer 2 attacks. Write your response in 100150 for the answers. Prevention VLAN hopping and DHCP spoofing are as: a. To prevent the VLAN hopping there are several different methods. After disabling the dynamic trucking protocol, the ports will not be negotiated to trunks automatically. Secondly, avoid putting any hosts on the default VLAN. b. To prevent DHCP spoofing we can create anti-spoofing by copying the DHCP message to the control plane and by using the information contains in the packets. Question 18: Summarise the following: A. Weaknesses of software and hardware Firewalls technologies Weakness of software and hardware firewalls technologies are as: • • • Can slow down system applications because it is built on the device itself and needs more disk space and memory. Can also prove expensive as such a firewall has to be bought separately for each device on the network. Removing from the device may be unwieldy Weakness of hardware firewall are as: • • • • Outgoing traffic as secure and could fail if a malware tries to link from within to the internet. We may be more configurable. They 're vastly more expensive. With its additional cabling, it takes up more physical space. B.Importance of Demilitarised Zone based firewalls for the security of interfaces Write 100-150 words for each. DMZ's are a key part of network security for individual users as well as big organisations. These provide the computer network with an extra layer of protection by limiting remote access to internal servers and information which can be very damaging if breached. DMZs are intended to operate as a kind of buffer zone between the private network and the public internet. Deploying the DMZ between two firewalls involves filtering all inbound network packets using a firewall or other security system before they appear on the servers that the company hosts in the DMZ. P a g e 17 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 19: Answer the following questions: A.What are the different types of IDPS technologies? Write your answer in 100150 words. The different types of IDPS technologies are; • Network-based-network based technologies helps to monitors the traffic in the particular network segment and also analyses the network and application protocol. • Host-base- Host based technologies normally monitors the characteristics of a single host and the events that occur within that host. • Network behavior Analysis-Network behavior analysis helps to examines, detect and stop the unusual network traffic flow in the normal operations. They also support offline analysis. • Wireless- Wireless technologies usually monitors the radio spectrum. It helps to monitor the network traffic and also analyze it to detect the suspicious activities that occur in the wireless network protocols themselves. B. Compare the host based and network based IDPS? Write your response in 100-150 words. The compare between the host based and network based IDPS is given below; • Network behavior Analysis- they usually monitor’s the network traffic and give alerts to the threats that generates unusual traffic flow. They also capture all the data that passes throughout the network and monitor them. • Host-base- they usually verify if the attack in the network was successful or not and also they monitor the user’s activity. They also are capable of identifying the root of the attacks inside the host. P a g e 18 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Question 20: Summarise the following: A.Functions of Internet Key Exchange (IKE) protocol? Write your answer in 100-150 words. The function of Internet key Exchange (IKE) protocols are as below: • IKE help to ensure the security for the virtual private network negotiation and remote host or the network access. • • IKE establishes the secure authentication communication channel. IKE allows the dynamic authentication of peers and due to which during the IPsec sessions the encryption can be changed. • IKE allows the certification authority. B. Steps to configure site to site Virtual Private Networks - VPN? Step 1- logging in to the web-based utility and choose VPN> Site-to-SITE VPN> basic VPN setup. Step 2- In case of New Connection Name field, enter a name for the VPN tunnel that can contain letters, numbers and hyphens only. Step 3- In Pre-Shared Key field, enter the pre-shared key or password, that will be the exchanged between the two routers. The password must be between 8 and 49 characters. Step 4- select the given option In the Protocol drop-down i.e ESP, AH. Step 5- select Remote Endpoint from the drop-down menu where the options are; IP Address, FQDN. Step 6- Enter the remote WAN IP address or FQDN in the Remote WAN IP Address field. Step 7- Verify the source IP address in the Local WAN IP Address field is correct. Step 8- Enter the Private Network (LAN) address of the remote endpoint in the Remote LAN IP Address field. This is the IP address of the internal network at the remote site. Step 9- Verify the private network (LAN) subnet mask of the remote endpoint in the Remote LAN Subnet Mask field. Step 10- Enter the private network (LAN) Ip address of the local network in the Local LAN IP Address field. This is the IP address of the internal network on the device. Step 11- Verify the private network (LAN) subnet mask of the local endpoint in the Local LAN Subnet Mask field. Step 12- Click Save P a g e 19 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Assessment Task 2 – Unit Project (UP) Minutes of Meeting The meeting was organised between the stakeholders (General Manager, Finance Manager, IT Manager (Bhuwan Ghimire) and system Administrator .The meeting was about to an hour (10:00-11:00). The following was discussed in the meeting: 10:00- 10:10- Initially, we discussed the design and implementation of new network security perimeters for the first 10 minutes 10:00- 10:20- And instead we addressed ransomware and security techniques to eliminate it over the next 10 minutes. 10:20- 10:30- And then in the third process we spoke about a good password system, how to safeguard the password and how to keep it safe. 10:30- 10:40-- After that we addressed different antivirus techniques for defending our device. 10:40- 10:45- So this came the firewall issue, the one that might be better for an organisation. 10:45- 10:50- At this stage, therefore, the participants discussed the main principles relating to network security. 10:50- 11:00- Eventually, for 10 minutes, all stakeholders made decisions on other technology options, including applications such as AAA, TACAS+ and RADIUS. Meeting Objective: The meeting's main objective was to elaborate the requirements for the design given and how to implement the security system in the design of the organisation. Attendees: Bhuwan Ghimire (IT Manager) Basanta aryal (System administrator) Sabita aryal (General Manager) Ritu aryal (Finance manager) P a g e 20 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Venue: SABT 55 High Street Strathfield NSW 2135 Date: 5th June 2020 No Points Discussed Actions Suggested Target Date 1 Designing and implementation of network security perimeters This would all be done 10 June 2020 under a This manager's control 2 Malwares and mitigation Malwares like strategies to prevent them following: 8 June 2020 Trojans, Virus, Worms, Keyloggers, Spyware and logic bombs, Rootkits Techniques for Mitigation: Securing the VPN, managing the fixes and applications, Bolster Access Control, correct firewall setup 3 Principles of network security Follow the principles, 11 June 2020 and ensure that they are not compromised. -Think also of the privacy, quality and reliability of the Info. 4 Solutions for security Do good research for 12 June 2020 a company such as AAA, TACAS+ on P a g e 21 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 network solutions. -Only approaches follow the market norm. Signature of attendee 1: Bhuwan Ghimire Signature of attendee 3: Sabita aryal security using that latest Signature of attendee 2: Basanta aryal Signature of attendee 4:Ritu aryal Template 1: Report on Layer 2 Security attacks Purpose: The company called ALEXA Finance Pvt. Limited is a business which provides financial services. This business has an excellent reputation in Melbourne city and metropolitan surroundings. The business operates the personal and financial commercial services. This company's main office is in The CBD Melbourne and has two sub-branches in the Geelong and Ballarat regional areas. The method utilised by the company MYOB and ERP which is supported by the unified structure of management. ALEXA has processed all the data in the headquarters to provide their clients with the best support. Therefore, it is very necessary to protect the customer's financial records, because it has vital consumer details, Group management is also well informed of the quality of all the data generated. As a consequence, with all the routers , servers, scanners , printers, wi-fi connexion points, switches, IP phones connecting to an secure network, this organisation has a well-equipped IT department with the newest equipment with innovations. By using the LAN connexions, the entire network of the organisation provides access for centralised data to all employees of the company. Whereas the regional office sub-branches are linked and accessible by in-house designed technology and the controlled VPN to the data. Department: IT Department Operations Finance Department Stakeholders: Bhuwan Ghimire (IT Manager) P a g e 22 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Basanta aryal (System administrator) Sabita aryal (General Manager) Ritu aryal (Finance manager) Supervised by: Bhuwan Ghimire (IT Manager) Switch Security Attacks – Layer 2 Security Vlan hopping attack: VLAN hopping is a process by which an end host is able to inject L2 frames into a switched network that are forwarded on a VLAN foreign to the forwarding host. Switch spofing: In the switch spoofing attack, the intenders who tries to access the network, the intruder first aims to link the rogue switch in the network and then configures the trunk in the network through the switch. If the attacker succeeds in linking the rogue switch, all traffic from the individual VLANs goes via the Rogue switch, where the attacker will exploit and abuse the data Double tagging: Some basics of VLANs are required to understand the Double Tagging concept. The Virtual LANs used to provide the security on the LAN system by isolating traffic in the lanes. As the traffic was sending across switches through the trunks, all the VLAN traffic was marked with an IEEE802.1q. The attacker will nest the flow, which is marked IP address spoofing: This form of attack includes the replaces the IP address of the source of the IP packet with another node. This strategy helps enable an intruder to transmit the multiple packets across the whole network without going through the Firewall intercepted packet filtering programme. It then allows an unwanted access to be granted. Preventing Layer 2 security threats The additional functionality such as DHCP snooping may be used in the system's catalyst family for support guard against DHCP starvation violence. DHCP snooping is an important security feature which helps philtre all unauthorised DHCP messages and also keeps the P a g e 23 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 binding table for DHCP snooping. THE Binding Table contains MAC address details, Lease Date, IP address, We can prevent them by developing software properly and having one or more Security Countermeasures that guard against each threat/attack(s). A good place to start is to understand and guard against: 1. SQL injection attacks 2. CSRF - Cross Site Request Forgery 3. XSS - Cross site scripting If we have a good separation between user interface and business logic then a lot of the security countermeasures can be coded in the business services API layer. This lessens the need for front-end developers to understand these security threats. Therefore, as a result, it's nice to see we have certain tools enabled that can be used to deter protection attacks on Layer 2. It is, thus, one of the complex features that helps to define and restrict the station's MAC addresses, which enables access to the same physical network. Packets do not forward a port outside the defined address group using their source address P a g e 24 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Assessment Task 3 - Unit Project (UP) Activity 1 - (Implementation of Network Security Systems) Topology P a g e 25 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 IP Addressing Table Interface IP Address Subnet Mask Default Gateway Switch Port G0/1 192.168.1.1 255.255.255.0 N/A S1 F0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A G0/1 192.168.3.1 255.255.255.0 N/A S3 F0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 S1 F0/6 PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 S3 F0/18 Device R1 R2 R3 On router R1 P a g e 26 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Ping from R1 to R3. If the pings are not successful, troubleshoot the basic device configurations before continuing. b. Ping from PC-A, on the R1 LAN, to PC-C, on the R3 LAN. P a g e 27 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 On the R3 LAN If the pings are not successful, troubleshoot the basic device configurations before continuing. P a g e 28 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Setting Login method for line console o P a g e 29 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 new password of ciscoconpass for the console. P a g e 30 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 a new user account with a secret password. P a g e 31 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Setting ip address for interfaces and their clock rate. P a g e 32 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 PC-A> telnet 192.168.1.1 P a g e 33 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Configuring line vty 0 4 . P a g e 34 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 P a g e 35 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 P a g e 36 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Activity 2: (Configuration of Firewall, implementation of VPN): Network topology: On Internet router Router>en Router#conf t Router(config)#hostname Internet Internet(config)#int s0/3/0 Internet(config-if)#clock rate 64000 Internet(config-if)#ip add 10.1.1.1 255.255.255.252 P a g e 37 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Internet(config-if)#desc connection to Mumbai Internet(config-if)#no shut Internet(config-if)#int s0/1/0 Internet(config-if)#clock rate 64000 Internet(config-if)#ip add 20.1.1.1 255.255.255.252 Internet(config-if)#desc connection to Paris Internet(config-if)#no shut Internet(config-if)# Internet(config-if)#exit Internet(config)#exit Internet# Internet#copy run start On Mumbai router Router>en Router#conf t Router(config)#hostname Mumbai Mumbai(config)#int s0 Mumbai(config-if)#ip add 10.1.1.2 255.255.255.252 Mumbai(config-if)#desc connection to Internet Mumbai(config-if)#no shut Mumbai(config-if)#int f0 Mumbai(config-if)#ip add 192.168.10.1 255.255.255.0 Mumbai(config-if)#desc connection to LAN Mumbai(config-if)#no shut Mumbai(config-if)#exit Mumbai(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1 name to_isp Mumbai(config)# On Paris Router Router>en Router#conf t Router(config)#hostname Paris Paris(config)#int s0 Paris(config-if)#ip add 20.1.1.2 255.255.255.252 Paris(config-if)#desc connection to Internet Paris(config-if)#no shut Paris(config-if)#int f0 Paris(config-if)#ip add 192.168.20.1 255.255.255.0 Paris(config-if)#desc connection to LAN Paris(config-if)#no shut Paris(config-if)#exit Paris(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.1 name to_isp Paris(config)# P a g e 38 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Next, is VPN configuration on the Mumbai router. First of all, set up an access-list to match the traffics to be allowed through the VPN tunnel. Mumbai(config)#ip access-list extended VPN Mumbai(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 Mumbai(config-ext-nacl)#exit Mumbai(config)# Now, configure IPsec VPN to use the access-list named VPN. Authentication mode is preshare key (TimiGate). The key must be the same on both routers. See below. Mumbai(config)#crypto isakmp policy 1 Mumbai(config-isakmp)#authentication pre-share Mumbai(config-isakmp)#crypto isakmp key TimiGate address 20.1.1.2 (The public IP address of Paris router) Mumbai(config-isakmp)#exit Mumbai(config)#crypto ipsec transform-set TGSET esp-aes esp-sha-hmac Mumbai(config)#crypto map TGMAP 1 ipsec-isakmp Mumbai(config-crypto-map)#set peer 20.1.1.2 Mumbai(config-crypto-map)#set transform-set TGSET Mumbai(config-crypto-map)#match address VPN Finally, on the Mumbai router, we MUST apply the crypto map to the interface connecting to the ISP. Mumbai(config)#int s0/1/0 Mumbai(config-if)#crypto map TGMAP Now, repeat the process on the Paris router, making sure the IP address of the peer router matches the public IP address configured on the Paris router. Remember, this IP must be reachable from the Mumbai router. First, the ACL. Paris(config)#ip access-list extended VPN Paris(config-ext-nacl)#permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 Paris(config-ext-nacl)#exit P a g e 39 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 Paris(config)# Next, the VPN configuration proper. Paris(config)#crypto isakmp policy 1 Paris(config-isakmp)#authentication pre-share Paris(config-isakmp)#crypto isakmp key TimiGate address 10.1.1.2 (The public IP address of Paris router) Paris(config-isakmp)#exit Paris(config)#crypto ipsec transform-set TGSET esp-aes esp-sha-hmac Paris(config)#crypto map TGMAP 1 ipsec-isakmp Paris(config-crypto-map)#set peer 10.1.1.2 Paris(config-crypto-map)#set transform-set TGSET Paris(config-crypto-map)#match address VPN Finally, apply the crypto-map to the WAN interface. Paris(config)#int s0/1/1 Paris(config-if)#crypto map TGMAP What to note: The IPsec VPN configuration will be in four phases. 1.Configuration of the access-list to match allowed traffics. 2.Configuration of the authentication phase which in this case makes use of preshare key named TimiGate. 3.Configuration of the encryption phase which in this case uses esp-aes esp-shahmac 4.The placement of the crypto-map on the connecting interface. This must be the interface with the public IP used in the VPN configuration. Verification: P a g e 40 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 To see the status of IPSEC authentication, use the command #sh crypto ipsec sa command. See output below For Mumbai For Paris P a g e 41 | 42 ICTNWK601 - DESIGN AND IMPLEMENT A SECURITY SYSTEM | BHUWANGHIMIRE | 6335586 P a g e 42 | 42
