Network Security Concepts

letter to the dean
August 4, 2017
organizational structure on behavior
August 4, 2017
Show all
0

Network Security Concepts

Published by admin at
Categories
Uncategorized
Tags

Network Security Concepts

Assignment Submission
Two files are to be submitted electronically by the due date: 1) your answers in a Microsoft Word file and 2) the PCAP file of your capture. Please do not zip these

files.

Question 1: Cisco ACLs                        [6 marks]

Cisco IOS (Internetworking Operating System) allows both standard and extended IP access lists as follows:
€¢    Standard access lists are numbered 1-99 and filter based only on source IP.
o    access-list <1-99> <permit|deny> <source IP> <source wildcard>
o    Example:  This access list denies packets from host IP 139.78.5.100 but allows packets from any other host that starts with 139.78.5
access-list 5 deny    139.78.5.100   0 0.0.0
access-list 5 permit  139.78.5.0    0.0.0.255

€¢    Extended access lists are numbered 100-199 and filter based on source, destination, protocol, and port:
o    access-list <100-199> <permit|deny> <tcp|udp|icmp> <source IP> <source wildcard> <destination IP> <destination wildcard> eq <port>
o    eq’ stands for equal to’ (meaning port number equal to)
o    Example: This extended access list discards packets from any host with an IP starting with 128.1 trying to send to the SMTP port (25).
access-list 105 deny tcp 128.1.0.0 0.0.255.255 0.0.0.0 255.255.255.255 eq 25

Note the source/destination IP address wildcard format (it is the opposite of the IP address usual subnet mask format):
o    Example: To represent all IP addresses that start with 139.78.5:
IP = 139.78.5.0        WILDCARD=0.0.0.255

o    Example: To represent all IP addresses that start with 128.1:
IP = 128.1.0.0        WILDCARD=0.0.255.255

o    Example: To represent any address:
IP = 0.0.0.0        WILDCARD= 255.255.255.255

o    Example: To represent a single address (172.30.16.29):
IP = 172.30.16.29        WILDCARD= 0.0.0.0 (check all bits)

If you want to place additional restrictions or admissions in the same access list, you just need to add lines in the same format above with the same list number.

Access list items are processed in the order they appear in the list from top to bottom and any packet that does not match a list entry is discarded (there is

effectively a hidden deny all’ rule at the end of the access list).

To complete this exercise:

a)    Create a Cisco IOS standard IP access list that allows IP packets from all hosts from the 142.16 network

[1 mark]

b)    Create a Cisco IOS standard IP access list that allows IP packets from all hosts from the 142.16 network except hosts on the subnet 142.16.11
[2 marks]

c)    Create a Cisco IOS extended IP access list that allows any host to access a web server on TCP port 80 whose IP address is 142.16.11.50
[1 mark]

d)    Create a Cisco IOS extended IP access list that allows any host to access the internal SMTP server at 142.16.11.55 (tcp port 25), and the DNS servers at

142.16.11.174 (TCP and UDP port 53)
[2 marks]

For this assessment item, you should submit the standard and extended access lists that you create for the exercise (these do not need to be implemented on an actual

router). For further information on Cisco ACLs see:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Question 2:                                    [13 marks]

Note: This task should not be conducted in CQU computer labs. Please use your home computer or any other computer not connected to CQU premises.

Using Wireshark, your task is to capture an interaction between the client (your home computer) and the CQU Webfuse webserver. In doing so, attempt to retrieve the

following web page:

where YourStudentNumber needs to be replaced by your actual student number. Please use your student number only.  No other page name should be used.

Use the appropriate filters in Wireshark to capture only DNS and HTTP traffic.
Figure 1 shows an example of a webpage you have to capture where YourStudentNumber is replaced by the name sanjay:

Figure 1 Example of Webpage

The pcap of this web page captured with the appropriate DNS and HTTP filters is shown in Figure 2 (without the red circle):

Figure 2 PCAP of Webpage with DNS and HTTP filters

To reproduce a capture similar to Figure 2, you may need to research how to:

€¢    Flush the DNS resolver cache of your client
€¢    Flush the cache of your web browser; and
€¢    Make sure Wireshark is running with the appropriate DNS and HTTP filters before requesting the webpage from the Webfuse webserver.
Tasks:

a)    Submit the PCAP file of the interaction                 [1 mark]

b)    Identify the following three sections in the PCAP:             [3 marks]

€¢    DNS domain name resolution
€¢    The three-way handshaking for connection establishment;  and
€¢    Connection termination

For each of the sections, list the frames associated with the section and highlight the section with a red circle in the screenshot (see example in Figure 2)
[3 marks, 1 mark for each section with frames correctly listed and highlighted]
c)     For the three sections identified in b), explain each of the packet components in a similar way done in the Packet Capture Exercise 3 €“ Week 3. You do not

have to explain all the captured frames, only the relevant frames. You may have to copy the information from the PCAP and paste it in the relevant fields of the table.

For each section use the following template (similar to the one used in the Packet Capture Exercise 3 available in the Moodle site €“ Week3):

Packet No.    Time    Source    Destination    Protocol    Info
1
Explanation:
2
Explanation:
3
Explanation:
4
Explanation:
[6 marks, 2 marks per each of the three tables with the pasted information from the PCAP and respective explanation]

d)    Like in part b), identify the frame number that encapsulates the retrieved webpage (html code). You also need to circle in red the paragraph with the message

The requested URL /YourStudentNumber.html was not found on this server. You need to explain how you found both the retrieved webpage and the paragraph.

[3 marks, 1 mark for identifying the packet and 2 marks for finding the paragraph with the message. You need to explain the process to gain marks]

Question 3:     Malware                     [6 marks]

Computers running Windows operating systems are affected by a new malware named Flasher which is a Trojan horse, spread by a targeted attack. Spreads through email

sent to selected individuals.
Suppose you are responsible for network security in a company. Your job is to investigate and found the details of Flasher Trojan behavior and propagation technique.

Suggest ways in which you could protect the network from such attacks.
Your answer should be in a precise report format limited to 500 words.
All references must be shown correctly.
[6 marks, 3 marks investigation, 3 marks for explaining protective measures]

Hints:

1.  Make sure you understand the Flasher propagation technique.
2.  Suggestions to protect the network from such attacks.

Please note

Your answers need to be thoroughly documented using in-text reference (Harvard or APA style). Please remember that your assignment will be sent to Turnitin for

academic integrity, consequently it is your responsibility to answer your questions on your own words. Plagiarism will be referred to CQU authorities for investigation

and possible academic penalty.

Question Number    Mark
allocated     Mark earned
Question 1: ( 6 marks)    1
a)

b)

2
c)
1
d)
2
Question 2: (13 marks)    1
a)

b)

1+1+1=3
c)
2+2+2=6
d)
1+2=3
Question 3: (6 mark)    3
a)

b)

3
25
Late submission penalty
Plagiarism penalty
Total

:)

admin
admin

Leave a Reply

Your email address will not be published. Required fields are marked *