Lab Exercise – Penetration Testing - Defense

Document Sample
Lab Exercise – Penetration Testing - Defense Powered By Docstoc
					IST 451, Capstone Lab                                                            1

Lab Exercise – Penetration Testing - Defense

In this lab you will complete the following tasks:

          Learn how an attacker breaks into a system.
          Learn how to protect your network from each step in the attack process.
          Participate in a multi-team game to defend your network from intruders.

Visual Objective
IST 451, Capstone Lab                                                                    2


Penetration testing is a method of evaluating the      security of a computer system or
network by simulating an attack by a cracker. A       “cracker” is the term used for any
malicious hacker, one who attempts to break into a    system for personal gain. The best
way for a company to find out their vulnerabilities   in security is through a penetration
test, rather than after an attack.

The tasks in this lab are as follows:

Task 1
        Identify and Secure Network Structure
Task 2
        Firewall Rules
Task 3
        Patching
Task 4
        IDS Setup
Task 5
        Intrusion Response

The goal of this lab is for you to prepare the security of your network to the best of your
abilities. Incorporated in the Defense and Offensive Penetration Testing labs is a hacking
game, which will test your skills learned throughout the semester against another team.

Rules of the Game
   1) The game is won when either the Offense team breaks in and grabs the file
      socialsecurity.txt or the Defense team prevents the other team from taking their
      file in the time allotted.
   2) The time limit for Defense setup is 30 minutes. You may patch and stop
      applications at this time, but all critical applications must be running when the
      attack begins.
   3) The time limit for Offense attack is 30 minutes.
   4) After the 30 minutes is up, the two teams must switch roles and replay the game.
   5) You may not use any knowledge of the attacks gained in the attacking role. Be
      aware that the attacking team may use other techniques than what is provided in
      the attack document!
   6) You may not move the file socialsecurity.txt
   7) Defense will start first, and after 30 minutes the Offense team may start (or
      whenever Defense is finished with task 4). During Offense, the Defense team
      may perform Task 5 Intrusion Response, but the Defense team can never stop any
      applications (e.g., for patching purposes) longer than 5 seconds.

   8) You cannot shutdown any services running on PC for longer than 5 sec, if
      you want block something you need use access list feature on router firewall.
IST 451, Capstone Lab                                                                         3

   9) You cannot block port number 135 running RPC service. In your access list
      in firewall you can block only 3 ports of your choice for TCP and 3 ports of
      your choice for UDP service.

Scenario: Security Team
As part of the Bank of IST security team, you have been tasked with defending a network
from possible intruders. You realize that a penetration test will most likely be done on
your network, and if you fail there may be some consequences for your team. It is in
your best interests, then, that you secure this system in the best way possible.

Task 1 – Identify and Secure Network Structure
In this task you will discover more information about your network. Familiarity with the
environment is necessary to understanding any subtle changes to the systems. These
changes may be a result of an attack or change in traffic.

Step 1: Listen to the instructor’s identification of the different computers and their
        purpose. Look at how the network is connected and compare it to the diagram.

Task 2 – Firewall Rules
In this task you will learn how to protect your network without compromising uptime
using a firewall.

It is imperative that the banking server remains up and running so that customers can
access it at all times of day and night. As Game Rule #9 indicates, it is also important to
balance this with the need for protection from intruders. Optimally, the most secure
system is one with no outwardly open ports. However, by doing this you would restrict
all connections to your system – good and bad.

Be sure to include screenshots of important steps to include in your report.

Step 1: Go to the server and click on Start -> Run -> and type “cmd” This will open
        the command prompt screen.

Step 2: Type “netstat -an” to list all active TCP connections that are running on the
        system. The important addresses are the ones prefixed with,
        which shows the active ports. Which ports are running? Are all of these
        absolutely necessary? You only want FTP, HTTP, and Mail ports to be open.

Step 3: Check the firewall configuration to see which ports are currently blocked. Note
        that according to Game Rule #9, you cannot block port number 135 running
        RPC service. In your firewall access list you can block only 3 ports of your
        choice for TCP and 3 ports of your choice for UDP services.

Step 4: Set up the set of firewall rules you want to set up. Note that your firewall rules
        cannot break Game Rule #9.
IST 451, Capstone Lab                                                                   4

Task 3 – Patching
In this task you will learn how to patch a Windows system.

Patching is an extremely important and easy process to keep your system secure.
Microsoft releases patches on the first Tuesday of every month. By configuring
automatic updates, your system can remain relatively secure. However, many hackers
are releasing exploits the day after “Patch Tuesday,” thus giving them a chance to attack
systems for a full month before Microsoft releases a patch. In the corporate world,
patching can sometimes break critical applications, so the patches have to be extensively
tested for at least a month after release.

Be sure to include screenshots of important steps to include in your report.

Step 1: In this scenario you will not be given the chance to patch the system as a whole,
        but rather only to patch the applications within it. Open the start menu and look
        at the critical applications installed that have open ports, including your FTP,
        RPC, Mail, and Web servers. Search the Internet to find any updates to these
        applications and install the patches. You will need to use a thumb-drive to
        transfer the required patches over to the system from the Internet.

Task 4 – IDS Setup
In this task you will learn how use the Intrusion Detection System (IDS) to display

Step 1: We will use Wireshark as the IDS. This tool can be a nice way to inform a
        system administrator of a possible security event at any time. Although we are
        limited by the software and the connection provided, you can still use the IDS to
        display event data for analysis (especially when the other team attacks you).

         Execute the Wireshark software on See what is displayed there,
         and figure out how the displayed information can help you create useful firewall

Step 2: After the attack team finishes their penetration test, export the log results and
        include them as an appendix to your report.

The attack team now has their chance to break into your network. At this stage, let
the TA know you are finished with the Defense setup. You may respond as listed

Task 5 – Intrusion Response
In this task you will learn how to respond to an intrusion event. Time and speed are
critical once an attack is detected.
IST 451, Capstone Lab                                                                   5

Step 1: Since it is impossible to predict when an attack will happen, you must wait until
        you see something strange on the Wireshark event window. Once this happens,
        your team may then proceed to the next step.

Step 2: Installing patches and having a firewall is important, but it does not make your
        system 100% secure. Additional steps must be taken to lock down a machine
        further. An important resource for this can be seen in the NSA Windows Server
        2003 Security Guide available for free at

         Download and read this guide to help you secure your server beyond the normal
         requirements. Understand that this is NSA-quality security, which is beyond
         what the normal company requires, so don’t enable all the options. If you have
         any questions please ask the instructor for assistance.

         Look for options that may pertain to the types of attacks being launched against
         you. Use the IDS as a way to identify these attacks.

Step 3: Look at the attacks being launched, and quickly begin adding firewall rules to
        try and block it.

Step 4: Observe the attacks and patch any software that is being exploited.

Appendix I – Web Resources

      National Vulnerability Database:
      MilW0rm (exploit database):
      NSA Security Configuration Guides:
IST 451, Capstone Lab                                                                         6

Report to deliver:
The group report is to show what you did in the project. Please clearly state your results
of this project. You are expected to hand in a report in the following formats:
      A cover page (including project title) with group name and group members
      A table of contents with page numbers
      Using double-spaced typing for convenient grading
      Hard copies only, Font size 12, Single column
      A bound or stapled document, with numbered pages
The report should have the following sections. Each section has multiple items. You need
to write a report section by section that covers all required items. But you do not have to
write the report item by item. Take screenshots if it is necessary.

Section I: Introduction:
You should have the following parts:
    Describe the goal and motivation of this project. In addition to what has been
       stated in the project instruction, please tell your own expectation in this project.
    Give an outline of this report, in which the content of each section needs to be
       briefly described.

Section II: Tasks 2-5
You should have the following parts:
    Explain how you configured the firewall and your reasoning behind it.
    Why is it important to patch your systems?
    Detail how you secured your system in Task 5. Back up your arguments with any
       relevant data from the NSA Security Guide.
    Analyze your logs from the IDS and explain what the other team tried to do to
       your network.

Section III: Experiment Log
This part should describe your activities in this project.
    Clearly state the responsibility of each group member. If possible, give a table to
       tell who did which task, who collected information of which device, who wrote
       which part of the report, who coordinated the group work activities, etc.
    Give a log of your group activity, such as what you did on which day, and how
       many people attend.
    Show your screenshots of the steps in an organized manner.

Grading Rubric
This project has a number of specific requirements. The requirement for each section is
documented in the above project instruction “Report to deliver”. Whether you will get
credits depends on the following situations:
     You will get full credits on one item, if it is correctly reported as required and
        well written.
     You will get half credits on one item, if it is reported as required but there is
        something definitely wrong.
IST 451, Capstone Lab                                                                         7

       You will not get any credit for one item, if it is not reported.

The credits for each section are in the following. Each item in one section has equal credits.
1. Section I: Introduction (10%):
Each item has 2.5 credits.
2. Section II: Task 2 – 5 (80%):
Each question must be answered correctly and be well thought out to get full credit.
3. Section III: Experiment log (10%)
     If you are responsible for some parts of your group work, you get 10 credits. If you
        do nothing for your group work, you get 0.
     If you attend more than 90% of your group activities, you get 10 credits. If you attend
        between 70% and 90%, you get 7 credits. If you attend between 50% and 70%, you
        get 5. Otherwise, you get 0.

This is a group project. Only hard copies of the report will be accepted. Be sure to include the
names of all the teammates and email addresses in the report. The report should be turned in
before class on the specified due date. Late grade will be deducted in case the submission is
not made on time and prior permission is not obtained from the Dr Liu for submitting later
than the specified due date

Shared By:
Jun Wang Jun Wang Dr
About Some of Those documents come from internet for research purpose,if you have the copyrights of one of them,tell me by mail you!