..._________________________________ Date _____________ SEC450 Security Testing iLab Objectives In this lab, the students will examine the following objectives. * The use of Flow Analysis Port Scan to determine the open ports on routers or hosts * Discovery of network vulnerabilities and mitigation of possible threats Scenario A small company is using the topology shown below. Minimal security measures have been implemented. Possible vulnerabilities need to be discovered in any of the devices used in the network architecture. This includes routers, switches, and workstations. Topology The last page of the Lab Assignment document contains a full-page Topology. Remove this page and use it for reference to the topology and the IP addresses. Initial SEC450 Projects Preparation In the Week 1 iLab content item, open the file SEC450_OpNet_iLab_Preparation.docx. As described in this document, use Windows Explorer in the Citrix iLab Environment to copy the G:\OPNET\SEC450 projects directory to the F:\op_models directory. Initial OpNet Preparation The Week 1 iLab is entitled Security Testing. The following steps show how to create the project required for the Week 1 iLab. * Log into the Citrix iLab Environment (lab.devry.edu). * Click on the OpNet 17 icon. * Click the Accept button to Open OpNet 17. * Click File/Open and navigate to the F:\op_models\SEC450\SEC450.project\SEC450 file and click Open. * In OpNet 17 with the SEC450 project open, click File/Save...
Words: 1259 - Pages: 6
...SEC450 Security Demands Opnet iLab Objectives In this lab, the students will examine the following objectives. * The use of flow analysis to create required security demands * Creation of ACLs to meet the requirements of the security demands * Verification of security demands using web reports Scenario A small company is using the topology shown below. Minimal security measures have been implemented. Assume that the 200.100.0.0/16 network represents the Internet. The Dallas and Chicago Hosts need to be protected from specific types of traffic from the Internet. Topology The last page of the lab assignment document contains a full page topology. Remove this page and use it for reference to the topology and the IP addresses. Initial OpNet Preparation The Week 2 iLab is entitled Security Demands. The following steps show how to create the project required for the Week 2 iLab. * Log into the Citrix iLab Environment (lab.devry.edu). * Click on the OpNet 17 icon. * Click the Accept button to open OpNet 17. * Click File/Open and navigate to the F:\op_models\SEC450\SEC450.project\SEC450 file and click Open. * In OpNet 17 with the SEC450 project open, click File/Save As. * Save the project in the F:\op_models\SEC450 directory as SecurityDemands. You are now ready to begin the Security Demands iLab with a project called SecurityDemands. Initial Configuration The Dallas and Chicago Routers’ FastEthernet...
Words: 1459 - Pages: 6
...Student Name _________________________________ Date _____________ SEC450 iLab3 Report Initial Configuration ISP Router version 12.3(4)T7 ! hostname ISP_Router ! interface FastEthernet0/0 ip address 200.100.0.1 255.255.255.0 ! interface FastEthernet1/0 ip address 200.100.40.1 255.255.255.0 ! interface Serial0/0 ip address 200.100.10.1 255.255.255.0 ! interface Serial0/1 ip address 200.100.20.1 255.255.255.0 ! router rip network 200.100.0.0 network 200.100.10.0 network 200.100.20.0 network 200.100.40.0 ! line con 0 line aux 0 line vty 0 4 password cisco line vty 5 15 password cisco ! end Note: RED text indicates the required questions to answer Task to Set up Security Policy for Offsite Database Server #1. Explain the meaning of the "three P's" best practice rule to create ACL in routers #2. Explain the difference between the following two access-list commands a) access-list 101 permit tcp any any eq 80 b) access-list 101 permit tcp any eq 80 any #3. What are well-known, registered, and ephemeral UDP/TCP ports? #4. What is wrong with ACL 105? access-list 105 permit tcp any any access-list 105 deny tcp host 201.141.0.3 any #5. What well-known TCP port does Oracle Database (sql net) server use? #6. A company is managing an Oracle Database located in a Public Server to support day-to-day operations in Dallas and Chicago networks. The company...
Words: 365 - Pages: 2
...Date _____________ SEC450 Database Traffic Load iLab Objectives In this lab, the students will examine the following objectives. • Creating Database traffic using the traffic generator • Specifying link statistics to monitor traffic flow • Running discrete event simulation (DES) • Adjusting link speeds to handle Database traffic. Scenario A small company is using the topology shown below. The Public Server is actually an offsite Database Server that contains company records. Assume that the 200.100.0.0/16 network represents the Internet. The Dallas and Chicago Servers and Hosts need to access the database server. Only users in the Dallas and Chicago LANs should be able to access the database server. Topology The last page of the lab assignment document contains a full page Topology. Remove this page and use it for reference to the topology and the IP addresses. Initial OpNet Preparation The Week 5 iLab is entitled Database Traffic Load. The following steps show how to create the project required for the Week 5 iLab. • Log into the Citrix iLab Environment (lab.devry.edu). • Click on the OpNet 17 icon. • Click the Accept button to Open OpNet 17. • Click File/Open and navigate to the F:\op_models\SEC450\SEC450.project\SEC450 file and click Open. • In OpNet 17 with the SEC450 project open, click File/Save As. • Save the project in the F:\op_models\SEC450 directory as DB_TrafficLoad...
Words: 1003 - Pages: 5
...Database Server Security Demands Report NOTE: Use carriage returns and page breaks as needed to prevent table contents from extending across page boundaries. Task 1—Verify Initial Connectivity Between Router and Hosts • Run a Flow Analysis to update the topology. Open the Visual CLI on the ISP router and ping all of the Servers and Host PCs including the Attack PC. Select the CLI commands within the Virtual CLI window using your mouse. Click the Copy button and use V to paste the commands into the table cell below. Paste the Virtual CLI Ping commands here. ISP_Router#ping 192.168.100.10 Cannot find FLAN table, please run FLAN with routing table export. ISP_Router#ISP_Router#ISP_Router#ping 192.168.100.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.100.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.100.10 ---------- ISP_Router#ping 192.168.200.11 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.200.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.200.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.200...
Words: 808 - Pages: 4
...Student Rolando Salas Date 8/10/14 Name SEC450 Database Traffic Load Lab Report NOTE: Use carriage returns and page breaks as needed to prevent table contents from extending across page boundaries. Task 1—Set up Database Traffic Flows * For Socket information, the protocol will be TCP and the Source port will be set to sqlnet – Oracle. When you have completed the traffic configuration, capture the Traffic Generator window (<Alt><PrtSc>) as shown below and paste (<Ctrl>V) it into the table cell provided below. Paste completed Traffic Generator dialog window here. Task 2—Discrete Event Simulation (DES) * Note that the Utilization is 100% and the throughput is truncated at less than 50 packets per second. This indicates total saturation of the serial link. Capture this DES Graphs window (<Alt><PrtSc>) and paste it (<Ctrl>V) into your lab document. Paste the DES Graphs Window showing 100% utilization here. * Set up the graphs as shown using Stacked Statistics this time. Note that the Utilization is slightly less than 100% and the packets/sec value is 100 packets/sec. Capture this DES Graphs window (<Alt><PrtSc>) as shown below and paste (<Ctrl>V) it into your lab document. Paste the DES Graphs Windows showing slightly less than 100% Utilization here. Why is the packets/sec value approximately 100 packets/sec? Explain below. The reason why the packets/sec value is almost100...
Words: 493 - Pages: 2
...Student Name _____________________ Date ___ SEC450 iLab1 Report Initial Configuration Dallas Router version 12.3(4)T7 ! hostname Dallas ! interface FastEthernet0/0 ip address 192.168.100.1 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.10.1 255.255.255.0 shutdown ! interface Serial0/0 bandwidth 1544 ip address 192.168.30.1 255.255.255.0 shutdown ! interface Serial0/1 bandwidth 1544 ip address 200.100.10.2 255.255.255.0 ! router rip network 192.168.100.0 network 200.100.10.0 ! ip default-network 200.100.10.0 ip route 0.0.0.0 0.0.0.0 serial0/1 ! ! line con 0 line aux 0 line vty 0 4 password cisco line vty 5 15 password cisco ! end Note: RED text indicates the required questions to answer Task 1—Verify Connectivity and Configuration in Dallas router #1. What CLI command does produce the output below? ------------------------------------------------- ------------------------------------------------- The CLI command used is “show ip route”. ------------------------------------------------- ------------------------------------------------- #2. Complete the table below based on the dynamic routes displayed in the routing table above. Routing protocol | Destination Network | Metric | Outbound Interface | RIP | 192.168.100.0/24 | 120/1 | Serial0/0 | RIP | 192.168.200.0/24 | 120/1 | Serial0/1 | | | | | #3. Write the CLI command to verify connectivity from the ISP Router to ...
Words: 666 - Pages: 3