CSCO 220 Modules 3 & 6 Lab Packet-NAT

Module 3: Network Security Concepts Module 6-Nat for IPv4 For some of this packet you will need to have access to your account on the Netacad website . Grading Rubric Your Score Packet complete, answers correct, submitted on-time. 4 Packet complete, answers mostly correct, submitted on-time. 3 Packet mostly complete, answers mostly correct, submitted on-time. 2 Packet mostly complete, answers mostly correct, submitted late. 1  For the Packet Tracer exercises located below, go to the Netacad link, click on it and go to the module this lab packet applies to. Click on the section where the Packet Tracer activity is located, download the Packet Tracer activity and follow the instructions included with the Packet Tracer activity  Perform any Netlab assignments listed below, be sure to post your answers in RED  Post a Packet Tracer screen shot ONLY of the name of the lab and the completion score (not the network or anything else). Make the screenshot the size of the page so I can easily read it using my grading software Lab 3.5.7- Social Engineering 1. Objective In this lab, you will research examples of social engineering and identify ways to recognize and prevent it. 2. Resources  Computer with internet Access 3. Instructions Research Social Engineering Examples Social engineering, as it relates to information security, is used to describe the techniques used by a person (or persons) who manipulate people in order to access or compromise information about an organization or its computer systems. A social engineer is usually difficult to identify and may claim to be a new employee, a repair person, or researcher. The social engineer might even offer credentials to support that identity. By © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 25 CSCO 220

gaining trust and asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. Question: Use any internet browser to research incidents of social engineering. Summarize three examples found in your research. Google/Facebook Spear Phishing Scam A Lithuanian cybercriminal, Evaldas Rimasauskas, perpetrated one of the biggest social media attacks ever against two of the biggest tech giants in the world, Google and Facebook. He and his team set up a fake company and pretended to be a computer manufacturer that worked with for the two tech giants. Rimasaukas and his teams sent phishing emails to Google and Facebook employees, charging them for goods and services. Consequently, the employees unknowingly deposited money into the scammers’ bank accounts they created for the fake company. In a two-year span, Google and Facebook got scammed out of over $100 million. Source: 15 Examples of Real Social Engineering Attacks Deepfake Attack on UK Energy Company The CEO of a UK energy firm received a phone call from someone who sounded exactly like his boss, the chief executive of the firms German parent company, who demanded the urgent transfer of €220k ($243k) to a Hungarian supplier. The CEO was demanded to pay within an hour. Source: Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case Belgian Bank Whaling Attack Crelan, a Belgian bank, fell victim to one of the bank’s highest-ranking executives being whaled by a spear- phishing email. As a result, the bank has lost over €70 million ($75 million). Source: Belgian Bank Loses €70 million to Classic CEO Fraud Social Engineering Trick Recognize the Signs of Social Engineering Social engineers are nothing more than thieves and spies. Instead of hacking their way into your network via the Internet, they attempt to gain access by relying on a person’s desire to be accommodating. Although not specific to network security, the scenario below, described in Christopher Hadnagy’s book, The Art of Human Hacking , illustrates how an unsuspecting person can unwittingly give away confidential information. “The I was relatively quiet as I, dressed in a suit, sat at an empty table. I placed my briefcase on the table and waited for a suitable victim. Soon, just such a victim arrived with a friend and sat at the table next to mine. She placed her bag on the seat beside her, pulling the seat close and keeping her hand on the bag at all times. After a few minutes, her friend left to find a restroom. The mark [target] was alone, so I gave Alex and Jess the signal. Playing a couple, Alex and Jess asked the mark if she would take a picture of them both. She was happy to do so. She removed her hand from her bag to take the camera and snap a picture of the “happy couple” and, while distracted, I reached over, took her bag, and locked it inside my briefcase. My victim had yet to notice her purse was missing as Alex and Jess left the café. Alex then went to a nearby parking garage. It didn’t take long for her to realize her bag was gone. She began to panic, looking around frantically. This was exactly what we were hoping for so, I asked her if she needed help. She asked me if I had seen anything. I told her I hadn’t but convinced her to sit down and think about what was in the bag. A phone. Make-up. A little cash. And her credit cards. Bingo! © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 25

Lab 3.8.8 Social Engineering 4. Objectives Part 1: Capture DNS Traffic Part 2: Explore DNS Query Traffic Part 3: Explore DNS Response Traffic 5. Background / Scenario Wireshark is an open source packet capture and analysis tool. Wireshark gives a detailed breakdown of the network protocol stack. Wireshark allows you to filter traffic for network troubleshooting, investigate security issues, and analyze network protocols. Because Wireshark allows you to view the packet details, it can be used as a reconnaissance tool for an attacker. In this lab, you will install Wireshark on a Windows system and use Wireshark to filter for DNS packets and view the details of both DNS query and response packets. 6. Required Resources  1 Windows PC with internet access and Wireshark installed © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 25

7. Instructions Capture DNS traffic. Open Wireshark and start a Wireshark capture by double clicking a network interface with traffic. At the Command Prompt, enter ipconfig /flushdns clear the DNS cache. C:\Users\Student> ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. Enter nslookup at the prompt to enter the nslookup interactive mode. Enter the domain name of a website. The domain name www.cisco.com is used in this example. Enter www.cisco.com at the > prompt. C:\Users\Student> nslookup Default Server: UnKnown Address: 68.105.28.16 > www.cisco.com Server: UnKnown Address: 68.105.28.16 Non-authoritative answer: Name: e2867.dsca.akamaiedge.net Addresses: 2001:578:28:68d::b33 2001:578:28:685::b33 96.7.79.147 Aliases: www.cisco.com www.cisco.com.akadns.net wwwds.cisco.com.edgekey.net wwwds.cisco.com.edgekey.net.globalredir.akadns.net © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 25

Question: What are the source and destination MAC addresses? Which network interfaces are these MAC addresses associated with? Source MAC address: 00:50:56:8b:ce:0c Destination MAC address: 00:50:56:8b:2e:4e Both addresses are associated with Ethernet0. a. Expand Internet Protocol Version 4 . Observe the source and destination IPv4 addresses. © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 25

Question: What are the source and destination IP addresses? Which network interfaces are these IP addresses associated with? Source IP address: 192.168.1.156 Destination IP Address: 192.168.1.1 Both addresses are associated with Ethernet0. b. Expand the User Datagram Protocol . Observe the source and destination ports. Question: What are the source and destination ports? What is the default DNS port number? Source Port: 50900 Destination Port: 53 Default DNS port number: 53 c. Open a Command Prompt and enter arp –a and ipconfig /all to record the MAC and IP addresses of the PC. C:\Users\Student> arp -a Interface: 192.168.1.10 --- 0x4 Internet Address Physical Address Type 192.168.1.1 cc-40-d0-18-a6-81 dynamic 192.168.1.122 b0-a7-37-46-70-bb dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 25

Observe the results. The flag is set to do the query recursively to query for the IP address to www.cisco.com. © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 25

Explore DNS Response Traffic Select the corresponding response DNS packet labeled Standard query response 0x0002 A www.cisco.com . Questions: What are the source and destination MAC and IP addresses and port numbers? How do they compare to the addresses in the DNS query packets? Source MAC address: 00:50:56:8b:2e:4e Destination MAC address: 00:50:56:8b:ce:0c Source IP address: 192.168.1.1 Destination IP address: 192.168.1.156 Source port: 53 Destination port: 50900 The source and destination MAC addresses are switched. The source and destination IP addresses are switched. The source and destination ports are also switched. Type your answers here. © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 25

Reflection Question 1. From the Wireshark results, what else can you learn about the network when you remove the filter? I can see all the other packets if I remove the filter. I can learn about other devices and functions within the LAN. Type your answers here. 2. How can an attacker use Wireshark to compromise your network security? The attacker can use Wireshark to observe the network traffic and get sensitive information in the packet details if the traffic is not encrypted. Type your answers here. End of Document Packet Tracer 6.2.7-Investigate NAT Operations. Post a screenshot of the completion screen below, make it the width of the page and answer the questions: Generate an HTTP request from any PC in the Central domain. Switch to Simulation mode and edit the filters to show only HTTP requests. Open the Web Browser of any PC in the Central domain and type the URL http://branchserver.pka and click Go . Minimize the browser window. Click Capture / Forward until the PDU is over D1 or D2 . Click on the most recent PDU in the Event List. Record the source and destination IP addresses. Question: To what devices do those addresses belong? Source IP address: 10.2.0.4 – PC1 Destination IP address: 64.100.200. – R4 © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 25

Type your answers here. Click Capture / Forward until the PDU is over R2 . Record the source and destination IP addresses in the outbound packet. Question: To what devices do those addresses belong? Source IP address: 64.100.100.3 – Not assigned to an interface. Destination IP address: 64.100.200.1 – R4 Type your answers here. Login to R2 from the CLI using the password class to enter privileged EXEC and issue the following command: Open configuration window R2# show run | include pool ip nat pool R2Pool 64.100.100.3 64.100.100.31 netmask 255.255.255.224 ip nat inside source list 1 pool R2Pool The address came from the NAT pool R2Pool . Click Capture / Forward until the PDU is over R4 . Record the source and destination IP addresses in the outbound packet. Question: To what devices do those addresses belong? Source IP address: 64.100.100.3 – R2Pool Destination IP address: 172.16.0.3 – BranchServer.pka Type your answers here. Click Capture / Forward until the PDU is over BranchServer.pka . Record the source and destination TCP port addresses in the outbound segment. Type your answers here. On both R2 and R4 , run the following command and match the IP addresses and ports recorded above to the correct line of output: R2# show ip nat translations R4# show ip nat translations Questions: What do the inside local IP addresses have in common? They are private IP addresses that are reserved for private use. Type your answers here. Did any private addresses cross the intranet? No private addresses crossed the intranet. Type your answers here. Close configuration window Click the Reset Simulation button and remain in Simulation Model. Investigate NAT Operation Across the Internet Generate an HTTP request from any computer in the home office. Open the Web Browser of any PC in the Home Office domain and type the URL http://centralserver.pka and click Go . © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 25

Where are the networks are inside global and inside local? The inside local addresses are on the LANs within each domain. The outside global addresses are from the WAN links to the internet and intranet. Type your answers here. On which devices are NAT services operating? What do they have in common? NAT services are operating on WRS, R2, and R4. They all connect internal LANs to outside networks that require routable IP addresses. Packet Tracer 6.4.5-Configure Static NAT. Post a screenshot of the completion screen below, make it the width of the page. Packet Tracer 6.5.6-Confgure Dynamic NAT. Post a screenshot of the completion screen below, make it the width of the page. © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 25

Packet Tracer 6.6.7-Configure PAT. Post a screenshot of the completion screen below, make it the width of the page. Netlab 6.8.2-Configure NAT for IPv4. Be sure to post your answers in red. 8. Topology © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 25

 2 Switches (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)  2 PCs (Windows with a terminal emulation program, such as Tera Term)  Console cables to configure the Cisco IOS devices via the console ports  Ethernet cables as shown in the topology 11. Instructions Build the Network and Configure Basic Device Settings In Part 1, you will set up the network topology and configure basic settings on the PC hosts and switches. Cable the network as shown in the topology (this is already completed for you) Attach the devices as shown in the topology diagram and cable as necessary. Configure basic settings for each router. Open configuration window Assign a device name to the router. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though they were host names. Assign class as the privileged EXEC encrypted password. Assign cisco as the console password and enable login. Assign cisco as the VTY password and enable login. Encrypt the plaintext passwords. Create a banner that warns anyone accessing the device that unauthorized access is prohibited. Configure interface IP addressing as specified in the table above. Configure a default route to R2 from R1. Save the running configuration to the startup configuration file. Close configuration window Configure basic settings for each switch. Open configuration window Assign a device name to the switch. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though they were host names. Assign class as the privileged EXEC encrypted password. Assign cisco as the console password and enable login. Assign cisco as the VTY password and enable login. Encrypt the plaintext passwords. Create a banner that warns anyone accessing the device that unauthorized access is prohibited. Shutdown all interfaces that will not be used. Configure interface IP addressing as specified in the table above. Save the running configuration to the startup configuration file. Close configuration window Configure and verify NAT for IPv4 In Part 2, you will configure and verify NAT for IPv4. © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 25

Configure NAT on R1 using a pool of three addresses, 209.165.200.226-209.165.200.228. Open configuration window Configure a simple access list that defines what hosts are going to be allowed for translation. In this case, all devices on the R1 LAN are eligible for translation. R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Create the NAT pool, and give it a name and a range of addresses to use. R1(config)# ip nat pool PUBLIC_ACCESS 209.165.200.226 209.165.200.228 netmask 255.255.255.248 Note : The netmask parameter is not an IP address delimiter. It should be the correct subnet mask for the addresses being assigned, even if you are not using all the subnet addresses in the pool. Configure the translation, associating the ACL and Pool to the translation process. R1(config)# ip nat inside source list 1 pool PUBLIC_ACCESS Note : Three very important points. First, the word ‘inside’ is critical to the operation of this kind of NAT. If you omit it, NAT will not work. Second, the list number is the ACL number configured in a previous step. Third, the pool name is case-sensitive. Define the inside interface. R1(config)# interface g0/0/1 R1(config-if)# ip nat inside Define the outside interface. R1(config)# interface g0/0/0 R1(config-if)# ip nat outside Test and Verify the configuration. From PC-B, ping the Lo1 interface (209.165.200.1) on R2. If the ping was unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on R1 with the command show ip nat translations . R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.200.226 192.168.1.3 --- --- icmp 209.165.200.226:1 192.168.1.3:1 209.165.200.1:1 209.165.200.1:1 Total number of translations: 2 Questions: What was the inside local address of PC-B translated to? Type your answers here. What type of NAT address is the translated address? Type your answers here. From PC-A, ping the Lo1 interface ( 209.165.200.1 ) on R2. If the ping was unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on R1 with the command show ip nat translations. R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.200.227 192.168.1.2 --- --- --- 209.165.200.226 192.168.1.3 --- --- icmp 209.165.200.227:1 192.168.1.2:1 209.165.200.1:1 209.165.200.1:1 icmp 209.165.200.226:1 192.168.1.3:1 209.165.200.1:1 209.165.200.1:1 Total number of translations: 4 Notice that the previous translation for PC-B is still in the table. From S1, ping the Lo1 interface ( 209.165.200.1 ) on R2. If the ping was unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on R1 with the command show ip nat translations . © 2023 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 20 of 25