CSN500 - Final Practical Evaluation-2217 - B

NDD430 Final Practical Evaluation Fall 2021 This test was released on Monday, December 6, 2021 at 12:00am EST This test must be submitted by Tuesday, December 7, 2021 at 11:59pm EST Part 1 – Single User (Local Client) This part of the test does not require a partner to complete. Plan your time accordingly. Preparation 1. Start all four of your virtual machines and ensure they are working properly. 2. On the Windows client machine (az-wc), flush your DNS cache (ipconfig /flushdns ) and clear the client’s browser cache. 3. On the router (az-lr), execute iptables Scenario0.sh This will allow all of the services for the assessment. NO IPTABLES LOGGING AT THIS POINT. 4. Execute the following commands on your router: tcpdump -i any “net 192.168.0.0/16 or 172.16.0.0/16” -w singleuser- [myseneca_id] .pcap & 1a. Service Testing – Successful Transactions Test the following services by accessing them from your Windows client. Unless otherwise specified, you must access all services using a FQDN. It is assumed in this part of the evaluation that your az-wc machine can connect successfully to all of your services. 1. In a browser, load a webpage from your Apache server 2. In a browser, load a webpage from your IIS server 3. Transfer a file via FTP to your client 4. RDP into your Windows server 5. SSH into your router 6. SSH into your Linux server 7. Login to your MySQL database server 8. Send an e-mail from Hank to Logan 1b. Service Testing – Dropped Transactions Edit Scenario0 to block the services listed below and use a log prefix that matches the name of the service. For example, if you are asked to drop the FTP service, use a log prefix of “Dropped- FTP”. Call this script Scenario1b.sh 1. APACHE by destination port 2. RDP by source port 3. SSH to az-ls by destination port Test the blocked services above from your Windows client using an FQDN . Once you have completed attempting to connect to the dropped services, stop the capture of singleuser- [myseneca_id] .pcap. 1 Last modified: December 11, 2023

NDD430 Final Practical Evaluation Fall 2021 1c. Creation of Log Files Using the capture file singleuser- [myseneca_id] .pcap , mark all the packets that show a complete transaction of each successful service. Export them to a file called success1- [myseneca_id] .pcap . The table below shows the packets that need to be included in this file: Successful Transactions -- success1-[ myseneca_id ].pcap (22 packets total) Source Address Destination Address Source Port Destination Port Your Client Your Windows Server RANDOM(1) 3389 Your Windows Server Your Client 3389 RANDOM(1) Your Client Your Windows Server RANDOM(2) 80 Your Windows Server Your Client 80 RANDOM(2) Your Client Your Windows Server RANDOM(3) 21 Your Windows Server Your Client 21 RANDOM(3) Your Client Your Windows Server RANDOM(4) FTP data port Your Windows Server Your Client FTP data port RANDOM(4) Your Client Your Windows Server RANDOM(5) 53 (IIS request) Your Windows Server Your Client 53 (IIS response) RANDOM(5) Your Client Your Linux Server RANDOM(6) 3306 Your Linux Server Your Client 3306 RANDOM(6) Your Client Your Linux Server RANDOM(7) 22 Your Linux Server Your Client 22 RANDOM(7) Your Linux Server Your Client 80 RANDOM(8) Your Client Your Linux Server RANDOM(8) 80 Your Client Your Linux Server RANDOM(9) IMAP Your Linux Server Your Client IMAP RANDOM(9) Your Client Your Linux Server RANDOM(10) SMTP Your Linux Server Your Client SMTP RANDOM(10) Your Client Your Router RANDOM(11) 21XX Your Router Your Client 21XX RANDOM(11) 2 Last modified: December 11, 2023

NDD430 Final Practical Evaluation Fall 2021 Part 2 – Multiple Users (External Clients) This part of the test requires a partner to complete. Plan your time accordingly. Preparation 1. Start all of your virtual machines and ensure they are working properly. 2. On the Windows client machine (az-wc), flush your DNS cache (ipconfig /flushdns ) and clear the client’s browser cache. 3. On the router (az-lr), execute iptables Scenario5-1.sh . This will allow all of the services for the assessment. NO LOGGING AT THIS POINT. 4. Execute the following commands on your router: tcpdump -i any “net 192.168.0.0/16 or 172.16.0.0/16” -w multiuser- [myseneca_id] .pcap & 2a. Service Testing – Successful Transactions Test the following services by having a partner access them from their Windows client. They will access all of your services by IP address, using your router as a jump server. It is assumed in this part of the evaluation that your az-wc machine can connect successfully to all of your services. 1. In a browser, load a webpage from your Apache server 2. In a browser, load a webpage from your IIS server 3. RDP into your Windows server 4. SSH into your router 5. SSH into your Linux server 6. Login to your MySQL database server 2b. Service Testing – Dropped Transactions Edit Scenario5-1.sh to block the services listed below and use a log prefix that matches the name of the service. For example, if you are asked to drop the FTP service, use a log prefix of “Dropped-FTP”. Call this script Scenario5-2b.sh 1. IIS to the Linux server by source port 2. MySQL by source port Have your partner test the blocked services above from their Windows client. They will access the blocked services by IP address, using your router as a jump server. It is assumed in this part of the evaluation that your partner’s Windows client cannot successfully connect to the services above. Once you have completed attempting to connect to the dropped services, stop the capture of multiuser- [myseneca_id] .pcap. 4 Last modified: December 11, 2023

NDD430 Final Practical Evaluation Fall 2021 2c. Creation of Log Files Using the capture file multiuser- [myseneca_id] .pcap , mark all the packets that show a complete transaction of each successful service. Export them to a file called success2- [myseneca_id] .pcap . The table below shows the packets that need to be included in this file: Successful Transactions – success2-[ myseneca_id ].pcap (22 packets total) Source Address Destination Address Source Port Destination Port Partner’s Client Your Router RANDOM(15) 89XX Your Router Your Windows Server RANDOM(15) 3389 Your Windows Server Your Router 3389 RANDOM(15) Your Router Partner’s Client 89XX RANDOM(15) Partner’s Client Your Router RANDOM(16) 80XX Your Router Your Windows Server RANDOM(16) 80 Your Windows Server Your Router 80 RANDOM(16) Your Router Partner’s Client 80XX RANDOM(16) Partner’s Client Your Router RANDOM(17) 81XX Your Router Your Linux Server RANDOM(17) 80 Your Linux Server Your Router 80 RANDOM(17) Your Router Partner’s Client 81XX RANDOM(17) Partner’s Client Your Router RANDOM(18) 36XX Your Router Your Linux Server RANDOM(18) 3306 Your Linux Server Your Router 3306 RANDOM(18) Your Router Partner’s Client 36XX RANDOM(18) Partner’s Client Your Router RANDOM(19) 22XX Your Router Your Linux Server RANDOM(19) 22 Your Linux Server Your Router 22 RANDOM(19) Your Router Partner’s Client 22XX RANDOM(19) Partner’s Client Your Router RANDOM(20) 21XX Your Router Partner’s Client 21XX RANDOM(20) 5 Last modified: December 11, 2023

NDD430 Final Practical Evaluation Fall 2021 Part 3 – Submission Blackboard Submission Submit all .pcap/pcapng and .log files created during this assessment as separate, non-zipped files . This includes: 1. singleuser- [myseneca_id] .pcap 2. success1- [myseneca_id] .pcap 3. droplog1- [myseneca_id] .log 4. dropped1- [myseneca_id] .pcapng 5. multiuser- [myseneca_id] .pcap 6. success2- [myseneca_id] .pcap 7. droplog2- [myseneca_id] .log 8. dropped2- [myseneca_id] .pcapng 9. Scenario0.sh .txt 10. Scenario0-1b.sh .txt 11. Scenario5-1.sh .txt 12. Scenario5-2b.sh .txt 7 Last modified: December 11, 2023