Authentication_Lab_Report
docx
keyboard_arrow_up
School
University of Cincinnati, Main Campus *
*We aren’t endorsed by this school
Course
IT 3071
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
5
Uploaded by EarlGalaxy13424
Network Security Lab Report
Lab Title: Managing Authentication
Name: Imaan Movania
Network Diagram(s)
System Information
VM Name
Operating System
IP Address
FQDN
Role/Purpose
RT1-
Local
VyOS Router
Router
DC1
Windows 10.1.0.1
DC1.corp.515support.com
DNS, AD
Ohio Cyber Range Institute, University of Cincinnati
Server 2016
MS1
Windows Server 2016
10.1.0.101
MS1.corp.515support.com
Client PC
PC1
Windows 10
10.1.0.2
PC1.corp.515support.com
Domain joined web server
LX1
CentOS Linux
10.1.0.10
LX1.corp.515support.com
Linux machine
Objective
The main objective of this lab is to observe all the different authentication mechanisms, and how you can utilize them on a network. We look at ways that our data is unprotected, how we can encrypt it further and save ourselves however that other techniques pose threats. However, we also focus on user authentication in the second half of the lab, we look at methods taken to give and revoke certain task access to users, move them around groups and create a fake user to throw off threats from the administrator. Depending on the system and the network, we come across many detailed user authentication techniques, and we investigate each one.
Procedure
Setup on LX1:
-
Login onto system and create a new user and password.
-
Then start up your FTP service, allow the FTP through the firewall and verify that it Is up and running.
Observing on PC1:
-
Log onto PC1 and open Wireshark and start a capture.
-
With the capture recording, open WinSCP and log onto it using LX1 credentials.
Ohio Cyber Range Institute, University of Cincinnati
-
Stop your Wireshark capture, filter it to ftp and see that you can easily see people’s passwords.
SSL/TLS Encryption:
-
Now, go back to your LX1 where we create a private key and create a certificate.
-
We will then edit the certificate, which will allow SSL and point the certificate and key that was just made, as well as we will disable anonymous logins and the user can only use a SSL connection.
-
Repeat the process on what you did for observing PC1, but use file protocol SFTP and port 22. -
Nothing will show up on the ftp filter, but if you use ssh you will see the packets however no actual password can be seen.
Extra Security to SSH login, creating public/private key pair:
-
Now we go back on our PC1, open up WINSCP and utilize PuTTYgen.
-
We will create a pair of public and private key, saving the private key and leaving the public key as we’ll be back for it.
-
Using PuTTy and the Linux credentials we will create a directory to store the keys and a new file for our public key.
-
Copy and paste your public key into the file and save it.
-
Go back to WinSCP, using file protocol SFTP and in advanced go to SSH and then authentication and insert your private key.
-
You will be logged in using your private key and not your password, this method can also be used for secure SSH connections on servers as well.
Discussion This lab was genuinely quite interesting, I think that learning more about the ways to protect yourself and that we need to realize that we sometimes are exposing our data to others, unknowingly and that it is super easy to access that information; it was an eye-opener for me. Ohio Cyber Range Institute, University of Cincinnati
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
I have a certain familiarity with user authentication, but looking at all the options and policies that you can apply for people seem to be so useful and on top of that there is even an option for you to create your own custom policies. I think that this lab was a bit of an introspective and really informative, I now know how to encrypt my data and utilize a SSL tunnel and also rename admins, add users
to groups and apply policies to them.
Lab Questions
1.
What are some advantages and disadvantages to using local authentication for a system?
Some advantages are the simplicity, you don’t need to rely on external servers or services which makes it for smaller environments, and you can
get offline access. Some disadvantages are the scalability is limited and you have security concerns, and the policies are less robust.
2.
What flaws do you think there could be to when using a public/private key pair for authentication? Some flaws that I can think of are the management of the keys, even in the lab it’s mentioned that you should remember where you place your private key; poor management skills can either allow unauthorized access
or no access whatsoever. Revoking the key might be more difficult, especially if the keys in question have been compromised.
3.
Best practices recommend concealing an Administrator account for a system. In this lab, we changed the name of the domain admin account. Do you think this will stop a skilled hacker from identifying this account? Explain why or why not. (Hint: SID)
I definitely think it would not stop a skilled hacker, it is just a simple name
change and they would go out of their way to figure out which user is which and see that the administrator is poorly concealed.
4.
Explain what purposes you might use organizational units in a directory. (Hint: They are several)
Ohio Cyber Range Institute, University of Cincinnati
Organizational units can be used just for simple organization and will allow you to make a hierarchy that makes sense and it easy to navigate and configure. In the lab we also created an OU for the admins, adding other users to it and applied certain policies to them so that in itself is an advantage. With the certain policies applied to certain groups of users you are creating another layer of security by controlling what resources they have access too.
Ohio Cyber Range Institute, University of Cincinnati