School of Information Systems

IS302: Lab Exercise

Week 11
Version 3.2
March 2012
SINGAPORE MANAGEMENT UNIVERSITY
SCHOOL OF INFORMATION SYSTEMS
IS302 INFORMATION SECURITY AND TRUST
LABORATORY SETUP ( 10 minutes)
For the following lab exercises, two virtual operating systems, IST Windows XP and IST inux have been
created! "ou will be using these # virtual machines to run the lab tools and applications! These # guest operating
systems are running in a closed networ$ %with different IP addresses& within the same physical machine!
'ourse( IS )*# Information Security and Trust Page #
IST Windows XP IST inux
ab Physical +ost ,achine
Using the Vit!"# O$e"ting S%ste&
-! When the virtual machines first starts up if you see the following prompt, select .I copied it/!
#! "ou will see the following when both virtual machines load successfully!
)! Select IST ab Windows XP by clic$ing on .IST ab Windows XP/ button located at the bottom left
hand corner of the screen! Similarly, select IST ab inux by clic$ing on .IST ab inux/!
0! To use the 1irtual ,achine, simply clic$ within the image screen! To release control bac$ to the host
machine, use Shi't(Ct#(A#t!
'ourse( IS )*# Information Security and Trust Page )
IS302 INFORMATION SECURITY AND TRUST
LA)ORATORY E*ERCISE A
+INDO+S AND LINU* PASS+ORD
1 OBJECTIVE AND LEARNING OUTCOMES
11 OBJECTIVE
The ob2ective of this exercise is to learn about the importance of secure passwords in Windows and inux!
1! LEARNING OUTCOMES
3t the end of the laboratory session, students should be able to(
-! 4un brute force attac$s on Windows and 5nix passwords
#! Implement secure passwords for systems!
! LABORATORY E"ERCISE
!1 #in$%&s P'ss&%($) O*+,(',- (!0 minutes)
-! 'lic$ on the IST Windows XP virtual machine to get focus and clic$ .5ser/ to log in!
#! 6o to Start78'ontrol Panel785ser 3ccounts in the IST Windows XP 1irtual machine!
9xercise -( ist the accounts in the IST Windows XP!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
)! ;pen command prompt! 4un the command ipconfig!
9xercise #( What is the IP address of IST Windows XP<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'ourse( IS )*# Information Security and Trust Page 0
0! To start brea$ing the IST Windows XP virtual machine=s passwords, we will first boot into the ;phcrac$
boot image that has been preloaded! The following steps will configure the IST Windows XP to boot up
from ;phcrac$ '> image!
a! Select IST ab Windows XP! Press Shift7'trl73lt to release control to the host machine! 'lic$
4emovable >evices78'>?>1>%I>9&! Select .File system/ in the left panel, and then select
@opt@data@vm@ist:winxp:6X@ophcrac$7livecd7-!#!#!iso, %where AX= is your section number& and
clic$ ;pen! This will attached the virtual '>74;, that is preloaded with the ;phcrac$ boot
image! If prompted to select program to open '>74;,, clic$ 'ancel!
b! 6o to Start78 Turn ;ff! 'lic$ 49ST34T to reboot the IST ab Windows XP! %I,P;4T3BT(
>; B;T S99'T T54B ;FF&
C! When the IST ab Windows XP restarts, the ;phcrac$ ive'> image will be loaded! Select the first
option by hitting enter!
'ourse( IS )*# Information Security and Trust Page C
D! The ;phcrac$ image ta$es approximately #7) minutes to load! 3fter the loading image, it will proceed
to crac$ the Windows passwords!
9xercise )( What is the BTPasswd for bob and 3dministrator<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
E! ;nce you get the password for bob and 3dministrator you can stop ;phcrac$ by clic$ing .Stop/ and
then .9xit/ to end ophcrac$!
F! In the terminal below, type Ente
G! The terminal will prompt for shutdown! Type .n/ and Ente! %I,P;4T3BT( >; B;T T"P9 .y/&
'ourse( IS )*# Information Security and Trust Page D
-*! Press Shift7'trl73lt to return control to the host machine! 'lic$ 1,78 4emovable >evices78
'>?>1>%I>9& and clic$ >isconnect to disable the virtual '>74;,! If prompted to .>isconnect
anyway %and override the loc$&</ clic$ ."es/! This is to allow IST ab Windows XP to reboot bac$ to
Windows XP!
--! 'lic$ on the IST ab Windows XP and enter .reboot/ and hit enter! IST ab Windows XP will now
reboot bac$ to Windows XP!
'ourse( IS )*# Information Security and Trust Page E
!. Linu/ P'ss&%($)J%+n t+e Ri**e( (!0 minutes)
-! 'lic$ on the IST ab inux virtual machine to get focus and login with the following credentials!
5sername( root, Password( passwd
#! In the IST inux virtual machine, clic$ on 'omputer, located at the lower left hand corner! Select
6nome Terminal!
)! In the command shell, enter the command( ifconfig
9xercise 0( What is the IP address of IST ab inux<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
0! In the command shell, enter the command( cd HSP3'9I 2ohn?run! %Bote( HSP3'9I refers to single white
space!&
C! 4un the following command to get the password hashes and save it in a file .pwdfile/! This is to
combine the password information from the ?etc?passwd and ?etc?shadow files into a single password
file, pwdfile!
'ourse( IS )*# Information Security and Trust Page F
!?unshadow HSP3'9I ?etc?passwd HSP3'9I ?etc?shadow 8 pwdfile
D! 4un John The 4ipper to crac$ the password for user .bob/ using the following command!
!?2ohn HSP3'9IKuserLbob HSP3'9I pwdfile
9xercise C( What is bob=s password<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9xercise D( +ow much time does it ta$e to crac$ the password<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9xercise E( +ow would you change the password to ma$e it less susceptible to brute7force dictionary attac$<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
!0 St(%n1 P'ss&%($ Settin1s
-! 'onfigure a strong password for bob that you thin$ will be resilient to dictionary attac$! The following
commands changes the password for user .bob/!
passwd HSP3'9I bob
"ou will be prompted to enter your password twice to confirm the password change for user bob! If the
password you entered is too simple, inux will show a warning message! If you want to $eep the password,
you can ignore the message and proceed to enter your password again to confirm the change!
#! 4un the following command to get the password hashes and save it in a file .pwdfile/!
!?unshadow HSP3'9I ?etc?passwd HSP3'9I ?etc?shadow 8 pwdfile
)! 4un John to ripper to crac$ the password for user .bob/ using the following command!
!?2ohn HSP3'9IKuserLbob HSP3'9I pwdfile
"ou can type Ctrl-C to stop the password crac$ing process!
9xercise G( Is your password crac$ed successfully< If so, how long did it ta$e<
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
79B> ;F 3M 37
'ourse( IS )*# Information Security and Trust Page G
SINGAPORE MANAGEMENT UNIVERSITY
SCHOOL OF INFORMATION SYSTEMS
IS302 INFORMATION SECURITY AND TRUST
LA)ORATORY E*ERCISE )
FIRE+ALL AND INTRUSION DETECTION SYSTEMS
1 OBJECTIVE AND LEARNING OUTCOMES
11 OBJECTIVE
The ob2ective of this exercise is to learn about the functions of firewall and intrusion detection system!
1! LEARNING OUTCOMES
3t the end of the laboratory session, students should be able to(
)! Identify port scan attac$ trace in Snort I>S!
0! 'onfigure firewall using "3ST Firewall ,anager in inux!
! LABORATORY E"ERCISE
!! St'(t Sn%(t IDS %n IST Linu/ (10 minutes)
-! 'lic$ on the IST inux virtual machine to get focus and login with the following credentials if you are
not already logged on!
5sername( root, Password( passwd
-#! In IST inux virtual machine, clic$ on 'omputer, located at the lower left hand corner! Select 6nome
Terminal!
-)! Start the Snort I>S with the following command(
'ourse( IS )*# Information Security and Trust Page -*
snort HSP3'9I Kc HSP3'9I ?etc?snort?snortlab!conf HSP3'9I K3 HSP3'9I fast
Snort is now monitoring the pac$ets sent and received by IST inux! >o not close the terminal! In the next
section we will launch a port scan from IST Windows XP and later examine the alert Snort captures!
!. L'un,+ P%(t S,'n 2(%m IST #in$%&s "P (10 minutes)
Port scans are used by attac$ers to gather information about the services that are running on the targeted
server! This information is important to attac$ers as it will determine the methods used to compromise the
targeted server!
In the following steps, we will launch a port scan from IST Windows XP to find out the listening ports
running on IST inux!
-! 'lic$ on IST Windows XP virtual machine to get focus and clic$ .5ser/ to log in if you have not already
logged in!
-0! 'lic$ in the N&"$ icon, ! Bmap is an open source port scanning tool that is freNuently used
to scan for hosts and services in a networ$!
-C! 9nter the IST ab inux IP address, you noted in 3M 3 9xercise 0! Select .4egular Scan/ in the
Profile field! 'lic$ S,"n to start scanning!
9xercise #( ist the ports and services that are opened on IST inux!
'ourse( IS )*# Information Security and Trust Page --
4eplace this with
the IP noted in
3M 3 9xercise 0
!0 Vie& Sn%(t A3e(ts (10 minutes)
"ou have 2ust launch a port scan in the previous sectionO we will now examine the alert log capture by Snort!
-! 'lic$ on the IST inux image to get focus!
#! Stop the Snort I>S by typing .ctrl7'/ on the terminal!
-D! 1iew the Snort alerts using a inux text editor, 6edit with the following command!
geditHspaceI?var?log?snort?alert
9xercise )( What important information can you get about an attac$ from the alert log<
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9xercise 0( >iscuss how Snort detects the port scan! H+int( http(??www!dslreports!com?faN?-E-I
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9xercise C( What do you suggest as a counter7measure to port scan attac$s<
!4 En'53e 6i(e&'33 (14 minutes)
In this section, we will enable the firewall on IST inux as a counter7measure to the port scan attac$s! My
default, when the firewall is enabled all ports will be bloc$ed! 3ny incoming traffic will be dropped by the
firewall!
-! ;pen the "aST Firewall ,anager as follows
a! 'lic$ on 'omputer, located at the lower left hand corner!
b! 'lic$ on "aST
c! 'lic$ on Security and 5sers
d! >ouble clic$ on Firewall!
'ourse( IS )*# Information Security and Trust Page -#
-E! 9nable the firewall
-F! 'lic$ on Start Firewall Bow and then clic$ Bext!
'ourse( IS )*# Information Security and Trust Page -)
-G! 'lic$ 3ccept! The firewall is now enabled and will bloc$ all incoming traffic to IST inux!
#*! We shall now verify that the firewall is indeed enabled and dropping all incoming traffic by running the
port scan from IST Windows XP again! 'lic$ on IST Windows XP virtual machine to get focus and start
B,ap to run a regular port scan on IST inux again!
9xercise D( ist the ports and services that are opened on IST inux!
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9xercise E( +as the number of open ports been reduced< Why<
!4 C%n2i1u(e 6i(e&'33 t% A33%& Aut+%(i7e$ T('22i, (14 minutes)
The IST inux virtual machine is running as a web server! +ence, it will need to allow users access to the
port F* %+TTP&! In the following section, we will configure the firewall to allow +TTP access on the IST
inux server!
-! et us first verify that port F* on the IST inux virtual machine is not accessible from IST Windows XP!
'lic$ on the IST Windows XP virtual machine to get focus! In the IST Windows XP, got to Start7
8Internet 9xplorer to open the Internet 9xplorer browser! 6o to the IST inux webpage! %4efer to 3M
3 9xercise 0 for the IST inux IP address!& 9!g! http(??-E#!-D!G#!-0C
#-! 'lic$ on the IST inux virtual machine to get focus! In IST inux, open the "aST Firewall ,anager!
##! 'lic$ on .3llowed Services/ located at the left hand frame
#)! 5nder Service to 3llow, select +TTP Server and clic$ 3dd!
'ourse( IS )*# Information Security and Trust Page -0
#0! 'lic$ Bext and 3ccept to finish the configuration! +TTP port F* is now configured as an allowed
service on the firewall! The firewall will now drop all incoming traffic except for port F* traffic!
9xercise F( 'an you access the IST inux webpage from IST WinXP after configuring the firewall<
. Dis,ussi%n (O*ti%n'3)
-! >esign a secure white list firewall policy for a server %-*!-*!G!-& with the following reNuirements(
3llow potential external clients to access the website hosted on port F* of the server which
provides product and company information!
3llow the administrator to remotely manage the server from the IP address -*!-*!-*!- using
SS+ %port ##&!
Mased on the information above, complete the IP filter table shown below!
Source IP Source Port >estination IP >estination Port 3llow?>eny
3ny 3ny 3llow
3ny 3llow
3ny 3ny 3ny 3ny >eny
#! The company plans to implement an Intrusion >etection System! The networ$ diagram below depicts the
current networ$ design of the company! Mase on the diagram belowO discuss where the intrusion detection
system should be deployed!
79B> 3M M7
'ourse( IS )*# Information Security and Trust Page -C