Unit :- 4

Practical :-1

AIM :- Draw various Security Topology.

 DMZ (Demilitarized zone) :-

 VLAN (Virtual Local Area Network) :-

 Internet :-

 Intranet :-
 Practical :-2

AIM :- Demonstrate traffic analysis of different network protocols using

tool Ex..Wire-shark.

1.Open Wireshark =Click the "Capture" menu, then click "Interfaces." A small window
with all of your networking interfaces will appear. If you use any network traffic, you will
start to see packets coming in.

2).Click the "Start" button to start recording network traffic.

3).Stop monitoring traffic. Go to the "Capture" menu again and then click "Stop."
Stopping the traffic will allow you to analyze it better. However, you can let the program
continue monitoring traffic while you go through the packets.

4).Analyze the list of packets. You can monitor many different things with WireShark.
 Check to see if there are any unwanted packets being sent or received from your
computer. These could include someone you don't want on the network or even a
program that shouldn't be using network traffic.
 Monitor how often a program uses your network. For example, how often does a
Windows Update check for updates?
 Find out what program is taking up all of your network traffic and bogging down
the network.
 Practical :- 3

AIM :- Demonstrate Sniffing using packet tool. Ex..Snort.

Introduction With Snort

Snort Report is a graphical interface to the alerts generated by a Snort intrusion detection
system and stored in a database.
These notes presuppose that you have successfully installed Snort as we did with Notes
#8, and that you have successfully configured MySQL and Barnyard2 to store the results
of Snort as per Notes

Use Snort as a sniffer

Although there exist more full-featured sniffer tools
like tcpdump, ethereal and wireshark, it’s also possible to quickly look at the
network traffic on a Snort sensor with Snort. The sniffer output is actually very
easy to read and some may prefer it for quick captures. One of the nice features is
the network traffic summary at the end of the capture. A quick overview of the
other Snort modes is located here.

Enable sniffer mode for Snort using the –v flag

#snort –v
Upon startup, Snort displays the mode, the logging directory and the interface it is
currently listening on. If you want to listen on a different interface, use the –i flag,
like i- eth1. Then Snort begins to dump the packets to the screen. To stop the sniffer
mode, use Ctrl-C. Snort will stop and generate a summary of packets captured,
including the protocols and other statistics, like packet fragmentation.

To display application data, use the –d flag. This option provides even more detailed
output. The application data is clearly visible and you can see the plain text within
the packets.

# snort -vd
To view even more details and get results similar to tcpdump (including the data
link layer headers), use the –e flag as well. Using the –d and –e options will display
almost all the data within the packet.

# snort -vde
Most networks will generate a huge load off traffic and the Snort sniffer output to
the screen will scroll by too fast. So it’s better to redirect the output to a log file
instead.

# snort –vde > temp.log

You could also use Snort in packet-logger mode, a mode we will discuss in another
article.

In summary, here are the available runtime switches to use with Snort in sniffer
mode (other Snort swithes can be found here)

-v Dump packets headers to the standard output

-d Dump packet payloads

-a Display ARP packets

-e Display link layer data

These switches can be run individually or in combination with each other, whatever
works best for your situation.

Use Snort as a sniffer

Although there exist more full-featured sniffer tools
like tcpdump, ethereal and wireshark, it’s also possible to quickly look at the
network traffic on a Snort sensor with Snort. The sniffer output is actually very
easy to read and some may prefer it for quick captures. One of the nice features is
the network traffic summary at the end of the capture. A quick overview of the
other Snort modes is located here.

Enable sniffer mode for Snort using the –v flag

#snort –v
Upon startup, Snort displays the mode, the logging directory and the interface it is
currently listening on. If you want to listen on a different interface, use the –i flag,
like i- eth1. Then Snort begins to dump the packets to the screen. To stop the sniffer
mode, use Ctrl-C. Snort will stop and generate a summary of packets captured,
including the protocols and other statistics, like packet fragmentation.

To display application data, use the –d flag. This option provides even more detailed
output. The application data is clearly visible and you can see the plain text within
the packets.

# snort -vd
To view even more details and get results similar to tcpdump (including the data
link layer headers), use the –e flag as well. Using the –d and –e options will display
almost all the data within the packet.

# snort -vde
Most networks will generate a huge load off traffic and the Snort sniffer output to
the screen will scroll by too fast. So it’s better to redirect the output to a log file
instead.

# snort –vde > temp.log

You could also use Snort in packet-logger mode, a mode we will discuss in another
article.

In summary, here are the available runtime switches to use with Snort in sniffer
mode (other Snort swithes can be found here)

-v Dump packets headers to the standard output

-d Dump packet payloads

-a Display ARP packets

-e Display link layer data

These switches can be run individually or in combination with each other, whatever
works best for your situation.

A network IDS should be placed so that it can monitor all network traffic.
 Practical :- 4

AIM :- Configure your e-mail account against various threats..

How to Encrypt Email Connections

To secure the connection between your email provider and your computer or other
device, you need to set up Secure Socket Layer (SSL) and Transport Layer Security
(TLS) encryption--the same protection scheme that you depend on when checking
your bank account or making online purchases.
If you check your email with a Web browser (whether on a desktop, a laptop, a
smartphone, or a tablet), take a moment to ensure that SSL/TLS encryption is active.
If it is, the website address (URL) will begin with https instead of http; depending on
your browser, you should see some additional indication, such as a notification next
to the address bar or a small yellow padlock icon on the status bar at the bottom of
the browser window.
if you don't see an 'https' address and other indicators after logging into your
Web-based email program, type an s at the end of the 'http' and press Enter. If your
email provider supports SSL/TLS, that instruction will usually prompt it to encrypt
your current connection. Then browse your account settings to see whether you can
activate encryption by default for future logins, and whether you can create or
modify bookmarks or shortcuts to your email site using the 'https' address. If you
can't force the encryption, check with your provider as they may not support
SSL/TLS.
If you use a desktop client program like Microsoft Outlook to check your email, or if
you use an email app on your smartphone or tablet, you should still try to use
SSL/TLS encryption--but in such situations, encryption is harder to verify or to set
up. To do it, open your email program or app and navigate to the settings menu;
there, your account will likely be labeled as a POP/SMTP, IMAP/SMTP, HTTP or
Exchange account. Look for an option to activate encryption; it's usually in the
advanced settings near where you can specify the port numbers for incoming and
outgoing connections.

If you use an Exchange email account for work, for example, you'll find a designated
area for security settings where you can clearly see whether encryption/security is
enabled for the incoming and outgoing connections and for your Exchange account.
If it isn't enabled, check with your email provider to see whether the provider
supports encryption, and consider switching to a service that allows SSL/TLS
encryption
Outlook 2013 Secure Email Setup :

If you currently have an email account set up in your Outlook 2013 email program,
we recommend following the steps outlined in Editing an Existing Email Account
Profile.

However, if you are adding a brand new email account for yourself or a new
employee, please follow the steps involved to Adding a New Email Account.

Adding a New Email Account

Use these steps if you are adding a brand new e-mail account profile to Outlook
2013.

1. Open Outlook and go to its "File" menu

2. Then proceed to "Info" and click the "Add Account" button.

You will see a window similar to the following image. Normally, this window is
where you will add your email credentials. However, for this tutorial we will bypass
this window briefly.

To continue:

3. Click on the radio button towards the lower left hand corner of the window
which reads "Manual setup or additional server types."
4. Click "Next"
5. On the following window, select the "Pop or IMAP" radio button
6. Click Next
 7. Fill out your email account information as specified in your welcome email
and select your preference of POP3 or IMAP account types.

Note: Check with your IT personnel if you are not sure whether you are using POP3
or IMAP. Most people use POP3.

8. Click on "More Settings"

Additional Information: When specifying your email logon User Name, be sure to
use the entire email address. (i.e. user@domain.com)

Also, for incoming and outgoing mail servers, you will

specify mail.[your-domain].com for both servers.

You may receive a warning about the server's security. This is due to the entered
domain not having its own SSL certificate and the warning is just advising that the
security certificate for mail.[your-domain].com could not be found. However,
since you are on a shared mailserver, the SSL certificate is in fact present; it's just
installed on 3dcart's mailserver name.

The warning itself may be ignored because the server still requires authentication
and is therefore secure in that respect. However, if you would like to eliminate the
warning altogether, you can use the appropriate mail.3dcartstores.com for your
account. Please refer to your welcome email for the appropriate 3dcartstore.com
mailserver to use.

9. After clicking the "More Settings" button, click on the "Outgoing Server" tab.
10. Place a check in the box labeled "My outgoing server (SMTP) requires
authentication"
11. Select the radio button labeled "Use same settings as my incoming mail
server"

12. Now, click on the "Advanced" tab

13. Place a check in the box labeled "This server requires an encrypted
connection (SSL) for the incoming server.
14. Select "SSL" from the drop down located near to the outgoing server.
15. Specify the following ports for both servers as shown:
o Incoming POP3 Port: 995 (If using IMAP; Port 993)
o Outgoing SMTP Port: 465
 16. Click "OK"

You will now be taken back to the Internet E-mail Settings window (where you
previously entered your account information).

17. Click on the "Test Account Settings ..." button to send a test email via the new
account.
The E-mail program will now make a test connection to the server and send you a
test message.

Note: During the test, you may receive a warning about the server's security. This is
due to the entered domain not having its own SSL certificate and the warning is just
advising that the security certificate for mail.[your-domain].com could not be
found. However, since you are on a shared mailserver, the SSL certificate is in fact
present; it's just installed on 3dcart's mailserver name.

The warning itself may be ignored because the server still requires authentication
and is therefore secure in that respect. However, if you would like to eliminate the
warning altogether, you can use the appropriate mail.3dcartstores.com for your
account. Please refer to your welcome email for the appropriate 3dcartstore.com
mailserver to use.

18. Click "Next" to complete the setup.