Вы находитесь на странице: 1из 15

CCNA Security

Chapter 1 Lab A: Researching Network Attacks and Security Audit


Tools
Objectives
Part 1: Researching Network Attacks

Research network attacks that have occurred.

Select a network attack and develop a report for presentation to the class.

Part 2: Researching Security Audit Tools

Research network security audit tools.

Select a tool and develop a report for presentation to the class.

Background/Scenario
Network attacks have resulted in the loss of sensitive data and significant network downtime. When a network
or the resources within it are inaccessible, worker productivity can suffer, and business income may be lost.
Attackers have developed many tools over the years to attack and compromise the networks of organizations.
These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy
resources, or deny legitimate users access to resources.
To understand how to defend a network against attacks, an administrator must first identify network
vulnerabilities. Specialized security audit software developed by equipment and software manufacturers can
be used to help identify potential weaknesses. In addition, the same tools used by attackers can be used to
test the ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be taken to
help mitigate the network attacks.
This lab provides a structured research project that is divided into two parts: Researching Network Attacks
and Researching Security Audit Tools. You can elect to perform Part 1, Part 2, or both. Let your instructor
know what you plan to do so to ensure that a variety of network attacks and vulnerability tools are reported on
by the members of the class.
In Part 1, you research various network attacks that have actually occurred. You select one of these and
describe how the attack was perpetrated and how extensive the network outage or damage was. You also
investigate how the attack could have been mitigated or what mitigation techniques might have been
implemented to prevent future attacks. You prepare a report based on a predefined form included in the lab.
In Part 2, you research network security audit tools and investigate one that can be used to identify host or
network device vulnerabilities. You create a one-page summary of the tool based on a predefined form
included in the lab. You prepare a short (510 minute) presentation to present to the class.
You may work in teams of two with one person reporting on the network attack and the other reporting on the
security audit tools. All team members deliver a short overview of their findings. You can use live
demonstrations or PowerPoint to summarize your findings.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 15

CCNA Security

Required Resources

Computer with Internet access for research.

Presentation computer with PowerPoint or other presentation software installed.

Video projector and screen for demonstrations and presentations.

Part 1. Researching Network Attacks


In Part 1 of this lab, you research various network attacks that have actually occurred and select one on
which to report. Fill in the form below based on your findings. You may use the list at the end of this lab for
examples of network attacks.

Step 1: Research various network attacks.


List some of the attacks you identified in your search.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________

Step 2: Fill in the following form for the network attack selected.
Name of attack:

Smurf Attack

Type of attack:

distributed denial-of-service
attack

Dates of attacks:

Late 1990s

Computers / Organizations affected:

ISPs and Business

How it works and what it did:


ICMP echo request is sent to a broadcast network address (acting as an amplifying agent)
with the source address of the victim spoofed.
Any machine targeted could fail with the saturation of icmp traffic. Slowing network.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 15

CCNA Security

Mitigation options:
turn off the forwarding of directed broadcast on all router ports. no ip directed-broadcast.
filtering your outbound traffic

References and info links:


https://usa.kaspersky.com/internet-security-center/definitions/smurf-attack#.U_61zWPp-ZQ
http://www.cert.org/historical/advisories/CA-1998-01.cfm?
http://www.iss.net/security_center/reference/vuln/Smurf.htmhttp://www.iss.net/security_cen
ter/reference/vuln/Smurf.htm

Part 2. Researching Security Audit Tools


In Part 2 of this lab, you research network security audit tools and attacker tools and investigate one that can
be used to identify host or network device vulnerabilities. Fill in the report below based on your findings.
You may use the list at the end of this lab for examples of security audit tools.

Step 1: Research various security audit and network attack tools.


List some of the tools that you identified in your search.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 15

CCNA Security
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________

Step 2: Fill in the following form for the security audit or network attack tool selected.
Name of tool:

NMAP

Developer:

Gordon Lyon (also known by


his pseudonym Fyodor Vaskovich)

Type of tool (character-based or GUI):

Both

Used on (network device or computer host):

Both

Cost:

GNU General Public License /


Free

Description of key features and capabilities of product or tool:


Port scanning, host discovery, version detection, OS detection. Used in Auditing security,
Network mapping and asset management

References and info links:


http://nmap.org/
http://en.wikipedia.org/wiki/Nmap
http://www.linuxuser.co.uk/tutorials/scan-your-network-with-nmap
http://www.linux.com/learn/tutorials/290879-beginners-guide-to-nmap

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 4 of 15

CCNA Security

Step 3: Reflection
a. What is the prevalence of network attacks and what is their impact on the operation of an
organization? What are some key steps organizations can take to help protect their networks and
resources?
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
b. Have you actually worked for an organization or know of one where the network was compromised? If
so, what was the impact to the organization and what did it do about it?
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
c.

What steps can you take to protect your own PC or laptop computer?
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

Configuring Devices for Use with Cisco Configuration


Professional (CCP) 2.5

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 5 of 15

CCNA Security

Topology

IP Addressing Table

Device
R1
R2
R3
PC-A
PC-C

Interface
Fa0/1
S0/0/0 (DCE)
S0/0/0
S0/0/1 (DCE)
Fa0/1
S0/0/1
NIC
NIC

IP Address
192.168.1.1
10.1.1.1
10.1.1.2
10.2.2.2
192.168.3.1
10.2.2.1
192.168.1.3
192.168.3.3

Subnet Mask
255.255.255.0
255.255.255.252
255.255.255.252
255.255.255.252
255.255.255.0
255.255.255.252
255.255.255.0
255.255.255.0

Default Gateway
N/A
N/A
N/A
N/A
N/A
N/A
192.168.1.1
192.168.3.1

Switch Port
S1 Fa0/5
N/A
N/A
N/A
S3 Fa0/5
N/A
S1 Fa0/6
S3 Fa0/18

Objectives
Part 1: Basic Network Device Configuration

Cable the network as shown in the topology.

Configure basic IP addressing for routers and PCs.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 6 of 15

CCNA Security

Configure routing.

Verify connectivity between hosts and routers.

Part 2: Configure CCP Access for Routers

Enable HTTP/HTTPS server.

Create a user account with privilege level 15.

Configure SSH and Telnet access for local login.

Part 3: Basic CCP Configuration

Install CCP.

Manage communities.

Discover router devices.

Background/Scenario
Cisco Configuration Professional (CCP) is a Windows-based device management tool for Integrated Service
Routers. CCP simplifies router configurations through easy-to-use wizards. The objective of this lab is to verify
that the routers and PC are configured properly for use with CCP.
Note: Ensure that the routers and the switches have been erased and have no startup configurations.

Required Resources

3 routers (Cisco 1841 with Cisco IOS software, release 12.4(20)T1 or comparable)

2 switches (Cisco 2960 or comparable)

PC-A: Windows XP, Vista, or Windows 7

PC-C: Windows XP, Vista, or Windows 7 with CCP 2.5, Java version 1.6.0_11 up to 1.6.0_21, Internet
Explorer 6.0 or above and Flash Player Version 10.0.12.36 and later

Serial and Ethernet cables as shown in the topology

Rollover cables to configure the routers via the console port

Note: If the PC is running Windows 7, it may be necessary to right-click on the Cisco CP icon or menu item,
and choose Run as administrator.
In order to run CCP, it may be necessary to temporarily disable antivirus programs and O/S firewalls. Make
sure that all pop-up blockers are turned off in the browser.

Part 1: Basic Router Configuration


In Part 1 of this lab, set up the network topology and configure basic settings such as interface IP addresses
and routing.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 7 of 15

CCNA Security

Step 1: Cable the network.


Attach the devices that are shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each router.


a. Configure host names as shown in the topology.
b. Configure interface IP addresses as shown in the IP Addressing Table.
c.

Configure a clock rate for routers with a DCE serial cable attached to their serial interface. Router R1
is shown here as an example.
R1(config)# interface S0/0/0
R1(config-if)# clock rate 64000

d. To prevent the router from attempting to translate incorrectly entered commands as though they were
host names, disable DNS lookup. Router R1 is shown here as an example.
R1(config)# no ip domain-lookup

Step 3: Configure Routing Protocol on R1, R2, and R3.


Static and dynamic routing protocols are used in different chapter labs. Please refer to the chapter
instructions to determine which routing protocol is used in a chapter lab. For this lab use static routing as
outlined in step 4, and skip step 5.

Step 4: Configure static default routes on R1, R2, and R3.


a. Configure a static default route from R1 to R2 and from R3 to R2.
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
R3(config)# ip route 0.0.0.0 0.0.0.0 10.2.2.2
b. Configure static routes from R2 to the R1 LAN.
R2(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1
c.

Configure static routes from R2 to the R3 LAN.


R2(config)# ip route 192.168.3.0 255.255.255.0 10.2.2.1

Step 5: Configure the EIGRP routing protocol on R1, R2, and R3.
a. On R1, use the following commands.
R1(config)# router
R1(config-router)#
R1(config-router)#
R1(config-router)#

eigrp 101
network 192.168.1.0 0.0.0.255
network 10.1.1.0 0.0.0.3
no auto-summary

b. On R2, use the following commands.


R2(config)# router
R2(config-router)#
R2(config-router)#
R2(config-router)#
c.

eigrp 101
network 10.1.1.0 0.0.0.3
network 10.2.2.0 0.0.0.3
no auto-summary

On R3, use the following commands.


R3(config)# router eigrp 101
R3(config-router)# network 192.168.3.0 0.0.0.255

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 15

CCNA Security
R3(config-router)# network 10.2.2.0 0.0.0.3
R3(config-router)# no auto-summary

Step 6: Configure PC host IP settings.


Configure a static IP address, subnet mask, and default gateway for PC-A and PC-C as shown in the IP
Addressing Table.

Step 7: Verify connectivity between PC and Routers.


a. Ping from R1 to R3.
Were the ping results successful? _____
If the pings are not successful, troubleshoot the basic device configurations before continuing.
Provide a screenshot of the ping from R1 to R3.

b. Ping from PC-A on the R1 LAN to PC-C on the R3 LAN.


Were the ping results successful? _____
If the pings are not successful, troubleshoot the basic device configurations before continuing.
Provide a screenshot of the ping from PC-A to PC-C.

Note: If you can ping from PC-A to PC-C you have demonstrated that routing is configured and
functioning correctly. If you cannot ping but the device interfaces are up and IP addresses are correct, use
the show run and show ip route commands to help identify routing protocol related problems.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 15

CCNA Security

Part 2: Router Access for CCP


In Part 2 of this lab, you setup a router for use with CCP by enabling HTTP/HTTPS server, creating a
privileged user account, and configuring a SSH and Telnet access.

Step 1: Connect to your router through Telnet or SSH or the console.


Enter the global configuration mode using the command:
Router> enable
Router# configure terminal

Step 2: Enable the router HTTP or HTTPS server.


Use the following Cisco IOS Software commands.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Note: HTTPS is enabled only for cryptography-enabled Cisco IOS Software images.

Step 3: Create a user with privilege level 15.


Router(config)# username admin privilege 15 password cisco12345

Step 4: Configure SSH and Telnet for local login.


Router(config)# line
Router(config-line)#
Router(config-line)#
Router(config-line)#
Router(config-line)#

vty 0 4
login local
transport input telnet
transport input telnet ssh
exit

Part 3: CCP Installation and Initial Setup


Step 1: Install CCP
Note: This section can be skipped since CCP is already installed on your PC.
a. Download CCP 2.5 from Ciscos website:
http://www.cisco.com/cisco/software/release.html?
mdfid=281795035&softwareid=282159854&release=2.5&rellifecycle=&relind=AVAILABLE&reltype=all

b. Choose the file cisco-config-pro-k9-pkg-2_5-en.zip.


Note: Be sure to select the correct CCP file and not CCP Express. If there is a more current release of
CCP, you may choose to download it. However, the labs in this course are based on CCP 2.5.
c.

Agree to the terms and conditions and download and save the file to the desired location.

d. Open the zip file and run the CCP executable.


e. Follow the on-screen instructions to install CCP 2.5 on your PC.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 15

CCNA Security
Note: If Cisco CP is installed on a PC that uses the Microsoft Windows Vista operating system or the
Microsoft Windows 7 operating system, Cisco CP may fail to launch.
Possible solutions:
1. Compatibility settings:
a. Right click on the Cisco CP icon or menu item and select Properties.
b. While in the Properties dialog box, select the Compatibility tab. In this tab, select the
checkbox for Run this program in compatibility mode for. Then in the drop down menu
below, choose Windows XP (Service Pack 3) for example, if it is appropriate for your
system.
c.

Click OK.

2. Run as Administrator settings:


a. Right click on the Cisco CCP icon or menu item and select Properties.
b. While in the Properties dialog box, select the Compatibility tab. In this tab, select the
checkbox for Run this program as administrator in Privilege Level section.
c.

Click OK.

3. Run as Administrator for each launch:


a. Right click on the Cisco CP icon or menu item and select Run as Administrator.
b. For more information, please refer to the Cisco CP Quick Start Guide or search for run as
administrator for your operating system on the internet.
Note: It may be necessary to temporarily disable antivirus programs and O/S firewalls in order to run
CCP.

Step 2: Create / Manage Communities


CCP 2.5 can discover up to 10 devices in a community. If desired, the information for both R1 and R3 can be
included in one community if the PC has network connectivity to the routers. Only R3 is discovered on PC-C
in this section as an example.
a. On PC-C, start CCP: Start > Cisco Configuration Professional.
b. In the Select / Manage Community window, input into the appropriate fields the R3 IP address
192.168.3.1, the Username admin, and the Password cisco12345.
c.

Click OK to continue.

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 11 of 15

CCNA Security

Step 3: Discovery Router Devices


a. Click Discover on the Dashboard to discover and connect to R3. If discovery fails, click the
Discovery Details button to determine the problem so that you can resolve the issue.

b. Once the router has been discovered by CCP, you are ready to configure your Select Community
Member. In this example, the Select Community Member is 192.168.3.1.
All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 12 of 15

CCNA Security

Provide a screenshot showing the discovered router in CCP as shown in the screen above.

Examples of Network Attacks


All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 13 of 15

CCNA Security

1. Code Red
2. Nimba
3. Back Orifice
4. Blaster, MyDoom
5. SQL Slammer
6. SMURF
7. Tribe flood network (TFN)
8. Stacheldraht
9. Sobig
10. Netsky
11. Witty
12. Storm.
Examples of Security Audit Tools
1. Microsoft Baseline Security Analyzer (MBSA)
2. NMAP
3. Cisco IOS AutoSecure
4. Cisco Security Device Manager (SDM) Security Audit Wizard
5. Sourceforge Network Security Analysis Tool (NSAT)
6. Solarwinds Engineering Toolset
7. L0phtcrack
8. Cain and Abel
9. John the Ripper
10. Netcat
11. THC Hydra
12. Chkrootkit
13. DSniff
14. Nessus
15. AirSnort

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 14 of 15

CCNA Security
16. AirCrack
17. WEPCrack,

All contents are Copyright 19922012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 15 of 15