When the tides of life turn against you... And the current upsets your boat... Don't waste those tears on what might have been... Just lay on your back and float!...

Lab 6 ~Security in Network~

Assalamualaikum w.b.t..

Lab 6 kiteorg blajar Security In Network.. Camner kiter nk securekn network kiter tue la bih kurengg.. huhuhuhu... tul ker erk? yer kot!... Aper yg perlu tahu:-
• Identify the vulnerabilities of FTP.
• Using Wireshark to capture FTP username and password.
• Explain what is IPSec.
• Enabling IPSec for securing FTP session.


Network Security and IPSec
A computer network is defined as a connection between two or more computer. Two computers are said to be interconnected if they are able to exchange information. Since it beginning network has become an essential tool for computer user. Computer users nowadays are depending on network, you cannot imagine the world without computer networking. At the beginning of their existence, computer networks were
primarily used by university researchers for sending email and by corporate employees for sharing printers. Under these conditions security did not get a lot of attention. But nowadays, as millions of ordinary citizens are using networks for banking, shopping and sending sensitive information, network security is required as a potentially massive problem.


Capturing File Transfer Protocol (FTP) Username and password
Normally FTP and Telnet send their username and password in clear text. This is not secure because intruder can used Network Monitoring tool such as Wireshark to sniff all the packet transfer during the session especially username and password. Therefore it is necessary to protect your username and password to overcome
any unauthorized activity.

1. Start your virtual machine containing winserv03_server and winserv03_client.
2. Login as Administrator
3. Set the IP address of your winserv03_server and winserv03_client as below

On winserv03_server
4. Check that your winserv03_server is already installed with FTP server and Wireshark. If FTP server installed than start the FTP service using [Start] | [Administrative tools] | [Internet Information Services (IIS)] otherwise you need a Windows Server 2003 CD to installed Internet Information Services (IIS) with FTP.


5. Whereas if wireshark is not install then it can be downloaded for free from http://www.wireshark.org.
6. If it is installed then open Wireshark on winserv03_server. [Start] | [Program] | [Wireshark].

7. Click on [Capture] | [Interfaces] to choose the network interfaces you wanted to monitor, refer figure 6.4. Choose the network interfaces that has an IP number 0f 192.168.1.106,click [Start], refer figure 6.X.


On winserv03_client
8. On winserv03_client VM open a command prompt, login to FTP server on winserv03_server using the following command.

On winserv03_server
9. As your login view the Wireshark interface on winserv03_server VM, you will notice that the username and password that you to login to the FTP server from the winserv03_client side is clearly seen on the monitor. Capture the screen of your
Wireshark output using print screen button on your keyboard.
10. To simulate this on the real environment you need two computers connected via a cross cable.




Using IPSec to secure FTP Transaction
IPSec is one of the solutions to safeguard the transmissionof data over FTP from being seen by an unauthorized user. Even though it is not mandatory to use IPSec in IPv4, it is already available in IPv4 and user has the choice to enable it. IPSec will encrypt the data sent using normal FTP connection, thus only the
authorized party can see the content. On winserv03_server
1. Click [Start] | [Run] and then type mmc.
2. Management Console will appear and then, on the menu bar click [File] | [Add/Remove snap-in].
3. On the Add/Remove Snap-in box, click [Add] button and select the [IP Security Monitor] and click [OK].
Figure below :

4. Repeat step 3 by selecting IP Security Policy Management on
Local Machine and then click [Finish].
5. On the Add/Remove Snap-in, click [OK].
6. In the right pane, right-click on [Secure Server (Require
Security)] | [Properties].
7. In the Secure Server (Require Security) Properties dialog box, highlight All IP Traffic and click [Edit].
8. On the Edit Rule Properties dialog box, select the Authentication Method tab. Click add and screen New Authentication Method Properties will appear. Select Use this string (preshared key) and then type MSPRESS in the scroll box, then click OK. Make sure your client preshared key must be same as server preshared key
9. Highlight the Preshared Key and click the [Move up] button to make the preshared key as a first priority for the authentication.
On winserv03_client
10. Click [OK] on the [Secure Server (Require Security)] Properties dialog box and close it.
11. Right-click on [Secure Server (Require Security)], and click [Assign] from the pop-up menu.
12. Click [Start] | [Run] and then type mmc.
13. Management Console will appear and on the menu bar click [File] | [Add/Remove snap-in].
14. On the Add/Remove Snap-in box, click [Add] button and select the [IP Security Monitor] and click [OK].
15. Repeat step 3 by selecting IP Security Policy Management on Local Machine and then click [Finish].
16. On the Add/Remove Snap-in, click [OK].
17. In the right pane, right-click on [Secure Server (Require Security)] | [Properties].
18. In the Client (Response Only) Properties dialog box, highlight and click [Edit].
19. On the Edit Rule Properties dialog box, select the [Authentication Method] tab. Click [add] and screen New Authentication Method Properties will appear. Select Use this string (preshared key) and then type MSPRESS in the scroll
box, then click [OK].
20. Highlight the Preshared Key and click the Move up button to make the preshared key as a first priority for the authentication. Click [Apply] | [OK].
21. Click [OK] on the Client (Response Only) Properties dialog box and close it.
22. Right-click on Client (Response Only), and click [Assign]. Click [Apply] | [OK].


Hmm.. lam lab kali nie aku xbejayer aplikasikan kt PC aku.. der prob per ntahh.. so, aku just tgk member yg wat kat PC dia... So far paham gak la cikit2... Xpaham pn layan ajer.. uhukksss...


alhamdulillahh...


"To the world you might be one person, but to one person you might be the world.."

0 komplen:

Post a Comment

Related Posts with Thumbnails