Reference no: EM132737231
Exercise 1 - Securing your firewall
This exercise needs to be developed in Linux with bash shell scripting. You will first have to get acquainted with IPtables and its various parameters in Linux. See reading material in Bibliography. You will then develop a bash shell program that automatically secures your system when you call it.
Description
Develop policies for the firewall of your company with the usage of the IPtables utility in Linux. Your firewall should secure your computer from a series of scenarios:
1) Allow unrestricted access to the loopback interface (input/output)
2) Protect your system from SYN flood with a limit on the number of packets
3) Protection from ICMP flood attack with a limit on the number of packets of your choice (The inspection will take place at the loopback interface and will be examined via pings and timeouts) State your assumptions
4) Reject packets that pretend to be originating from your own IP
5) Reject packets that pretend to be coming from any class C private network
6) Reject packets that pretend to be originating from your loopback address
7) Allow only access to google.com and the European University from your browser. Log any other movement of packets as well as any unauthorized access to web pages.
8) Allow your pc to send ICMP packets
9) Allow access to the mail server (smtp)
Deliverables:
1)Write a paragraph stating your solution methodology 2) Show your source code (script) and indicative results.
3) Show your bash shell script execution
Exercise 2
Passwords and Security
When choosing a password it is imperative that a strong password is selected. There a number of criteria for selecting a strong password. Go to the website which includes an online crypto tool. Go to the Highlights tab and then select Password checking. This page shows multiple criteria for selecting a password. It gives you an automatic grading of a selected password.
You are supposed to choose 4 passwords with increasing level of strength
List them as:
1) 20% strength:_____________________
2) 40% strength:_____________________
3) 60% strength:_____________________
4) 90% strength:_____________________
Once passwords are selected they are frequently stored as hash values. This task prevents someone from directly stealing passwords if they are stored as plaintext.
Convert the passwords you selected above to hash values using:
Record the corresponding hashes:
E.g.,
Password 1: hash 1
Password 2: hash 2
Password 3: hash 3
Password 4: hash 4
Now a typical cracker may attempt to decode your passwords by Using Google or websites such. Try to Google your hashes or use websites such to see if they can be cracked:
1) Show your result.
E.g.,
Password 1: hash 1: Cracked via google
Password 2: hash 2: Not cracked via md5decrypt.org
Password 3: hash 3: Not cracked via google
Password 4: hash 4: cracked via google
Example:
password : flower24 strength: 34% Hash md5: 8683667F0E87DB7DAD60F5C63F5D20F3 Google Search: Cracked
2) List 5 properties that impact the strength of passwords
3) Can you comment on the strength of a password as opposed to the difficulty of cracking its hash?
Note that there are software programs that are used to crack user passwords such as John the Ripper, Cain & Abel, and Ophcrack.
Attachment:- Passwords and Security.rar