User Account

All Pages

Find the flag that will also display data-link headers

Assignment Help Computer Network Security
Reference no: EM132283993

Assignment - Enterprise Application Security

For the purposes of this assignment, you will have to download and install a well known security (software) tool -Snort - on your own computer. It is highly recommended that you create a directory C:\security\ on your hard drive and, subsequently, download and install this tool from that directory.

The material for this assignment is adapted from M. Gregg's "Build Your Own Security Lab: A field guide for network testing" book.

Snort is a freeware IDS. Although initially written for Linux/Unix, most of its functionality is now available in Windows. In this lab, we will use the Windows version.

Snort can operate in one of the following four modes:
• Basic Packet Sniffer;
• Packet Logger;
• Network Intrusion Detection Sensor;
• Network Intrusion Prevention Sensor.

To get Snort running on a Windows system, you need WinPcap and the Snort Executable.
a) WinPcap
The purpose of WinPcap is to allow programs, such as WinDump, Wireshark, Snort, and other IDS applications to capture low-level packets traveling over the network. It should be the first program installed before using any of the Windows-based IDS systems.

b) Snort
Snort for Windows can be downloaded. Under Latest Release -> Binaries, choose/download Snort_2_9_4_6_Installer.exe. Double-click on this program, and follow the installation procedure. Keep the values at ‘default'. At the end of the installation procedure, Snort will be installed in the following directory: C:\Snort.

To test-run Snort, in a command prompt, cd to c:\snort\bin folder, then type: C:\Snort\bin>snort

SNORT: BASIC CONFIGURATION
To properly configure Snort, you need to access the Snort.conf file.  This file should be open with a basic text editor, such as Notepad or WordPad. Once opened, the file will appear as shown below.
The options you may want to configure in this file are:
• network settings;
• rules settings;
• output settings;
• include settings.

a) Network Settings
By default, Snort.conf has the network set at: var HOME_NET any.
Leaving this setting as is will configure Snort to monitor any network that your computer is attached to. To monitor a specific subnet (e.g., 192.168.123.0), the setting would be configured as: var HOME_NET 192.168.123.0/24. Or to monitor a specific device (e.g., 192.168.123.254), the setting should be configured as var HOME_NET 192.168.123.254/32.
b) Rules Settings
The default rule path is: var RULE_PATH ../rules. You must replace this line with the correct path for the rules; for example: var RULE_PATH C:\snort\rule.

SNORT: SNIFFER MODE
Sniffer mode works as the name implies. It configures Snort to sniff traffic. In order to verify this mode of operation, follow these steps:

a) At one of the command prompts, navigate to the C:\snort\bin folder, and type C:\Snort\bin>snort -W You should see a list of possible adapters on which you can install the sensor. The adapters are numbered 1, 2, 3, and so forth (see the figure below).

b) In order to properly configure Snort, at the C:\snort\bin> prompt enter C:\Snort\bin>snort -v -ix where x is the number of the NIC to place your Snort sensor on.

c) Switch to the second command prompt and ping www.conestogac.on.ca. When ping is complete, switch back to the command prompt window running Snort, and press Ctrl+C to stop Snort. Figure below shows a sample capture of ping to www.conestogac.on.ca

TASK 1
Take a screenshot of your own Snort ping capture and include it in your final report.
Now, notice that the given capture does not display data-link headers nor the (application-layer) packet content.

TASK 2
Find the flag that will also display data-link headers as well as the content of raw packets. What command/flag did you use?

SNORT: LOGGER MODE
Snort can handle packets in in one of two ways. It can alert you when something is happening in real-time (in the console) or it can log the information to a file for later review.
To verify the logger mode of operation, follow these steps:
a) At the command prompt, type C:\Snort\bin>snort -l c:\snort\log
b) To get some logs, open a browser and go to www.conestogac.on.ca.
c) Ctrl+C to stop Snort. Now look at the C:\snort\log directory, you should see some Snort.log files.

TASK 3
Take a screenshot of your Windows/File Explorer showing the captured Snort.log file(s), and include it in the report.

TASK 4
In the log file find the page request for www.conestogac.on.ca. Include the screenshot of this request in your report.

SNORT: BUILDING SNORT RULES
Snort comes with the option of matching the packets that it captures with a set of rules that the administrator provides. The rules reside in a simple ASCII text files and can be modified as needed. Snort rules are what set Snort apart from any other ordinary sniffer. They define the pattern and criteria Snort uses to look for suspicious packets.
Snort rules are made up of two basic parts: rule header and rule options.

The best way to master Snort rules is to create and test some simple rules. To do so, perform the following steps:
a) Open Notepad and enter the following:
Alert TCP any any -> any any (msg: "my TCP scan"; sid: 1;)
b) Save the file as c:\snort\rules\"myrules.conf" and close Notepad. Typing the name in quotes, as shown, will force Notepad to drop the normal .txt extension.
c) Clear the Snort log folder, and open a command prompt.
d) Run Snort from the command prompt by entering the following:
C:\snort\bin> snort -c \snort\rules\myrules.conf -l \snort\log
e) To get some logs, open a browser and go to www.conestogac.on.ca.
f) Ctrl+C to stop Snort. Now look at the C:\snort\log directory. You should see an alert.ids and (new) Snort.log files.

g) Right-click alert.ids file and open with WordPad.

TASK 5
Take a screenshot of alert.ids file and include it in your report.
h) Now, modify your myrules.conf file so that it contains the following rule: Alert UDP any any -> any any (msg: "my UDP scan"; sid: 1;)
(Make sure that you save the file after changing its content.)
i) In the command prompt again execute: C:\snort\bin> snort -c \snort\rules\myrules.conf -l \snort\log
j) To get some logs, open a browser and go to https://www.conesetogac.on.ca.
k) Ctrl+C to stop Snort and again look at the C:\snort\log directory. Open alert.ids with WordPad.

TASK 6
Take a screenshot of the new alert.ids file and include it in your report.

TASK 7
How may alerts have you find in the new alert.ids file? How and why is the content of this file different from the one captured in (5)? Explain!

Attachment:- Enterprise Application Security.rar

Verified Expert

This is Enterprise Application Security task, it has been done by using the security software tool named Snort along winPcap executable. All the task has been done properly and relevant screenshot have been provided in the word file.

Reference no: EM132283993

Questions Cloud

How would the portion that must be paid within the next year : Coltrane Company has a $5,000 note payable that is paid in $1,000 installments over five years. How would the portion that must be paid within the next year
Calculate the issue price of the bonds : Interest is to be paid semiannually. Calculate the issue price of the bonds if the market interest rate was: 14%
What is the margin of safety in dollars and as a ratio : Felde Bucket Co., a manufacturer of rain barrels, had the following data for 2016: What is the margin of safety in dollars and as a ratio
What is the net effect on the fund balance : Issued purchase orders totaling $25,000 for various supplies. What is the net effect on the fund balance after accounting for these transactions
Find the flag that will also display data-link headers : Enterprise Application Security - you will have to download and install a well known security (software) tool -Snort - on your own computer
Determine the amount at which the bond was issued : Consider a bond issue as follows: Face $100,000. Maturity in five years. Determine the amount at which the bond was issued/sold for
Prepare the adjusting journal entry needed on December : During 2018, Colorado Company stock was sold for $10,140. Prepare the journal entry to record the sale of the Colorado Co. stock during 2018
What dollar value of supplies expense will be reported : Bravo Company had $5,100 of supplies on hand at the beginning of 2016. What dollar value of Supplies Expense will be reported in the annual financial statements
Essay on any one health assessment using gibbs reflective : Reflect on what you have learnt this semester related to a specific aspect of health assessment - what this will mean for you as a student on clinical

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd