Lab 1:Internetwork Security - Spring 2004 | ECE 4112, Lab Reports of Electrical and Electronics Engineering

Material Type: Lab; Class: Internetwork Security; Subject: Electrical & Computer Engr; University: Georgia Institute of Technology-Main Campus; Term: Spring 2004;

Typology: Lab Reports

Pre 2010

Uploaded on 08/05/2009

koofers-user-d0z
koofers-user-d0z 🇺🇸

5

(1)

10 documents

1 / 30

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
- 1 -
Group Number: _________
Member Names: ___________________ _______________________
ECE4893 Lab 1 Spring 2004
Installation of a Linux Operating System Red Hat 8.0 host machine, VMware, a Red
Hat 7.2 virtual machine, and an XP virtual machine.
Installation and usage of security tools.
Version 1/15/2004 (Revised)
Assigned: 1/13/2004
Due: 1/20/2004
This lab consists of two parts. In part A you will install RedHat 8.0 on your hard disk and
create virtual machines with different operating systems. In part B you will install and
use various security tools. It might be advisable to break up the lab into two separate
sessions for the two parts.
PART A – Installation of Redhat 8.0 and virtual machines
Read “Counter Hack” Chapter 1 Introduction and Chapter 2 Networking Overview.
Read about Bridged Networks for Vmware at:
http://www.vmware.com/support/ws4/doc/network_bridged_ws.html#1061788
Turn in this part with your answers. This part will take approximately 2.5 hours to
complete.
Working in “groups of 2” follow the attached lab and install Linux on your removable
hard drive. During TA hours, you will need to obtain from the TA a removable hard
drive, a key for the hard drive, Red Hat 8.0 installation CDs; VMware Installation CD,
RedHat 7.2 CDs, and Windows XP installation CDs. You are to keep the hard drive and
the key, you are to return all the CDs before you leave the lab. You will need to get the
TA to enter a VMware license number, and later a Windows XP license number for you.
Thus make sure you are working when a TA can assist you in those steps. You may work
in the lab anytime the door is unlocked (see hours posted) however TA support hours are
much more limited. The TA(s) usually hang out in the research lab COC331 when on
duty and they are not needed in the student lab COC 311. Check off on Labs must be
done during the TA's lab hours. CDs must be returned to the TAs before the TA hours
end for that period.
Do not drop or roughly handle the Hard Drives. If you break it you will be asked to
replace it and you will find they cost about $69. If you loose a Hard Drive frame key, it
costs $19 because you have to buy an entire removable hard disk frame kit just to get the
key.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e

Partial preview of the text

Download Lab 1:Internetwork Security - Spring 2004 | ECE 4112 and more Lab Reports Electrical and Electronics Engineering in PDF only on Docsity!

Group Number: _________ Member Names: ___________________ _______________________

ECE4893 Lab 1 Spring 2004 Installation of a Linux Operating System Red Hat 8.0 host machine, VMware, a Red Hat 7.2 virtual machine, and an XP virtual machine. Installation and usage of security tools.

Version 1/15/2004 (Revised) Assigned: 1/13/ Due: 1/20/

This lab consists of two parts. In part A you will install RedHat 8.0 on your hard disk and create virtual machines with different operating systems. In part B you will install and use various security tools. It might be advisable to break up the lab into two separate sessions for the two parts.

PART A – Installation of Redhat 8.0 and virtual machines

Read “Counter Hack” Chapter 1 Introduction and Chapter 2 Networking Overview.

Read about Bridged Networks for Vmware at: http://www.vmware.com/support/ws4/doc/network_bridged_ws.html#

Turn in this part with your answers. This part will take approximately 2.5 hours to complete.

Working in “groups of 2” follow the attached lab and install Linux on your removable hard drive. During TA hours, you will need to obtain from the TA a removable hard drive, a key for the hard drive, Red Hat 8.0 installation CDs; VMware Installation CD, RedHat 7.2 CDs, and Windows XP installation CDs. You are to keep the hard drive and the key, you are to return all the CDs before you leave the lab. You will need to get the TA to enter a VMware license number, and later a Windows XP license number for you. Thus make sure you are working when a TA can assist you in those steps. You may work in the lab anytime the door is unlocked (see hours posted) however TA support hours are much more limited. The TA(s) usually hang out in the research lab COC331 when on duty and they are not needed in the student lab COC 311. Check off on Labs must be done during the TA's lab hours. CDs must be returned to the TAs before the TA hours end for that period.

Do not drop or roughly handle the Hard Drives. If you break it you will be asked to replace it and you will find they cost about $69. If you loose a Hard Drive frame key, it costs $19 because you have to buy an entire removable hard disk frame kit just to get the key.

To insert your hard drive into the machine:

Slide your drive into the docking bay. Push with your thumb to make sure the contacts are connected. Use your key to lock the drive into the bay. If the drive is not locked into the bay, you will not get power to your hard drive.

General Warning for the entire quarter: Warnings on removing your hard disk from the machine while it is running Linux or turn the power off while the machine is running linux: Do not try to remove your hard drive from the linux machine while linux is running. Here is the procedure to shut down

In a text terminal: shutdown -h now after the machine halts use your key to remove the hard drive. DO NOT FORCE THE HANDLE UP WHEN REMOVING THE HARD DRIVE. IF YOU HAVE NOT UNLOCKED THE DRIVE AND YOU PULL HARD YOU CAN BREAK THE PLASTIC RELEASE HANDLE. Unix stores some file states in memory and this stuff needs to be written to the disk before the disk is removed otherwise you may corrupt your disk and have to reinstall LINUX.

In a graphical X window: Click on the red-hat icon in the lower left of the screen. Select logout and then shutdown, yes.

Do not use cntl alt del to reboot the machine unless you have no choice. There is a chance you will corrupt your hard drive if you do it this way.

Installation of the host computer RedHat 8.0 Linux Operating System

The purpose of this section of the manual is to show how to install RedHat Linux 8.0. This installs linux kernel 2.4.18. Installation is a relatively simple procedure due to the windows-like GUI that RedHat provides.

Obtain the RedHat 8.0 Installation CDs from the TA. You do not need to get all the other CDs at this time.

*NOTE: The convention of placing the key name in all caps between the ‘<’ and ‘>’ symbols will be used throughout this manual.

This key allows the user to move up within a field.

IP Address Host Name 57.35.6.131 – 57.35.6.135 group24.eecom.gatech.edu 57.35.6.136 – 57.35.6.140 group25.eecom.gatech.edu 57.35.6.141 – 57.35.6.145 group26.eecom.gatech.edu 57.35.6.146 – 57.35.6.150 group27.eecom.gatech.edu 57.35.6.151 – 57.35.6.155 group28.eecom.gatech.edu 57.35.6.156 – 57.35.6.160 group29.eecom.gatech.edu 57.35.6.161 – 57.35.6.165 group30.eecom.gatech.edu 57.35.6.166 – 57.35.6.170 group31.eecom.gatech.edu 57.35.6.171 – 57.35.6.175 group32.eecom.gatech.edu ETC.....

Netmask: 255.255.255. Click OK

For Hostname Manually should’ve been selected; type the Host name: group#-4893 ( # is your assigned group number). This gives everyone a unique name.

For Miscellaneous Settings Gateway: 57.35.6. Primary DNS: 57.35.6. Click Next

  • Choose no firewall and then next
  • Select next on language screen
  • Leave Eastern time selected
  • Enter root password as “password” and confirm password is “password”
  • Turn off (remove the default on) for MD5 and shadow passwords
  • Now you must select what packages you will install:

In the package Group Selection Window many items are already selected. Add the following to what is already selected: Editors Server Configuration Tools Window File Server FTP Server Network Servers Development Tools Kernel Development Administration Tools

Click on select individual packages

Click on Next

Under the triangle by Applications Click on internet Add a check mark beside: ethereal ethereal-gnome mrtg nc ttcp xtraceroute

Click on system Add a check mark beside: iptraf nmap nmap-frontend

Click next to finish up selecting this extra stuff we have added to our install

  • Select Install packages to satisfy dependencies. Click next
  • About to Install Screen is next, select next
  • Installation takes about 20 minutes and requires you to insert CD#2 and CD#3 at some point
  • Select no I do not want a boot Floppy.
  • Click Next at Graphical Interface (X) Configuration.
  • The graphics card we are using is a NVIDIA GEFORCE 2 MX 32 Mb
  • The correct monitor should have been automatically selected (it should be a SONY CPD-E400/E400E); click Next at Monitor Configuration.
  • Asks if you want to test the graphical interface (Aside: You are using NVIDIA GE FORCE 2 MX 32 MB video cards just as an FYI).
  • Remove any CD in the computer and select exit to reboot the machine.
  • Some general configuration questions appear here, answer them.
  • Logon as root and password is password

On your Red Hat 8.0 host, open a terminal window. By right click on the mouse and select new terminal. In a terminal window type ntsysv Turn off sendmail and also turn off syslog by pressing the space bar at those lines. (We do this to make it so the system boots faster, if we do not do this we need to wait up to 4 minutes sometimes for boot up to finish).

Make sure you run the vmware-config.pl script by answering yes to that question (or run it after installation) This script sets up networking for the VM machine and will ask some questions.

Use the following answers: Do you want networking for your virtual machines? YES Do you want this program to probe for an unused private subnet? NO What will be the address of your host on the private network? 57.35.6.x+1 (One more than your base address) What will be the netmask of your private network? 255.255.255. Do you want to be able to use host-only networking in your virtual machines? NO Do you want this program to automatically configure your system to allow your virtual machines to access the host’s filesystem? NO

What this has done is set up a bridged network on /dev/vmnet0, a Host-Only Network on /dev/vmnet8 which we can ignore, and NAT on /dev/vmnet8. We are only going to use the bridged network which will act like a hub for all virtual machines that we wish to put on top of our linux host. Each of these virtual machines will be just like plugging another machine into a hub. We need to remove the vmnet8 stuff. We do this by running vmware- config.pl again

Would you like to skip networking setup and keep your old settings as they are? NO Do you want networking for your virtual machines? YES Would you prefer to modify your existing network configuration using the wizard or the editor? EDITOR Do you wish to make any changes to the current virtual networks settings? YES Which Virtual network do you wish to configure? 8 The network vmnet8 has been reserved for NAT network. Are you sure you want to modify it? YES What type of virtual network do you wish to set vmnet8? NONE Do you wish to make additional changes to the current virtual network settings? NO Do you want this program to automatically configure your system to allow your virtual machines to access the host’s filesystem? NO

cd /etc/init.d ./vmware stop ./network stop ./network start ./vmware start

Now if you do an ifconfig all you see is eth0 set to the host machines IP that you assigned and the lo loopback interface. This is what we want.

Now when you start vmware with the command vmware we have the networking we want. If you type ifconfig you can see the result of setting up the networking in the VMware host.

Launch vmware (type 'vmware') and goto Help, Enter Serial Number. Have the TA come in and enter a serial number for your VMware license.

Installing RedHat 7.2 Operating System as your first virtual operating system. Obtain the RedHat 7.2 Installation CDs from the TA. You will also need the VMware installtion CD later to install some tools after installing RedHat 7.

After booting up a VMware installed computer and opening a terminal window (right mouse, select new terminal) and starting vmware with the command vmware, select File, New Virtual Machine. Select typical configuration, on the next screen select Linux, then make the linux virtual machine name RedHat7.2, use the default location. Select Use Bridged Network. Select Finish.

On the maim VMware screen select the RedHat7.2 virtual machine. Insert the RedHat 7.2 install CD #1 in the CDROM, answer NO to do you wish to run /mnt/cdrom/autorun. Close the cdrom window that opened. Click on Start this virtual Machine. Hit enter at the Welcome to Red Hat Linux 7.2 window.

  • The language that will be used is English. Just select next.
  • The keyboards being used are generic 105. Just select next.
  • 3 button mouse ps/2. Just select next.
  • Click "NEXT" in the welcome to Red Hat Linux Screen.
  • Select Custom Install
  • Have the installer automatically partition for you
  • Yes you would like to initialize the drive
  • Remove all partitions on this system
  • Yes you are sure
  • Select next on the partitions screen
  • Use GRUB. All defaults on this screen are OK as is.
  • Do not enter a grub password, just select next
  • In the network configuration window: Activate on Boot is already selected, remove check on configure using DHCP. Fill in:

Click next to finish up selecting this extra stuff we have added to our install

  • Click next on unresolved dependencies screen to automatically fix the unresolved dependencies we created
  • Select NVIDIA GEFORCE 2 MX GENERIC 32 MB memory
  • About to Install Screen is Next, select next
  • Installation takes about 15 minutes and requires you to insert CD#2 at some point; you will see a failure message that says the CDROM failed to eject. At that point insert the CD#2 and then after doing that select OK. Then OK again on please insert CD#2.
  • Skip Boot Disk creation.
  • Select Sony CPD E400 from the list and click Next.
  • Select 800x
  • Remove the CD when the CDROM failure message appears, click OK.
  • Logon as root and password (Note: your x windows will not work yet. We need to install some Vmware tools later and then X windows will work. You start x windows typically with “startx”).

In a window type ntsysv Turn off sendmail and also turn off syslog by pressing the space bar at those lines. Tab to OK, press return bar when OK highlighted.

To test if your new virtual RedHat 7.2 machine is on the bridged network ping your host machine that the virtual machine is on:

ping 57.35.6.x or whatever the address is of the host machine your virtual machine is on top of. control c to stop it

Installing the VMWare tools on your new virtual machine.

You may need to hit CTRL and ALT at the same time to release the cursor from your virtual machine and allow you to select the following:

While running the new RedHat 7.2 virtual machine, select File “Install VMware Tools….” This should create a virtual cdrom directory from which you can copy the tools file.

While still inside this Red Hat 7.2 virtual machine type the following

mount /dev/cdrom cd /tmp cp /mnt/cdrom/vmware-linux-tools.tar.gz. umount /dev/cdrom tar zxf vmware-linux-tools.tar.gz cd vmware-tools-distrib ./vmware-install.pl select default directory to install select default daemon file directory select default for library yes to create new path default on documentation directory yes on path default on rc directory default on scripts yes on invoke tools now Now that you are done, type this next line exactly as it appears: shutdown –h now in the Red Hat 7.2 Virtual machine.

NAS Configuration To be able to access the NAS server from this virtual machine you will need to the NAS configuration steps described before. They are listed below. Open /etc/fstab in a text editor Add the following line: //NAS/secure_class /mnt/nas4893 smbfs noauto,username=secure_class,uid= 500,gid=500 1 0 Then type mkdir /mnt/nas

Since the NAS server is on a different subnet and DNS is not yet functional, your local machine doesn’t know how to find the NAS machine. So, edit /etc/hosts file to add the following line: 57.35.10.10 nas.eecom.gatech.edu nas

You need to do these only once. Now to mount the NAS, every time, you can just type mount /mnt/nas4893 and then enter the password “secure_class”. After this, the NAS will be loaded just like a floppy or cd. It even has a graphical folder in /mnt.

Note: If for some reason you cannot get the NAS file system to mount, after the above steps, you might not have installed Samba during the initial installation. Samba is needed to access the Windows file sharing system with NAS. If you skipped Samba during the initial installation follow the steps given below to install it.

Installing Windows XP as another Virtual machine (at the same level as the Red Hat 7.2 virtual operating system, not inside the Red Hat 7.2 virtual system). Obtain the Windows XP installation CDs from the TA. Note later you will need the TA to type in the license number. (You do not neeed a VMware installtion CD)

After booting up a VMware installed computer and opening a terminal window (right mouse, select new terminal) and starting vmware with the command vmware, select File, New Virtual Machine. Select typical configuration, on the next screen select windows XP professional, then make the XP virtual machine name winXPPro, use the default location. Select Use Bridging Network. Select Finish.

  1. Insert the XP CD #1 into the machine and select start this virtual machine.
  2. At the “Welcome to Setup” screen, press ENTER
  3. Press F8 (“I agree”) to the license agreement
  4. Delete all partitions on the drive. For each partition, highlight the partition, and then press D. Then press ENTER. On the next screen, press L. Repeat these steps for each partition until all you have is one unpartitioned space.
  5. Select the unpartitioned space and press ENTER
  6. Format the partition using the NTFS file system
  7. Once the disk is formatted, the installer will copy files for installation and then reboot.
  8. Once the software installs, select Regional and Language Options and press Next
  9. Type in your name and “Georgia Tech” for the organization field, and click Next
  10. Obtain the product key from the TA, type that in the field, and click Next
  11. Set the computer name to “group#-xp” (e.g. group36-xp) and type in an administrator password of password. Click Next.
  12. Set the Date and Time, and click Next
  13. At the Network Settings screen, select “Custom Settings” and click on Next.
  14. Select Internet Protocol (TCP/IP), and then click on properties.
  15. Select “Use the following IP address” and use the following settings: IP Address: use two IP address higher than your base IP. For example if your base IP is 57.35.6.x, now use 57.35.6.x+ Netmask: 255.255.255. Default Gateway: leave blank DNS server: leave blank
  16. Click OK and then click Next
  17. On the next screen, click the first option that says you want this computer to be part of a workgroup (i.e. it is not part of a domain). Keep the workgroup name as WORKGROUP. Click Next.
  18. At the “Welcome to Microsoft Windows” screen, click Next
  19. For network connectivity, select LAN and click Next
  20. Make sure that the option “Obtain IP automatically” as well as the option “Obtain DNS automatically” are not selected and use the following settings: IP Address: see IP address above, for example 57.35.6.x+ Netmask: 255.255.255. Default Gateway: 57.35.6.

Preferred DNS: 57.35.6.

  1. At the registration screen, choose the option not to register at this time
  2. Enter the username “user1” in the “Your name” field and click Next
  3. Click on Finish

Windows XP should now be successfully installed on your system.

Open up a command window and ping your host machine’s IP address.

Installing the VMware tools package inside the XP virtual machine Start the XP virtual machine Click OK on the warning that VMware tools are not installed. Select File Install Vmware tools Select install Simply follow the on screen instructions

If you are unable to open both the Red Hat 7.2 virtual machine and simultaneously the XP virtual machine, you may need to change the amount of memory the XP machine uses to 128 Mb.

To do this (if necessary) in host Vmware workstation (RedHat 8.0) select windows XP but do not start it. Select EDIT Select virtual machine settings Select guest memory size (MB) 128 Select OK

Summary: At this point you have set up your RedHat 8.0 host machine with a base address, a RedHat 7.2 virtual machine, and an XP virtual machine. You now have three computers in one box all connected together in a bridged network which can communicate through the single network interface card out to any network you connect you host machines physical interface card to.

Draw a picture here of three machines connected together by a hub or a switch and put names on the machines as well as IP addresses on each of the three machines network connections:

PART B – Installation and usage of network security tools

Read “Counter Hack” Chapter 5 Phase 1 Reconnaissance, and Chapter 6 Phase 2: Scanning

Turn in this part to the TAs with your answers.

At home or on a school computer: Use the whois databases ( for example www.internic.net/whois.html); a registery whois lookup (for example http://www.networksolutions.com/en_US/whois/index.jhtml); and the American Registery for Internet Numbers (ARIN) (for example http://ww2.arin.net/whois/) to find out everything you can about Internet Security Systems (www.iss.net). Attach a printout or hand written SUMMARY (not every single IP address required!) of that information to your lab.

How do you protect your own network against this type of information gathering?

Start both the XP and the virtual Red Hat 7.2 virtual operating systems. Go to the 7. “virtual operating system”. Create a /home/tools directory. Make sure that you are in X Windows while installing and running the tools. Use the command startx to initiate x windows.

All the tools needed for this lab are available on the NAS server in the Tools/Linux directory. To logon to the NAS folder, first check that your fstab file is configured correctly, as described before. It should have the line : //NAS/secure_class /mnt/nas4893 smbfs noauto,username=secure_class,uid= 500,gid=500 1 0 If it is not there, you need to add it. Also, your /etc/hosts file should have the line 57.35.10.10 nas.eecom.gatech.edu nas

To load, you can now type mount /mnt/nas

The password is “secure_class”. After this, the NAS will be loaded just like a floppy or cd. It even has a graphical folder in /mnt.

The tools are in the /Tools/Linux folder in a tarball file called tools.tgz

Copy the tools file to your Linux 7.2 machine into /home by cp tools.tgz /home Then tar xvfz tools.tgz This unpacks the tools into /home/tools directory. cd tools to go into the tools directory.

1 – CHEOPS-NG

You have already used ping to see what systems are on your “network”. Using ping coupled with the tool traceroute (unix) tracert (windows) manually allows you to map a network. Lets look at an automated tool for network mapping that draws a nice picture of the target network. You should now have the file cheops-ng-0.1.5 from the CD in your /home/tools. You can find this tool on your own at http://cheops-ng.sourceforge.net/ That page says: “Cheops-ng is a Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and the version number of that program”. Next tar xvfz cheops-ng-0.1.5.tgz cd cheops-ng-0.1. ./configure gmake gmake install

The way to use this tool is to first start an agent daemon running in background mode on your virtual operating system. Type: cheops-agent & Next start your main program which has the graphical user interface. Connect to it with cheops-ng You will need to tell the main program you want to connect to the background program running on agent hostname 127.0.0.1, which is your own machine.

At this point select viewspace and select add network. Enter in the network your machine is connected to in the lab, for example 57.35.6.0 Use 255.255.255.0 for the netmask.

If a windows pops up asking you about an OS pix map, just click OK.

release your mouse from VMware so as to move outside a virtual machine and onto the host machine.

To start nmap, type nmapfe &

Use nmap to scan the 7.2 virtual machine by entering in its host IP address for example 57.35.6.x+1. Select a SYN Stealth Scan using TCP&ICMP. Leave OS detection checked. Select scan.

List what ports, the state of the port, and service found on the 7.2 machine.

At a computer with Internet access, look at http://isc.incidents.org/port_details.html and type in the numbers (for the ports you found open ) in the upper left white box (80 is the default). It will tell you what registered services are associated with that port as well as some statistics. Summarize what you found out about each running service from that web site here:

What operating system and version did nmap find on the 7.2 system? What operating system version do you see when you boot up that virtual machine? Are they the same?

Next use nmap to a range of hosts. Use for example 57.35.6.x – 57.36.(x+4), select ICMP ping, and select ping sweep. Did nmap see all of your three machines? This is an automated ping sweep to find machines on a network.

How does the nmap tool tool results differ from the cheops tool results as far as finding out about what machines are on your network?