CSOL 570 Final Project

Trade Studies

Performing a Trade-Study

Step 1 Criteria:

Real Time: Whilst it will be useful to check the convergence on certain aspects of
my protocol quickly, integration with the real application is more important. The
application in for real time interactive data so it will have to be able to be plugged
in to the simulated network and used. The network should appear exactly like a
real one so the application does not need to be adapted (FinMars Consulting Ltd,
2014).
Adaptable: Once a base simulation is produced it will have to be adapted to
experiment with many different scenarios. The simulation must be readily
adaptable between runs and within a simulation to show the dynamic nature of a
tactical network (FinMars Consulting Ltd, 2014).
Realism: The network must present to the application protocol like a completely
realistic network link. How the model does this is less important. I do not have a
requirement to simulate RF path loss, multipath, complex routing algorithms or
any of the specifics. I will be able to use my knowledge of tactical networks to set
realistic constraints. I will also want to break the network as much as I can to see
how the protocol performs in these conditions (FinMars Consulting Ltd, 2014).
Interface with real applications: I must be able to run the exact same application
as I would have on an actual system. The modelling tool must therefore present
what appears to be a normal network connection. I will have two primary ways to
run the application:
o Run the software multiple times on the simulation host. Each instance
should be connected to a different network node on the simulation and be
isolated from each other so they can only connect across the simulated
network.
o For other hardware types they should be connectible by physical interface.
This could be via an ethernet port on the simulation host perhaps via a
VLAN switch to offer multiple ports (FinMars Consulting Ltd, 2014).
 Open Source: I have a preference for Open Source anyway and my rig is going
to be running on Linux. It will also be important for me as if the simulation
environment does not quite meet my needs I will have the option to change it
(FinMars Consulting Ltd, 2014).
MANET: The simulation of Mobile Ad-hoc or Mesh Networks must be sufficient to
show that any network protocol will be useful in a real world scenario (FinMars
Consulting Ltd, 2014).

Step 2:

GNS3 https://www.gns3.com/

For GNS3 the review of the product was extensive but for the most part it did meet
the criteria I found via FinMars Consulting Ltd. I found a link on their webpage to
help set up a topology which was actually very helpful.
(https://docs.gns3.com/1wr2j2jEfX6ihyzpXzC23wQ8ymHzID4K3Hn99-
qqshfg/index.html)

Cisco Packet Tracer

http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html

Cisco Packet Tracer Skills Assessments are innovative, formative assessments that
measure student performance and knowledge of networking concepts and skills using
the simulation and configuration capabilities of the Packet Tracer learning environment
(Cisco Networking Academy, 2010).
The Networking Academy program emphasizes the hands-on, e-doing aspect of
learning, which reinforces skills and helps students develop the confidence needed to
perform the tasks they have learned outside the classroom (Cisco Networking
Academy, 2010).
The online Packet Tracer Skills Assessment environment presents complex and
authentic tasks, immediately scores the exams, and provides rich, detailed feedback
that supports learning and evaluation of student performance (Cisco Networking
Academy, 2010).
Packet Tracer Skills Assessments offer the following features and benefits:
Rich, immediate feedback:
Online, centrally administered environment
Automatically scored and integrated with grade book
Utilizes familiar Packet Tracer simulation environment
Measures performance in addition to knowledge
Allows simultaneous testing for large numbers of students
 Helps instill confidence in mastery of learned skills
21st century assessment integrated with networking technology curriculum

Step 3:
For the purpose of this assignment I selected GNS3 because it matched my
criteria the best and was the most user-friendly choice as well.

Scanning for Vulnerabilities

Step 1: Criteria
Regular updates to vulnerability definitions.
User friendly/ease of use.
Support for cloud and mobile.
Enterprise Features.
Pricing and licensing: ideally costs that can differ depending on size of
organization.
Support.
Compatibility with the CVE program.

Step 2:
The OWASP Zed Attack Proxy (ZAP) is one of the worlds most popular free
security tools and is actively maintained by hundreds of international volunteers. It can
help you automatically find security vulnerabilities in your web applications while you are
developing and testing your applications. Its also a great tool for experienced
pentesters to use for manual security testing (OWASP, 2016).
OWASP provided a printable user guide:
https://github.com/zaproxy/zaproxy/releases/download/2.4.0/ZAPGettingStartedGuide-
2.4.pdf

Vega is a free and open source web security scanner and web security-testing
platform to test the security of web applications. Vega can help you find and validate
SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information,
and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and
Windows. Vega can help you find vulnerabilities such as: reflected cross-site scripting,
stored cross-site scripting, blind SQL injection, remote file include, shell injection, and
others. Vega also probes for TLS / SSL security settings and identifies opportunities for
improving the security of your TLS servers. Vega includes an automated scanner for
quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds
XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be
extended using a powerful API in the language of the web: Javascript (Subgraph, 2014).
Subgraph has a page, which breaks down how to use the Vega scanner:
https://subgraph.com/vega/documentation/Vega-Scanner/index.en.html

Step 3:
 Part of my decision was made because the look of the websites. Subgraphs site
looked more professional and I felt more comfortable in downloading their product
versus OWASPs website.
Once downloaded I utilized Vega in the scanner perspective, mostly because the
website showed an example of how to use it from that perspective. Here are the
instructions on how to do a scan that I pulled from Subgraphs webpage
(https://subgraph.com/vega/documentation/Vega-Scanner/index.en.html).
To start a scan, click the new scan icon at the top left corner. Alternatively, you
can select the "Scan" menu bar item and click on "Start new Scan". This will
cause the New Scan wizard to open.
Vega will start crawling the target web application. Vega sends many requests.
This is because in addition to analyzing the page content, the crawling engine
does several tests on each potential path, trying to determine if it is a file or a
directory. Vega also compares pages to each other, and tries to figure out what
the 404 page looks like. Vega modules also send their own requests.
The scan progress will be indicated with a progress bar. Note that the total
number of links to crawl will grow as Vega discovers new ones and generates
variations to perform the above-described tests, so the finish time will be a
moving target. The preferences described at the start of this tutorial control the
parameters that limit scope of the scan.
To stop an active scan, click the red icon with an "x" next to the new scan button.
Opening up the scan results will reveal a tree of alerts, with severity at the
highest level, followed by type, and then path instance. Both current and previous
scan results for the workspace are listed. The target icon representing the current
scan will be blinking until it is finished.
Clicking on an alert will open it in the central pane. To return to the scan
summary, click on the top-level item in the alerts tree in the Scan Alerts view, in
the bottom right corner.

Virtualized Test Lab Architecture:

Setting Up a Virtualized Lab Environment

I had to completely re-install my VM to my MacBook.

Once I got the VM installed I proceeded to down load Kali and get it back up and
running.
My first attempts at running Kali failed due to wrong file types, once I identified
the correct file I set up Kali.
After Kali was finally working I tried to install Metasploitable, being new to the
cyber security program I thought Metasploitable had to be downloaded inside my
VM running Kali, after speaking with Steve the TA I realized I was wrong and with
his help I got my Metasploitable VM up and running.
For help with the code to look for open ports I utilized the following website:
https://cyberarms.wordpress.com/2012/07/21/metasploitable-2-tutorial-part-1-
checking-for-open-ports-with-nmap/
Security Toolkit

Tool Description
GNS3 GNS3 allows you to run a small topology
consisting of only a few devices on your
laptop, to those that have many devices
hosted on multiple servers or even hosted
in the cloud.
Cisco Packet Tracer Cisco Packet Tracer Skills Assessments
are innovative, formative assessments that
measure student performance and
knowledge of networking concepts and
skills using the simulation and
configuration capabilities of the Packet
Tracer learning environment
Vega by Subgraph Vega is a free and open source web
security scanner and web security-testing
platform to test the security of web
applications.
The OWASP Zed Attack Proxy (ZAP) ZAP is one of the worlds most popular
free security tools and is actively
maintained by hundreds of international
volunteers.
Metasploitable Metasploitable is an intentionally
vulnerable Linux virtual machine. This VM
can be used to conduct security training,
test security tools, and practice common
penetration testing techniques.
Wireshark Wireshark is a free and open source
packet analyzer. It is used for network
troubleshooting, analysis, software and
communications protocol development,
and education.

Surveillance And Reconnaissance Processes

Viewing Network Communications with Wireshark

I downloaded and launched Wireshark via https://www.wireshark.org/#download.

Once Wireshark was downloaded I proceeded to launch it where it automatically began
capturing information on the networks.
However when I tried to launch Kali it seemed like it wasnt connecting to a network.
I got screen shots of what wireshark was capturing.
However, I wasnt completely sure if I was supposed to download and launch wireshark
within kali.

Metasploitable
At this step my results were not the same/similar as to the example from the tutorial.
Here my results differed from the tutorial.
At this step when it asked for a password I was unsure of what to do, mostly because I
would not allow me to type anything in the field labeled password.

Kali

For some reason when using the history command in Kali nothing populated.
Lessons Learned And Final Thoughts

I learned a lot in this course. In the fundamentals class I was not able to dive this
deep into properly using a VM or Kali for that matter. It was quiet the experience having
to set everything back up on my computer since I had removed it after the fundamentals
class. I learned the importance of using a lab environment to run tests and learn how to
use tools, because heaven forbid you accidently open up your computer to the people
who want to do you harm.
When I am able to find myself in this career field as a civilian I know I will have to
go back and brush up on everything and knowing that there is a safe environment within
my machine to do that makes me feel a lot better. Sadly with my military career taking a
turn in a different direction Im not sure when these skills will be able to be utilized
again, but I will be sure to stay on top of them to the best of my ability.