Professional Documents
Culture Documents
Final Project
Final Project
Michael Keller
22 August 2018
TRADE STUDY AND CONFIGURATION EVALUATION 2
security operations. During the last six weeks, this course presented material such as
trade studies involving network visualization and vulnerability scanning tools, designing
and utilizing a network architecture for testing, presenting and using various tools, and
using command line inputs to execute commands and tests. This writing will provide
details and insight regarding the material covered and used for the duration of this course.
Trade Studies
Two trade studies were performed during the course. The first study was to
TNV, was selected over Key Lines as the preferred visualization tool based on four
metrics:
1. The tool must be deployable on a small home network environment. Support for
2. The tool must be easy to install, configure, and use to support users who are new
to network visualization.
3. The tool must provide visual customization so that visualized data is tailored to
4. The tool should have some variation of customer and technical support.
TNV was ultimately selected since it met all of the required criteria while Key Lines was
for larger-scale deployment and was unavailable after contacting the company. Java
Developer Kit and updated pcap libraries were required to install and use the software.
The result of using this tool was the capturing of packets and additional visualized
TRADE STUDY AND CONFIGURATION EVALUATION 3
information such as packet origination and destination port, range of IP addresses, and
host listing.
The second trade study performed was to compare and select a network
vulnerability scanning tool. Between Nessus and OpenVAS, a tool was selected based on
four criteria:
2. The tool must be east to install, configure, and use for inexperienced users.
3. The tool must have ample documentation and support through any means such as
OpenVAS was selected due to being a free open-source tool with plenty of support as
well as easy to use for inexperienced users. The installation of the tool required
command line inputs which will be covered in a later section. After configuring the
target parameters, the tool took approximately two hours to complete a full scan of a
private home network with a target host range of 192.168.1.1-20. The result showed a
Network Architecture
Two separate network architectures were used during this course. The first is a
virtualized environment involving the use of Virtual Box running on a Mac OS-X High
Sierra computer with three virtualized environments running within the program: Kali
Linux, Metasploitable, and CentOS. Network configurations were established using two
virtual networking devices per instance including the use of bridged adapter or enabling a
NAT.
TRADE STUDY AND CONFIGURATION EVALUATION 4
For much of the course, testing was performed on a private home network with
host 192.168.1.4 running Kali Linux as its Operating System. Host 192.168.1.3 is the
Mac OS X High Sierra computer which Virtual Box runs on. When the individual
instances are configured for bridged adapter as the primary networking adapter to enable
Internet connectivity when performing live tests, such as Nmap scans of Metasploitable.
Kali Linux host 192.168.1.4 was also used for live network vulnerability scans using
Testing Tools
Over the duration of this course, several tools were used to perform various
security metrics, monitoring, anomaly detection, digital forensics, and malware analysis
(Balakrishnan, 2014). TNV provides just that, offering the ability to monitor and capture
network traffic and present critical information like packet origination based on port
origin and port destination given a range of IP addresses. This tool was effective in its
use within the lab due to its ability to differentiate packets and information from
individual hosts, allowing users to easily identify what traffic originated from hosts with
Wireshark
TRADE STUDY AND CONFIGURATION EVALUATION 5
Wireshark is a great tool for any security specialist’s tool kit. This user-friendly
program provides a GUI that makes it easy to navigate without the need for command
line inputs after install and determining which port to monitor if using the ifconfig
command. This tool provides thorough detail regarding traffic being monitored, such as
differentiating between type of traffic as seen in Image 1 and Image 2 IP and TCP traffic
respectively. Each packet comes with detailed information including encryption as seen
in Image 3 and in some cases, plain text traffic if it was sent unencrypted.
OpenVAS
cyber security. The National Institute of Standards and Technology, or NIST, released
network-based scans, host-based scans, wireless scans, and application scans (Cody et al,
2008). This open source tool was extremely effective in identifying security
host 192.168.1.4 on a private network running Kali Linux. The detailed scan took two
4 shows the results of a scan, which shows that the web-based scanner is accurate in
identifying vulnerabilities.
TRADE STUDY AND CONFIGURATION EVALUATION 6
Metasploit
It’s application in the lab environment was very informative since it was deployed against
through the use of Nmap scans against Metasploitable, a tester can pick various methods
Kismet
This tool is utilized for network sniffing, detection, and monitoring, all of which
are important when managing wireless networks. Kismet specializes in wireless network
communications through the use of network interface card while in monitor mode. This
tool provides an in-terminal visual interface which is provides vital information when
assessing wireless networks. Such information includes SSID’s, host lists, packet
generating important logs as seen in Image 6. This tool was very interesting due to its
TRADE STUDY AND CONFIGURATION EVALUATION 7
supportability between other analysis tools like Wireshark. One such log that is
generated is a pcapdump file which can be opened in Wireshark for thorough analysis.
This section will cover the various commands used in the Terminal throughout the
hosts within the virtual environment, ultimately returning results related to the
2. Ifconfig was used to identify the network interface card to verify that the correct
card was selected for monitoring by the program during the Wireshark exercise
and when identifying the network card to be set to monitor mode using sudo
keys through ssh-keygen and placing an authorized key within the host.
Msfconsole was also used to initiate the Metasploit Framework for exploits where
4. Sudo kismet -c wlan0mon was used to launch and monitor with Kismet through
the wlan0 network interface card that was set to monitor when initiating airmon as
mentioned in line item #2. Since Kismet was pre-installed on Kali Linux, no
5. Sudo apt-get update && sudo apt-get upgrade was also used to ensure all
programs were updated and Kali Linux’s distribution was updated to the latest
distribution releases.
Conclusion
Overall, this course and both the virtual lab environment in Virtual Box combined
with live integration with the home network proved to be an effective and resourceful
exercise to familiarize beginners such as myself with tools and command line usage.
Vulnerability analysis and wireless network security tools were the most intriguing
sections and allowed me to implement the learning objectives into my own private
network and assess where my weaknesses are. The hands-on experience in using the
various tools covered also educated me on the very basics in key aspects of cyber
security. One of the most helpful parts was the use of Terminal and using command line
commands throughout the course which allowed me to become more familiar with some
References
Attipoe, A., Richards, D., Turner, C. & Yan, J. (2016). Visualization Tools for Network
http://www.ingentaconnect.com/contentone/ist/ei/2016/00002016/00000001/art00
014?crawler=true
https://www.sans.org/reading-room/whitepapers/metrics/security-data-
visualization-36387
Cody, A., Orebaugh, A., Scarfone, K. & Souppaya, M. (2008). NIST Special Publication
Retrieved from
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
https://www.kismetwireless.net/documentation.shtml
Kody. (2018). Use Kismet to Watch Wi-Fi User Activity Through Walls. Retrieved from
https://null-byte.wonderhowto.com/how-to/use-kismet-watch-wi-fi-user-activity-
through-walls-0182214/
https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide