Professional Documents
Culture Documents
Virtual machines additionally offer advantages such as isolation, resource sharing, and the
ability to run several flavours and configurations of operating systems, each with its own set
of software technologies and configuration [2]. This approach will help AcmeAccounting to
operate multiple OS on one virtual system and will help the clients to access application on
network. For this task, we are using Linux distribution Ubuntu 22.04 to install from scratch
on Virtual box. For this task we have created 1 server and 1 client on VirtualBox that will
allow us to install, configure and test our strategy over several network strategies.
First task in the Assignment was to use and industry Linux distribution on VirtualBox. For
this purpose, I downloaded the Oracle VM (Virtual Machine) VirtualBox from the
distribution website (https://www.virtualbox.org/wiki/Downloads)[3]. I have download
VirtualBox 6.1.34 for Linux specific for Ubuntu 22.04 Desktop Installer. Basically,
VirtualBox is a virtualization software that is used to install the operating system (OS) and
facilitates the creation and management of VM. Virtual machines (VMs) are software-based
simulations of actual computing environments [4]. They usually consist of multiple files
providing the VM's setup, virtual hard disc storage, and some snapshots of the VM's state at a
specific point in time. The next step is to install two version on Linux Ubuntu 22.04 Desktop.
After installation of Oracle VM VirtualBox Manager, the following screen appears as shown
in figure 1.
Create VM
The next step was to create two virtual machines. For this purpose, I started the VirtualBox. It
has opened the VirtualBox Manager. This interface will be used for administration of the next
two virtual machines. In the given task I have to create two instances i.e. one for server and
one for client. The second task was to given the names and operating system to the first
machine. I have used the name s for server followed by registration number (1959410) and
then initials of my Name ST (S for Suraj and T for Timilsina). As I am using Apple
MacBook Pro, thus the folder name where the VM will be installed is given in Machine
Folder. The next step was to select the type of Operating System, I have used the Linux as
operating system and in the Version I choose Ubuntu 22.04 (64-bit).
By pressing the Next button and there will be a wizard for selecting the amount of memory to
be used as RAM to allocate to the server side VM. I chose about megabytes to be allocated to
the virtual machine. I chose approximately 6 GB (6144 megabytes) of RAM.
After allocating Ram the next step is to add a virtual hard disk to the server. Make sure
Next I choosed the file type for the new virtual hard disk. Make sure that VDI (VirtualBox
Disk Image) is checked and press Next.
The next step was to use the hard disk as dynamic or fixed allocation. I have selected
dynamically allocation and used the dynamically allocated storage on physical hard disk.
In the last, select the amount of space allocated to virtual hard disk in GB. The default size of
10GB, but I have chosen 2 TB of space to hard disk. The path of virtual disk image is shown
in the given below figure and click create to allocate the disk size. After this step the hard
disk will be created and can be seen in the VirtualBox Manager.
.
After the completion of basic steps, the next step was to set the profile with the name,
computer name and selection of passwords. The following screen shows the setting of profile.
Assigning of meaningful name to client machine
Installation of Client Side
Assigning of meaningful name to client machine
The computer on which server is installed must have the capability to accept the ssh
connection. This could be done by installing the ssh software toolkit on server
machine. To install SSH server, we need to install the package of openssh-server as
shown in the figure below. To install the ssh server on my server machine I execute
the following command.
Installation of OpenSSH Client.
After the successful installation of openssh on both client and server side, the network user
can create a secure remote. The given below sequence of command will be used to establish
secure ssh connection among client and server
Execute ssh s2030889KK@10.0.2.15 where s2030889 is the user name of server side
and 10.0.2.15 is the host ip address of server.
The system will prompt for the password, you are required to enter the password
followed by the Enter button. While typing, you will not receive any feedback on the
screen. If you're going to paste your password, be sure it's not in a text file.
When you first connect to a server, it will ask if you wish to keep connecting, you
need to Simply write yes(y) and press Enter button key. Because the remote server is
not recognized on your local PC, this message appears only this time.
You may now use your terminal to manage and control a distant machine. If you're having
problems connecting to a remote server, check sure you've done the following:
Apache2 (HTTPD)
The Apache web server (also known as "HTTPD") is one of the most widely used for
providing dynamic and static web pages [12]. It is open-source software distributed under the
Apache License 2.0. It has a lot of useful features, such as dynamically loadable modules,
strong media support, and significant integration with other popular software.
Installation of Apache2
Because Apache is included in Ubuntu's default software repositories, it may be installed via
standard package management tools. Let's start by adjusting the local package index to mirror
the most recent changes from upstream [13]:
sudo apt update
sudo apt upgrade
It's time to install Apache 2 software now as the system has been upgraded with the newest
fixes. To put it another way, type the following command and hit [Enter] [14]:
After this I forwarded a ping command from my client side to the server side to test the
connection. I used my Ip address of server side got from ifconfig command. In the below
figure we can see the amount of time for sending of packet and time of getting response.
Before you can test Apache, you'll need to change the firewall settings to allow access to the
default web ports from the outside. You should have a UFW firewall configured to restrict
access to your server if you followed the necessary steps. During installation, Apache
registers itself with UFW to give a few application profiles that can be used to permit or
disable access to Apache over the firewall. Display the ufw application profiles by writing:
Find the status of apache2 server
At the completion of the installation procedure, Ubuntu 20.04 starts Apache. The web server
should be up and operating at this point. Check with the systemd init system to check sure the
service is running by typing:
Dynamic Host Configuration Protocol (DHCP)
To install the DHCP server on the Linux VM firstly, you'll need to update the packages
repository by executing the following command [17].
$ sudo apt-get update
Install the DHCP package using the following command after updating the packages list.
$ sudo apt-get install dnsmasq
Config
uring a
DHCP
Server
Following the installation of the DHCP server, use the ifconfig command to obtain the DHCP
server's IP address. DHCP configuration files can be found in /etc/dhcp/dhcpd.conf. To open
the file, type the following command.
To define the subnet, range of IP addresses, domain, and domain name servers, add the
following lines to the configuration file.
I have used the below given command in termina to check the status of DHCP service as its
running or not
$ sudo systemctl status isc-dhcp-server.service
To start the DHCP service.
$ sudo systemctl start isc-dhcp-server.service
To stop the DHCP service.
$ sudo systemctl stop isc-dhcp-server.service
To restart the DHCP service.
$ sudo systemctl restart isc-dhcp-server.service
DHCP servers are subject to a variety of attacks. Let's look at some of the many types of
attacks and how to avoid or neutralise them.
Denial of Service
Because the DHCP protocol does not need client authentication to give network
configurations, any user with network access can receive an IP address lease. The data
transmitted by the DHCP server could leak DNS server IP addresses, jeopardising the
network's security. Malicious users with access to a DHCP-enabled network can launch a
denial-of-service attack on DHCP servers by flooding them with a large number of lease
requests, reducing the amount of leases accessible to other DHCP clients [19].
The DHCP starvation attack occurs when a hacker uses up all of the address space accessible
to DHCP servers for a set amount of time [20]. Broadcasting DHCP queries with faked MAC
addresses is used in this type of attack. The attackers also employ DHCP snooping to get
access to the network, which is a strategy for providing network security by filtering
untrusted DHCP packets and constructing and maintaining a DHCP snooping binding
database.
In order to carry out man-in-the-middle, sniffer, and reconnaissance attacks, a hacker may set
up a phoney DHCP server on the attacked network [21]. The attacker uses this rogue server
to offer the clients with bogus addresses and other network information in order to snoop into
the data packets. The rogue server then sets up its own DNS servers and network gateways,
which send users to malicious websites where they can be phished for personal information
like credit card numbers and passwords.
Safety Tips
Unauthorized access to the server system is limited by following adequate physical security
rules for hardware components such as servers, switches, and routers. Maintaining user
access policies additionally anneals the security perimeter by restricting wireless access for
illicit individuals inside or outside the system. Every DHCP server on the network should
have audit logging enabled, and log files should be monitored. When the DHCP server
receives an unusually high number of lease requests from clients, these log files assure
security. An audit log file contains the information needed to hunt down the source of DHCP
server attacks. Explanatory information about the DHCP Server service should also be
examined in the system event log. While authentication occurs before the DHCP server
assigns a lease to clients running the Microsoft OS with 802.1 enabled switches, providing
improved security. Furthermore, only a small number of people should have administrative
access to DHCP. Only members of the Administrators or DHCP Administrators groups
should be able to administer DHCP servers through the DHCP console or Netsh commands.
Ensure that users that require read-only access to the DHCP console are added to the DHCP
Users group rather than the DHCP Administrators group. Even if nothing in the cyber world
is totally secure, a few security measures used in a security policy can help a company avoid
cyber dangers.
Browsers use the address to send data to content delivery network (CDN) edge servers or
origin servers once the DNS server has found the correct IP address. Once this is completed,
the user can view the website's information.
The DNS directory, which converts names to numbers, isn't all kept in one dark part of the
internet [22]. DNS resolution is the process of translating a hostname (for example,
www.example.com) into a computer-friendly IP address (such as 192.168.1.1). Each device
on the Internet is assigned an IP address, which is required to locate the proper Internet
device, much like a street address is required to locate a certain residence. When a user types
example.com into their web browser, a translation must take place between what the user
types and the machine-friendly address required to reach the example.com webpage [23].
DNS recursor: The DNS recursor, also known as a DNS resolver, receives the request from
the DNS client. It then talks with other DNS servers in order to determine the correct IP
address. After retrieving the request from the client, the resolver operates as if it were a
client. It does this by sending requests to the other three DNS servers, which are root
nameservers, top-level domain (TLD) nameservers, and authoritative nameservers [24].
Root nameservers: The root nameserver is responsible for the DNS root zone on the internet.
Its job is to respond to requests for records from the root zone. It responds to requests by
returning a list of authoritative nameservers for the requested TLD.
TLD nameservers: The IP address of the second-level domain is kept within the TLD name
by a TLD nameserver. The website's IP address is then released, and the query is sent to the
domain's nameserver.
Authoritative nameservers: An authoritative nameserver is the one that responds to your DNS
query with the correct information. A master server, or primary nameserver, and a slave
server, or secondary nameserver, are the two types of authoritative nameservers. The zone
records are kept on the master server, whereas the slave server is a carbon replica of the
master server. It distributes DNS server load and serves as a backup in the event that the
master server fails.
Three sorts of requests occur in a normal DNS lookup. An efficient DNS resolution
procedure can reduce the distance travelled by using a combination of these queries. Cached
record data will be available in an ideal circumstance, allowing a DNS name server to return
a non-recursive query [25].
Recursive query
A DNS client expects a DNS server (usually a DNS recursive resolver) to respond to a
recursive query if the resolver is unable to locate the requested resource record, it will return
an error message. [26].
Iterative query
In the case of iterative query the DNS client will let server to offer the optimized or the
possibly best response. If the query forwarded by DNS client could not find the exact match
by DNS server, then DNS server with lower authoritative will be requested to provide lower
level domain space information. In this scenario the DNS client will forward the query with
referral address. The process will be executed until some error message occurs or there will
be some time out happens.
Non-recursive query
This usually happens whenever a DNS resolver client requests a record from a DNS server to
which it has access, mostly because the DNS server is legitimate for such query or if the
information is in its cache. DNS servers frequently cache DNS records to reduce bandwidth
usage and burden on gateway systems.
DNS caching
The objective of caching is to temporary hold information at a site that optimizes query
performance and efficiency. DNS caching maintains info locally to the asking user such that
the DNS query can be handled faster and then further searches throughout the DNS lookup
network can be bypassed, lowering response time and CPU usage. DNS info can sometimes
be cached in a variety of places, which will all keep DNS records for a given amount of time
specified by a time-to-live value (TTL).
Wireshark
Wireshark is an open source packet sniffer tool used for the network protocol analyzer and is
also used for the troubleshooting of network protocols in real time and presents the packets in
human readable formats [27]. This section will guide us through the process of Wireshark
downloading, installation and packet capturing.
Downloading
For installation of Wireshark we can download its setup from the given below site:
https://www.wireshark.org/download.html
Wireshark Installation on Linux (Ubuntu)
As I was using Linux (Ubuntu 22.04) I followed following command for Wireshark
installation.
.
Wireshark allows users to set network interface controllers into promiscuous mode (if the
network interface controller supports it), allowing them to observe all traffic visible on that
interface, including unicast traffic not addressed to that network interface controller's MAC
address [28]. However, when using a packet analyzer in promiscuous mode on a network
switch port, not all traffic passing through the switch is forwarded to the port where the
capture is performed, hence capturing in promiscuous mode is not always sufficient to see all
network traffic. Capture can be extended to any point on the network via port mirroring or
various network taps. As I stated earlier the Wireshark is known to the most popular packet
sniffer in computer network community and its popularity is majorly due to following three
task it performs
Packet Capture
Wireshark has the capability of listening huge stream of packets at real time, it can handle
potentially thousands of packets at a time. This feature allows the network engineer and
networks users to check whole packets processed in real time.
Filtering
Wireshark helps to control the display of relevant packets, checking specific protocol or its
values by using the facility of filters. Wireshark has a graphical interface which provides the
support of sorting and filtering to find specific packets of our requirement. In our case we
have selected the filter on FTP protocol. Resulting all the communication packets using the
FTP will be selected and displayed on the interface as shown in figure.
Visualization
Wireshark can be used for a variety of tasks, including diagnosing network performance
issues. Wireshark is frequently used by cybersecurity professionals to trace connections,
analyse the contents of dubious network transactions, and spot network traffic surges. It's an
important aspect of any IT professional's toolset, and preferably the IT expert knows how to
use it.
Traffic analysis using Wireshark.
Reference:
[1]. Chiueh SN, Brook S. A survey on virtualization technologies. Rpe Report. 2005 Jun;142.
[3]. https://www.virtualbox.org/wiki/Downloads
[8]. Fomin SS, Gudkov YI, Tumkovskiy SR. Concept of a virtual workshop on ICT. In2018
IEEE International Conference" Quality Management, Transport and Information Security,
Information Technologies"(IT&QM&IS) 2018 Sep 24 (pp. 787-790). IEEE.
[9]. https://www.techtarget.com/searchsecurity/definition/Secure-Shell
[10]. https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-20-04/
[11]. https://www.cyberciti.biz/faq/ubuntu-linux-install-openssh-server/
[12]. https://httpd.apache.org
[13]. https://mkyong.com/apache/how-to-install-apache-http-server-in-ubuntu/
[14]. https://www.cloudsigma.com/installing-the-apache-server-on-ubuntu-18-04-a-how-to-
guide/
[16]. https://www.infoblox.com/glossary/dhcp-server/
[17]. https://www.linuxfordevices.com/tutorials/ubuntu/dhcp-server-on-ubuntu
[18]. https://vitux.com/how-to-setup-dhcp-server-on-ubuntu/
[19]. Tripathi N, Hubballi N. Slow rate denial of service attacks against HTTP/2 and
detection. Computers & security. 2018 Jan 1;72:255-72.
[20]. https://www.cbtnuggets.com/blog/technology/networking/what-is-a-dhcp-
starvation-attack
[21]. Elz R, Bush R. Clarifications to the DNS Specification. RFC 2181, July; 1997 Jul
[22]. https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/
[23]. https://www.geeksforgeeks.org/working-of-domain-name-system-dns-server/
[24]. https://www.omnisecu.com/tcpip/recursive-and-iterative-dns-queries.php
[25]. https://ns1.com/resources/dns-types-records-servers-and-queries
[26]. https://www.ibm.com/docs/es/itcam-transactions/7.4.0.1?topic=monitor-dns-query-
types
[28]. Chappell L, Combs G. Wireshark 101: Essential skills for network analysis. Protocol
Analysis Institute, Chapell University; 2013.