Professional Documents
Culture Documents
Assessment
Trainer’s Name: Anisul Choudhory 1
No:
Student’s Submission
29 /01 /23
Signature: Date:
Result: Satisfactory
o Re-submission:
o Satisfactory
o Not
(Attempt ___ ) Satisfactory
Assessor’s
Feedback:
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 1|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Trainer/Assessor Declaration: I declare that I have conducted a
fair, valid, reliable and flexible assessment with this student, and I
have provided appropriate feedback. Date: /
/
Assessor Signature:
Department: Date: / /
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 2|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
ASSESSMENT 1
Q1: What are the five (5) latest network security issues? Satisfactory
Write 30-60 words for each network security threat. response
Yes No
1. USB and other external media: It is hard to imagine a world without them, but USB
drives and other external media can pose a substantial risk to your company’s network.
2. Insufficient policies: Staff that use company email and Internet facilities for personal
matters should be educated about the dangers this poses to the security of the
organisation’s information.
3. Wireless access points: You would be hard-pressed to find an organisation that
doesn’t leverage the convenience of wireless technology today.
5. Smartphones and tablets: A lost or stolen handheld device poses some serious risks if
not incorporated into your network security policy.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 3|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Q2: What is the importance of the network Satisfactory response
security policy for a networked organisation
along with the four (4) steps involved in Yes No
network security policy? Write your answer
in 150-200 words.
There are four steps to protect your network from attacks and they are:
1. Implement: The first step is to create and implement a network security system that
provides protection and has sufficient authorization policies.
2. Analyze: Once the network security system is created and implemented, the system
needs to be analyzed to determine if the current security system is appropriate for the
network it is protecting.
3. Test: When an appropriate network security system is in place, it is time to conduct
tests to make sure all of the securities are working and will completely protect your
network against any threats.
4. Modify: After conducting the tests, collect the data and enhance your protections.
The results will reveal where your security system is effective and where it can be
improved.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 4|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Q3: Answer the following questions: Satisfactory
A. What do you mean by penetration testing response
techniques? Write your response in 50-100 words. Yes No
B. What is the importance of penetration testing in
terms of network security? Write your response in
50-100 words.
C. Explain in Network Auditing in 100-150 words.
-The response time of their information security team, i.e. how long it takes the
team to realize that there is a breach and mitigate the impact
Through penetration testing, security professionals can effectively find and test
the security of multi-tier network architectures, custom applications, web
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 5|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
services, and other IT components. These penetration testing tools and services
help you gain fast insight into the areas of highest risk so that you may
effectively plan security budgets and projects.
-Security
-Implementation of control
-Availability
-Management
-Performance
The data is gathered, vulnerabilities and threats are identified, and a formal
audit report is sent to network administrators.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 6|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Q4: What are the capabilities of the following: Satisfactory
response
A. Software perimeter solution Yes No
B. Hardware Perimeter solution
A.
B.
1. Platform security ensures that each device is available to perform its intended
function and doesn't become the network's single point of failure. The network
security plan should include antivirus checking and host-based intrusion
detection, along with endpoint compliance, to ensure that security policies
check user devices for required security software.
2. Access security ensures that each user has access to only those network
elements and applications required to perform his job.
Physical security protects the network from physical harm or modification, and
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 7|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
underlies all security practices. The most obvious forms of physical security include
locked doors and alarm systems.
Logs are emitted by network devices, operating systems, applications and all manner
of intelligent or programmable device. A stream of messages in time-sequence often
comprise a log. Logs may be directed to files and stored on disk, or directed as a
network stream to a log collector.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 8|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Log messages must usually be interpreted with respect to the internal state of its
source (e.g., application) and announce security-relevant or operations-relevant events
(e.g., a user login, or a systems error).
Logs are often created by software developers to aid in the debugging of the operation
of an application or understanding how users are interacting with a system, such as
search engine. The syntax and semantics of data within log messages are usually
application or vendor-specific.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 9|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Q6: What do you mean by organisational Satisfactory response
network infrastructure keeping network
security perimeter in prospect? Write your Yes ✘ No
response in 100-150 words.
1. Access control: Not every user should have access to your network. To keep out
potential attackers, you need to recognize each user and each device. Then you can
enforce your security policies.
2. Antivirus and antimalware software
3. Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted
outside networks, such as the Internet. They use a set of defined rules to allow or block
traffic.
An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS(NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the
progression of suspect files and malware across the network to prevent the spread of
outbreaks and reinfection.
5. VPN
B. VPN
A. You must also consider the following firewall weaknesses when designing
network security perimeter:
- Firewalls are only as effective as the rules they are configured to enforce. An overly
permissive rule set will diminish the effectiveness of the firewall.
- Firewalls cannot stop attacks If the traffic does not pass through them
Q9: What are the six (6) best practices for Satisfactory response
deployment of firewalls as network security
perimeter device? Write your answer in Yes No
130-180 words.
Three legged firewall means you need an additional network adapter in your firewall
box for your DMZ. The firewall is then configured to route packets between the
outside world and the DMZ differently than between the outside world and the
internal network.
If you're being forced or have chosen to IP masquerade, you can masquerade the
machine or machines in the DMZ too, while keeping them functionally separate from
protected internal machines. People who have cable modems or static PPP connections
can use this system to run various servers within a DMZ as well as an entire internal
network off a single IP address. It's a very economic solution for small businesses or
home offices.
1. Block by default
Block all traffic by default and explicitly allow only specific traffic to known services.
This strategy provides good control over the traffic and reduces the possibility of a
breach because of service misconfiguration.
2. Allow specific traffic
The rules that you use to define network access should be as specific as possible. This
strategy is referred to as the principle of least privilege, and it forces control over
network traffic. Specify as many parameters as possible in the rules.
The destination IP address is the IP address of the server that runs the service to which
you want to allow access. Always specify which server (or group of servers) can be
accessed.
1. Service control: Determines the types of Internet services that can be accessed,
inbound (packets which are coming inside the network) or outbound(packets which
are going outside the network).
2. Direction control: Determines the direction in which particular service requests
may be initiated and allowed to flow through the firewall.
3. User control: Controls access to a service according to which user is attempting
to access it.This feature is typically applied to users inside the firewall perimeter
(local users).It may also be applied to incoming traffic from external users.
4. Behavior control: Controls how particular services are used.For example,the
firewall may filter e-mail to eliminate spam,or it may enable external access to
only a portion of the information on a local Web server.
When you commit changes, the firewall automatically saves a new version of the
running configuration. If a system event or administrator action causes the firewall to
reboot, it automatically reverts to the current version of the running configuration,
which the firewall stores in a file named running-config.xml.
2. Audit configuration - This is perhaps the the most important step. A migration is a
project and the configuration defines your connectivity requirements. Do NOT rebuild
the configuration from scratch.
4. Compose Acceptance Tests - in the past I've written Acceptance Test Plans to just
ensure the basic setup is working fine "post" migration. A laundry list of sorts.
5. Schedule "lock out"period for changes - communicate a "freeze" period for any/all
firewall changes prior to the actual migration. Time period could range between 3 days
to 3 months depending on environment.
6. Define roll back procedure - Imagine things go bad, the maintenance window runs
out, and you are dead tired. You still have to roll back the previous firewall to make
sure everything is working prior to the migration. Make a plan. Hint: Keep the legacy
firewall in the rack.
7. Migration & Testing - This is when your acceptance test checklist is used. Work
closely with your system admins. These are the team members responsible for ALL the
1. Make sure that your Ethernet interfaces, virtual routers, and zones are configured
properly.
2. Create your tunnel interfaces. Ideally, put the tunnel interfaces in a separate zone, so
that tunneled traffic can use different policies.
3. Set up static routes or assign routing protocols to redirect traffic to the VPN tunnels.
To support dynamic routing (OSPF, BGP, RIP are supported), you must assign an IP
address to the tunnel interface.
4. Define IKE gateways for establishing communication between the peers across each
end of the VPN tunnel; also define the cryptographic profile that specifies the protocols
and algorithms for identification, authentication, and encryption to be used for setting
up VPN tunnels in IKEv1 Phase 1.
5. Configure the parameters that are needed to establish the IPSec connection for
transfer of data across the VPN tunnel
6. (Optional) Specify how the firewall will monitor the IPSec tunnels.
A. Using a VPN can be a great way to open the internet, but it can also introduce
problems to your usual connection. Some common issues include:
- The internet service you are trying to access blocking your VPN
A.
To test for active leaks, simply connect to a VPN server and visit the test site. You are
checking to see how the VPN performs when the tunnel is active and stable.
You can also simulate different interruptions to see how well the VPN does if network
connectivity drops. For example:
Reconnect to the internet and also load a few different test websites to see if your VPN
is leaking upon reconnection.
B.
DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as
restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider
(ISP). But this can be problematic because your DNS requests are clear text logs of every
website you visit.
1. Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other
websites do not find problems. Below the tests results you can also find a
detailed explanation of DNS leaks.)
2. IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP
address leak results.)
A.
3. Type of breach: Password hack or leakPrevention: Use only secure, cryptic passwords
and use different passwords for different levels of confidentiality.
4. Type of breach: Missing patches or updatesPrevention: Make sure all systems within
the network are regularly updated with the latest patches.
B.
-Do everything right (bullet points to track what was done for repeatability)
• Make easy errors (wrong password, bad part, hit buttons in the wrong order,
etc)
Assessment
Trainer’s Name: Anisul Choudhory 2
No:
Student’s Submission
29 /01 /23
Signature: Date:
Result: Satisfactory
o Re-submission:
o Satisfactory
o Not
(Attempt ___ ) Satisfactory
Assessor’s
Feedback:
Department: Date: / /
You will act as the Network Administrator and will elaborate in the meeting (role play)
about the requirements of the implementation of perimeter device. Your assessor/trainer
will act as the Information Systems Manager and will correspond with the management
and the end users in briefing the requirements. Two of the students will act as the General
Manager Operations and the Member of Board of Directors.
It will include:
o The nature of the security being required by the Bank’s ICT networki
infrastructure
Minutes of Meeting: The IT department will organise a meeting and explain the
requirements to the General Manager Operations and one member from the Board of
Directors.
Roles:
Uses digital technologies and systems safely and securely when implementing
and monitoring a system, with a growing awareness of the permanence and
transparency of all activities
Meeting Objective:
Attendees:
-Andres
-Lee
-Michael
-Anisul
Venue:
Date: 15/01/2023
Activity 2:
Logic Attacks
The majority of security professionals group the various threats to network security in
one of two significant categories. Either they are logic attacks or resource attacks.
Logic attacks are famed for taking advantage of already extant vulnerabilities and bugs
in programs with the stated intention of causing a system to crash. There are cyber
criminals who exploit this attack with the intention of willfully gaining illegal access to
the system, or alternatively of downgrading the performance of a given network.
A second example of such a threat to network security concerns the notorious ping of
death. In this vile attack, the perpetrator dispatches ICMP packets off to a system which
will be greater in size than the maximum allowed capacity.
The majority of these sorts of assaults are simply avoided by upgrading software which
proves to be vulnerable or by filtering out particular packet sequences.
Resource Attacks
The second classification of network security threats are resource attacks. Such assaults
are primarily meant to overwhelm important system resources, like RAM and CPU
resources. This is principally accomplished via dispatching numerous forged requests or
IP packets to the network in question.
The vile cyber-criminal is capable of launching a greater and more potent assault in
compromising the integrity of a multitude of hosts and then installing malicious forms
of software. This type of exploit typically results in what is well-known as a botnet or a
zombie. Once the botnet attack has been successful, the assailant is then capable of
launching off additional later assaults from literally thousands of these zombie infected
machines, all with the end goal of compromising a single target victim.
Such malicious programs typically hold the code for starting a myriad of different
attacks, along with a typical infrastructure for communications which allows them to
successfully operate under a remote control feature.
These viruses are intended solely to permit the computer hacker the ability to remotely
access the targeted computer. This is accomplished easily after such a Trojan horse is
installed on the computer. Such operations which the cyber hacker is then able to
engage in on the machine are limited by the Trojan horse’s design, as well as by user
Keystroke logging
Worms
Computer worms are computer program malware which are self-replicating. They
utilize a computer network in order to dispatch copies of themselves to other
computers using the network. They are different from computer viruses in that they are
not required to be attached to any existing programs.
Worms practically always create some harm for a computer network, even if it is just in
eating-up available bandwidth. This is different from viruses, which typically modify
files or corrupt them entirely on the computer in question.
Worms are far more harmful when they do more than simply replicate themselves onto
other computers. In these cases, they may eliminate files on the host system, as
with ExploreZipworms; execute a crypto-viral extortion attack, in which they encrypt
various files on a computer; or even dispatch out documents using the email system. A
common use for worms lies in their installing back doors on the harmed computer for
the purpose of creating a zombie computer which the worm author then controls.
The first thing which must be done in training a person’s employees lies in uncovering
network security threats through attaining network visibility. Although this sounds
intuitive, it is not always. One can not hope to defend against something, or eliminate
The company or organisation has to set up a baseline for normal patterns and activity of
the network so that unusual and atypical activities may be detected, along with possible
threats to network security.
NetFlow, and other similar types of mechanisms, may be integrated into the
organisation’s infrastructure in order to aid in efficiently and properly ascertaining and
classifying the different types of problems. Before beginning to put this kind of system
into place, the user ought to conduct some form of network traffic analysis in order to
truly appreciate the patterns and rates of typical traffic on his or her network. With a
successful detection system, such learning happens over a significant amount of time
that encompasses both the valleys and the peaks of all network activities.
A perimeter is the fortified boundary of the network that might include the following
aspects:
Border routers
Firewalls
IDSs
IPSs
VPN devices
Software architecture
Border Routers
Firewalls
A firewall is a chokepoint device that has a set of rules specifying what traffic it will
allow or deny to pass through it. A firewall typically picks up where the border router
leaves off and makes a much more thorough pass at filtering traffic. Firewalls come in
several different types, including static packet filters, stateful firewalls, and proxies. You
might use a static packet filter such as a Cisco router to block easily identifiable "noise"
on the Internet, a stateful firewall such as a Check Point FireWall-1 to control allowed
services, or a proxy firewall such as Secure Computing's Sidewinder to control content.
Although firewalls aren't perfect, they do block what we tell them to block and allow
what we tell them to allow.
An IDS is like a burglar alarm system for your network that is used to detect and alert on
malicious events. The system might comprise many different IDS sensors placed at
strategic points in your network. Two basic types of IDS exist: network-based (NIDS),
such as Snort or Cisco Secure IDS, and host-based (HIDS), such as Tripwire or ISS
BlackICE. NIDS sensors monitor network traffic for suspicious activity. NIDS sensors
often reside on subnets that are directly connected to the firewall, as well as at critical
points on the internal network. HIDS sensors reside on and monitor individual hosts.
In general, IDS sensors watch for predefined signatures of malicious events, and they
might perform statistical and anomaly analysis. When IDS sensors detect suspicious
events, they can alert in several different ways, including email, paging, or simply
logging the occurrence. IDS sensors can usually report to a central database that
correlates their information to view the network from multiple points.
An IPS is a system that automatically detects and thwarts computer attacks against
protected resources. In contrast to a traditional IDS, which focuses on notifying the
administrator of anomalies, an IPS strives to automatically defend the target without
the administrator's direct involvement. Such protection may involve using signature-
based or behavioral techniques to identify an attack and then blocking the malicious
traffic or system call before it causes harm. In this respect, an IPS combines the
functionality of a firewall and IDS to offer a solution that automatically blocks offending
As you will learn in Chapter 11, "Intrusion Prevention Systems," some IPS products exist
as standalone systems, such as TippingPoint's UnityOne device. Additionally, leading
firewall and IDS vendors are incorporating IPS functionality into their existing products.
A VPN is a protected network session formed across an unprotected channel such as the
Internet. Frequently, we reference a VPN in terms of the device on the perimeter that
enables the encrypted session, such as Cisco VPN Concentrator. The intended use might
be for business partners, road warriors, or telecommuters. A VPN allows an outside
user to participate on the internal network as if connected directly to it. Many
organisations have a false sense of security regarding their remote access just because
they have a VPN. However, if an attacker compromises the machine of a legitimate
user, a VPN can give that attacker an encrypted channel into your network. You might
trust the security of your perimeter, but you have little control over your
telecommuters' systems connecting from home, a hotel room, or an Internet café.
Similar issues of trust and control arise with the security of nodes connected over a VPN
from your business partner's network.
Software Architecture
The web front end that is responsible for how the application is presented to the user
The application code that implements the business logic of the application
The back-end databases that store underlying data for the application
We typically use the terms DMZ and screened subnet in reference to a small network
containing public services connected directly to and offered protection by the firewall or
other filtering device. A DMZ and a screened subnet are slightly different, even though
Firewalls:
Few businesses would choose to operate without a series of locks, alarms and security
cameras to protect their premises and inventory from intrusions and theft. Protecting
your computer systems is equally important, to prevent malicious users from disrupting
your operations or -- even worse -- stealing your private data or intellectual property.
One of the key tools used for computer security is a firewall, and few companies can
afford to operate without one.
Potential Intrusions
Any network or standalone computer that's connected to the Internet, or any other
external network, is potentially at risk for an attack. These can take many forms,
depending on the attacker's skills and motivation. Some malicious software, or
malware, diverts a portion of your hardware and bandwidth to its own uses, such as
hosting pirated software or pornography. Other programs might delete crucial data or
bring down your network. Criminals could gain access to your network, then charge
Firewall Basics
No single product or service will provide you with complete security, but a firewall is
one of the cornerstones of any network security strategy. Think of it as the electronic
equivalent of a sentry at the gate. It inspects all the data passing in or out of the
network, ensuring that the traffic is legitimate. When properly configured, a firewall
should allow your users access to all the resources they need while still keeping out any
malicious users or programs.
Hardware Firewalls
One way to provide firewall protection is through a separate piece of hardware that's
placed between the network or user and any outside networks such as the Internet.
Hardware firewalls have several advantages. They use their own preinstalled software
and operating system, so malware based on an OS such as Windows can't attack them.
One hardware firewall can protect every device on the network, without the time and
trouble of configuring them individually. That's also a benefit when you need to
upgrade, since updating one firewall is faster and easier than updating a room full of
computers. Many of your existing network routers probably have firewall functions
built in, if you choose to use them.
Software Firewalls
Setup
Firewall protection needs to be part of your overall plan for computer security. That
might also include a clear set of written policies about the use of external networks,
bringing disks or flash drives from other computers, and the storage of sensitive data.
Your IT staff might also recommend the use of virus and malware scanners, WPA
security for your wireless network, or some form of encryption for your hard drives and
_________________________________________________________________________
____________
What is a demilitarized zone (DMZ) and why are information security policies so
important?
As for architecture of a DMZ, its best viewed as having firewalls and routers exposed to
the untrusted external network, for which these devices filter traffic accordingly to the
DMZ and the internal network. Simply stated, a properly configured DMZ essentially
blocks traffic from the untrusted external network from entering directly into internal
hosts by vetting, filtering, and applying checks and rules to all traffic. It’s about access
along with protecting systems from exposure to untrusted environments.
Unit / Subject
Design and implement a security perimeter for ICT networks_
Name:
ICTNWK544_T1 2023
Assessment
Trainer’s Name: Anisul Choudhory 3
No:
Student’s Submission
29 /01 /23
Signature: Date:
Result: Satisfactory
o Re-submission:
o Satisfactory
o Not
(Attempt ___ ) Satisfactory
Assessor’s
Feedback:
Department: Date: / /
Project:
After the detailed elaboration of the requirements for the network security perimeter and
completion of the planning phase by completing the Report, you need to deploy the
perimeter security. For this it has been decided by the IT department that they will
implement the Firewall for the better security of the organisation’s network
infrastructure. The Report in the previous task defines its importance. The
Assessor/trainer will act as the Information Systems Manager and will supervise the
enable ip
Enable remote assignment so that the router can receive an IP address for the eth0
interface
from a DHCP server.
enable ip remoteassign
enable firewall
Create a firewall policy for traffic to and from the private LANs, and allow ICMP
forwarding
(PING).
Set enhanced Network Address Translation (NAT) to translate IP addresses for traffic
between the private VLANs and the public eth0 interface.
Set eth0 and the private LANs (vlan3, van4, vlan5) to be public interfaces.
The default lans and dmz firewall policies allow all traffic to flow between the private
interfaces, and from the private to the public interfaces, but discards all traffic from public
to
private interfaces.
To allow particular kinds of traffic to flow from the public interface through the firewall to
particular services on the DMZ, use one or more of the following firewall rules, or create
other rules.
TASK 1:
Continuation to the previous tasks, you need to implement and configure a VPN solution
for the organisation’s network infrastructure. The VPN solution will help to secure the
connectivity of the HBL Bank’s head office to the regional offices. The assessor/trainer will
Configuration
1.1 VPN Pool
First we will configure a pool with IP addresses that we will assign to remote VPN users:
ASA1(config)# nat (INSIDE,OUTSIDE) source static LAN LAN destination static VPN_POOL
VPN_POOL
1.4 Username
ASA1(config)# username VPN_USER password MY_PASSWORD
Verification
Install the VPN client and start it.
Name: Enter the tunnel group name here, in our example “MY_TUNNEL”.
Password: This is the pre-shared key under the tunnel group, not the user
password! In our example this is “MY_SHARED_KEY”.
Click Save to save your settings to get back to the main screen:
Hit the Connect button and you should get a pop-up that requests the user credentials:
Now you can enter the username and password that we created. Click on OK and you
should get connected and see this:
C:UsersVPN-PC>ipconfig /all
Windows IP Configuration
C:UsersVPN-PC>ping 192.168.1.1
In continuation of the Task 1, perform the testing of the VPN solution. The testing will
help to not only resolve the VPN issues but will also help to enhance the performance of
the perimeter device security. The trainer/assessor will act as the Information Systems
Manager and will supervise the testing process. Once the testing is done, you need to
design a report on the tests results. You need to perform the following tasks for the
testing task and also need to complete the template given below for test results
1. Block by default
Block all traffic by default and explicitly allow only specific traffic to known services. This
strategy provides good control over the traffic and reduces the possibility of a breach
because of service misconfiguration.
2. Allow specific traffic
The rules that you use to define network access should be as specific as possible. This
strategy is referred to as the principle of least privilege, and it forces control over network
traffic. Specify as many parameters as possible in the rules.
A layer 4 firewall uses the following parameters for an access rule:
3.Source IP address (or range of IP addresses)
4.Destination IP address (or range of IP addresses)
5.Destination port (or range of ports)
6.Specify source IP addresses
If the service should be accessible to everyone on the Internet, then any source IP address
is the correct option. In all other cases, you should specify the source address.
7.Specify the destination IP address
The destination IP address is the IP address of the server that runs the service to which
you want to allow access. Always specify which server (or group of servers) can be
accessed.
To test for active leaks, simply connect to a VPN server and visit the test site. You are
checking to see how the VPN performs when the tunnel is active and stable.
You can also simulate different interruptions to see how well the VPN does if network
connectivity drops. For example:
Reconnect to the internet and also load a few different test websites to see if your VPN is
leaking upon reconnection.
DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as
restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider (ISP).
But this can be problematic because your DNS requests are clear text logs of every
website you visit.
Testing sites:
1. Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other
websites do not find problems. Below the tests results you can also find a detailed
explanation of DNS leaks.)
IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address
leak results.)
3. Type of breach: Password hack or leakPrevention: Use only secure, cryptic passwords
and use different passwords for different levels of confidentiality.
4. Type of breach: Missing patches or updatesPrevention: Make sure all systems within
the network are regularly updated with the latest patches.
Penetration Testing:
The term penetration testing (pentesting) refers to processes, tools, and services designed
and implemented for the purpose of simulating attacks and data breaches, and finding
security vulnerabilities.
Our internal pentest checklist includes the following 7 phases of penetration testing:
1. Information Gathering
4. Vulnerability Assessment
5. Exploitation
1. Information Gathering
The first of the seven stages of penetration testing is information gathering. The
organization being tested will provide the penetration tester with general information
about in-scope targets.
2. Reconnaissance
KirkpatrickPrice uses the information gathered to collect additional details from publicly
accessible sources.
The information gathered is used to perform discovery activities to determine things like
ports and services that were available for targeted hosts, or subdomains, available for
web applications.
4. Vulnerability Assessment
A vulnerability assessment is conducted in order to gain initial knowledge and identify any
potential security weaknesses that could allow an outside attacker to gain access to the
5. Exploitation
After interpreting the results from the vulnerability assessment, our expert penetration
testers will use manual techniques, human intuition, and their backgrounds to validate,
attack, and exploit those vulnerabilities.
When you work with KirkpatrickPrice on security testing, we deliver our findings in a
report format.
This comprehensive report includes narratives of where we started the testing, how we
found vulnerabilities, and how we exploited them. It also includes the scope of the
security testing, testing methodologies, findings, and recommendations for corrections.
Where applicable, it will also state the penetration tester’s opinion of whether or not your
penetration test adheres to applicable framework requirements.
The last of the seven stages of penetration testing is so important. The organization being
tested must actually use the findings from the security testing to risk rank vulnerabilities,
analyze the potential impact of vulnerabilities found, determine remediation strategies,
and inform decision-making moving forward.
Below are the most significant penetration tools we used for testing security strength in
our new network.
Wireshark:
Wireshark is a fantastic open-source tool available for operating systems like Windows,
Linux, Solaris, etc. This tool helps the penetration tester capture and understand the
network packets without any hassle. It also makes offline analysis easy and provides
multiple options for live capture.
This is the maximum used penetration testing tool. It is an open-source tool helping users
cross-check and handle security tests, recognize flaws, put up a defense, etc.
NMAP Tool:
This is commonly known as network mapper and is mostly used to look for loopholes in
the network environment of the enterprise. It is also used for auditing.
Nessus:
It is a trustworthy network penetration testing tool used by lots of companies around the
globe. It aids in scanning IP addresses and websites and finishing sensitive data searches.
It is an open-source software used for finding out the dangers present in passwords. This
tool automatically recognizes the various password hashes and finds the errors present in
the password within the database. Its advanced version is available for Mac, Linux, Hash
Suite, and Hash Suite Droid.
Penetration Testing:
Case 2
Defining the scope and goals of a test, including the systems to be addressed and
the testing methods to be used.
Gathering intelligence (e.g., network and domain names, mail server) to better
understand how a target works and its potential vulnerabilities.
2. Scanning
The next step is to understand how the target application will respond to various intrusion
attempts. This is typically done using:
3. Gaining Access
This stage uses web application attacks, such as cross-site scripting, SQL
injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit
these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic,
etc., to understand the damage they can cause.
4. Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent
presence in the exploited system— long enough for a bad actor to gain in-depth access.
The idea is to imitate advanced persistent threats, which often remain in a system for
months in order to steal an organization’s most sensitive data.
5. Analysis
The results of the penetration test are then compiled into a report detailing:
Ref:
https://www.imperva.com/learn/application-security/penetration-testing/
To learn how Nessus and other port-scanning security tools work, it is necessary to
understand different services (such as a web server, SMTP server, FTP server, etc) are
accessed on a remote server. Most high-level network traffic, such as email, web pages,
To run a scan, you must have the Nessus server running on some machine, then start up a
Nessus client. The client will look something like this:
Once you are ready to scan, hit the "Start the scan" button.
(note: for other clients, the exact behavior of the client my deviate from what is described
here, but the overall concept is the same).
After a scan, Nessus clients typically offer to means to analyze the result. The client itself
will often list each vulnerability found, gauging its level of severity and suggesting to the
user how this problem could be fixed. An example screen is shown below:
Purpose: . The testing will help to not only resolve the VPN issues but will also help to
enhance the performance of the perimeter device security
Test strategy
authoring
Test activities
tracking
Giving conclusion
about the quality
Test reports
creation
Scope of Testing
Test the basic and advanced functionality of the VPN and Firewall features
Monitor the performance of the perimeter device along with the monitoring of
The version has been launched on the test environment and the version
notification has been sent to a QA Team Lead
In the built notification all the features planned for the build are claimed to be
ready.
Test Completion
Criteria In case all the conditions that are indicated below are performed the testing
process supposed to be finished:
All test cases planned for the current build have been run (except blocked ones)
All the found defects have been posted to the bug tracking system
Security requirements analysis is a very critical part of the testing process. On this stage
a test engineer should understand what exactly security requirements are on the
project. Also gaps that exist in the requirements are revealed during the process of
analysis. The security properties which are investigated during this process are the
following:
User management
Authentication
Authorization
Integrity
Accountability
Session management
Transport security
Privacy
I have reviewed the Nessus Test Results Report and accept the analysis and findings
within.
_Michael_____Clayton________________________________
__25-01-2023________
_
_AndresPaez____________________________________ _25-01-2023_________
System Owner
_Lee_Liang_____________________________________ 25-01-2023__________
Privacy Coordinator