Scribd
Upload
110 views

SEC450 W2 DFiLab Worksheet-2

David Fontanez completed a security testing lab on November 16, 2014. He verified connectivity between routers and hosts, noting all interfaces were up. Dynamic routes in the routing table went to 192.168.100.0 and 192.168.200.0 through RIP. He pinged hosts successfully. Port scans showed Dallas hosts permitted all UDP/TCP ports. He applied an ACL to the Dallas router to deny TCP ports above 255 from the public server to the Dallas server, increasing its security.

Uploaded by

David M Fontanez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
110 views

SEC450 W2 DFiLab Worksheet-2

David Fontanez completed a security testing lab on November 16, 2014. He verified connectivity between routers and hosts, noting all interfaces were up. Dynamic routes in the routing table went to 192.168.100.0 and 192.168.200.0 through RIP. He pinged hosts successfully. Port scans showed Dallas hosts permitted all UDP/TCP ports. He applied an ACL to the Dallas router to deny TCP ports above 255 from the public server to the Dallas server, increasing its security.

Uploaded by

David M Fontanez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Student Name

David M. Fontanez

Date

Nov 16, 2014

SEC450 Security Testing Lab Document


NOTE: Use Carriage Returns and Page Breaks as needed to prevent table contents
from extending across page boundaries.

Task 1 Verify Connectivity between Router and Hosts

In the CLI window for the ISP router, execute the commands to verify the settings on the
interfaces and display the routing table. Note: Use show ip interface brief to check the interfaces.

Paste the Virtual CLI show ip interface brief and show ip route commands Here
ISP_Router>enable
ISP_Router#show ip interface brief
Interface
IP Address
OK? Method Status
FastEthernet0/0
200.100.0.1
YES NVRAM
up
FastEthernet1/0
200.100.40.1 YES NVRAM
up
Serial0/0
200.100.10.1 YES NVRAM
up
Serial0/1
200.100.20.1 YES NVRAM
up
ISP_Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2
* - candidate default
Gateway of last resort is not set
Displaying routing table from result of Operational table
R
R
C
C
C
C

192.168.100.0/24 [120/1] via 00.100.10.2, Serial0/0


192.168.200.0/24 [120/1] via 00.100.20.2, Serial0/1
200.100.0.0/24 is directly connected, FastEthernet0/0
200.100.10.0/24 is directly connected, Serial0/0
200.100.20.0/24 is directly connected, Serial0/1
200.100.40.0/24 is directly connected, FastEthernet0/0

Complete the table below based on the dynamic routes displayed in the routing table:
Routing protocol
RIP
RIP

Destination Network
192.168.100.0
192.168.200.0

Metric
120/1
120/1

Outbound Interface
Serial0/0
Serial0/1

Verify Connectivity between the ISP Router and the Dallas and Chicago Host and Server PCs by
pinging their IP addresses from the Virtual CLI.
Select the Task 1 commands in the Virtual CLI using the mouse. Click on the Copy button.
Use <Ctrl>V to paste the commands into your Lab Document.

Paste Virtual CLI Ping Commands Here


ISP_Router#ping 192.168.100.10
Type escape sequence to abort.
Sending 5 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
ISP_Router#ping 192.168.100.11
Type escape sequence to abort.
Sending 5 100-byte ICMP Echos to 192.168.100.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
ISP_Router#ping 192.168.200.0
Type escape sequence to abort.
Sending 5 100-byte ICMP Echos to 192.168.200.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
ISP_Router#

Task 2 - Flow Analysis Security Port Scans

Open the Permitted services links Public_Server->Dallas_Host and Public_Server>Dallas_Server. Note the TCP and UDP port numbers that are open. Use <Alt><PrtSc> to
capture the Public_Server->Dallas_Host and the Public_Server->Dallas_Server windows
and use <Ctrl>V to paste the two captured windows into the table cells below:

Paste the Public_Server->Dallas_Host Port Scan window Here

Paste the Public_Server->Dallas_Server Port Scan window Here

What are the UDP and TCP ports that are permitted in traffic from the Public_Server to the
Dallas_Host? What are the UDP and TCP ports that are permitted in traffic from the Public_Server to
the Dallas_Server?

Destination

Dallas_Host
Dallas_Server

UDP Ports Permitted

1-65535
1-65535

TCP Ports Permitted

1-65535
1-65535

Task 3 - Deny Upper TCP ports Public_Server->Dallas Server


Use the Dallas router Virtual CLI (as we did in Task 1) to define an extended ACL that will deny all
TCP services with port numbers above 255 from the Public Server to the Dallas Server while
allowing all other traffic. Apply the ACL to the outside (S0/1) interface of the Dallas router for all
inbound traffic. Execute a show running-config command to verify your configuration. Copy these
Virtual CLI commands and the command output into the table cell below:

Paste the Virtual CLI ACL Commands Here


Dallas# config t
Dallas(config)#access-list 102 deny tcp host 200.100.10.2 host any gt 255
Dallas(config)#interface s0/1
Dallas(config-if)#ip access-group 102 in

Open the Permitted services links Public_Server->Dallas_Host and Public_Server>Dallas_Server. Note the TCP and UDP port numbers that are now open. Use <Alt><PrtSc> to
capture the Public_Server->Dallas_Host and the Public_Server->Dallas_Server windows and
use <Ctrl>V to paste the two captured windows into the table cells below:

Paste the Public_Server->Dallas_Host Port Scan window Here

Paste the Public_Server->Dallas_Server Port Scan window Here

What are the UDP and TCP ports that are now permitted in traffic from the Public_Server to the
Dallas_Host? What are the UDP and TCP ports that are permitted in traffic from the Public_Server
to the Dallas_Server?

Destination

Dallas_Host
Dallas_Server

UDP Ports Permitted

0-65535
0-65535

TCP Ports Permitted

0-255
0-255

Explain the differences between the UDP/TCP Ports tables before and after the ACL has been
applied. Explain what affect this ACL has on Security for the Dallas Server?
Basically, it increase the security by blocking unnecessary ports that are vulnerable to attack.

You might also like