Scribd
Upload
9 views

Securtiy - in - Computing Journal

The document is a lab manual for a security in computing course. It contains instructions for 7 practical assignments on topics like configuring Cisco routers with MD5 authentication, NTP, SSH, syslog servers, and ACLs.

Uploaded by

Simran Sabat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Securtiy - in - Computing Journal

The document is a lab manual for a security in computing course. It contains instructions for 7 practical assignments on topics like configuring Cisco routers with MD5 authentication, NTP, SSH, syslog servers, and ACLs.

Uploaded by

Simran Sabat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 45

Name: Simran. S.

Sabat Roll no:FIT2146

TY.BSc (IT)
Security in Computing Lab Manual
A.Y. 2023-24
(SEMESTER VI)

1|Page
Name: Simran. S. Sabat Roll no:FIT2146

Dr. Homi Bhabha State University, Mumbai


Elphinstone College
156, M. G. Road, Fort, Mumbai 400 032.

DEPARTMENT OF INFORMATION TECHNOLOGY

CERTIFICATE

This is to certify that Mr. / Miss. Simran Shrikant Sabat having Exam Seat
No./Roll No. FIT2146 of T.Y.BSc.IT (Semester VI) has completed the Practical
work in the subject of Security in Computing during the academic Year 2023-24
under the guidance of Asst.Prof. Farzin Qureshi being the partial requirement for the
fulfillment of the curriculum of Degree of Bachelor of Science in Information Technology,
Elphinstone College, Dr. Homi Bhabha State University.

Professor In-Charge Co-Coordinator

Date: ………………. College Seal

2|Page
Name: Simran. S. Sabat Roll no:FIT2146

INDEX

Serial Practical Name Date Signature


No
1 Configure Cisco Routers using MD5 13-12-23
and NTP Server
2 Configure Cisco Routers using SSH 13-12-23
and SYSLOG Server
3 Configure AAA Authentication 23-12-23
4 Configuring ACLs 4-1-24
5 Configuring IP ACLs to Mitigate 6-1-24
Attacks.
6 Configuring IPv6 ACLs 20-1-24
7 Configuring Layer 2 Security 29-1-24

3|Page
Name: Simran. S. Sabat Roll no:FIT2146

Practical No 1:
Configure Cisco Routers using MD5 and NTP Server

 Router 0,1,2→Select HWIC-2T→Switch Off→ Drag &Drop in right side→ Switch


On
PC 0: Server 0:

Server 1: Router 0:

4|Page
Name: Simran. S. Sabat Roll no:FIT2146

Router 0: Router 1:

Router 1: Router 2:

Router 2:
5|Page
Name: Simran. S. Sabat Roll no:FIT2146

Part A: OSPF MD5 Authentication


 Router 0:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router(config-router)#network 10.1.1.0 0.0.0.3 area 0
Router(config-router)#area 0 authentication message-digest
Router(config-router)#exit
Router(config)#int s0/0/0
Router(config-if)#ip ospf message-digest-key 1 md5 123456
Router(config-if)#do show ip ospf interface

Output to verify:

 Router 1:

6|Page
Name: Simran. S. Sabat Roll no:FIT2146

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 10.1.1.0 0.0.0.3 area 0
Router(config-router)#network 10.2.2.0 0.0.0.3 area 0
Router(config-router)#area 0 authentication message-digest
Router(config-router)#exit
Router(config)#int s0/0/0
Router(config-if)#ip ospf message-digest-key 1 md5 123456
Router(config-if)#do show ip ospf interface
Output to verify:

 Router 2:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.3.0 0.0.0.255 area 0
Router(config-router)#network 10.2.2.0 0.0.0.3 area 0
Router(config-router)#area 0 authentication message-digest
Router(config-router)#exit
Router(config)#int s0/0/0
Router(config-if)#ip ospf message-digest-key 1 md5 123456
Router(config-if)#do show ip ospf interface

Output to verify:

7|Page
Name: Simran. S. Sabat Roll no:FIT2146

Part B: Configure NTP(Network Time Protocol)

 Go to Server 0→Services→NTP

 Router 0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server 192.168.1.5
Router(config)#ntp update-calendar
Router(config)#ntp authenticate
Router(config)#ntp trusted-key 1
Router(config)#ntp authentication-key 1 md5 ntp55
Router(config)#service timestamps log datetime msec
Router(config)#do show clock
Router(config)#ntp update-calendar
Router(config)#do show clock

Output to verify:

8|Page
Name: Simran. S. Sabat Roll no:FIT2146

 Router 1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server 192.168.1.5
Router(config)#ntp update-calendar
Router(config)#ntp authenticate
Router(config)#ntp trusted-key 1
Router(config)#ntp authentication-key 1 md5 ntp55
Router(config)#service timestamps log datetime msec
Router(config)#do show clock
Router(config)#ntp update-calendar
Router(config)#do show clock

Output to verify:

9|Page
Name: Simran. S. Sabat Roll no:FIT2146

 Router 2:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server 192.168.1.5
Router(config)#ntp update-calendar
Router(config)#ntp authenticate
Router(config)#ntp trusted-key 1
Router(config)#ntp authentication-key 1 md5 ntp55
Router(config)#service timestamps log datetime msec
Router(config)#do show clock
Router(config)#ntp update-calendar
Router(config)#do show clock
Output to verify:

10 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical No 2:
Configure Cisco Routers using SSH and SYSLOG Server

 Router 0,1,2→Select HWIC-2T→Switch Off→ Drag &Drop in right side→ Switch


On

PC 0: Server 0:

11 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Server 1: Router 0:

Router 0: Router 1:

Router 1: Router 2:

12 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Router 2:

Part A: Configure Syslog Server


 Router 0:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 192.168.1.6
Router(config)#exit
Router#
*Jan 27, 09:38:23.3838: SYS-5-CONFIG_I: Configured from console by console

Output to verify:

13 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

 Router 1:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 192.168.1.6
Router(config)#exit
Router#
*Jan 27, 09:38:23.3838: SYS-5-CONFIG_I: Configured from console by console
Output to verify:

 Router 2:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 192.168.1.6
Router(config)#exit
Router#
*Jan 27, 09:38:23.3838: SYS-5-CONFIG_I: Configured from console by console

Output to verify:
14 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Part B: Configure Router2 to support SSH Connections

 Router 2:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip domain-name abc.com
Router(config)#username sshadmin privilege 15 secret 123456
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transport input ssh
Router(config-line)#crypto key zeroize rsa
Router(config)#hostname aman
aman(config)#crypto key generate rsa
The name for the keys will be: aman.abc.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
aman(config)#show ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
aman(config)#ip ssh time-out 90
aman(config)#ip ssh authentication-retries 2
aman(config)#ip ssh version 2

 PC0→Desktop→Command Prompt
C:\>ssh -l sshadmin 192.168.3.1
15 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Password:
Aman>
Output to verify:

 Router 1:
aman>en
aman#ssh -v 2 -l sshadmin 10.2.2.2

Output to verify:
It allows you to connect to router 2(aman) through Router 1

16 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical No 3:
Configure AAA Authentication

PC0: Server 0:

Router 0: Router 0:

17 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Part A:Configure a local user account on router and configure


authenticate on the console and vty line using local AAA.

 Router 0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username aman secret 123456
Router(config)#aaa new-model
Router(config)#aaa authentication login default local
Router(config)#line console 0
Router(config-line)#login authentication default
Router(config-line)#exit

Output to verify:

Part B: Verify local AAA authentication from the router console and
the PC0 client.

 Router 0:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip domain-name abc.com
Router(config)#hostname aman
aman(config)#crypto key generate rsa
The name for the keys will be: aman.abc.com
Choose the size of the key modulus in the range of 360 to 2048 for your

18 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
aman(config)#aaa authentication login SSH_LOGIN local
*Mar 1 0:26:23.234: %SSH-5-ENABLED: SSH 1.99 has been enabled
aman(config)#line vty 0 4
aman(config-line)#login authentication SSH_LOGIN
aman(config-line)#transport input ssh
aman(config-line)#end

Output to verify:

19 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical No 4: Configuring ACLs

 Router 0,1,2→Select WIC-1ENET→Switch Off→ Drag &Drop in right side→


Switch On.

PC 0: PC1:

20 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Server 0: Router 0:

Router 0: Router 0:

Part A: Configure, Apply and verify an Extended Numbered ACL.

Router 0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 100 permit tcp 10.0.0.2 0.255.255.255 host 20.0.0.2 eq ftp
Router(config)#access-list 100 permit icmp 10.0.0.2 0.255.255.255 host 20.0.0.2
Router(config)#

Output to verify:
21 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Part B: Configure, Apply and Verify an Extended Named ACL.

 Router 0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip access-list extended HTTP_ONLY
Router(config-ext-nacl)#permit tcp 10.0.0.2 0.255.255.255 host 30.0.0.2 eq www
Router(config-ext-nacl)#permit icmp 10.0.0.2 0.255.255.255 host 30.0.0.2
Router(config-ext-nacl)#

Output to verify:

22 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical No 5:
Configuring IP ACLs to Mitigate Attacks.

 Router 0,1,2→Select HWIC-2T→Switch Off→ Drag &Drop in right side→ Switch


On.

PC 0: Server 0:

23 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Router 0: Router 0:

Router 1: Router :1

24 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Router 2: Router 2:

 Router 1→CLI
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int loopback 0
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#

Part A: Verify Basic Network Connectivity.


 Router 0:

 Router 1:

25 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

 Router 2:

 Router 0→CLI:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username aman secret 1234
Router(config)#aaa new-model
Router(config)#aaa authentication login default local
Router(config)#ip domain-name abc.com
Router(config)#hostname gupta
gupta(config)#crypto key generate rsa
The name for the keys will be: aman.abc.com
Choose the size of the key modulus in the range of 360 to 2048 for your
26 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
gupta(config)#aaa authentication login aman local
*Mar 1 0:55:40.607: %SSH-5-ENABLED: SSH 1.99 has been enabled
gupta(config)#exit
gupta#

User Access Verification


Username: aman
Password:
gupta>en
gupta#conf t
Enter configuration commands, one per line. End with CNTL/Z.
gupta(config)#line vty 0 4
gupta(config-line)#login authentication aman
gupta(config-line)#transport input ssh
gupta(config-line)#end
gupta#

Output to verify:

Part B: Secure Access to Routers.

 Router 0:
User Access Verification

Username: aman
Password:
27 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

gupta>en
gupta#conf t
Enter configuration commands, one per line. End with CNTL/Z.
gupta(config)#access-list 10 permit host 192.168.3.3
gupta(config)#line vty 0 4
gupta(config-line)#access-class 10 in
gupta(config-line)#exit
gupta(config)#exit
gupta#

Output to verify:

Part C: Create a Numbered IP ACL 120 on Router 1.

 Router 1:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 120 permit udp any host 192.168.1.3 eq domain
Router(config)#access-list 120 permit tcp any host 192.168.1.3 eq smtp
Router(config)#access-list 120 permit tcp any host 192.168.1.3 eq ftp
Router(config)#access-list 120 deny tcp any host 192.168.1.3 eq 443
28 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Router(config)#access-list 120 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22


Router(config)#int s0/0/0
Router(config-if)#ip access-group 120 in
Router(config-if)#exit
Router(config)#exit
Router#

Output to verify:

29 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical 6: Configuring IPv6 ACLs

PC0: PC1:

30 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Server 0:

 Router 0:
1. Gig0/0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R0
R0(config)#ipv6 unicast-routing
R0(config)#int g0/0
R0(config-if)#ipv6 address 2001:DB8:1:10::1/64
R0(config-if)#ipv6 rip ripng enable
R0(config-if)#exit
R0(config)#do show ipv6 int g0/0

Output to verify:

R0(config)#int g0/0
R0(config-if)#no ip address
R0(config-if)#duplex auto
R0(config-if)#speed auto
R0(config-if)#ipv6 address 2001:DB8:1:10::1/64
R0(config-if)#no shut
R0(config-if)#exit
R0(config)#do show ipv6 int g0/0

31 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Output to verify:

R0(config)#int g0/0
R0(config-if)#ipv6 address FE80::1 link-local
R0(config-if)#no shutR0(config-if)#exit
R0(config)#do show ipv6 int g0/0

Output to verify:

2. Gig0/1:
R0(config)#int g0/1
R0(config-if)#ipv6 address 2001:DB8:1:11::1/64
R0(config-if)#ipv6 rip ripng enable
R0(config-if)#exit
R0(config)#do show ipv6 int g0/1

Output to verify:

32 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

R0(config)#int g0/1
R0(config-if)#no ip address
R0(config-if)#duplex auto
R0(config-if)#speed auto
R0(config-if)#ipv6 address 2001:DB8:1:11::1/64
R0(config-if)#no shut
R0(config-if)#exit
R0(config)#do show ipv6 int g0/1

Output to verify:

R0(config)#int g0/0
R0(config-if)#ipv6 address FE80::1 link-local
R0(config-if)#no shutR0(config-if)#exit
R0(config)#do show ipv6 int g0/0

Output to verify:

33 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

3. Serial 0/0/0:
R0(config)#int s0/0/0
R0(config-if)#no ip address
R0(config-if)#ipv6 address 2001:DB8:1:1::1/64
R0(config-if)#no shut
R0(config-if)#ipv6 rip ripng enable
R0(config-if)#

 Router 1:
1. Serial 0/0/0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ipv6 unicast-routing
R1(config)#int s0/0/0
R1(config-if)#no ip address
R1(config-if)#ipv6 address 2001:DB8:1:1::2/64
R1(config-if)#no shut
R1(config-if)#ipv6 rip ripng enable
R1(config-if)#exit

2. Serial 0/0/1:

R1(config)#int s0/0/1
R1(config-if)#no ip address
R1(config-if)#ipv6 address 2001:DB8:1:2::2/64
R1(config-if)#no shut
R1(config-if)#ipv6 rip ripng enable
R1(config-if)#exit

 Router 2:
1. Gig 0/0:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#ipv6 unicast-routing
34 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

R2(config)#int g0/0
R2(config-if)#ipv6 address 2001:DB8:30:2::1/64
R2(config-if)#ipv6 rip ripng enable
R2(config-if)#exit

Output to verify:

R2(config)#int g0/0
R2(config-if)#no ip address
R2(config-if)#duplex auto
R2(config-if)#speed auto
R2(config-if)#ipv6 address 2001:DB8:30:2::1/64
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#do show ipv6 int g0/0

Output to verify:

R2(config)#int g0/0
R2(config-if)#ipv6 address FE80::3 link-local
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#do show ipv6 int g0/0

35 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Output to verify:

2. Serial 0/0/1:

R2(config)#int s0/0/1
R2(config-if)#no ip address
R2(config-if)#ipv6 address 2001:DB8:1:2::1/64
R2(config-if)#no shut
R2(config-if)#ipv6 rip ripng enable
R2(config-if)#exit
R2(config)#do show ipv6 int s0/0/1

 Go to PC0→Desktop→CMD

Part A: Configure, Apply, and verify an IPv6 ACL.

 Router 0:

36 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

R0>en
R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#ipv6 access-list block-http
R0(config-ipv6-acl)#deny tcp any host 2001:DB8:30:2::30 eq www
R0(config-ipv6-acl)#deny tcp any host 2001:DB8:30:2::30 eq 443
R0(config-ipv6-acl)#permit ipv6 any any
R0(config-ipv6-acl)#exit
R0(config)#int g0/0
R0(config-if)#ipv6 traffic-filter block-http in
R0(config-if)#exit
R0(config)#

Output to verify:

Part B: Configure, Apply and Verify a Second IPv6 ACL.

 Router 2:
R2>en
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ipv6 access-list block-icmp
R2(config-ipv6-acl)#deny icmp any any
R2(config-ipv6-acl)#permit ipv6 any any
R2(config-ipv6-acl)#exit
R2(config)#int g0/0
R2(config-if)#ipv6 traffic-filter block-icmp out
R2(config-if)#exit
R2(config)#

Output to verify:

37 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

38 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Practical 7: Configuring Layer 2 Security

PC 1: PC 2:

39 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

PC 3: PC 4:

PC 5: PC 6:

PC 7: PC 8:

40 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Router 0: Router 0:

Part A: Assign the central switch as a route switch.


 Multilayer Switch 0:
Switch>en
Switch#show spanning-tree
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#spanning-tree vlan 1 root primary
Switch(config)#do show spanning-tree

Output to verify:

41 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

 Switch 1 and Switch 2:


Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#spanning-tree vlan 1 root secondary
Switch(config)#

Part B: Secure spanning-tree parameter to prevent STP manipulation


attack.
 Switch 3 and Switch 4:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range f0/1-4
Switch(config-if-range)#spanning-tree portfast
Switch(config-if-range)#spanning-tree bpduguard enable

Output to verify:

42 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

 Switch 1 and Switch 2:


Switch>en
Switch#conf t
Switch(config-if)#int f0/1
Switch(config-if)#spanning-tree guard root
Switch(config-if)#int f0/2
Switch(config-if)#spanning-tree guard root
Switch(config-if)#int f0/3
Switch(config-if)#spanning-tree guard root
Switch(config-if)#int f0/4
Switch(config-if)#spanning-tree guard root

 Switch 3 and Switch 4:


Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range f0/1-22
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 2
Switch(config-if-range)#switchport port-security violation shutdown
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#exit
Switch#show port-security int f0/4
Output to verify:

43 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

 Go to PC1→cmd:

 Switch3:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#do show port-security int f0/4

Switch(config)#int range f0/1-3


Switch(config-if-range)#shutdown

44 | P a g e
Name: Simran. S. Sabat Roll no:FIT2146

Switch(config)#int range f0/8-22


Switch(config-if-range)#shut
Switch(config-if-range)#exit
Switch(config)#

45 | P a g e

You might also like