AICTE- CISCO Virtual Internship 2024

Project Work Report

Cyber Shield: Defending the Network

Problem Statement:

PART 1:

Analyse your existing college campus network topology,

Map it out using Cisco Packet Tracer and identify the security controls that are
in place today.

Student Name :DEVIKA CHOUKSEY

Branch :CSE
Roll No. :0208CS231075

Cisco Networking Academy :

Gyan Ganga College of Technology
Jabalpur, MP
Cyber Shield: Defending the network

Problem Statement:

PART 1:
A. Analyse your existing university/college campus network topology.
B. Map it out the using Cisco Packet Tracer and identify the security controls that are in place
today.
C. Consider and note how network segmentation is done.
D. Observe what kind of intrusion detection systems, firewalls, authentication and
authorization systems are in place.
E. Apply the knowledge gained from the NetAcad cyber security course to conduct an attack
surface mapping.
F. Aim to identify potential entry points for cyber-attacks. Propose countermeasures to
mitigate these risks.

Tasks:
1. Campus Network Analysis: conduct an analysis of your college campus network topology,
including the layout, devices, and connections.
2. Network Mapping: Utilize Cisco Packet Tracer to map the network infrastructure,
representing the placement and interconnectivity of routers, switches, firewalls, and other relevant
network components.
3. Attack Surface Mapping: Conduct an attack surface mapping exercise to identify potential
vulnerabilities and weaknesses within the network architecture and design. Consider factors such
as unauthorized access, data breaches, and network availability.

Deliverables:
1. Network topology diagram depicting the existing infrastructure and attack surface findings.
2. Security assessment report highlighting identified security risks, proposed solutions and
countermeasures to mitigate attack surface risks.

Apply the knowledge gained from the NetAcad cyber security course to conduct an attack surface
mapping :
 A. Analyse your existing university/college campus network topology.

Gyan Ganga College of Technology , college network topology :

B. Map it out the using Cisco Packet Tracer and identify the security
controls that are in place today.

College Network Topology mapped on Cisco Packet Tracer :

Can1.pkt

Can2.pkt
 C. Consider and note how network segmentation is done.

Network Segmentation :

In a college network, segmentation refers to dividing the network into separate parts or segments to
improve performance, security, and manageability.

1. Physical Segmentation:
o LAN Segmentation: Physically separating different parts of the network using
switches or routers. For example, separating administrative offices from student
dormitories.
o VLANs (Virtual LANs): Using VLANs to logically segment the network. Different
VLANs can be used for different departments, floors of a building, or specific
purposes like research labs.
2. Logical Segmentation:
o Subnetting: Dividing the network into smaller subnets based on IP addressing. Each
subnet can represent different departments or groups within the college.
o Network Address Translation (NAT): Using NAT to hide internal IP addresses
from external networks, enhancing security by obfuscating the internal network
structure.
3. Segmentation by Access Control:
o Firewalls: Implementing firewalls to restrict traffic between different segments of
the network. For instance, blocking direct access from student networks to
administrative servers.
o Access Control Lists (ACLs): Configuring ACLs on routers and switches to control
traffic flow between different network segments based on IP addresses, ports, or
protocols.
4. Wireless Segmentation:
 Wireless LAN (WLAN) Segmentation: Using multiple SSIDs (Service Set
o
Identifiers) or VLANs to segment wireless traffic. This allows different levels of
access or security policies for faculty, students, and guests.
5. Segmentation by Function:
o Separate Networks for Different Services: Maintaining separate networks for
critical services such as administrative systems, student information systems, library
resources, and research servers.
o Guest Networks: Providing a separate network for guest access to ensure security
and prevent unauthorized access to internal resources.
6. Segmentation for Security:
o DMZ (Demilitarized Zone): Creating a DMZ to host publicly accessible servers
such as web servers, while keeping them isolated from internal networks.
o Intrusion Detection/Prevention Systems (IDS/IPS): Deploying IDS/IPS to
monitor traffic between segments and detect potential security threats or policy
violations.

Implementing network segmentation in a college network helps in improving overall network

performance, enhancing security by limiting the impact of security breaches, and simplifying
network management by isolating different network functions and user groups.

D. Observe what kind of intrusion detection systems, firewalls,

authentication and authorization systems are in place.

Following Intrusion Detection Systems (IDS) are in place in college network:

1. Network-Based IDS (NIDS): pfSense

o Monitors network traffic and analyzes packets passing through the network.
o Can detect suspicious patterns, anomalies, or known attack signatures.
o pfSense network based intrusion detection is implemented with add-on packages
like Snort and Suricata.
2. Host-Based IDS (HIDS): Quick Heal
o Monitors activities on individual hosts or servers.
o Analyzes log files, system files, and configuration changes for signs of intrusion or
unauthorized activity.
o Examples include OSSEC, Tripwire, McAfee Host Intrusion Prevention, etc.
3. Wireless IDS (WIDS):
o Specifically monitors wireless network traffic and detects unauthorized access points
or clients.
o Ensures security in campus Wi-Fi networks.
o Often integrated into wireless LAN controllers or dedicated WIDS appliances.

Firewalls:

1. Network Firewall : pfSense

o Controls traffic entering and leaving the campus network.
o Enforces security policies based on IP addresses, ports, protocols, etc.
 oCan be hardware-based (e.g., Cisco ASA, Palo Alto Networks firewall) or software-
based (e.g.,pfSense, iptables, Windows Firewall).
2. Application Firewalls:
o Protects specific applications or services from unauthorized access or attacks.
o Inspects and filters traffic based on application layer data.
o Examples include web application firewalls (WAFs) like ModSecurity, F5 Networks'
Application Security Manager (ASM), etc.

Authentication and Authorization Systems: RADIUS

RADIUS is an AAA (authentication, authorization, and accounting) protocol that manages network access.

1. Authentication Servers:
o Centralized systems like RADIUS (Remote Authentication Dial-In User Service) or
LDAP (Lightweight Directory Access Protocol) servers.
o Authenticate users before granting access to network resources.
o Examples include FreeRADIUS, Microsoft Active Directory, OpenLDAP, etc.
2. Single Sign-On (SSO):
o Allows users to authenticate once and access multiple applications or services
without re-authentication.
o Enhances user convenience and security by reducing the need for multiple
passwords.
o Examples include Shibboleth, Microsoft Azure Active Directory, Okta, etc.
3. Authorization Mechanisms:
o Ensures users have appropriate permissions based on roles or policies.
o Often integrated with authentication systems to enforce access control.
o Can include role-based access control (RBAC), attribute-based access control
(ABAC), etc.

Additional Security Measures:

1. Endpoint Security Solutions:

o Antivirus software, anti-malware, and endpoint detection and response (EDR) tools.
o Protects individual devices (laptops, desktops, mobile devices) from security threats.
2. Security Information and Event Management (SIEM):
o Aggregates and analyzes security event logs from various devices and systems.
o Provides real-time monitoring and threat detection capabilities.
o Examples include Splunk, IBM QRadar, ArcSight, etc.
3. Physical Security Integration:
o Surveillance systems, access control systems (e.g., RFID cards, biometric scanners)
integrated with network security measures.
o Ensures physical security aligns with digital security policies.

Implementing these systems in a college campus network helps maintain a secure and resilient
environment for students, faculty, and staff, protecting against cyber threats and unauthorized
access to sensitive information and resources. Each system is typically chosen and configured based
on the specific security requirements and infrastructure of the college campus.
 E. Apply the knowledge gained from the NetAcad cyber security course to
conduct an attack surface mapping.

1. Identify Assets and Resources:

 Network Infrastructure:

 Servers : 06 (HP Rack Server)

 Router : 01, Model - TSR3800
 Switch : 64

 Applications and Services: List all applications and services running on the network :

Web servers- IIS, Apache & Nginix, Active Directory services, SQL server, File Server,
DHCP server, DNS server.

 Data Stores: Data Stores are protected by HIDS & NIDS.

 Users and Roles: Management, Faculty, students, administration, Guest.

2. Vulnerability Assessment:

 Network Scanning: Tools like Nmap are used to scan the network for open ports, services,
and vulnerabilities.
 Vulnerability Scanning: Tools like Nessus, OpenVAS, or Cisco's Security Manager are
usd to scan for known vulnerabilities in network devices and applications.

3. External Attack Vectors:

 Internet-facing Services: Web server, DNS server

 Web Applications: Assessed the security of web applications for common vulnerabilities
(SQL injection, cross-site scripting, etc.).
 DNS and Domain Registration: Ensured proper configuration to prevent DNS hijacking or
domain spoofing attacks.

4. Internal Attack Vectors:

 Privilege Escalation: Evaluated access controls and user privileges to prevent unauthorized
escalation.
 Insider Threats: Consider risks posed by authorized users with malicious intent or
compromised credentials.

5. Wireless Networks:
  Wireless Access Points: Secure wireless networks to prevent unauthorized access (use
strong encryption, disable SSID broadcasting, etc.).
 Bluetooth and IoT Devices: Assess security of Bluetooth connections and IoT devices
connected to the network.

6. Physical Security:

 Data Centers and Server Rooms: Ensured physical access controls are in place to prevent
unauthorized access to critical infrastructure.
 Workstation Security: Secured workstations against physical attacks and unauthorized
access.

7. Social Engineering:

 Phishing: Assess susceptibility of users to phishing attacks through training and awareness
programs.
 Physical Security Awareness: Educated employees about the importance of physical
security and the risks of social engineering tactics.

8. Patch Management:

 Software Updates: Ensured systems are regularly patched and updated to mitigate known
vulnerabilities.

9. Incident Response Planning:

 Monitoring and Logging: Implement logging mechanisms and monitoring tools to detect
suspicious activities.
 Response Procedures: Develop incident response procedures to quickly mitigate and
recover from security incidents.

10. Documentation and Review:

 Documentation: Maintained comprehensive documentation of network architecture,

configurations, and security controls.
 Regular Review: Conducted regular reviews and audits of the attack surface to identify new
vulnerabilities and update security measures accordingly.

F. Aim to identify potential entry points for cyber-attacks. Propose

countermeasures to mitigate these risks.

Identifying potential entry points for cyber-attacks in a college network :

1. External Entry Points:

  Internet-facing Services (Web Servers, Email Servers, VPNs):
o Risk: Vulnerabilities in web applications (e.g., SQL injection, cross-site scripting),
outdated server software, weak authentication mechanisms.
o Countermeasures:
 Regularly update and patch servers and web applications.
 Implement web application firewalls (WAFs) to filter and monitor
HTTP/HTTPS traffic.
 Use strong authentication methods (multi-factor authentication) for remote
access.
 DNS and Domain Management:
o Risk: DNS hijacking, domain spoofing.
o Countermeasures:
 Use reputable domain registrars and DNS hosting providers.
 Implement DNSSEC (DNS Security Extensions) to ensure integrity and
authenticity of DNS data.
 Monitor DNS records for unauthorized changes.

2. Internal Network Entry Points:

 Weak Network Segmentation:

o Risk: Unauthorized access between different network segments (e.g., students
accessing administrative systems).
o Countermeasures:
 Implement VLANs and access control lists (ACLs) to segment network
traffic.
 Use firewalls to enforce separation and restrict access based on roles and
responsibilities.
 Conduct regular audits to ensure segmentation policies are enforced.
 Insufficient Endpoint Security:
o Risk: Malware infections, unauthorized access via compromised endpoints.
o Countermeasures:
 Deploy endpoint protection solutions (antivirus, anti-malware) with
centralized management and regular updates.
 Implement endpoint detection and response (EDR) tools to detect and
respond to suspicious activities on endpoints.
 Enforce strong password policies and educate users about phishing and social
engineering risks.

3. Wireless Networks:

 Insecure Wi-Fi Access Points:

o Risk: Unauthorized access, man-in-the-middle attacks.
o Countermeasures:
 Use strong encryption (e.g., WPA3) for Wi-Fi networks.
 Disable SSID broadcasting and implement MAC address filtering.
 Regularly scan for rogue access points and conduct periodic security
assessments of wireless infrastructure.

4. Social Engineering and User Awareness:

  Phishing and Social Engineering Attacks:
o Risk: Unauthorized access through user credentials, malware distribution.
o Countermeasures:
 Provide regular cybersecurity awareness training to educate users about
phishing tactics and safe computing practices.
 Implement email filtering and anti-phishing solutions to detect and block
malicious emails.
 Establish clear policies and procedures for handling sensitive information
and responding to suspicious activities.

5. Physical Security:

 Unauthorized Physical Access to Network Infrastructure:

o Risk: Tampering with network equipment, unauthorized access to data
centers/server rooms.
o Countermeasures:
 Implement physical access controls (e.g., badge access, CCTV monitoring)
for data centers and critical network infrastructure.
 Restrict access to network closets and ensure all equipment is securely locked
and monitored.

6. Data Security:

 Unsecured Data Stores (Databases, File Servers):

o Risk: Data breaches, unauthorized access to sensitive information.
o Countermeasures:
 Encrypt sensitive data both at rest and in transit.
 Implement access controls and least privilege principles to restrict access to
sensitive data.
 Regularly audit and monitor access to data stores for suspicious activities.

7. Incident Response Preparedness:

 Lack of Incident Response Plan:

o Risk: Ineffective response to security incidents, prolonged downtime.
o Countermeasures:
 Develop and maintain an incident response plan outlining roles,
responsibilities, and procedures for responding to security incidents.
 Conduct regular tabletop exercises and simulations to test the incident
response plan.
 Establish relationships with external incident response and forensic teams for
assistance during major incidents.