Disclaimer: This assignment is provided as an example of work produced by students studying, it is not illustrative of the work produced by our in-house experts. Click here for sample essays written by our professional writers.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Methods for Securing Hardware and Software

Paper Type: Free Assignment Study Level: University / Undergraduate
Wordcount: 5041 words Published: 06 Jun 2019

Reference this

CompTIA Security +

Security Portfolio Practical

Table of Contents

Aim and Objectives…………………………………………………………………………………………………………………………3

Task 1 Active Directory, DNS and Print Services………………………………………………………………………………….4

Task 2 Exchange Server………………………………………………………………………………………………………………….32

Task 3 Barracuda Spam Filter………………………………………………………………………………………………………….39

Task 4 Microsoft Office Outlook……………………………………………………………………………………………………..44

Task 5 Site-to-site VPN…………………………………………………………………………………………………………………..55

Task 6 Radius Server AAA……………………………………………………………………………………………………………….60

Task 7 TACACS + Server AAA…………………………………………………………………………………………………………..64

Task 8 Vulnerability Assessment……………………………………………………………………………………………………..66

Task 9 NVD – National Vulnerability Database……………………………………………………………………………………71

Task 10 CISCO Intrusion Prevention Configuration……………………………………………………………………………73

Task 11 CISCO Context Based Access Firewall…………………………………………………………………………………..77

Task 12 CISCO Zone Based firewall………………………………………………………………………………………………….80

Task 13 Fortinet Unified Threat Management………………………………………………………………………………….84

Task 14 Cyberoam Unified Threat management……………………………………………………………………………….87

Recommendation……………………………………………………………………………………………………………………………………92

REFERENCES …………………………………………………………………………………………………………………………………………..93

 

Aim

 

The aim of this assessment is to discuss the methods on securing hardware and software in an environment.

Objectives:

 

  • To explain how to install and configure windows network
  • To discuss the firewall installation and IDS correctly
  • To deliberate the use of mail server
  • To enable remote access
  • To outline the five vulnerabilities found in computer
  • To demonstrate blocked vulnerabilities
  • To make a demonstration of VPN

Task 1 Active Directory, DNS and Print Server

Active Directory is designed by Microsoft for directory services and is part of Windows 2000 architecture. It is a standard system for network management for user’s data, security and resources. It has a minimum system requirement which is 1.4GHz, 512MB RAM, 64GB disk space and an ethernet adapter. [1] Rouse. (2016).

Steps on how to setup an Active Directory:

  1.  Open the Server Manager from the windows start button.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_295 Nov. 07 09.58.jpg

Figure 1.1 Dashboard of Server Manager

  1. In the deployment configuration select the “Add a domain controller”

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_296 Nov. 07 09.58.jpg

Figure 1.2 Deployment Configuration – Adding a domain

  1. In the deployment configuration select the “Add new Forest”

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_297 Nov. 07 09.58.jpg

Figure 1.3 Deployment Configuration – Adding a new Forest

  1. In the Root domain name below the domain information type the desired root domain name.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_299 Nov. 07 09.59.jpg

Figure 1.4 Specifying the Root domain name

  1. In the domain controller option type the desired password and confirm your password.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_301 Nov. 07 10.00.jpg

Figure 1.5 Domain Controller dialog box

  1. Additional option for adding the NetBIOS domain name

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_303 Nov. 07 10.02.jpg

Figure 1.6 Adding NetBIOS domain name

  1. Selection of paths where to put the AD DS database log files

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_305 Nov. 07 10.03.jpg

Figure 1.7 Location of the AD DS database log files

  1. Reviewing the options for the selected active directory domain services

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_307 Nov. 07 10.03.jpg

Figure 1.8 Review selection

  1. Checking the installation guide before installing all desired settings

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_309 Nov. 07 10.07.jpg

Figure 1.9 Prerequisites check

  1. Once installed, verify the username and password.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_314 Nov. 07 10.24.jpgC:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_315 Nov. 07 10.28.jpg

Figure 1.10 Windows Server Login page

  1. In the network and sharing centre, go to change adapter settings then go to properties.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_318 Nov. 07 11.07.jpg

Figure 1.11 Ethernet properties

  1. Once the properties are clicked, enter the desired IP address, subnet mask and default gateway.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_320 Nov. 07 11.08.jpg

Figure 1.12 Internet protocol TCP and IPv4 properties

  1. Domain controller has been set together with the IP addresses.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_323 Nov. 07 11.10.jpg

Figure 1.13 Network and Sharing Center

  1. Editing the Computer Name/Domain and joining in the domain

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_329 Nov. 07 12.10.jpg

Figure 1.14 Domain name changes

  1. In the Server Manager, choose the Active Directory and Users

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_332 Nov. 07 12.18.jpg

Figure 1.15 Server Manager GUI

  1. In the Active directory users and computers, you can find all the list information about the domain.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_334 Nov. 07 12.22.jpg

Figure 1.16 Active directory users and computers

  1. In the Active directory users and computers, add New Object then type the desired name.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_339 Nov. 07 12.32.jpg

Figure 1.17 New Object Dialog box

  1. As you could see the ITD was added to the Active Directory Users

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_344 Nov. 07 12.52.jpg

Figure 1.18

  1. Filling up the New Object to be created in the ITD domain

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_350 Nov. 07 13.38.jpg

Figure 1.19a New Object fill-up dialog box

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_351 Nov. 07 13.39.jpg

Figure 1.19b New Object was created successfully

  1. Creating the group name for the new object

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_365 Nov. 07 14.32.jpg

Figure 1.20 New Object – Group

  1. Manager was successfully added to the ITD domain

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_362 Nov. 07 14.22.jpg

Figure 1.21 Active Directory – Bryan David and Manager

Print Server

  1. Download a copy of the HP printer installer from the official HP website.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_379 Nov. 08 09.55.jpg

Figure 1.1.1 HP website

  1. From the HP website, download the installer of the selected printer.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_380 Nov. 08 09.57.jpg

Figure 1.1.2HP installer

  1. This will be the .exe file of the HP printer installer

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_389 Nov. 08 10.03.jpg

Figure 1.1.3 HPePrintAPPx64bit

  1. In the server manager, select the add role and features.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_396 Nov. 08 11.15.jpg

Figure 1.1.4Server Manager dashboard

  1. Adding roles and features wizard for the HP printer

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_397 Nov. 08 11.16.jpg

Figure 1.1.5Roles and features wizard

  1. Select the role-based or feature-based installation for the print server.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_398 Nov. 08 11.16.jpg

Figure 1.1.6Installation type for HP printer server

  1. In the server selection, select a server from the server pool.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_399 Nov. 08 11.16.jpg

Figure 1.1.7 Server Selection

  1. Add the print and document services as the feature for the HP printer.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_400 Nov. 08 11.16.jpg

Figure 1.1.8 Add roles and feature wizard

  1. In the print and document services, click next.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_401 Nov. 08 11.17.jpg

Figure 1.1.9 Print and document services

  1.  Tick the Print server, scan server and internet printing for the role of HP print services.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_402 Nov. 08 11.17.jpg

Figure 1.1.10 role services for the HP printer

  1. In the Web server role(IIS), click next.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_403 Nov. 08 11.17.jpg

Figure 1.1.11 Web server role (IIS)

  1. Select all role services for the Print server desired.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_404 Nov. 08 11.17.jpg

Figure 1.1.12 Web server for role service

  1. For the confirmation of the roles and features, review all selected and desired roles to be added.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_405 Nov. 08 11.17.jpg

Figure 1.1.13 Confirmation of roles and features

  1. The result for the roles and features together with the installation of all roles added.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_406 Nov. 08 11.18.jpg

Figure 1.1.14 Result dialog box for the roles and features

  1. In the server manager, select the print management.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_431 Nov. 08 12.17.jpg

Figure 1.1.15Print management dropdown list

  1. In the print management, select filters, All printers.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_432 Nov. 08 12.17.jpg

Figure 1.1.16 Print management

  1. In the all printers’ dropdown list, select the desired printer.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_433 Nov. 08 12.18.jpg

Figure 1.1.17 All printers

  1. Click the downloaded printer installer from the files downloaded.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_434 Nov. 08 12.18.jpg

Figure 1.1.18 Printer installer

  1. The HP ePrint installer, click install.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_435 Nov. 08 12.19.jpg

Figure 1.1.19installer for the HP printer

  1. The HP printer installer will install automatically.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_436 Nov. 08 12.19.jpg

Figure 1.1.20 HP printer installer

  1. The HP printer installation is successful

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_437 Nov. 08 12.21.jpg

Figure 1.1.21 Printer installation

  1. Go back to the print management to select the desired printer.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_438 Nov. 08 12.22.jpg

Figure 1.1.22Print management

  1. The HP printer will appear in the print management.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_439 Nov. 08 12.22.jpg

Figure 1.1.23 HP printer in the print management

  1. In the deploy with group policy, browse the group policy object name.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_440 Nov. 08 12.22.jpg

Figure 1.1.24 Deploy with GP

  1. In the browse for GPO, select the desired domain name.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_441 Nov. 08 12.22.jpg

Figure 1.1.25 Browse GPO

  1. Select the Printer Group Policy with the domain ‘bryan.com’

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_442 Nov. 08 12.23.jpg

Figure 1.1.26 Browse GPO

  1. In the deploy with GP, add the bry GPO.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_443 Nov. 08 12.23.jpg

Figure 1.1.27 deploy with GP

  1. Printer deployment is successful

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_444 Nov. 08 12.23.jpg

Figure 1.1.28 Print management dialog box

  1.  Verification for the successful printer deployment

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_445 Nov. 08 12.24.jpg

Figure 1.1.29 deployment successful dialog box

  1. HP eprint is successfully configured.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_446 Nov. 08 12.24.jpg

Figure 1.1.30 print management dialog box

  1. In the HP printer, right click then click the properties.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_447 Nov. 08 12.25.jpg

Figure 1.1.31 properties of the HP printer

  1. In the properties, select the security tab.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_448 Nov. 08 12.25.jpg

Figure 1.1.32 security tab for the HP printer properties

  1. In the security tab of the HP printer, select the administrator then tick the allow button for the print, manage the printer and manage documents.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_4448 Nov. 08 12.25.jpg

Figure 1.1.33 permission for administrator

Task 2 Exchange Server

Exchange server is a Microsoft product for messaging system that includes mail server, email client and groupware application. It is mainly design for companies for the employees to share information easily via taking advantage of Outlook server such that the company’s calendar and contact lists are always in sync. Minimum requirement for the exchange server is as follows: 64-Bit processor, 512GB RAM, 64GB disk space and an ethernet adapter. [2] Microsoft. (2017).

Setup Procedure:

  1. Install Windows Server.
  2. Insert the DVD installer for MS Exchange and use command prompt and enter the following commands:

d:, dir, cd exch…

Figure 2.1 CMD installation of exchange server

  1. Inside the drive D (installer disk) type in the following commands:

setup /prepareschema

setup /prepareAD /OrganizationName:Avonmore

setup /PrepareAllDomains

  1. Open PowerShell and type in the command below:

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy –Restart

Set-Service NetTcpPortSharing –StartupType Automatic

  1. Install the office filter pack found inside the cd installer.
  2. Install exchange server 2010

Figure 2.2 Installation of exchange server

  1. In the Exchange server 2010 setup, click next.

Figure 2.3 Introduction

  1. In the installation type, select the typical exchange server installation.

Figure 2.4 Installation type

  1. In the exchange organization, type your desired name.

Figure 2.5 Exchange Organization

  1. In the client setting select’No’.

Figure 2.6 Client Setting

  1. Type your desired name for your client access.

Figure 2.7 Configure Client Access Server external domain

  1. Select the “I don’t wish to join the program at this time”

Figure 2.8 Customer Experience Improvement Program

  1.  In the readiness checks, review all the selected mode before installation.

Figure 2.9 Readiness Checks

  1. Upon completion, click finish.

Figure 2.10 Completion

Configuring Mailbox Roles

In this setup, we are going to configure the Exchange server to perform multiple in order for our users to send and receive emails. We need to include the following: (1) Hub transport – responsible for routing messages (2) Client Access – offers all available protocol access to mailboxes (3) Mailbox – this contains the mailboxes and public folders. We need these three roles for the Exchange Management Console to make the necessary changes.

  1. Open Exchange Management Console and choose Organization Configuration on the left pane. Select your server and click New Mailbox Database on the right.

Figure 2.11 Exchange Management Console

  1. Follow the onscreen instruction on setting the location for the database and click on Finish once done.

Figure 2.12 New Mailbox Database

Sending and receiving emails via web browser:

  1. To access the web mail, we simply go type in the URL of the server and add /owa on the address.

Figure 2.13 Outlook Web App

  1. Upon successful login the user will be presented by an Outlook Web App and he can then start sending and receiving emails.

Figure 2.14 Email Test

Task 3 Barracuda Spam Filter

Barracuda Spam Filter is an integrated software and hardware solution to protect the email server from virus, spam, spoofing and spyware attacks.  [3] Barracuda. (2017).

These are the steps for the users on how to setup:

  1. Login to Barracuda Spam Filter as administrator and add the IP configuration, DNS, and domain name of the email server admincore.com

Figure 3.1 Basic Set up for Email Security

Figure 3.2 Email server Setup

Figure 3.3 Virus and Spam protection

  1. Setup the quarantine procedure for emails that contain spam and viruses.

Figure 3.4 All inbound setting for email protection

  1. Updates allows the spam filter system to determine incomming spam threats

Figure 3.5 Updates for barracuda Part 1

Figure 3.6 Updates for barracuda Part 2

  1. The Domain tab will allow to add allow or block domain.

Figure 3.7 Domain manager

  1. Spam Scoring Limit will limit the block, quarantined and tag mails.

Figure 3.8 Inbound and outbound Spam scoring limits

  1. The Rate Control will allow the administrators to set connections per IP address allowed.

Figure 3.9 Rate Control

  1. Sender Filters will filter all mails incoming to the mail server.

Figure 3.10 Incoming email filters

Task 4 Microsoft Office Outlook

Microsoft Office Outlook is an information manager for Microsoft. It includes email application, calendar, contacts list, notepad, journal and also web browsing. It can be used with exchange server, SharePoint server or a stand-alone program. It is commonly used as the email server for all companies worldwide as it is easy to use and has a lot of function. [4] Rouse. (2012).

Steps on how to manage MS Outlook:

  1. In the start button of the windows server select the Microsoft Outlook 2010.

ScreenHunter_455 Nov. 09 11.52

Figure 4.1 Microsoft Outlook 2010

  1. In the control panel, look for the Mail setup – Outlook

ScreenHunter_456 Nov. 09 11.57

Figure 4.2 Mail Setup – Outlook

  1. Selectin the account settings for the email

ScreenHunter_457 Nov. 09 11.58

Figure 4.3 Account settings for Outlook

  1. Then add new account, select manually configure server settings.

ScreenHunter_458 Nov. 09 11.58

Figure 4.4 Add new Account dialog box

  1. Select the Internet E-mail in the add new account settings.

ScreenHunter_459 Nov. 09 11.58

Figure 4.5 Add new Account dialog box

  1. Type the desired user information, server information and logon information, the click next.

ScreenHunter_460 Nov. 09 11.59

Figure 4.6 User, server and logon information for the New account

  1. Type this URL ‘https://help.yahoo.com/kb/SLN4724.html”This information is important to setup the email for the outlook

ScreenHunter_461 Nov. 09 12.00

Figure 4.7 Yahoo mail POP setting

  1. After setting up the new account. Click next.

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.WordScreenHunter_467 Nov. 09 12.04.jpg

Figure 4.8 Add new account information

  1. Type your desired email address in the internet E-mail settings

ScreenHunter_468 Nov. 09 12.04

Figure 4.9 internet E-mail settings

  1. In the outgoing server, select the “same settings as my incoming mail server”.

ScreenHunter_464 Nov. 09 12.01

Figure 4.10 Internet e-mail setting for the outgoing server

  1. Go to the advanced setting then copy the information from the POP yahoo mail setting.

ScreenHunter_465 Nov. 09 12.02

Figure 4.11 Advanced setting for the e-mail

  1. Be sure to test the account settings to verify the email services.

ScreenHunter_471 Nov. 09 12.13

Figure 4.12 test account settings

  1. As you could see all the emails are in the e-mail list accounts.

ScreenHunter_478 Nov. 09 12.21

Figure 4.13 email settings

  1. In the data files, we could see the location of the email.

ScreenHunter_479 Nov. 09 12.22

Figure 4.14 data files of the email

  1. Official dashboard for the outlook which contains all email in one program.

ScreenHunter_480 Nov. 09 12.22

Figure 4.15 Microsoft Outlook

  1. Click in the New email to test the email server/

ScreenHunter_481 Nov. 09 12.23

Figure 4.16 pop up window for the email

  1. Email setup for the bryanldavid@yahoo.com which includes all information.

ScreenHunter_484 Nov. 09 12.24

Figure 4.17 Microsoft outlook

  1. Testing client to client email

ScreenHunter_486 Nov. 09 12.25

Figure 4.18 email test

  1. The test is currently progressing since the email will be sent to the client.

ScreenHunter_482 Nov. 09 12.23

ScreenHunter_487 Nov. 09 12.25

Figure 4.19 MS outlook dashboard

  1. Microsoft outlook test message in the Yahoo mail website.

4.20 Yahoo mail

  1. Test email for the client to client email server

Figure 4.21 client to client email server

Task 5 Site-to-site VPN

Using VPN for the router in CISCO network provides more secured connection of transmitting data over public network. It can reduce the overpriced costs of leased lines. For the site-to-site VPNs it will provide a tunnel using IPsec between two branches of offices. Another use of site to site VPN is the remote access for the client and server for small offices.

Site to site VPN topology

 

Device Interface IP Address Subnet Mask Default Gateway Switch Port
R1 FA 0/1 192.168.1.1 255.255.255.0 N/A SW1 FA0/1
S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A
S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A
R3 FA0/0 192.168.3.1 255.255.255.0 N/A SW2 FA0/1
S0/0/1 10.2.2.1 255.255.255.252 N/A N/A
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 SW1 FA0/2
PC-B NIC 192.168.3.3 255.255.255.0 192.168.3.1 SW2 FA0/2

Router 1 Configuration

hostname R1

!

cryptoisakmp policy 10

encraes 256

authentication pre-share

group 5

lifetime 3600

!

cryptoisakmp key cisco123 address 10.2.2.1

!

cryptoipsec security-association lifetime seconds 1800

!

cryptoipsec transform-set 50 esp-aes 256 esp-sha-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.2.2.1

setpfs group5

set security-association lifetime seconds 900

set transform-set 50

match address 101

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.252

clock rate 64000

crypto map CMAP

!

routereigrp 100

network 192.168.1.0

network 10.1.1.0 0.0.0.3

no auto-summary

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

login

!

linevty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

login

!

end

Router 2

hostname R2

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

!

interface Serial0/0/1

ip address 10.2.2.2 255.255.255.252

clock rate 64000

!

routereigrp 100

network 10.1.1.0 0.0.0.3

network 10.2.2.0 0.0.0.3

no auto-summary

!

end

Router 3

hostname R3

!

cryptoisakmp policy 10

encraes 256

authentication pre-share

group 5

lifetime 3600

!

cryptoisakmp key cisco123 address 10.1.1.1

!

cryptoipsec security-association lifetime seconds 1800

!

cryptoipsec transform-set 50 esp-aes 256 esp-sha-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.1.1

setpfs group5

set security-association lifetime seconds 900

set transform-set 50

match address 101

!

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/1

ip address 10.2.2.1 255.255.255.252

crypto map CMAP

!

routereigrp 100

network 10.2.2.0 0.0.0.3

network 192.168.3.0

no auto-summary

!

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

login

!

linevty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

login

!

End

Check:

Router 1

 

As you could see in the CLI of the R1 all the connection of the inbound and outbound is ACTIVE

E:assessment 3 screenshot
1 1.JPG

Router 3

As you could see in the CLI of the R3 all the connection of the inbound and outbound is ACTIVE

E:assessment 3 screenshot
3 1.JPG

Task 6 Radius Server AAA

 

For basic authentication, AAA or the Authentication, authorization and accounting can be configured to access the local database for client logins. It will be difficult since it must be configured in every router. To take full advantage of the AAA, radius server AAA will be used. When the client attempts to login in the router, the router will show the router references to the external server database for verification that the client is using a valid username and password.

Topology for the radius Server AAA

 

Device Interface IP Address Subnet Mask Default Gateway Switch Port
R1 FA0/1 192.168.1.1 255.255.255.0 N/A S1 FA0/5
  S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A
  S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A
R3 FA0/1 192.168.3.1 255.255.255.0 N/A S3 FA0/5
  S0/0/1 10.2.2.1 255.255.255.252 N/A N/A
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 S1 FA0/6
PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 S3 FA0/18

 

E:assessment 3 screenshotaaabryan.JPG

For the Radius server AAA, you can simply configure the users and keys from host that will use for authentication.

Router Configuration

 

Router 1

hostname R1

!

enable secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

aaa new-model

!

aaa authentication login default group radius none

!

no ip cef

no ipv6 cef

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.252

clock rate 64000

!

router eigrp 100

network 192.168.1.0

network 10.1.1.0 0.0.0.3

no auto-summary

!

ip classless

!

ip flow-export version 9

!

radius-server host 192.168.1.3 auth-port 1645 key ciscoaaapass

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

!

line vty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

!

end

 

Verification

 

 

 

E:assessment 3 screenshotusername bryan.JPG

In the running configuration, the router will connect to the radius server for verification in the login console oof the router.

 

 

 

E:assessment 3 screenshot	elnet bryan.JPG

 

Using telnet, the client computer could connect to the router using RADIUS authentication.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Task 7 TACACS + Server AAA

TACACS or the Terminal Access Controller Access-Control System Plus is a protocol from CISCO systems and was released I 1993. TACACS+ don’t implements transmission control. Compared to the Radius, which encrypts only the user’s password as it travels from one client to another client. All other information in Radius will be able to see so it is vulnerable compared to TACACS+. In TACACS+, it encrypts all information including all other information traveling in the network.

Topology for the TACACS+ server AAA

E:assessment 3 screenshotryantacacs.JPG

 

TACACS+ configuration

 

hostname R2

!

enable secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

Username bryan secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

!

interface Serial0/0/1

ip address 10.2.2.2 255.255.255.252

clock rate 64000

!

router eigrp 100

network 10.1.1.0 0.0.0.3

network 10.2.2.0 0.0.0.3

no auto-summary

!

tacacs-server host 192.168.1.3 key tacacspass

!

login local

!

line aux 0

!

line vty 0 4

!

end

Verification:

This router will use TACACS+ on server 192.168.1.3 and the information inputed on the username and password will be verified.

E:assessment 3 screenshotusername bryan.JPG

Task 8 Vulnerability Assessment using GFI Languard

GFI Languard is used for scanning network security and patching management solution. It provides a complete platform of your network setup, risk analysis and maintains a secure and compliant network. This process includes scanning the network to discover all your devices connected in the network including mobile devices and search for security issues. All devices can be managed either by performing remotely with agent or none. For a remote agentless scan, specify first your target devices scanning profile that indicates what to look for, enter proper authorizations. [5] GFI. (n.d.).

Steps on how to setup and use GFI Languard:

1.       Alerting Options of GFI Languard can be found by logging to the console.

Figure 8.1 Alerting option configuration

  1. Setup an email address where the alert will be coming from and also specify a recipient.

Figure 8.2 General setup for email addresses

  1. Next is the vulnerability assessment settings. It will provide an option which profile will be scanned and activate high security vulnerabilities.

Figure 8.3 Profile options for vulnerability assessment

  1. The profiles selected can be edited so that administrators can add and remove different items that would be included or excluded on the scan.

Figure 8.4 Vulnerabilities profiles

  1. Network and software auditing for the administrator based on the profile chosen.

Figure 8.5 Each profile can be further customized to best fit the requirement of the organization.

Figure 8.6 Scanning options for network and software audit

  1. Scheduling a scan for GFI Languard makes vulnerability scanning an easy for administrators. It offers a Scheduled Scan option to perform scan at specific date and time.

Figure 8.7 Performing scheduled scan

Figure 8.8 Type of scan desired

C:UsersAdministratorAppDataLocalMicrosoftWindowsINetCacheContent.Word8.9.png

Figure 8.9 specific day and time to avoid affecting user’s productivity

Figure 8.10 Successful scheduled scan

Task 9 NVD – National Vulnerability Database

NVD is the U.S. government source of standards from NIST – National Institute of Standards and Technology based on vulnerability management data characterized using the Security Content Automation Protocol (SCAP). The data from NVD enables automation of security administration, vulnerability dimension, and acquiescence. NVD includes database of checklists in security and software flaws, malfunctions, merchandise names, and impact metrics. [6] NVD. (2017, October).

Here are 5 vulnerabilities that are listed on the website:

1.       CVE-2017-16543 Detail

  • It is for Zoho ManageEngine Applications Manager 13 that permits SQL injection via GraphicalView.do using crafted viewProps yCanvas field.
Source: MITRE Last Modified: 11/05/2017
US-CERT/NIST Original release date: 11/05/2017
  1. CVE-2017-16545 Detail
  • It is the ReadWPGImage purpose in coders/wpg.c in GraphicsMagick 1.3.26 malfunction to validate colormapped images and allows remote attackers to have a DoS or probably have unnamed other causes via malformed image.
Source: MITRE Last Modified: 11/05/2017
US-CERT/NIST Original release date: 11/05/2017
  1. CVE-2017-16546 Detail
  • It is the ReadWPGImage purpose in coders/wpg.c in ImageMagick 7.0.7-9 malfuntion to validate the colormap index in a WPG palette and allows remote attackers to cause DoS or probably have unnamed other causes via malformed file.
Source: MITRE Last Modified: 11/05/2017
US-CERT/NIST Original release date: 11/05/2017
  1. CVE-2017-16547 Detail
  • It is the DrawImage purpose in magick/render.c in GraphicsMagick 1.3.26 malfuntion to look for popup keywords that are liked with push keywords and allows remote attackers to cause a DoS or perhaps have unnamed causes via a crafted file.
Source: MITRE Last Modified: 11/06/2017
US-CERT/NIST Original release date: 11/06/2017
  1. CVE-2017-16548 Detail
  • It is a receive_xattr function in xattrs.c for rsync 3.1.2 and 3.1.3-development that didn’t verify a trailing with ‘

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this assignment and no longer wish to have your work published on UKEssays.com then please click the following link to email our support team:

Request essay removal

Related Services

Our academic writing and marking services can help you!

Prices from

£99

Approximate costs for:

  • Undergraduate 2:2
  • 1000 words
  • 7 day delivery

Order an Assignment

Related Lectures

Study for free with our range of university lecture notes!

Academic Knowledge Logo

Freelance Writing Jobs

Looking for a flexible role?
Do you have a 2:1 degree or higher?

Apply Today!