AND NETWORK
SECURITY: INTRUSION
DETECTION AND VPNS
Instructors Resource: End of Chapter Activities
Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States
Page 1
Introduction
THIS BOOK IS INTENDED TO provide an introduction to firewalls and other network security components that can work
together to create an in‐depth defensive perimeter around a local area network (LAN). Firewalls are among the best‐
known security tools in use today, and they are growing in popularity with the general public as well as information
technology professionals. However, firewalls work most effectively when they are backed by effective security
planning and a well‐designed security policy, and when they work in concert with anti‐virus software, intrusion
detection systems, and other tools.
Accordingly, this book examines firewalls in conjunction with the other elements needed for effective perimeter
security as well as security within a network. These include packet filtering, authentication, proxy servers, encryption,
bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems.
Approach
Guide to Firewalls and Network Security: Intrusion Detection and VPNs, Second Edition, provides faculty and students
with a single resource that combines the managerial background required for successful network security
administration with the technical content required to design, select, and implement many common networking
defenses. The book covers the policy, procedures, and managerial approaches needed to build a network defense
program as well as the essential technical background in networking, and then progresses through the technical
controls needed for network defense such as firewalls, VPNs, and intrusion detection systems. This supplement
provides the instructor a resource to enable them the option to offer enrichment exercises to those groups of
students that might benefit from them.
Note: Additional exercises may be found in another Cengage Course technology products Hands‐On Information
Security Lab Manual, 3rd edition © 2009 Course Technology. The authors of Guide to Firewalls and Network Security:
Intrusion Detection and VPNs, Second Edition strongly recommend use of a separate sources of lab tutorials and
exercises like the Hands‐On Lab Manual to supplement texts and provide cohesive, themed laboratory experiences.
Page 2
Guide to Firewalls and Network Security: Intrusion Detection and VPNs,
Second Edition
END OF CHAPTER ACTIVITIES
Chapter 1 Introduction to Information Security
CASE PROJECTS
Case 1-1: Threat categories
Consider the statement: an individual threat agent, like a hacker, can be a factor in more than
one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page,
and steals credit card numbers, how many different threat categories does this attack cover??
Page 3
Chapter 2 An Introduction to Networking
HANDS-ON PROJECTS
Project 2-1: Use the Tracert Command To Trace Network Connections
As you have seen in this chapter, routers are an important part of any network connection.
Routers can be placed both before and after a firewall, or between different areas of a network.
How many routers lie between your own computer and the computer that holds your school’s
home page on the Web? You can find out by using the tracert command with any Windows
computer.
1. On the Windows desktop, click Start, point to All Programs, point to Accessories, and
then click Command Prompt.
2. At the command prompt, type Tracert [site name or IP address], where [site name or IP
address] is the site name or IP address you want to trace. For example, if your school’s
home page is at www.uchicago.edu, type Tracert www.uchicago.edu, and then press
Enter.
3. A list of IP addresses appears. When the trace is complete, subsequent “hops” up to the
default of 30 hops will appear with the message “Request timed out.” How many lie
between your computer and the school’s home page? Make a note in your lab book or
notebook.
4. Type exit and then press Enter to close the command prompt window.
Page 4
1. On the Windows desktop, click Start, point to All Programs, point to Accessories, and
then click Command Prompt.
2. Type nslookup to enter interactive mode. The server responds with the default DNS server
and its address.
3. Record the default server and address.
4. Next type the domain name for which you want to determine the IP address. The system
responds with the address’s corresponding IP address. Note that querying on a cname
shows the host name and any aliases. When querying on a host name, “A record” shows
only the host name and IP.
5. Record the IP address corresponding to the entry and any known aliases.
6. You can also reverse the process and look up a domain name from a known address. The
system responds with the domain name and the registered IP address. This is helpful when
you want to determine if a suspected name/address pair is correct. Make a note in your lab
book or notebook as to the information.
7. Type exit to end the nslookup session.
You need to use IPSec for an extra-secure level of communication between computers. To start
using IPSec for communications between machines running Windows XP, you need to enable
IPSec and then configure the IPSec policy through local or group policy security settings for
each Windows machine that needs the heightened security. IPSec is an important protocol that
is widely used to encrypt communications between computers in a VPN. The first step in setting
up such a connection is to enable IPSec on both computers, as you will do in this project.
1. If your computer is not powered up, power it up now.
2. When the Log on to Windows dialog box opens, enter your user name in the User Name
text box.
3. In the Password text box, type the password you have been assigned.
4. Press Enter.
5. When the desktop appears, click Start, point to Settings, click Network and Dial-Up
Connections, and double-click Local Area Connection.
6. Click Properties.
7. In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP),
and then click Properties.
8. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
9. In the Advanced TCP/IP Settings dialog box, click the Options tab.
10. In the Optional settings box of the Options tab, click IP security, and then click the
Properties button.
11. In the IP security dialog box, click the Use this IP security policy radio button, and then
choose one of the three security policy options in the list box (Client, Secure Server, or
Server). Click Client if your workstation will function as the client in a VPN connection
with a server that is also running IPSec. Click Server if your workstation will function as
the VPN server, and click Secure Server if you plan to use encryption and authentication
as part of the VPN connection.
12. Click OK to close the IP Security dialog box.
Page 5
13. Click OK to close all the other open dialog boxes in succession and return to the Windows
desktop.
Page 6
Chapter 3 Security Policies, Standards, and Planning
HANDS-ON PROJECTS
Project 3-1: Draw Up a List of Resources To Be Protected
Refer to Table 2-1 of this chapter. Draw up a checklist of the resources in your own computer
lab that need to be monitored; rank them in order of importance. Follow these steps in your own
lab to get practice for similar situations in the corporate world later on.
1. On a piece of paper or in a word-processing document, create a three-column table. In the
first column, write down or type the names of the servers, workstations, printers, hubs, and
other hardware devices in your computer lab.
2. At the head of the second column, write or type Model Number.
3. At the head of the third column, write or type Serial Number.
4. Fill in the table for the hardware devices in your lab.
5. Turn the list in to your instructor. Did you forget any equipment, and did you account for
everything?
Page 7
CASE PROJECTS
Case 3-1: Develop a Response Plan
Your firewall software sends you an “urgent” e-mail message notifying you that your
company’s customer database has been accessed by an unauthorized user. You are nervous and
can’t remember what to do, so you turn to the security policy. What should your policy tell you
to do in response?
Page 8
Chapter 4 Finding Network Vulnerabilities
HANDS-ON PROJECTS
Page 9
5. In the popup window, the web site indicates a scan in progress. When complete it will
indicate what if any ports were detected as open. Note if you are behind a firewall, this is
what will actually be scanned.
CASE PROJECTS
Case 4-1: cve.mitre.org
Using a Web browser, go to http://cve.mitre.org. What type of site is this and what
information can it provide? Change the URL to http://cve.mitre.org/cve and enter the term IP
Validation Vulnerability in the Keyword search field and click Search. What information are
you provided? How would this be useful? Go to the Microsoft reference URL. What
additional information are you provided? How would this be useful?
Page 10
Chapter 5 Firewall Planning and Design
HANDS-ON PROJECTS
Project 5-1: Draw a simple packet-filtering design
The following project gives you some experience designing a basic firewall setup by asking you
to draw a simple network that is protected from the Internet by a single packet-filtering router
doing stateful packet filtering. Although the configuration is simple, it can serve as the
foundation for more complex designs.
1. Get a pencil and paper, or start a drawing program on your computer.
2. At the top of the drawing area, draw a large circle and label it “the Internet”.
3. Draw a line leading from the circle to a packet-filtering router.
4. Identify the external and internal router interfaces.
5. Assign IP addresses to the interfaces and to the computers being protected.
6. Draw a line leading from the router to a group of computers on an internal network.
7. Draw a line joining the computers on the internal network to indicate that they are
networked. Show one computer on the network that will not receive packets from the
Internet.
Page 11
from the Internet to both firewalls? What condition enables the second firewall to function as a
failover device? Draw the configuration that would make this setup possible.
1. Repeat Steps 1 through 7 in Hands-On Project 5-2.
2. Draw a dashed line leading from the first router (the one between the Internet and the
firewall) leading to the top of a rectangle. Label the rectangle “Failover Firewall.”
3. Draw a dashed line leading from the bottom of the failover firewall to the other firewall in
the drawing.
4. Draw a solid line leading from the bottom of the failover firewall to the second router (the
one positioned between the original firewall and the internal LAN).
5. Draw a line leading from the side of the failover firewall to a second DMZ.
6. Draw two computers in the second DMZ and label this “Second DMZ”.
Page 12
3. The next screen is a review of the alert settings. When asked “What kind of blocked traffic
do you want to be alerted to?” click Alert Me Whenever ZoneAlarm blocks traffic. This
will enable you to see all of the traffic that your computer is sending and receiving. Click
Next.
4. You will then be asked on the next screen to create a password. Click I do not want to create a
password unless your instructor or lab supervisor gives you different instructions. Click Finish.
5. The program wizard now starts. The first screen is about preconfiguring your browser and
its components. This allows ZoneAlarm to automatically set up the necessary permissions
for you to surf the Internet with your browser. When asked “Do you want ZoneAlarm to
preconfigure access permission?” click Next. Then click Finish.
6. The network security wizard now starts. The first screen will indicate that “New Network
Detected: IP Address xxx.xxx.xxx.xxx” where the x’s indicate the IP address of the
network device. This is the network to which your computer is connected. Click Next.
7. You will next be asked about the connection of this computer. Click Single computer
connected directly to the Internet. Click Next.
8. ZoneAlarm Pro will then ask you to name this network. This becomes a trusted network.
Enter the name Project 5. Click Finish.
Page 13
Case Projects
Case 5-1: Firewall Rule-Processing Approaches
Consider a user named Ken who works as a work-study student in a university department
protected by a firewall and is a member of the Work-Study user group in the Windows domain.
Ken wants to access a Web site on the Internet from within the firewall. When Ken launches his
Web browser and attempts to connect, the request is received by the firewall. The firewall has
been configured with the rules pertaining to HTTP Web access shown in Table 3-6.
Table 3-6 Sample HTTP Firewall Rules
Rule Port Users Action
1 80 (HTTP) All Allow
2 80 (HTTP) Work-Study Deny
3 80 (HTTP) Ken Allow
What happens to the request if the firewall processes its rules using a) In Order, b) Deny All,
c) Allow All, and d) Best Fit?
Page 14
weaknesses of each product. Also, include a recommendation regarding where this product
should generally be used. Your presentation should be a minimum of 20 slides.
Chapter 6 Packet Filtering
HANDS-ON PROJECTS
Project 6-1: Set Up Windows Packet Filtering
Windows XP has a variety of TCP/IP packet filtering that can be applied to a local area
connection. This isn’t a very sophisticated form of packet filtering, but it can prove useful if you
have a specific port or protocol you want to block. The steps shown are for a Windows XP
workstation.
1. On the Windows XP desktop, click Start, point to Settings, point to Network and Dial-up
Connections, and then click Local Area Connection. The Local Area Connection Status
dialog box opens.
2. Click Properties. The Local Area Connection Properties dialog box opens.
3. Click Internet Protocol (TCP/IP), and then click Properties. The Internet Protocol
(TCP/IP) Properties dialog box opens.
4. Click Advanced.
5. In the Advanced TCP/IP Settings dialog box, click Options, click TCP/IP filtering, and
then click Properties. The TCP/IP Filtering dialog box opens.
6. In the TCP/IP filtering dialog box, make sure the Enable TCP/IP Filtering (All adapters)
check box is checked. Click the Permit Only radio button above TCP Ports. The TCP
Ports option becomes active.
7. Click Add. The Add Filter dialog box opens.
8. In the TCP Port text box, type the DNS Port 53, and then click OK.
9. Repeat the preceding three steps for the UDP Ports section. Use Port 53.
10. Repeat Steps 6, 7, and 8 for the IP Protocols section. Enter protocol number 45 for Inter-
Domain Routing Protocol.
11. Close all open windows.
Case Projects
Case 6-1: Design a Packet Filtering Solution
Your employer asks you to block traffic from the Web site www.offensivecontent.com, which a
group of employees has been caught visiting. You open a command prompt window and type
ping www.offensivecontent.com to determine the IP address of the site. After a few minutes, the
IP address 197.34.5.56 comes back, but you get several messages stating that the request has
timed out, and no packets are exchanged. Based on what you’ve read in this chapter, what does
this tell you about the security measures at the www.offensivecontent.com Web site? What rule
would you add to the rule base to block access to this site?
Page 17
Chapter 7 Working with Proxy Servers and Application Gateways
HANDS-ON PROJECTS
Project 7-1: Install and Configure NetProxy
There are many proxy server programs you can install and work with, but for the purposes of
lab testing, a good way to start is to download a freely available program that you can keep in
the lab and use on an ongoing basis if you wish. The program is free for single-user use. You
can install the program on any Windows 2000 or XP workstation.
The NetProxy software (and the steps that follow) both assume that the workstations on your
network use reserved IP addresses in the range 192.168.0.0/24 and that they are dynamically
generated by a server using Dynamic Host Control Protocol (DCHP). If the workstation on
which you install NetProxy uses a different IP address, substitute your machine’s actual IP
address for the one NetProxy instructs you to enter by default.
Page 19
6. In the Proxy Settings dialog box, type the address of your proxy server in the HTTP: text
box, and enter the port your proxy uses for HTTP service in the adjacent Port text box.
7. If you use different proxy servers for different services, repeat Step 6 for each of
the services you plan to use: FTP, e-mail, and so on. Otherwise, check the Use the same
proxy server for all protocols check box.
8. If you regularly need to connect to a computer on your local network, you don’t need to
access that machine through the proxy server. Enter the machine’s name (and any other
computers’ names to which you need to connect) or IP address in the Exceptions text box.
9. Click OK to close the Proxy Settings, Local Area Network (LAN) Settings, and Internet
Options dialog boxes in succession and return to the Internet Explorer window.
10. Connect to a remote Web site, such as www.grok.co.uk/. When you connect to the Internet
through your proxy server, what message appears in your browser’s status bar?
11. Exit Internet Explorer and return to the Windows desktop.
Page 20
13. In the Local Area Network (LAN) Settings dialog box, check the Use automatic
configuration script check box.
14. In the Address box, enter the address leading to the automatic configuration script in this
format:
http://proxy.server.ip-address:port/autoproxy.pac
For instance, if your NetProxy PC has the IP address 192.168.0.1 and the Web proxy
service is running on Port 8080 (the default), then the LAN Settings dialog in Internet
Explorer would be as follows:
http://192.168.0.1:8080/autoproxy.pac
15. Click OK twice to return to the Internet Explorer window.
16. Close Internet Explorer and return to the Windows desktop.
Page 21
9. Click OK. The application name is added to a list in the main SocksCap window.
10. Select the application you just added, and then click Run on the SocksCap toolbar.
11. The application’s window starts up. What happens after the application starts? Note the
answer in your lab notebook or in a word-processing program.
12. Click File on the menu bar and click Exit to exit SocksCap and return to your Windows
desktop.
Page 22
3. Go to the other workstation, click Start, and click Run to open the Run dialog box.
4. Type telnet, and then click OK to launch Telnet.
5. At the command prompt, type open IP address, where IP address is the IP address of the
computer to which you want to connect, and then press Enter. What message do you see?
Record the answer in a lab notebook or word-processing document.
6. Type open IP address 23, where IP address is the IP address you entered earlier. You
should see a connection message. Press Enter. Leave the Telnet window open.
7. Go the NetProxy computer, and double-click Telnet Gateway. The Telnet Gateway dialog
box opens.
8. In the Bind to text box, replace the default All Interfaces with any IP address that does not
exist on your network, such as 10.0.0.23, and then click Apply.
9. Return to the other workstation. In the Telnet window, type open IP address, and then
press Enter. What message do you see? Record the answer in a lab notebook or word-
processing document.
10. Type Quit, and then press Enter. The Telnet window closes.
11. Return to the NetProxy workstation. In the Telnet Gateway box, click All Interfaces on the
Bind to drop-down list, and then click OK. The Telnet Gateway box closes and you return
to the NetProxy window.
12. Click Services on the menu bar and click Exit to close NetProxy and return to the
Windows desktop.
CASE PROJECTS
Case 7-1: Use Private IP Addresses and Share a Connection
You are hired as the network administrator of a small start-up company with a limited budget.
You are instructed to configure the LAN so that the company makes use of a single dynamic IP
address it has obtained from its ISP as part of its low-cost Internet access account but that also
gives three other computers Internet access as well. How could you do this?
Page 23
Internet services. Yet, you have to get everyone online within a day or two. How could you
perform the batch configuration quickly?
Chapter 8 Firewall Configuration and Administration
HANDS-ON PROJECTS
Project 8-1: Install Sygate Personal Firewall
For the following Hands-On Project and many of the other projects in this book, you’ll use a
free version of a commercial firewall program, Sygate Personal Firewall. This program prompts
you whenever packets are sent into or out of your computer. You can use the firewall to monitor
services and set up logs. You can use any Windows computer to install the program.
1. Open your Web browser. In the Address box, type http://www.sygate.com and
press Enter.
2. Click Sygate Personal Firewall in the list on the right side of the page.
3. The Sygate Personal Firewall – Free Download & Product Information page appears. Scroll
down the page and click the Download Now! button.
4. Under the heading Sygate Personal Firewall, click either Download site #1 or Download
site #2.
5. A Download page appears with a list of links to servers in different geographic locations.
Click the link that’s closest to your own location to download the software.
6. A File Download dialog box opens. Click Open to download the file and automatically
begin installing it.
7. When the Installer program opens, follow the steps indicated to install Sygate personal
firewall on your computer. Then, restart your computer as instructed.
8. When you restart your computer and the Registration dialog box opens, click Register
Later. You are presented with a series of prompts asking you to set up rules for various
types of network communications. Click Yes to enable such communications. Record the
rules you set up in a lab book or a word-processing document.
9. As a courtesy to other users of this lab computer who might not need or want to use a
firewall (or who might be confused by the alert messages), right-click the Sygate Personal
Firewall icon in the System Tray, and then click Exit Firewall to stop the program from
running. When the Warning dialog box opens, click Yes.
Page 24
2. You may see a Registration dialog box asking you to register Sygate Personal Firewall.
Consult with your instructor on whether to register the software now (in which case, you
should click Register Now) or at a later time (in which case, you should click Register
Later).
3. On the Windows XP desktop, click Start, point to Programs (All Programs on XP), point
to Accessories, and then click Command Prompt.
4. At the command prompt, type ipv6 install, and then press Enter.
5. The “Installing...” message appears. After a short time, the “Succeeded.” message appears.
Sygate Personal Firewall immediately opens an alert dialog box. What does this dialog box
say? Note the answer in a lab book or word-processing document.
6. Click Yes to close the Sygate Personal Firewall dialog box.
7. In the Command Prompt dialog box, type ipv6 if, and then press Enter. A list of details
about your network interface—the interface index—is presented. How many interfaces are
listed, and what are they called? Note the answers in a lab book or word-processing
document. Also note which interface forwards and performs router discovery.
8. In the Command Prompt dialog box, type ipv6 ifc [InterfaceIndex] forwards, where
[InterfaceIndex] is the index number of the interface you want to configure. If Interface 4
was listed in Step 7 as the interface that forwards, type ipv6 ifc 4 forwards. Press Enter to
configure the interface.
9. Type exit and then press Enter to close the command prompt window.
Before starting this project, make sure you have enabled IPv6 forwarding, as described in
Hands-On Project 8-2.
1. Click Start, point to Programs (or All Programs on Windows XP), point to Sygate
Personal Firewall, and click Sygate Personal FirewallPro. The program starts, and an
alert dialog box opens, telling you that IPv6 wants to send a packet. (If the alert dialog box
does not appear immediately, log off your computer and then log back on.)
2. Click Detail. The alert dialog box expands to show you detailed information about the
attempted connection.
3. Scroll down and read the IP packet header information, which is presented under the
heading Internet Protocol.
4. Scroll down further. What is at the bottom of the details? Note the answer in a lab book or
word-processing document.
5. Click Yes to accept the packet and close the alert dialog box. The Sygate Personal Firewall
window appears. Click the close box to close the window and return to the Windows
desktop.
Page 25
CASE PROJECTS
Case 8-1: Monitoring Traffic
You need to monitor different types of traffic at different times of day using your firewall-
protected network. You primarily want to monitor e-mail, Web, and videoconferencing activity
during the day, but in the overnight offices, branch offices around the world might connect to
your network for FTP, TCP, and UDP traffic. How would you specify different monitoring
parameters for different times of the day?
Page 26
Chapter 9 Encryption and Firewalls
HANDS-ON PROJECTS
Project 9-1: Install and Configure PGP
You can gain a good deal of experience with encryption by installing and configuring the free
version of the highly-regarded program PGP. With PGP, you obtain your own keys, import
someone else’s public key so that you can exchange encrypted e-mail messages with that
individual, encrypt files, authenticate yourself to other users, and import X.509 digital
certificates. To get started, you need to install and configure the program on a Windows 2000 or
XP workstation, as described in the following steps.
You need to have WinZip (if you use Windows) or WinRAR (if you are on Linux) already
installed on your workstation to extract the PGP files. PGP Freeware can be downloaded only
by users in the U.S. and Canada; it cannot be exported to other countries. If you live outside
the U.S. or Canada and want to make use of PGP technology, visit the Network Associates
site to download a 30-day trial version of a commercial product that incorporates PGP into its
operations).
Page 27
11. When you are asked if you want to send your key to the root server, leave the box
unchecked.
12. Click Finish. The Key Generation Wizard closes and the PGPkeys window opens, showing
all of the keys on your keyring. (PGP automatically gives you a set of keys, or keyring,
belonging to the program’s developers.)
13. Double-click your own DSS exportable signature to open it. The Certificate Properties
dialog box opens.
14. Click Show Signing Key Properties. What does the digital “fingerprint” of your key
consist of ? (Give two versions.) Write the answer in your lab book or in a word-processing
document.
15. Click Close to close the Properties dialog box for your key, and then click Close to close
the Certificate Properties dialog box and return to the PGPkeys window.
16. Click File and then click Exit. Click either Save Backup Now or Don’t Save in the
PGPkeys dialog box.
When you submit your key to the public key server, the server forwards it to other key
servers around the world; they, in turn, forward the key to other servers as well, so be sure
you want to do this. If you need more help with the PGP public key site, go to the Help page
for the PGP Public Key site at http://pgpkeys.mit.edu/extracthelp.html.
1. Click Start, point to Programs (or All Programs in Windows XP), point to PGP, and then
click PGPtray to add the PGPtray to the system tray, if necessary. Click the PGPtray icon
in the Windows system tray, and then click PGPkeys on the pop-up menu. The PGPkeys
window opens.
2. Click your own name in the list of keys available to you in your keyring to highlight it.
3. Click Keys and click Export. The Export Key to File dialog box opens.
4. Select a directory on your computer where you want to export the ASCII (plain text)
version of your public key, and then click Save.
5. Click Start, point to Programs (All Programs, if you use Windows XP), point to
Accessories, and click Notepad.
6. Click File and click Open. In the Open dialog box, click All Files from the Files of type
list box. Then locate the plain text version of your key (the file name will be your own
name plus the .asc extension). Click on the file to select it, and then click Open.
7. View your public key file, and then click Edit and click Select All to highlight the entire
file.
8. Click Edit and click Copy to copy the public key file to your computer’s clipboard.
9. Click Start, point to Programs (or All Programs in Windows XP), and click Internet
Explorer to launch your Web browser.
Page 28
10. Type http://pgpkeys.mit.edu in the Address box, and then press Enter. The MIT PGP
Key Server Web page opens.
11. Scroll down the Web page to the Submit a Key section. Click in the large text box to
position the cursor within it. Then press Ctrl+V to paste the key you copied earlier.
12. Click the Submit this key to the keyserver! button. A Web page opens stating that the key
has been added to the server.
13. Click your browser’s Back button to return to the MIT PGP Key Server Web page. To
verify that your own key has been added, type the KeyID in the Search String box at the
top of the page, and then click Do the search!. A Web page should appear with
information verifying your identity as the holder of the key. What information is provided
on this page? Write down the answer in a word-processing document or a lab manual.
To find your KeyID, expand your name in the list of keys in the PGPkeys window. Double-
click your DSS exportable signature to display the Certificate Properties dialog box. Copy or
write down the code in the Signer KeyID box: this is the number you use to search for a key
on the Key Server Web site.
14. Obtain the KeyID of one of your classmates. Type it in the Search String box on the MIT
PGP Key Server Web page, and click Do the search!.
15. On the Web page that displays the key holder’s information, click the KeyID link. The
user’s public key opens on a separate Web page. You can now add your classmate’s key to
your keyring, as described in the following project.
Selecting the recipient as described in Step 4 tells PGP to encrypt the attachment using the
recipient’s public key. The recipient can then decrypt the message using his or her private
key.
Page 30
that use the X.509 protocol into PGP, so that PGP can use those digital certificates if needed.
You can obtain such digital certificates from a variety of CAs such as VeriSign or Thawte. Your
Web browser also comes with digital certificates from a number of such CAs, so it’s easiest to
use one of those resources first. The following steps apply to Windows XP computers.
The freeware version of PGP that you downloaded and installed in Project 7-1 does not
actually support importing of X.509 digital certificates. You need to download a trial version
of the commercial version of PGP to actually use this feature. However, it’s still useful to
follow the steps now so that you’ll know what to do if, in future, you do work with an
encryption program that does support X.509 digital certificates.
1. Double-click the Internet Explorer icon on your Windows desktop to start your Web
browser.
2. Click Tools and click Internet Options to open the Options dialog box.
3. Click the Content tab to bring it to the front.
4. Click Certificates.
5. In the Certificates dialog box, click the Trusted Root Certification Authorities tab to
bring it to the front.
6. Scroll down the list of digital certificates, and click VeriSign Individual Software
Publishers CA if you have this option. Be sure to select a digital certificate with an
expiration date that has not yet occurred. (If you don’t have a VeriSign digital certificate,
pick one from Thawte or another CA.)
7. Click View. The Certificate dialog box opens.
8. Click the Details tab to bring it to the front.
9. Scroll down the list of certificate details, and click Public key. The key code opens in the
bottom half of the Certificate dialog box.
10. Click Copy to File. The Certificate Export Wizard opens.
11. Click Next.
12. In the Export File Format screen, click Base-64 encoded X.509 (.CER), and then click
Next.
13. In the File to Export screen, type a filename for the file, such as VeriSign.cer or
Thawte.cer, and then click Next.
14. Click Finish, then click OK when a dialog box opens stating that the export was
successful.
15. View the digital certificate you just exported by clicking Start, pointing to Programs (or
All Programs in Windows XP), pointing to Accessories, and clicking Notepad.
16. Click File on Notepad’s menu bar and click Open, and locate the file you just exported.
Click Open.
17. When the file opens, click Edit and click Select All.
18. Click Edit and click Copy to copy the digital certificate to your computer’s clipboard.
19. Click the PGPtray icon in your system tray, and click PGPkeys on the
pop-up menu.
20. Press Ctrl+V to paste the digital certificate into PGPkeys. Click Import in the Select
keys(s) dialog box.
21. Click Edit and click Options on the PGPkeys menu bar.
22. In the PGP Options dialog box, click the CA tab to bring it to the front.
Page 31
23. Click Select Certificate. The Select X.509 Certificate dialog box opens with the digital
certificate you just exported displayed in it.
24. Click the name of the X.509 digital certificate to highlight it, and then click OK. You
return to the PGP Options dialog box. What is different about the dialog box now? Write
the answer in a word-processing document or lab manual.
25. Type the URL for the CA, such as http://www.verisign.com, in the URL text box.
26. Click OK to close PGP Options.
27. Click File and click Exit to close PGPkeys and return to the Windows desktop.
CASE PROJECTS
Case 9-1: Analyzing Security Problems
You are assigned to set up members of a partner company with user accounts that will give
them access to critical files on your network. However, you have heard that the company has
had security problems in their own network and you don’t entirely trust that they will always
exchange “genuine” communications with you that have not been intercepted by hackers. How
would you ensure that communications you appear to receive from the partner company are
authentic?
Page 32
pretending to be the new supplier. How can you prove the new supplier actually sent the
shipment and thus provide a nonrepudiation service for your company?
Page 33
Chapter 10 Authenticating Users
HANDS-ON PROJECTS
Project 10-1: Set Up User Authentication
NetProxy, a freeware proxy server program, has a user authentication feature you can set up. By
default, authentication isn’t set up on NetProxy; all users have unlimited access to all
applications covered by the proxy server. If you set up authentication, you can configure the
program to give specific users or groups access to specific services. You can also set up time
limits that govern how long they can use each service. NetProxy uses its own custom
authentication protocol, called NPAuth. The NPAuth protocol is administered by a small,
freeware application that you have to download and install on all client machines that use
NetProxy to make external connections.
This and subsequent exercises assume that you have a Windows XP workstation available
with NetProxy installed and running on it. You will also need the program WinZip to extract
the authentication software (you can get the software at www.winzip.com/). If you need
instructions on how to download and install NetProxy, refer to Hands-On Project 7-1.
Page 34
NetProxy and that the NetProxy Authentication Client is visible in the system tray. You also
need to configure your Web browser to work with NetProxy.
1. If you configured NetProxy to run as a service and the program is already running, double-
click the NetProxy Engine icon in the system tray. If NetProxy is not already running,
click Start, point to Programs, point to NetProxy, and click NetProxy Configuration.
The NetProxy 4.0 window opens.
2. Click WWW Proxy in the Services section of the NetProxy 4.0 window. Notice that, by
default, Unauthenticated is selected in the Groups section.
3. In the Groups section, click Administrators to deselect Unauthenticated.
4. Click User and click New. The New User dialog box opens.
5. Type a name for your new user in the User Name text box (for this exercise, use your own
name). Type a description in the Description text box (this is optional) and type a password
for yourself in the Password text box.
6. In the Access Privileges section of the New User dialog box, make sure a check mark
appears in the check box next to each of the services the user can access. When you’re
done, click OK. The New User dialog box closes and you return to the NetProxy window.
7. Click the NetProxy Configuration Wizard button on the NetProxy 4.0 toolbar.
8. Click Require user authentication, and then click OK.
9. When a NetProxy dialog box appears informing you that any existing NetProxy settings
will be overwritten, click Yes.
10. Make sure the words “NetProxy engine is running” appear in the status bar at the bottom of
the NetProxy window. (If the words “NetProxy Engine is Disabled” appear, click the
Enable/Disable Proxy Engine button on the NetProxy toolbar to start the program.)
11. Double-click the Internet Explorer icon on your desktop to start the browser.
12. When the NetProxy Authentication Client dialog box opens, enter a false username and
password. What message appears?
13. Click File on the menu bar and click Close to close the Internet Explorer window.
14. Restart Internet Explorer.
15. When the NetProxy Authentication dialog box opens, enter the correct username and
password you established in Step 5. Click OK. Your browser’s default startup page should
open.
16. Double-click the NetProxy Engine icon in the system tray.
17. Click WWW Proxy and then click Unauthenticated. This enables others to use this
workstation to access the Web without having to be authenticated.
18. Click Close.
19. Click File on the menu bar and click Close to close Internet Explorer and return to the
Windows desktop.
Page 35
You don’t necessarily have to install NPAuth on each workstation that you want to
authenticate. If there is no NPAuth client running on a workstation, NetProxy will attempt to
use the standard HTTP Proxy Authentication protocol to grant or deny access to the Web.
During Web browsing, if the Web browser being used supports proxy authentication, the user
will be presented with a dialog box into which a username and password can be entered.
1. Double-click the NetProxy Engine icon in the system tray to start NetProxy. If the
program is not running in the system tray, click Start, point to Programs, point to
NetProxy, and click NetProxy Configuration to open the NetProxy 4.0 window.
2. Click Group, and then click New. The New Group dialog box opens.
3. In the Group Name text box, type Accounting.
4. In the Description text box, type Accounting Dept. Managers.
5. In the Access privileges section, check all check boxes except RealPlayer Proxy Service
and Telnet Gateway Service.
6. Click OK. The New Group dialog box closes and you return to the NetProxy 4.0 window.
The name of the group appears in the Groups section of the window.
7. In the Users section of the NetProxy 4.0 window, double-click the name of the user you
want to add to the Accounting group. The Edit User Properties dialog box opens.
8. Click the Groups tab to bring it to the front. The Groups tab opens with two boxes:
Member of (which should be empty) and Not member of (which contains the groups
available to you).
9. Click Accounting to highlight it, and then click Add to move Accounting to the Member
of list box.
10. Click OK to close the Edit User Properties dialog box.
11. Repeat Steps 7 through 10 for each user you want to add to the group.
12. Click Services, and then click Exit to close NetProxy—unless you want to move on to the
next exercise, in which case you should leave the NetProxy 4.0 window open.
Page 36
6. Uncheck the Saturday and Sunday check boxes, leaving the other five boxes checked.
7. Click OK. The new time setting—Start Time 09:00, End Time 17:00, Mo Tu We Th Fr—
should appear in The Edit Group Properties dialog box.
8. Click OK to close the Edit Group Properties dialog box and return to the NetProxy 4.0
window.
9. Click Services, and then click Exit to close NetProxy and return to the Windows desktop.
CASE PROJECTS
Case 10-1: Single-user authentication
You need to restrict your company’s rank-and-file employees to using the Internet only during
regular working hours (9 a.m. to 5 p.m., five days a week). However, as network administrator,
you want to be able to access the network at any time of the day or night, seven days a week.
How would you meet the needs of the employees and yourself ?
Page 37
Case 10-2: Group Authentication
A group of freelance designers who work at home, some of whom dial in to the Internet and
some who have DSL or cable modem connections, needs to gain access to a set of your
company publication files to design them. How would you enable this?
Page 38
Chapter 11 Setting Up a Virtual Private Network
HANDS-ON PROJECTS
Project 11-1: Set Up a VPN Client Connection
VPN connections can take one of two forms: site-to-site or client-to-site. To set up a client-to-
site connection, in which a remote user could dial in to a network over a VPN, you need to
configure the client computer. Windows XP lets you establish a VPN client connection with a
VPN network by following these steps.
1. Click Start, and then click Control Panel.
2. Double-click Network Connections. If necessary, click Switch to Classic View.
3. Under Network Tasks in the headings on the left side of the Network Connections window,
click Create a new connection. Supply dialing information, if you are prompted to do so.
4. In the first screen of the New Connection Wizard, click Next.
5. In the second screen, click Connect to the network at my workplace, and then click
Next.
6. In the third screen, click Virtual Private Network connection, and then click Next.
7. In the fourth (Connection Name) screen, type the name of the company you want to
connect to in the Company Name text box. For this exercise, enter your school’s name.
Click Next.
8. In the Public Network screen, click Do not dial the initial connection because, if you have
a direct connection to the Internet, you are already connected. Click Next.
9. In the VPN Server Selection screen, type the IP address or host name of the computer to
which you connect at the remote network. For this exercise, type 192.168.0.0, and then
click Next.
10. In the final screen, click Finish to close the wizard. The Connect (Company Name) dialog
box opens, where (Company Name) is the name you entered in Step 7. Type in your
username and password, and click Connect. The computer you are trying to connect to
needs to be configured as a VPN server for the connection to actually work (in Project 9-3).
If it is not, click Cancel.
Page 39
5. If you need to set up authentication, click Change settings of this connection under the
Network Tasks heading on the left side of the Network Connections dialog box. The
(Company Name) Properties dialog box opens.
6. Click the Security tab to bring it to the front.
7. Check the Automatically use my Windows logon name and password (and domain if
any) check box if you want to use your Windows logon information for authentication. If
your VPN uses IPSec, click IPSec Settings and check the Use pre-shared key for
authentication check box. Then click OK.
8. Click OK to close (Company Name) Settings and return to Network Connections.
Page 40
CASE PROJECTS
Case 11-1: Setting Up a VPN
You have been hired by a small company that has set up a VPN. The VPN includes two
business partners with which the company needs to communicate on a regular basis. You set up
a simple mesh configuration, going from office to office to do the initial configuration, which
includes SA table listings for all devices in the VPN. The VPN operates smoothly until your
company purchases another business that has branch offices located overseas. You are given the
assignment of expanding the VPN to include the new employees. You are told that all internal
LANs should be able to communicate with one another and are informed in confidence that
more acquisitions may be in store. You are happy about the prospect of travelling overseas to
extend the VPN, but the prospect of updating four or more VPN devices around the world on a
regular basis seems impractical to say the least. What should you do to help the VPN grow?
Page 41
Chapter 12 Contingency Planning
CASE PROJECTS
Case 12-1: Terminology
Using a 1. Using a Web search engine, search for the terms “disaster recovery” and
“business continuity.” How many responses do you get for each term? Note how many
companies do not distinguish between the two.
Page 42
Chapter 13 Intrusion Detection and Prevention Systems
HANDS-ON PROJECTS
Project 13-1: Locate and Fill Out an Incident Identification Form
You don’t have to start from scratch when it comes to creating security policies. In fact, if you
are hired to handle security at a company, when it comes time to discuss the development of a
security policy you can produce a template and show it to management so they get an idea of
what’s required.
1. If your computer is not powered up, power it up now.
2. When the Log on to Windows dialog box opens, type your user name in the User Name
text box. (If the Log on to Windows dialog box does not appear, click Start, click Log Off,
and then log on with your username and password.)
3. In the Password text box, type the password your instructor has given you.
4. Press Enter.
5. When the desktop appears, double-click the Internet Explorer icon button to start your
browser.
6. In the Address box, type http://www.incidents.org/Incident_forms. The Incident
Handling Forms page of the Incidents.org Web site opens.
7. When the Incident Handling Forms page appears, click Incident Identification.
8. Print out the sample Incident Identification page. Fill it out as though there has been an
unauthorized access in your school lab. Save the page so you can in turn it in later to your
instructor.
9. Close your browser.
Page 43
9. Click Start, point to Settings, and click Control Panel.
10. Double-click Administrative Tools.
11. Double-click Event Viewer.
12. In the left pane of the Event Viewer, click Security Log.
13. View any events in the security log by double-clicking each event. Click the Success Audit
event that was created when you just logged on.
14. Log off and log on to Windows XP again—but this time with an incorrect password. Then
log on with your correct password and check the security log.
15. How many events were created by your two logon attempts?
Page 44
CASE PROJECTS
Case 13-1: Freeware Intrusion Detection
Using a Web browser, look for the open source and freeware intrusion detection tools listed in
the chapter. Next, identify two to three commercial equivalents. What would the estimated
cost savings be for an organization to use the open source or freeware versions? What other
expenses would the organization need to incur to implement this solution?
Page 45
Chapter 14 Digital Forensics
HANDS-ON PROJECTS
Project 14-1: Web Browser History Review
One of the first places to look when reviewing a system for forensic evidence is the Web
browser history. To find websites the previous user may have visited:
1.On your computer, double-click the Internet Explorer (or other Web browser) icon button
to start your browser.
2. On the toolbar, click the Favorites Center button.
3. Click the History button.
4. Browse through the dates indicated in the list. Look at the list of web sites. Do any seem
inappropriate for your system?
5. Close your browser.
Page 46
Project 14-3: Firefox Web Browser Anti-Forensics
1. To quickly delete private data in Firefox, start Firefox, click the Tools menu item, and then
click Clear Private Data. You can also accomplish this with the keystroke combination
Ctrl+Shift+Del.
2. For more control over clearing private data, click Tools, Options and then the Privacy tab.
Click the Settings button in the Private Data area to see what Firefox is remembering.
3. Click the Clear Now button in the Private Data area. To allow the browser to regularly
clear your private data, Select the Settings button in the Private Data area again, and make
sure all boxes are checked. Click OK.
4. Back in the Options window, in the Private Data area, check the Always clear my private
data when I close Firefox option.
5. To prevent Firefox from remembering private information clear the check marks from the
three options in the History Area of the Privacy tab. Click OK to close the Options
window.
Page 47
CASE PROJECTS
Case 14-1: Guide for First Responders
Using a Web browser, search on the term “Guide for First Responders.” Locate at least one
reference from Cert and one from the Department of Justice. What are these books and what
are they used for? Summarize the difference in a one-page document.
Page 48