Comprehensive Guide to Network Security Tools and Techniques
1. Perform Basic Network Scanning Using Nmap
2. Perform basic network scanning using the Nmap tool (Zenmap on Windows). Identify services, open ports, active hosts, operating systems, and vulnerabilities.
a. Identifying Services
nmap -T5 scanme.nmap.org
(check for services running)
b. Open Ports
nmap -T5 scanme.nmap.org
(port status, port number, protocol type)
c. Active Hosts
$ ip a
$ nmap -sP 192.168.120.132/24
(4 hosts)
d. Operating Systems
$ sudo nmap -sV -O 192.168.120.1 (from active host) and look for OS details.
e. Vulnerabilities
sudo nmap –script vuln scanme.nmap.org -v
Status: likely vulnerable.
2. Phishing Simulations
Phishing simulations (Google, LUCY, and GoPhish).
- Step 1: Run Social Engineering Toolkit
# setoolkit - Step 2: Select option 1: Social Engineering Attack
- Step 3: Select option 2: Website Attack Vectors
- Step 4: Select option 3: Credential Harvester Attack Method
- Step 5: Select option 1: Web Templates
- Step 6: Select option 2: Google
- Step 7: Open Firefox and type the following in the URL
http://Your system IP - Step 8: Enter the email ID and password on the website and observe that the same is duplicated in setoolkit.
3. Packet Analysis Using Wireshark
EXP 4: Packet analysis using Wireshark (TCP, UDP, DNS, ARP, ICMP, NTP, TLS).
Open terminal and type “wireshark”.
Select “any” and click next.
Now open a browser and play a video on YouTube for the purpose of data transmission & receiving.
Now close the browser and examine the different protocols by selecting each protocol and its description.
4. Ransomware Tabletop Exercise on Insider Threat
5. Ransomware tabletop exercise on insider threat.
— Sara GitHub link
$ git clone (Sara GitHub link)
$ pwd
$ cd SARA
$ bash install.sh
$ python3 sara.py
— Build screen ransomware
—- Yes, I want to upload
—- Copy the generated link and paste it in the browser
— Download the file
— Search VirusTotal
— Upload the app/file
— Detection – Android ransomware
— Details – Basic properties – File type
—- Relations – Detections
5. Installation of Wireshark, Tcpdump, and Data Observation
7. Installation of Wireshark, Tcpdump, etc., and observe data transferred in client-server communication.
Using UDP/TCP and identify the UDP/TCP datagram.
- Step 1: Check if Wireshark is already installed?
# wireshark - If the above command results in no output, then install Wireshark
# apt install wireshark
and follow on-screen instructions. - Step 2: Identify the IP address and link that is used for incoming/outgoing communication (i.e., Ethernet link) on the Linux VM.
# ifconfig - Step 3: Identify the IP address on the Windows host.
# ipconfig - Step 4: Run Tcpdump on the Linux VM to capture the packets across the link.
# tcpdump -i eth0 -w f1.pcap - Step 5: Now on Windows, ping the Linux host.
C:\> ping LinuxHostIP - Step 6: Stop capturing packets.
Type ^C on the Linux host - Step 7: Open Wireshark and open the file f1.pcap.
Observe the packet information – Identify the destination, source MAC address, and type of packet received.
6. Installation of Rootkits
8. Installation of rootkits and study about the variety of options.
- Step 1: Install RKHunter rootkit.
# apt install rkhunter - Step 2: To know the options.
# rkhunter - Step 3: Check version.
# rkhunter –version - Step 4: Update RKHunter for any recent updates.
# rkhunter –update - Step 5: Update RKHunter for properties.
# rkhunter –propupd - Step 6: Check for vulnerabilities.
# rkhunter –check
7. Sniff Traffic Using ARP Poisoning
9. Perform an experiment to sniff traffic using ARP poisoning.
- Step 1: Identify the IP address of the Linux VM and also observe the MAC address.
# ifconfig - Step 2: Run Wireshark and select interface eth0.
# wireshark - Step 3: In the Terminal Emulator, type the following and observe the ARP packet source & destination IP address as well as MAC address.
# arpspoof -i eth0 -t 192.168.123.2 192.168.123.254 - Step 4: In the Terminal Emulator, type the following and observe the ARP poisoning the source & destination MAC address to the Linux MAC address.
# arpspoof -i eth0 -t 192.168.123.254 192.168.123.2
8. Demonstrate Intrusion Detection System Using Snort
10. Demonstrate intrusion detection system using Snort.
- Step 1: Verify if Snort is installed.
# snort - Step 2: Check the Snort version.
# snort -V - Step 3: Verify the Snort configuration file.
# snort -c /etc/snort/snort.lua - Step 4: Create custom.rules in the folder /etc/snort/rules and enter the following:
mousepad /etc/snort/rules/custom.rules
alert tcp 192.168.123.130 any -> any any (msg: “Your system is attacked”; sid:100001) - Step 5: Run Tcpdump on the Linux VM to capture the packets across the link.
# tcpdump -i eth0 -w s1.pcap (play YouTube) - Step 6: Stop capturing packets.
Type ^C on the Linux host. - Step 7: Execute the rules on the captured packets and observe the message given in step 4 is printed.
# snort -q -c /etc/snort/snort.lua -r s1.pcap -R /etc/snort/rules/custom.rules -A alert_talos
9. Basic Commands for Linux
EXP 1:
Step 1: Open VMware Workstation and create a VM by following the on-screen installation options as shown below.
Select Typical, click next.
Select ISO file and click next.
Default values Next.
Select Store virtual disk as a single file and click next.
Click Finish.
The Virtual Machine is now created. Go to VMware Workstation and select the newly created VM and Power On the VM. Now proceed with Kali Linux installation and follow the on-screen instructions as shown below:
Select English and click next.
Select United States and click Continue.
Select American English and click continue.
Give username, domain name, and full user name and click continue.
Set Password and click continue.
Select Eastern Clock and continue.
Select Guided – Use entire Disk and click next.
Select All files in one partition.
Select Yes and click continue.
In Software Selection Window – Leave defaults.
Installation is complete. Now click to reboot the VM.
Basic Commands:
mkdir, cd, cat, ls, cp, rm, mv, uname, cp, ln, clear, ps, apt, grep, dpkg.