1,234
edits
Changes
Created page with "= Assignment 1 = Due date: not yet determined Late penalties: 10% per day, including weekends and holidays == Part 1: Set up and routing (10 marks) == # Complete labs 1 th..."
= Assignment 1 =
Due date: not yet determined
Late penalties: 10% per day, including weekends and holidays
== Part 1: Set up and routing (10 marks) ==
# Complete labs 1 through 4. (but note the previous announcement about forwarding port 80)
# Create a new virtual network named asg1, with a subnet that has a 192.168.X network address, where X is the last two digits of your Seneca student number. Do not use DHCP on this network.
# Create a new virtual machine and install CentOS in it as a minimal install.
# Set up the new virtual machine to have the hostname lin1a1, and two network interfaces:
#* Both should be virtio type of virtual devices
#* One on the asg1 network with the IP address 192.168.X.50
#* One on the network1 network with the IP address 192.168.210.20
# Note that you can only have one default gateway on a system, and your default gateway should be c7host on the 192.168.210 subnet.
# Confirm that your new VM can communicate with both the internet and with hosts on the network1 network.
# Create another VM, named lin2a1, with one network interface and IP address 192.168.X.51
# The second VM should be able to access machines on the asg1 network but not on the network1 network.
# Configure the second VM to be able to access the internet and the network1 network via lin1a1. You'll need to enable IP forwarding and masquerading on the correct interface in the correct machine.
# Configure both VMs to be able to connect to c7host.yourmysenecaid.ops, lin1.yourmysenecaid.ops, and lin2.yourmysenecaid.ops by hostname (don't be tempted to set up another DNS server, use what you already have)
# Note: make sure that you start from the default iptables-services rules. You'll lose marks if you don't have a functional firewall on lin1a1 and lin2a1.
== Part 2: SSH brute-force attack (10 marks) ==
# Create at least 5 users on lin2, give some of them simple/common names (like "john") and simple or relatively-simple passwords. If you have a complex root password - you might want to change that to something simpler too.
# Find some software to perform a brute-force SSH login attack on lin2 from lin2a2.
# Run the attack. Record how long it took, and what the results were. If it fails to find usable credentials for you - make sure you have an explanation for why that was.
== Part 3: Report (10 marks) ==
Write a report, where you describe (in your own words):
* What you were trying to accomplish.
* What you had to do to set everything up (most important are the networking, routing, and firewall configurations).
* Describe how the tool you chose for Part 2 works, how you used it, and why it gave you the results that it gave you.
* Describe at least two ways to make brute-force SSH attacks less likely to be successful.
* Describe any challenges you ran into and how you solved them.
Screenshots might be helpful but are not required for the report. The report should be at least two pages long, not including screenshots, titles, and other fluff.
== Submit ==
Submit the report on Blackboard.
Due date: not yet determined
Late penalties: 10% per day, including weekends and holidays
== Part 1: Set up and routing (10 marks) ==
# Complete labs 1 through 4. (but note the previous announcement about forwarding port 80)
# Create a new virtual network named asg1, with a subnet that has a 192.168.X network address, where X is the last two digits of your Seneca student number. Do not use DHCP on this network.
# Create a new virtual machine and install CentOS in it as a minimal install.
# Set up the new virtual machine to have the hostname lin1a1, and two network interfaces:
#* Both should be virtio type of virtual devices
#* One on the asg1 network with the IP address 192.168.X.50
#* One on the network1 network with the IP address 192.168.210.20
# Note that you can only have one default gateway on a system, and your default gateway should be c7host on the 192.168.210 subnet.
# Confirm that your new VM can communicate with both the internet and with hosts on the network1 network.
# Create another VM, named lin2a1, with one network interface and IP address 192.168.X.51
# The second VM should be able to access machines on the asg1 network but not on the network1 network.
# Configure the second VM to be able to access the internet and the network1 network via lin1a1. You'll need to enable IP forwarding and masquerading on the correct interface in the correct machine.
# Configure both VMs to be able to connect to c7host.yourmysenecaid.ops, lin1.yourmysenecaid.ops, and lin2.yourmysenecaid.ops by hostname (don't be tempted to set up another DNS server, use what you already have)
# Note: make sure that you start from the default iptables-services rules. You'll lose marks if you don't have a functional firewall on lin1a1 and lin2a1.
== Part 2: SSH brute-force attack (10 marks) ==
# Create at least 5 users on lin2, give some of them simple/common names (like "john") and simple or relatively-simple passwords. If you have a complex root password - you might want to change that to something simpler too.
# Find some software to perform a brute-force SSH login attack on lin2 from lin2a2.
# Run the attack. Record how long it took, and what the results were. If it fails to find usable credentials for you - make sure you have an explanation for why that was.
== Part 3: Report (10 marks) ==
Write a report, where you describe (in your own words):
* What you were trying to accomplish.
* What you had to do to set everything up (most important are the networking, routing, and firewall configurations).
* Describe how the tool you chose for Part 2 works, how you used it, and why it gave you the results that it gave you.
* Describe at least two ways to make brute-force SSH attacks less likely to be successful.
* Describe any challenges you ran into and how you solved them.
Screenshots might be helpful but are not required for the report. The report should be at least two pages long, not including screenshots, titles, and other fluff.
== Submit ==
Submit the report on Blackboard.