CCNA Security

Lab - Researching Network Attacks and Security Audit

Tools/Attack Tools
Objectives
Part 1: Researching Network Attacks
 Research network attacks that have occurred.
 Select a network attack and develop a report for presentation to the class.
Part 2: Researching Network Security Audit Tools and Attack Tools
 Research network security audit tools.
 Select a tool and develop a report for presentation to the class.

Background / Scenario
Attackers have developed many tools over the years to attack and compromise networks. These attacks take
many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny
legitimate users access to resources. When network resources are inaccessible, worker productivity can
suffer, and business income may be lost.
To understand how to defend a network against attacks, an administrator must identify network vulnerabilities.
Specialized security audit software, developed by equipment and software manufacturers, can be used to
help identify potential weaknesses. These same tools used by individuals to attack networks can also be used
by network professionals to test the ability of a network to mitigate an attack. After the vulnerabilities are
discovered, steps can be taken to help protect the network.
This lab provides a structured research project that is divided into two parts: Researching Network Attacks
and Researching Security Audit Tools. Inform your instructor about which network attack(s) and network
security audit tool(s) you have chosen to research. This will ensure that a variety of network attacks and
vulnerability tools are reported on by the members of the class.
In Part 1, research network attacks that have actually occurred. Select one of these attacks and describe how
the attack was perpetrated and the extent of the network outage or damage. Next, investigate how the attack
could have been mitigated, or what mitigation techniques might have been implemented to prevent future
attacks. Finally, prepare a report based on the form included in this lab.
In Part 2, research network security audit tools and attack tools. Investigate one that can be used to identify
host or network device vulnerabilities. Create a one-page summary of the tool based on the form included
within this lab. Prepare a short (5–10 minute) presentation to give to the class.
You may work in teams of two, with one person reporting on the network attack and the other reporting on the
tools. All team members deliver a short overview of their findings. You can use live demonstrations or
PowerPoint, to summarize your findings.

Required Resources
 Computer with Internet access for research
 Presentation computer with PowerPoint or other presentation software installed
 Video projector and screen for demonstrations and presentations

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4
Lab - Researching Network Attacks and Security Audit Tools

Part 1: Researching Network Attacks

In Part 1 of this lab, you will research real network attacks and select one on which to report. Fill in the form
below based on your findings.

Step 1: Research various network attacks.

List some of the attacks you identified in your search.
1) Reconnaissance attacks
2) Access attacks
3) Denial-of-service attacks
4) Data manipulation attacks

Step 2: Fill in the following form for the network attack selected.

Name of attack: Denial of Service (DoS)

Type of attack: Network based

Dates of attacks:

Computers / Organizations affected: An Organizations entire Website

How it works and what it did:

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or

network, making it inaccessible to its intended users. DoS attacks accomplish this by
flooding the target with traffic, or sending it information that triggers a crash. In both
instances, the DoS attack deprives legitimate users (i.e. employees, members, or
account holders) of the service or resource they expected.
Victims of DoS attacks often target web servers of high-profile organizations such as
banking, commerce, and media companies, or government and trade organizations.
Though DoS attacks do not typically result in the theft or loss of significant information
or other assets, they can cost the victim a great deal of time and money to handle.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4
Lab - Researching Network Attacks and Security Audit Tools

Mitigation options:

Deploy an anti-virus program and firewall into your network

Using Third Party Services
Secured Server configuration will reduce the DOS attacks
References and info links:

http://www.thewindowsclub.com/dos-denial-of-service-attack

Presentation support graphics (include PowerPoint filename or web links):

Part 2: Researching Network Security Audit Tools and Attack Tools

In Part 2 of this lab, research network security audit tools and attack tools. Investigate one that can be used to
identify host or network device vulnerabilities. Fill in the report below based on your findings.

Step 1: Research various network security audit tools and attack tools.
List some of the tools that you identified in your search.
LOIC (Low Orbit Ion Canon)
XOIC
HULK (HTTP Unbearable Load King)
DDOSIM—Layer 7 DDOS Simulator
NMAP

Step 2: Fill in the following form for the network security audit tool/attack tool selected.

Name of tool: DDOSIM—Layer 7 DDOS Simulator

Developer: Adrian Furtuna

Type of tool (character-based or GUI): character-based

Used on (network device or computer host): computer host

Cost: Depends on the Organiozxation

Description of key features and capabilities of product or tool:

Simulates several zombies in attack

Random IP addresses
TCP-connection-based attacks
Application-layer DDOS attacks
HTTP DDoS with valid requests
SMTP DDoS
TCP connection flood on random port
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4
Lab - Researching Network Attacks and Security Audit Tools

References and info links:

http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/#gref

Reflection
1. What is the impact of network attacks on the operation of an organization? What are some key steps
organizations can take to help protect their networks and resources?

Depending on the timing and nature of the attack, getting your website or server back up and running could
take hours or even days.
1) Deploy an anti-virus program and firewall into your network if not already done. This helps in restricting
the bandwidth usage to authenticated users only.
2) Server configuration can help diminish the probability of being attacked. If you’re a network administrator
at some firm, take a look at your network configurations and harden the firewall policies to block out
unauthenticated users from addressing the server’s resources.
3) Some third party services offer guidance and protection against DoS attacks. These can be expensive
but effective as well.
2. Have you actually worked for an organization or know of one where the network was compromised? If so,
what was the impact on the organization and what did it do about it?
Yes, I read about OLYMPIC VISION AND SNAPCHAT in the Internet.
Olympic Vision was one of the more successful BEC social engineering schemes, a new malware-based
campaign is targeting key employees from companies in the US, Middle East and Asia. The attackers are
using malware in a classic business email compromise (BEC) attack in order to hijacking the email accounts
of the victims and authorize financial transactions on their behalf.
Which made the company causing close to US$130,000 in damages to every company it infected in 2015.

3. What steps can you take to protect your own PC or laptop computer?
Keep the OS patched with the most latest updates.
Taking preventive measures by consulting security experts.
Install Firewall.
Install Antivirus Software.
Install Anti-Spyware Software.
Use Complex and Secure Passwords.
Check on the Security Settings of the Browser.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4