16.2.

6 Lab - Research Network Security Threats

Part 1: Exploring the SANS Website

In Part 1, navigate to the SANS website and explore the available resources.

Step 1: Locate SANS resources.

Search the internet for SANS. From the SANS home page, click on FREE Resources.

Question:
List three available resources.

Tools

Newletters

Podcasts

Type your answers here.

Step 2: Locate the link to the CIS Critical Security Controls.

Critical Control 5: Malware Defenses. Employ automated tools to continuously monitor
workstations, servers, and mobile devices. Employ anti-malware software and signature auto-
update features. Configure network computers to not auto-run content from removable media

Step 3: Locate the Newsletters menu.

Question:
Highlight the Resources menu, select Newsletters. Briefly describe each of the three
newsletters available.
 SANS NewsBites is a semiweekly high-level executive summary of the most important news
articles that have been published on computer security during the last week. Each news item is
very briefly summarized and includes a reference on the web for detailed information, if
possible.

@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2)
vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked,
and other valuable data

OUCH! is the world’s leading, free security awareness newsletter designed for the common
computer user. Published every month and in multiple languages, each edition is carefully
researched and developed by the SANS Securing The Human team, SANS instructor subject matter
experts, and team members of the community. Each issue focuses on and explains a specific topic
and actionable steps people can take to protect themselves, their family and their organization.

Part 2: Identify Recent Network Security Threats

In Part 2, you will research recent network security threats using the SANS site and identify other
sites containing security threat information.

Step 1: Locate the @Risk: Consensus Security Alert Newsletter Archive.

From the Newsletters page, select Archive for the @RISK: The Consensus Security Alert. Scroll
down to Archives Volumes and select a recent weekly newsletter. Review the Notable Recent
Security Issues and Most Popular Malware Files sections.

Question:
List some recent vulnerabilities. Browse multiple recent newsletters, if necessary.

Step 2: Identify sites providing recent security threat information.

Questions:
Besides the SANS site, identify some other websites that provide recent security threat
information. https://hackaday.com/ https://www.helpnetsecurity.com/ https://www.idg.com/

https://www.infosecinstitute.com/resource-center/

List some of the recent security threats detailed on these websites. Ransomware,DDOS,Trojan

Part 3: Detail a Specific Network Security Attack

Step 1: Complete the following form for the selected network attack.
 Name of attack:
The AWS DDoS Attack in 2020

DDOS
Type of attack:
2020
Dates of attacks:
Amazon Web Services
Computers / Organizations
affected:

How it works and what it did:

DDoS attacks are carried out with networks of Internet-connected machines. ... When a victim's server or
network is targeted by the botnet, each bot sends requests to the target's
IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service
to normal traffic.

Mitigation options:
Immediate and automated updates as new forms of attack arise. Autoscaling of bandwidth and other
resources to absorb even massive volumetric attacks. Full visibility into incoming traffic (showing all details for
all requests)

References and info links:

https://www.a10networks.com/blog/5-most-famous-ddos-attacks/

Step 2: Follow the instructor’s guidelines to complete the presentation.

Reflection Questions
1. What steps can you take to protect your own computer?
Answers will vary but could include keeping the operating system and applications up to date with
patches and service packs, using a personal firewall, configuring passwords to access the system and
bios, configuring screensavers to timeout and requiring a password, protecting important files by
making them read-only, and encrypting confidential files and backup files for safe keeping

2. What are some important steps that organizations can take to protect their resources?
Answers will vary but could include the use of firewalls, intrusion detection and prevention, hardening
of network devices, endpoint protection, network vulnerability tools, user education, and security policy
development.

16.4.7 Lab - Configure Network Devices with SSH

Configure the router.
Configure PC-A.

Verify network connectivity.

Part 2: Configure the Router for SSH Access
Configure device authentication.

Configure the encryption key method.

Configure a local database username.

Enable SSH on the VTY lines.

Save the running configuration to the startup configuration file

Establish an SSH connection to the router.

Configure the Switch for SSH Access
Configure the switch.

Configure the switch for SSH connectivity.

Establish an SSH connection to the switch.

SSH From the CLI on the Switch

SSH to R1 from S1

What versions of SSH are supported from the CLI? Protocal v1; Protocal v2

Reflection Question
How would you provide multiple users, each with their own username, access to a network
device?
You would add each user’s username and password to the local database using
the username command. It is also possible to use a RADIUS or TACACS server, but this has not been
covered yet.
16.5.2 Lab - Secure Network Devices
Part1: Configure Basic Device Settings

Cable the network as shown in the topology.

Configure the router and switch.

Configure PC-A
Verify network connectivity.

Part 2: Configure Basic Security Measures on the Router

Part3: Configure security measures.

Verify that your security measures have been implemented correctly.

Does R1 accept the Telnet connection?

No, the connection is refused. Telnet was disabled with the transport input ssh command.

Use Tera Term on PC-A to SSH to R1.

Intentionally mistype the user and password information to see if login access is blocked after two
attempts.
What happened after you failed to login the second time?
The connection to R1 was disconnected. If you attempt to reconnect within 30 seconds, the connection
will be refused.

After you successfully logged in, what was displayed?

If you mistype this password, are you disconnected from your SSH session after three failed
attempts within 60 seconds? Explain.
No. The login block-for 120 attempts 3 within 60 command only monitors session login
attempts on VTY lines.
 Show running config

Part4:  Configure Basic Security Measures on the Switch

Configure security measures.

Verify all unused ports are disabled.

Verify that your security measures have been implemented correctly.

Verify that Telnet has been disabled on the switch.

After the 30 seconds has expired, SSH to S1 again and log in using the SSHadmin username and
55HAdm!n2020 for the password.
Question:
Did the banner appear after you successfully logged in?

Show running config

Reflection Questions
1. The password cisco command was entered for the console and VTY lines in your basic
configuration in Part 1. When is this password used after the best practice security measures
have been applied?
This password will not be used any longer. Even though the password command still appears in the
line sections of the running-config, this command was disabled as soon as the login local command
was entered for those lines.
2. Are preconfigured passwords shorter than 10 characters affected by the security passwords min-
length 12 command?
No. The security passwords min-length command only affects passwords that are entered after this
command is issued. Any pre-existing passwords remain in effect. If they are changed, they will need
to be at least  12 characters long.