Network Administration for

Security Professionals

Chapter 4
Cybersecurity
By Tom Mowbray

Dept. of CSIT N PATRA 1

Introduction
• Hands-on knowledge of network administration is an essential
prerequisite to becoming an effective cybersecurity
professional
• This chapter covers network administration in a logical
chronological manner including hardware installation,
network setup, moving data between systems on networks,
and managing disk
• The first steps in network administration are setting up the
hardware and cabling.
• Then you install operating systems and configure system
protections, such as firewalls, antivirus utilities, and anti-
spyware tools, before you put the system on the network.
Dept. of CSIT N PATRA 2
• To complete the building or rebuilding of a new system offline, you
need to burn some data CDs from another system with downloaded
patches and applications.
• Installing many applications requires knowledge of compression
and archiving
• System management controls enable you to manage users,
services, and devices
• The primary platforms covered in this chapter include Windows,
Linux, and VMware.

Dept. of CSIT N PATRA 3

• VMware is commercial virtual machine (VM) software, which
enables you to create new machines at will to use for testing
or user/server provisioning.

• Some common VMware virtual machine platforms include

VMware Player, VMware Workstation, and ESXi.

Dept. of CSIT N PATRA 4

Ch.4: Network Administration for Security Professionals

1. Managing Administrator and Root Accounts-1

2. Installing Hardware
3. Re-Imaging OS
4. Burning and copying CDs and DVDs
5. Installing System Protection/Anti-Malware-4
6. Setting up Networks
7. Installing Applications and Archiving-2
8. Customizing System Management Controls and Settings-2
9. Managing Remote Login-2
10. Managing User Administration-3
11. Managing Services -3
12. Mounting Disks
13. Moving Data Between Systems on Networks--3
14. Converting Text Files Between Oses
15. Making Backup Disks
16. Formatting Disks
17. Configuring Firewalls
18. Converting and Migrating VMs
19. Additional Network Administration Knowledge
Dept. of CSIT N PATRA 5
Managing Administrator and Root Accounts

As a network administrator, you are granted a privileged user

account on many networked systems and devices. Privileged
or administrative accounts can exercise unlimited authority
on your systems and networks. Some key best practices for
managing privileged accounts include:

Dept. of CSIT N PATRA 6

Some key best practices for managing privileged accounts
include:

• All users, including network administrators, should normally

use unprivileged, nonadministrative accounts.

• Administrative operations should be effectively separated

from other user activities

Dept. of CSIT N PATRA 7

For example, e-mail and Internet browsing should not be
performed using administrative accounts or while managing
devices/services remotely.

These policies are essential for network security for the following
reasons:

Dept. of CSIT N PATRA 8

• Logged in with a privileged account, a user receives an
unexpected but authentic-looking e-mail and opens its
attachment, which installs a rootkit

• A network administrator, logged in as root superuser visits a

drive-by malware website; a rootkit is installed unknowingly.
Now the attackers have have administrative privileges on the
network.administrative privileges on the network

Dept. of CSIT N PATRA 9

• A network administrator has web browser windows open for managing
Cisco routers, Oracle databases, and the company’s website.

• Over the lunch hour, the administrator does some personal Internet
browsing and stumbles upon a website that performs a cross-site
scripting (XSS) attack.

• XSS attacks involve running malicious scripts inside the administrator’s

browser; the scripts have all the authority of the network
administrator in all open browser windows and tabs.

Dept. of CSIT N PATRA 10

• If users had followed proper security policies, only individual,
nonprivileged accounts—rather than entire systems,
networks, and remote devices/services— would be
compromised.

Dept. of CSIT N PATRA 11

Lecture-2
1. Installing Applications and Archiving
2. Customizing System Management Controls
and Settings
3. Managing Remote Login

Dept. of CSIT N PATRA 12

 Installing Applications and Archiving

• Dependent on OS types
• Onscreen instructions in case of GUI installer
• Before installation , unpack archived folder

Dept. of CSIT N PATRA 13

For Windows
• Zip and unzip the folder containing application
• Older version must be uninstall before install new
application
– First look in Start ➪ All Programs under the developer
name (for example, Apple or Microsoft) to see if there is an
uninstaller script.
– With the Control Panel set to Windows Classic View, select
Start ➪ Control Panel ➪ Add/Remove Programs.
– Find the program in the list and double-click it; then click
the Uninstall button. Follow the onscreen instructions to
uninstall the program.

Dept. of CSIT N PATRA 14

• Download the application from a legitimate source or insert
the install disk.
– If the disk autoplays then select Start ➪ Computer and double-click
the disk.
– Search the disk for a Setup.exe script or equivalent.
– Double-click Setup.exe or another installer script and follow the
onscreen instructions to complete the installation.

– In general, choose the default installation settings.

Dept. of CSIT N PATRA 15

For Linux
• Downloaded applications are in achieve formats
– tar file (*.tar)
– tar ball (*.tar.gz)
– zip file (*.zip)
• The unpack command lines for these formats are as follows:
– File List: # ls –hal
– Tar File: # tar –xvf tarfile.tar
– Tar Ball: # tar –xvfz tarball.gz
– Zip File: # unzip zipfile.zip
• tar command-line options
» -x for extract
» -f for file // do not sort
» -v for verbose
» -z to apply gzip/ungzip transparently
» -a // to display almost all files
» -h // display human-readable sizes
» -l // long format option
Dept. of CSIT N PATRA 16
• x: extract files from the archive
• v: print the filenames verbosely
• z: uncompress the archive
• f: use a file (The file you are uncompressing)

Dept. of CSIT N PATRA 17

• To compress, use the –c or –cZ option followed by a list of
files, for example, the wildcard *.

 Manual installation of Linux applications can depend upon the

Linux family.
 Download the installer file from a legitimate source and use
the command line to install the binaries as shown in the
following examples:
 Debian: # dpkg application.deb (Debian package manager)
 Red Hat: # rpm application.rp (Red Hat package manager )

Dept. of CSIT N PATRA 18

• If an automatic install tool is available it’s preferable to use it
rather than performing manual installation.
– For example, on Ubuntu use the apt-get command, or
– on Red Hat variants use Yum Extender.
– The apt-get command and Yum automatically manage the
uninstallation of older versions and reinstallation of applications

Dept. of CSIT N PATRA 19

• Some applications require the development of unique installation
procedures.
• For example, the commercial pen testing tool, Canvas, has an installer
script inside its tar ball, which means that you must unpack the archive
and extract the installer script in order to run the installer.
 #!/bin/bash
 cd /opt/immunityinc
 rm -rf CANVAS*
 mv /root/CANVAS*
 tar -zxvf CANVAS*
 mv /opt/immunityinc/CANVAS*.tar.gz /tmp/CANVAS.tar.gz
 cd /opt/immunityinc/CANVAS*/installCANVAS
 . /installCANVAS.sh

Dept. of CSIT N PATRA 20

• The script changes to the installation directory,
• deletes the old version recursively (–r) and forced (–
f).
• The tar ball containing the new version is copied to
the installation directory and unpacked.
• The tar ball is moved to /tmp (where expected) and
the install script is executed

Dept. of CSIT N PATRA 21

 Customizing System Management
Controls and Settings
• Windows -There are several ways to access the system management
controls in Windows:
• Control Panel’s Administrative Tools folder
• My Computer (right-click and select Manage)
• Run command
– Mmc: Microsoft Management Console (MMC).
• Options include management of devices, disks, events, services, users,
group policy objects, and others.

Dept. of CSIT N PATRA 22

Linux

• Gnome and KDE desktops provide access to system management controls

via GUI tools; however, the command-line tools are much more portable
and standardized across Linux releases.
• A small sample of the major system management commands includes the
following:
– netstat: List active network connections and net services
– dmesg: Check system messages
– df: Check disk space
– ps, kill: Process management
– Mount, umount, fdisk: Manage disks
– useradd, usermod, userdel, passwd: Manage user accounts

Dept. of CSIT N PATRA 23

Managing Remote Login
• Remote login is a necessity for network administrators and
many security professionals.

• There are two major variations of remote login: desktop login

and commandline login. Remote desktop login displays the
GUI remotely, enabling mousedriven operations. In full-screen
mode, the user experience is nearly identical to a local login.
Command-line login only displays the command shell

Dept. of CSIT N PATRA 24

 Windows
• Select Start ➪ All Programs ➪ Accessories and look for a
Remote Desktop Connection application. (It’s in the System
subfolder on some Windows machines.) Invoke this
application, set the IP address, and click Connect. A login
screen displays; log in normally.

Dept. of CSIT N PATRA 25

• From Linux, you can log in to Windows using the rdesktop
command-line option with Windows IP as its argument. Both
of these remote methods use the Remote Desktop Protocol
(RDP), port 3389, by default. Another protocol for remote
desktop login is Virtual Network Computing (VNC) using
alternative client software.

Dept. of CSIT N PATRA 26

 Linux
• Linux can support remote desktop login using RDP and VNC.
• Protocols for command-line login include the encrypted Secure Shell (SSH)
and unencrypted telnet.
• The SSH service is enabled by default on Red Hat Linux variants.
• From BackTrack Ubuntu, SSH is set up from the GUI using:
• K ➪ Services ➪ SSH ➪ Setup SSHD
• K ➪ Services ➪ SSH ➪ Start SSHD
• SSH is also the protocol that enables Secure File Transfer protocol (SFTP)
file transfers. To use SSH and SFTP services remotely from Linux, use the
following command:
• # ssh [email protected]
• Then use normal Linux commands to administer the remote system

Dept. of CSIT N PATRA 27

 VMware
• Log in a shared VMware infrastructure for access to VM desktop
consoles.
 For ESXi from a Windows system, use Start ➪ All Programs ➪
VMware ➪ vSphere Client.
 Enter the IP address of ESXi, username, password, and then click
Connect.
 In the navigation, expand the folder labeled with the IP address.
Click to select a VM and then click the Console tab. If necessary,
right-click the VM in the navigation and select Power ➪ Power On.
 Click inside the Console tab and press Ctrl+Alt+Enter to switch to
full screen mode. Ctrl+Alt+Enter again to switch back.
 Type Ctrl+Alt+Insert, to actually send Ctrl+Alt+Enter to a VM (as
needed by Windows).

Dept. of CSIT N PATRA 28

 Lectuer-3: Managing User
Administration
• Includes- create, delete accounts , password, admin
privileges and group membership
Windows:using winodws GUI
 On newer Windows systems, double-click User
Accounts in the Control Panel.
 On Windows Server, access the management console
(right-click and select Manage on My Appliance),
click Local Users and Groups, and then double-click
Users.

Dept. of CSIT N PATRA 29

• As an administrative user, you can manage
user accounts:
– create accounts,
– delete accounts,
– set up group membership,
– assign administrative privileges,
– change account names, and
– change passwords.

Dept. of CSIT N PATRA 30

• Security tester prefers command line
operation as most of the remote access
machines likely to be command line based

Dept. of CSIT N PATRA 31

Dept. of CSIT N PATRA 32
 Linux

Dept. of CSIT N PATRA 33

 VMWARE
• VMware Each VM has user accounts that are
administered exactly like physical machines
running the same OS.
• VMware infrastructures supporting multiple
users also require accounts.

Dept. of CSIT N PATRA 34

1. To administer accounts on ESXi, log in to a
privileged account such as root using a vSphere
client.
2. In the navigation, click the IP address and then
click the Users & Groups tab.
3. Right-click the user list and select Add.
4. Fill in the fields, including a unique UID, add
groups, and click OK.
5. Open the Permissions tab, right-click the new
user, and escalate the role to Administrator

Dept. of CSIT N PATRA 35

 Managing Services
• A service is a long-running process that is
waiting for a packet, message, event, or
application programming interface (API) call to
provide functionality

Dept. of CSIT N PATRA 36

• Wellknown services include DNS, e-mail
(SMTP, POP), databases, printing, !rewalls,
SSH, !le transfer protocols (SFTP, TFTP), and
web servers (HTML, SSL)
• Services management is the administration of
the service status (start, stop, and restart) and
setting/configuration.
•

Dept. of CSIT N PATRA 37

Windows
• Open the Service Console using Start ➪ Run and
typing the string services.msc.
• Installed services are listed with their statuses and
attributes.
• The major controls, such as stop and start, are available
from the context menu (right-click a service).
• Double-click a service to view and edit its properties.
• From the command prompt use netstat and nbtstat to
check service status.
• Use netsh and sc to manage and configure services

Dept. of CSIT N PATRA 38

Moving data between systems on
networks:
 Windows file sharing
 Secure File Transfer Protocol (SFTP)

Dept. of CSIT N PATRA 39

Windows file sharing

STEPS:
» Create new folder in C drive
» Write click the folder and select properties
» Go to the Sharing tab and click the Share button
» Click security tab, enable the users and permissions for
the users and groups desired

Dept. of CSIT N PATRA 40

• Suppose you give full control to MyUser for the folder
MyShare on host 10.10.100.10.
• To exchange data from a remote system (10.10.100.20), open
a folder and replace the address bar content with
\\10.10.100.10\MyShare (and then press Enter).
• A username/password challenge dialog displays; fill it in and
click OK.
• Now the share will be open.
• On either machine, you can drag files into the MyShare folder
and access them on the other system.

Dept. of CSIT N PATRA 41

• To add Linux and Unix systems to the Windows share, perform
the following commands:
• # mkdir /mnt/MyShare
• # mount –t cifs //10.10.100.10/MyShare /mnt/MyShare –o
user=MyUser
• The mount type –t cifs is for Common Internet File System
(CIFS), which supports the Microsoft Server Message Block
(SMB) protocol.
• This is a Universal Naming Convention file pathname

Dept. of CSIT N PATRA 42

Secure File Transfer Protocol (SFTP)
• SFTP runs over SSH, providing an encrypted
channel for transfers.
• It is advanced version of FTP
• Known as SSH(secure shell)
• Works on port no. 22
• Uses the client-server model
• Windows SSH and SFTP are not enabled by
default, but they are readily enabled in Linux
Dept. of CSIT N PATRA 43
• For example, log in using STFP to a machine at 10.10.10.10 as
MyUser, and then transfer a file using the following
commands:
• #sftp [email protected]
• Password: MyUser@host~$ pwd
• MyUser@host~$ls
• MyUser@host~$ get fileIneed.txt
• SFTP has many common OS commands available in remote
versions: pwd, ls, cd, get, and put.
• SFTP also has commands that work in the local context: lpwd
(local working directory), lls (local directory listing), and lcd
(change local directory

Dept. of CSIT N PATRA 44

Dept. of CSIT N PATRA 45
Lower down risks while exchanging data

Dept. of CSIT N PATRA 46

Configuration of SFTP for windows

• In most windows OS, SSH is preinstalled, else first install SSH

in your system from open source.
• Open the control panel and search for “Window Defender
firewall”, then click on “Advanced settings”.
• A new popup will open, click on “Inbound rules”.
• Now click on “ New rule” in the right corner.
• At last, select an SFTP client to use. Generally, window SFTP
clients use WinSCP, FileZilla, Cyberduck.

Dept. of CSIT N PATRA 47

Difference between SFTP and SSH
SSH SFTP
Secure Shell Secure File Transfer Protocol.
Provides authentication and secure logins Creates a secure channel for transferring files.

Uses encryption to keep data in transit Uses SSH for encryption.

protected.

Uses a public key or password. Uses the same authentication methods as SSH

Used for secure remote communication and Used for secure file transfer and manipulation.
command execution

Port forwarding on port 22 Uses the same as SSH

Dept. of CSIT N PATRA 48

Installing System Protection / Anti-Malware

• Unprotected system’s life expectancy about 10min.

• Passive honeypot to capture malware
• Antivirus protection to install, enable and set for automatic
updating
• Host-based-security(HBS) provides n/w defenses on each
machine.

Dept. of CSIT N PATRA 49

• A full-scope HBS would include technologies such as:
 Antivirus
 Anti-spyware
 Firewal
 Intrusion detection
 Intrusion prevention
 Blacklisting
 Real-time integrity checking
 Periodic policy scanning
 Rootkit detection
 Patch management

Dept. of CSIT N PATRA 50

• Antivirus protection scans for malicious file.
• scans: on-demand, scheduled, and continuous.
• Anti-spyware searches for suspicious applications that might
be collecting data without the users’ knowledge.
• Spyware applications are often installed covertly, as the user
is surfing a website
• Both antivirus and anti-spyware programs either quarantine
or remove the malicious file.

Dept. of CSIT N PATRA 51

• A host-based firewall determines which ports are open
and closed, as well as which applications are allowed to
communicate on or over the network.
• Intrusion Detection System (IDS) scans network traffic
for potentially malicious packets and sends alerts and
the packet to log files.
• An Intrusion Prevention System (IPS) can dynamically
block network traffic based upon alerts.
• A blacklist is a list of blocked domains, IPs, or IP
address blocks.
• The blacklist prevents these IPs from communicating
either outbound or inbound traffic (or both).

Dept. of CSIT N PATRA 52

• A real-time integrity check monitors key OS
files for changes and alerts when it detects
potentially malicious changes.
• A periodic policy scan checks the security
settings of registry keys, Group Policy objects,
services, and applications, alerting when it
detects variation from accepted standards for
secure systems

Dept. of CSIT N PATRA 53

 for windows

• Free antivirus packages from

– www.avast .com,
– www.clamav.net,
– http://free.avg.com
– www.malwarebytes.org.
• Some free anti-spyware packages are available from
– http://superantispyware.com
– http://lavasoft.com (Ad-Aware).
• Free rootkit detection tools are available from
– www.safer-networking.org (Spybot S&D)
– www.microsoft.com (Malicious Software Removal Tool).

Dept. of CSIT N PATRA 54

 For Linux
• The anti-malware market for Linux is
considerably smaller than Windows; hence
there are fewer offerings of both free and pay
solutions
• Some of the free antivirus packages for Linux
are available from
– www.clamav.net
– www.free .avg.com.

Dept. of CSIT N PATRA 55

• To install Clamav on Ubuntu with the following
command:
– # apt-get install clamav
• on Red Hat Linux, you can search and install
Clamav using Yum extender.
• To update the Clamav antivirus signature
databases twice a day, use the following
command:
– # freshclam –d –c 2

Dept. of CSIT N PATRA 56

 Setting Up Networks
• Basic competency of both network
administration and hands-on cybersecurity
• static IP and dynamic IP: based on convention
for your LAN.
• Dynamic IPs require a Dynamic Host
Configuration Protocol (DHCP) server to issue
new IP addresses.
• Static IPs are assigned by network
administrators and are manually configured.
Dept. of CSIT N PATRA 57
• IP versions are IPv4 and IPv6.
• IPv4 uses 32-bit addresses, denoted by four 8-bit
numbers, called dotted decimals, such as
64.94.107.15.
• IPv6 addresses are 128 bit and denoted by eight
16-bit hex numbers separated by colons.
• A single string of zeros in an IPv6 address can be
abbreviated
• for example: 2a1b:9ce:0:0:0:0:0:d1 is equivalent
to 2a1b:9ce::::::d1.

Dept. of CSIT N PATRA 58

Classless Inter Domain Routing (CIDR)

• Method of IP Address allocation and IP routing

• It is based on their network prefix rather than
their class(traditional way of IP address
allocation such as class A,B,C)
• Example: 192.168.1.0/24
• this indicates first 24 bits of IP address are the
network prefix and the remaining 8 bits are
the host id.(class C)

Dept. of CSIT N PATRA 59

• A CIDR number for an 48-bit block of 2^48 addresses is
denoted as 55d:::::::23f/80.
• A MAC address, which stands for Media Access Control
Address, is a physical address that works at the Data Link
Layer.
• MAC Addresses are unique 48-bit(12 digit) hardware
number of a computer, that is embedded into a network
card (known as a Network Interface Card )during
manufacturing.
• The MAC Address is also known as the Physical Address
• First 24 bits used for manufacturer id and last 24 bits used
for NIC.
• It works in data link layer of OSI model.

Dept. of CSIT N PATRA 60

Network address translation (NAT)
• Creates virtual address space in WAN and
LAN.
• In IPv4, the prefix 192.168 and 10.10 are
assigned to NAT addresses.
• NAT is used in firewall or internet router.
• The DHCP server can set up all the network
settings automatically through network
discovery; it essentially broadcasts messages
to the host to establish connectivity
Dept. of CSIT N PATRA 61
• Static network connections require a handful
of settings—IP address, subnet mask, and
default gateway—to be able to communicate
on an IP network.
• Name servers use DNS Internet standards.
DNS servers translate Internet domain names
into IP addresses and vice versa.
• Google.com is 74.125.229.20

Dept. of CSIT N PATRA 62

 Windows
• Select Start ➪ Control Panel ➪ Network Status and Tasks
and then click Manage Network Connections in the left
navigation bar.
• Double-click the Local Area Network icon and then click the
Properties button.
• Select IPv4 or IPv6 protocol and click the Properties button.
• Choose either static IP or automatic (DHCP) and then
choose static or dynamic DNS.
• For static IP, fill in the IP address, subnet mask, default
gateway, and (if static DNS) the preferred DNS server(s).
• Click the OK button twice and then click the Close button to
confirm the settings

Dept. of CSIT N PATRA 63

• Ipconfig, ping, nslookup and nbtstat –
command line options for managing network
connections.
• Ping the gateway to confirm connectivity, for
example: C:\> ping 10.10.100.1

Dept. of CSIT N PATRA 64

 Linux
• For dynamic IP (DHCP), use the ifup command
to automatically configure network settings:
#ifup eth0
• The effect of this command is controlled by
/etc/network/interfaces, with an entry such as
auto eth0
• iface eth0 inet dhcp

Dept. of CSIT N PATRA 65

 Possible Questions
1. Why is network administration an essential skill
for a hands-on cyber security professional?
2. What are common tasks that network
administrators perform for end users of IT?
3. On a cybersecurity testing project, which
network administration skills are you mostly
likely to use?
4. What is the difference between SFTP and SSH.

Dept. of CSIT N PATRA 66