Network Security Analysis Assignment Guide
This guide provides a two part IT experience for undergraduates and those learning professional IT. Students will use it to conduct an investigation into the access control and general privacy of a home-based IT network, involving wireless fidelity (wifi) protocols.
Also read: Applied Network Security
Internal Network Inspection
Router Inspection, WiFi Network Integrity
Obtain the IP address for your personal computer. On a macintosh, you will use the command line, or Terminal Utility. On a windows machine, you will utilize your command prompt. You may need to research/google how to find your IP address, using the ifconfig (mac) or ipconfig utility, but in general one runs it from your command prompt or Terminal command line, as below.
Determine the address of your router configuration page, over IP. Your IP is the inet value in the second interface, after the loopback, or l0, which is an interface that allows your computer to ping itself. In the above screenshot, the IP is 192.168.2.26, implying that there are 25 other IP-addressable devices in your home, which have recently taken out an IP from your home router, what is called a ‘leased’ IP.
The purpose of the ping, or ICMP protocol is to prove that a device is reachable through the current network setup. If something cannot be pinged, it implies that some failure is taking place, preventing the device from reaching you. It only represents the start of a troubleshooting process, or it represents the completion of the process of joining a device to a network. ICMP works over the broader internet, in the same manner that it works locally in your private wifi, unless the protocol of ICMP is disallowed by your router or personal computer.
Utilize the ICMP/Ping utility to ping your own computer, by IP. Type the word ping at the command prompt, as above, followed by the IP you wish to reach. Then ping the public domain name of a major internet service, ‘ping amazon.com’. The public URL will resolve to an IP address and return the outputs, above. The line-by-line output signifies that the TCP protocol is returning acknowledgements that traffic is passing through, with a trivial sample of data, sequenced with a TTL value, signifying that it will take a certain number of milliseconds to complete, or a ‘time to live’ before signifying that the connections is not working.
Router Administrative Controls
After learning the address scheme for the wireless network, you can assume that your router occupies the first available address inside the subnet, or private network it maintains. Generally, routers provide a boundary between one enclosed network and the wider internet, and brokers connections to and from this isolated, relatively unprotected network in your home. By looking at your IP address, you can generally guess the IP of the domain’s router:
The wifi network router: 192.168.2.1 (first available IP inside its range of addresses)
Generally, the fourth octet of the address, separated by periods, represents an area which is free to assign to individual computers, and thus enroll them in a common subnet, or networked domain.
Using HTTP against the router
Utilize the HTTP Protocol, to reach your router, using a web browser. Plug in the IP of the router after your prefix of http://.
In the shots below you can see that the IP causes the router’s administrative page to open. This may require a password to be entered, or not. Ideally, the router is best secured with an administrative password, so that anyone joining the network must also authenticate to the router. Once you gain admin access, it follows that the configuration of the router is changeable, and readable by the administrator.
Accessing the page:
Each router has setting related to the IP addresses it gives out, to devices internally:
Security configurations within the wifi network
What about security?
Some components to look for include:
Authentication and interior encryption. The router must encapsulate each piece of wireless, or airborne traffic somehow, then unravel the data before sending it to its destination. The general strength of the encryption is configured here.
The interior structure of the network, as it pertains to the IP address scheme, is also readable.
TCP/IP Protocol Inspection: traffic security
Install to your host machine, run on local network
Post installation, run your wireshark, which will display the interfaces currently listening to traffic.
The graphs will illustrate the active interfaces. You will want to look at traffic on a wifi, or wireless interface. I can tell which one is wireless, due to the ‘wi-’ in the name’s prefix.
But I can also test my bluetooth interface, which is clearly buzzing as I write this.
To look at the traffic on your wifi environment, double click the ‘wi-’ interface. It transitions to a screen full of textual data:
For the rest of the walk-through test, please watch and perform the steps in this video:
Assignment: A Home Network Security Audit
To Complete the assignment, produce an audit of the security of your network, through these steps. Perform each step then submit a document, with the answer to each question.
Personal Local Area Network
- What is the IP address of your personal computer?
- What is the IP address of the admin page of your router?
- Is an administrative password set, on your home wifi router?
- What encryption is set, on your home wifi router?
- Is a password set, for connecting to your home wife router? What complexity requirements are put in place (password length, inclusion of non-letter symbols, etc)
- Research WPA, or whatever security protocol your router enforces. Is it as secure as it could be? Could you enforce a tougher security regime in your home network, in terms of connecting client computers to your router?
Transport Layer Security
- Perform a capture of local wifi traffic in your home network. Locate connections to non-private network endpoints (traffic not originating from 192.168.x.x)
- Is Transport Layer traffic readable? Send a few emails to move text data to and from your remote email server. Are any frames legible to the human eye?
- Verify the SSL certificate on the endpoints (webpages) which you load in your browser. Are they encrypted via SSL, with active, valid certificates?
- What about your connections to Amazon, or other shopping sites? Are they encrypted securely, via SSL?
Closing research component
Investigate SSL-TLS. What security advantage does an organization gain, when they utilize this protocol?
Summarize each step of your analysis in a word document (pdf preferred), optionally enclosing screenshots where you deem appropriate. Be sure to include written commentary for each stage of the analysis.
Last Updated on October 8, 2020 by Essay Pro