Networking Question

Objective:

This practical assignment is designed to provide hands-on experience in configuring and analyzing network security using two key defensive technologies: Firewalls and Intrusion Detection Systems (IDS). The assignment is divided into three parts. In part 1, students will configure an iptables firewall and demonstrate the functionality through creation of a set of robust rules. The second part requires students to set up and test an IDS using Snort and Wireshark. The third part requires students to compute the efficiency of IDPS systems used in typical organizations. The main objective of this assignment is for students to have a solid understanding of how these defensive technologies are properly used to protect network environments and to verify their effectiveness

Part 1: Firewall Configuration and Management

Tasks:

1. Firewall Installation and Setup:

Install and set up the iptables firewall on a Linux environment (Kali VM or Docker container).

Document the installation and setup process, including any initial configurations.

2. Firewall Rule Creation:

Define and implement a basic set of firewall rules to:

Allow all outgoing traffic.

Block all incoming traffic except for specific ports (e.g., SSH on port 22, HTTP on port 80).

Log any traffic that is dropped by the firewall.

Test your rules by attempting to connect to the machine from other machine/devices in the network, ensuring that only allowed traffic is permitted.

Use Wireshark to capture network traffic, and verify that only the allowed traffic passes through the firewall. Ensure that the blocked traffic does not reach its destination and that it is correctly logged.

3. Advanced Firewall Rules:

Create advanced rules to:

Limit access to certain IP addresses or ranges.

Implement rules to:

Block or allow traffic based on protocols (e.g., allowing HTTP but blocking FTP from one particular IP address in the network).

Generate the corresponding network traffic and use Wireshark to verify that the rules work as expected.

Make sure to capture all the relevant screenshots and document all the required steps in the

report.

Part 2: Intrusion Detection System (IDS) Using Snort

Tasks:

1. Installation and Setup:

Install Snort on a Linux-based virtual machine/Docker container. Document the installation steps, including any dependencies and configuration settings.

Install Wireshark on the same machine.

Verify the installation of both tools by capturing and analyzing basic network traffic.

2. Snort Configuration:

Configure Snort to operate in Network Intrusion Detection System (NIDS) mode.

Edit the snort.conf file to define network variables, set logging options, and specify the rule paths.

Run Snort in test mode to ensure it is capturing and logging network traffic as expected.

Make sure to capture all the relevant screenshots and document all the required steps in the report.

3. Creating and Managing Snort Rules:

Create custom Snort rules to detect any two types of network activity, such as:

Ping sweeps

Port scans

Detecting HTTP/FTP requests, etc.

(a) Test your custom rules by generating relevant network traffic using tools like Nmap, Hping, or by crafting packets manually.

(b) Make sure to capture all the relevant screenshots and document all the required steps in the report.

4. Using Wireshark for Traffic Analysis:

Capture the network traffic while Snort is running using Wireshark.

Use Wireshark to verify that the traffic patterns intended to trigger your Snort rules are being generated and captured.

Analyze the packet details in Wireshark to confirm that the rules should logically trigger.

Make sure to capture all the relevant screenshots and document all the required steps in the report.

5. Testing Snort with Wireshark:

Simulate different types of attacks (at least 2 attacks) in a controlled network environment while Snort is running. Examples of attacks include:

Denial of Service (DoS) attacks

SQL Injection attempts

Buffer overflow exploits

Brute-force login attempts

For each attack, do the following:

(a) Monitor Snort & its alerts for these attacks.

(b) Use Wireshark to capture and analyze the same traffic, and cross-check whether Snort is correctly identifying the malicious activity as per the rules you created.

(c) Make sure to capture all the relevant screenshots and document all the required steps in the report.

Part 3: IDPS Efficiency

A mid-sized financial institution, Global Bank, has implemented an Intrusion Prevention and Detection System (IPDS) to protect its network from cyber threats. To assess the system’s effectiveness, the IT department has partnered with a group of cybersecurity students from ZU university. The students are tasked with analyzing the performance of the IPDS by calculating precision, accuracy, and F-score based on real-world data collected over a month. During a one-month period, Global Bank IPDS generated the following results from its monitoring:

True Positives (TP): 160(malicious intrusions correctly detected and prevented)

False Positives (FP): 30 (benign activities incorrectly flagged as intrusions)

True Negatives (TN): 450 (benign activities correctly identified)

False Negatives (FN): 20 (malicious intrusions that were not detected)

(a) Calculate Precision, Calculate Accuracy, Recall, and F-Score.

(b) Summarize your findings on the efficiency of the IPDS by discussing how precision, accuracy, and F-score indicate the systems effectiveness in detecting and preventing intrusions,

(c) Provide recommendations for improving the IPDS based on your analysis.

Submission

Each student must submit 2 files in the given order. Failure to ensure the order of files will result in reduced grades:

**1. Primary file submission: **Full report in a single PDF. Use this TEMPLATE for the report submission.

2. Secondary file submission: A zip file which must include:

(a) Part 1: Firewall configuration files, Wireshark capture files (.pcap)

(b) Part 2: Snort configuration files, custom rules, Wireshark capture files (.pcap)

WRITE MY PAPER