Laboratory Activity
CIT 220 - Information Assurance and Security
2
4 - ST
4 – NIS
1. Vulnerability Scanning and
Penetration Testing
Objectives:
To identify vulnerabilities in a target system using scanning
tools.
To attempt to exploit identified vulnerabilities to gain
unauthorized access.
To create a detailed vulnerability assessment report.
Materials:
A target system (e.g., a virtual machine or a dedicated
server)
Vulnerability scanning tools (e.g., Nmap, Nessus)
Penetration testing tools (e.g., Metasploit, Burp Suite)
A network analyzer (e.g., Wireshark)
Procedure:
1. Gather Information:
o Footprinting: Collect information about the target
system, such as its IP address, domain name, and
services running on it.
o Banner Grabbing: Retrieve service banners to identify
the version and configuration of running services.
2. Vulnerability Scanning:
o Port Scanning: Use Nmap or similar tools to identify
open ports on the target system.
o Vulnerability Scanning: Employ Nessus or other
vulnerability scanners to detect known vulnerabilities in
the target system's software and configurations.
3. Exploit Development:
� o Research Exploits: Search for publicly available
exploits or create custom exploits based on identified
vulnerabilities.
o Test Exploits: Attempt to exploit the vulnerabilities
using appropriate tools and techniques.
4. Post-Exploitation:
o Privilege Escalation: If successful exploitation grants
limited access, attempt to escalate privileges to gain
more control over the system.
o Lateral Movement: Explore ways to move laterally
within the network to compromise other systems.
o Data Exfiltration: If necessary, extract sensitive data
from the compromised system.
5. Report Creation:
o Document Findings: Create a detailed report
summarizing the identified vulnerabilities, exploited
vulnerabilities, and any gained access.
o Provide Recommendations: Offer recommendations
to mitigate the identified vulnerabilities and improve
the system's security.
Additional Considerations:
Ethical Hacking: Ensure that you have proper authorization
to conduct penetration testing on the target system.
Consent: Obtain explicit consent from the system owner
before proceeding with the exercise.
Legal Implications: Be aware of legal and ethical
considerations, especially when dealing with sensitive data.
Risk Assessment: Evaluate the potential risks associated
with the testing process and take appropriate measures to
mitigate them.
2. Digital Forensics
Objectives:
To simulate a cybercrime incident and collect evidence from
various digital sources.
To analyze the collected evidence using forensic tools to
identify the perpetrator or the cause of the incident.
To prepare a forensic report summarizing the findings.
� Materials:
A forensics workstation with appropriate software (e.g.,
Autopsy, FTK, Cellebrite)
A target system (e.g., a virtual machine or a physical
computer)
A network analyzer (e.g., Wireshark)
A write-blocker device (optional)
Procedure:
1. Create a Simulated Incident:
o Scenario Development: Develop a scenario for a
cybercrime incident, such as a data breach, malware
infection, or unauthorized access.
o Evidence Planting: Plant evidence within the target
system, such as deleted files, modified timestamps, or
network traffic related to the incident.
2. Evidence Acquisition:
o Secure the Scene: Isolate the compromised system
from the network to prevent further damage.
o Image Acquisition: Create an exact copy of the
system's storage media using a write-blocker device to
preserve the original data.
o Network Traffic Capture: Capture network traffic
using Wireshark or similar tools to analyze
communications related to the incident.
3. Evidence Analysis:
o File System Analysis: Use forensic tools to examine
the file system for deleted files, hidden data, or
modified timestamps.
o Artifact Analysis: Analyze various artifacts within the
system, such as registry entries, cookies, and browser
history.
o Network Traffic Analysis: Analyze network traffic to
identify suspicious activity, communication patterns, or
data exfiltration.
4. Evidence Correlation:
o Timeline Creation: Create a timeline of events based
on the collected evidence to identify the sequence of
actions.
� o Correlation Analysis: Correlate different pieces of
evidence to identify potential suspects or the root
cause of the incident.
5. Report Creation:
o Document Findings: Prepare a detailed forensic
report summarizing the collected evidence, analysis
results, and conclusions.
o Provide Recommendations: Offer recommendations
to prevent similar incidents in the future and improve
the organization's security posture.
Additional Considerations:
Legal and Ethical Implications: Adhere to relevant legal
and ethical guidelines when conducting forensic
investigations.
Chain of Custody: Maintain a strict chain of custody for all
evidence to ensure its integrity.
Documentation: Document every step of the investigation
to provide a clear and verifiable record.
Tool Selection: Choose appropriate forensic tools based on
the specific requirements of the investigation.
3. Incident Response and Recovery Lab
Exercise
Objectives:
To simulate a cyberattack and develop an incident response
plan.
To implement the plan to contain the attack, eradicate the
threat, and recover the affected systems.
To evaluate the effectiveness of the incident response
process.
Materials:
A target system (e.g., a virtual machine or a physical
computer)
A simulated attack tool (e.g., Metasploit, Burp Suite)
Incident response tools (e.g., security information and event
management (SIEM) system, vulnerability scanner)
� A disaster recovery plan
Procedure:
1. Develop an Incident Response Plan:
o Identify Critical Assets: Determine the organization's
most critical assets and their dependencies.
o Define Incident Response Roles and
Responsibilities: Assign roles and responsibilities to
team members involved in incident response.
o Establish Communication Channels: Define
communication channels and protocols for reporting
and coordinating incident response activities.
o Create Playbooks: Develop detailed playbooks for
common incident scenarios.
2. Simulate a Cyberattack:
o Choose an Attack Scenario: Select a realistic attack
scenario, such as a ransomware attack or a data
breach.
o Launch the Attack: Use simulated attack tools to
compromise the target system and simulate the effects
of the attack.
3. Activate the Incident Response Plan:
o Contain the Attack: Isolate the affected system from
the network to prevent further damage.
o Eradicate the Threat: Remove the malicious software
or exploit from the system.
o Recover Systems: Restore affected systems and data
from backups.
4. Conduct Post-Incident Analysis:
o Review Response Effectiveness: Evaluate the
effectiveness of the incident response plan and identify
areas for improvement.
o Identify Root Causes: Determine the root causes of
the incident to prevent similar attacks in the future.
o Update the Incident Response Plan: Make
necessary updates to the plan based on the lessons
learned from the simulation.
Additional Considerations:
� Testing and Training: Regularly test the incident response
plan and conduct training exercises to ensure team
members are prepared to respond effectively.
Communication: Maintain open and transparent
communication with stakeholders throughout the incident
response process.
Documentation: Document all incident response activities
to provide a clear record for future reference.
Continuous Improvement: Continuously review and
update the incident response plan to adapt to evolving
threats and best practices.
4. Cryptography Lab Exercise
Objectives:
To implement various encryption algorithms using
programming languages.
To analyze the security properties of different encryption
schemes.
To explore key management techniques and digital
signatures.
Materials:
A programming environment (e.g., Python, Java, C++)
Cryptography libraries (e.g., OpenSSL, Cryptography.io)
Procedure:
1. Implement Encryption Algorithms:
o Symmetric Encryption: Implement symmetric
encryption algorithms like AES, DES, or Blowfish.
o Asymmetric Encryption: Implement asymmetric
encryption algorithms like RSA or Elliptic Curve
Cryptography (ECC).
o Hash Functions: Implement hash functions like MD5,
SHA-1, or SHA-256.
2. Analyze Security Properties:
o Strength: Evaluate the strength of different encryption
algorithms against various attacks (e.g., brute force,
frequency analysis).
o Efficiency: Compare the computational efficiency of
different algorithms.
� o Key Management: Explore key management
techniques, such as key generation, distribution, and
storage.
3. Explore Digital Signatures:
o Create Digital Signatures: Implement digital
signature schemes using asymmetric encryption
algorithms.
o Verify Digital Signatures: Verify the authenticity and
integrity of digitally signed messages.
4. Implement Key Exchange Protocols:
o Diffie-Hellman Key Exchange: Implement the Diffie-
Hellman key exchange protocol to securely establish
shared secrets.
o Public Key Infrastructure (PKI): Explore PKI
concepts and implement certificate-based
authentication and encryption.
Additional Considerations:
Security Best Practices: Adhere to security best practices
when implementing cryptographic algorithms and managing
keys.
Real-World Applications: Explore real-world applications
of cryptography, such as secure communication, data
protection, and digital signatures.
Cryptographic Attacks: Study common cryptographic
attacks and their countermeasures.
5. Network Security Lab Exercise
Objectives:
To configure a network firewall to protect against common
attacks.
To implement intrusion detection and prevention systems
(IDPS).
To analyze network traffic using tools like Wireshark to
identify potential threats.
Materials:
A network simulator (e.g., GNS3, Packet Tracer)
Network devices (e.g., routers, switches, firewalls)
� Intrusion detection and prevention systems (e.g., Snort,
Suricata)
Network analysis tools (e.g., Wireshark)
Procedure:
1. Configure a Network Firewall:
o Create a Network Topology: Design a network
topology that includes routers, switches, and a firewall.
o Configure the Firewall: Set up rules to allow
authorized traffic and block unauthorized traffic.
o Test the Firewall: Simulate various attack scenarios
to evaluate the firewall's effectiveness.
2. Implement Intrusion Detection and Prevention
Systems (IDPS):
o Deploy IDPS: Install and configure IDPS software on a
network device or a dedicated server.
o Create Signature Rules: Define rules to detect known
attack signatures.
o Monitor Network Traffic: Analyze network traffic for
suspicious activity and trigger appropriate responses.
3. Analyze Network Traffic:
o Capture Network Traffic: Use Wireshark or similar
tools to capture network traffic.
o Analyze Packets: Examine packet headers, payloads,
and protocols to identify potential threats.
o Identify Anomalies: Look for unusual patterns or
deviations from normal network behavior.
4. Simulate Attacks:
o Port Scanning: Simulate port scanning attacks to test
the firewall's effectiveness.
o Denial of Service (DoS) Attacks: Launch DoS
attacks to evaluate the network's resilience.
o Exploit Vulnerabilities: Attempt to exploit known
vulnerabilities in network devices.
5. Evaluate Security Posture:
o Assess Risk: Evaluate the network's security posture
and identify potential vulnerabilities.
o Implement Mitigations: Implement appropriate
security measures to address identified risks.
Additional Considerations:
� Best Practices: Follow network security best practices,
such as regular patching, strong password policies, and
access controls.
Threat Intelligence: Stay informed about emerging threats
and update security measures accordingly.
Monitoring and Auditing: Implement monitoring and
auditing procedures to detect and respond to security
incidents.
6. Cloud Security Lab Exercise
Objectives:
To explore cloud security best practices and standards.
To evaluate the security of different cloud service models.
To implement security measures to protect data and
applications in the cloud.
Materials:
A cloud platform account (e.g., AWS, Azure, GCP)
Cloud security tools (e.g., security groups, IAM, encryption)
Network analysis tools (e.g., Wireshark)
Procedure:
1. Understand Cloud Security Concepts:
o Shared Responsibility Model: Learn about the
shared responsibility model between cloud providers
and customers.
o Cloud Security Standards: Study cloud security
standards like CIS Controls, NIST CSF, and ISO 27001.
o Common Threats: Identify common cloud security
threats, such as data breaches, unauthorized access,
and malware.
2. Evaluate Cloud Service Models:
o IaaS: Analyze the security implications of using
Infrastructure as a Service (IaaS).
o PaaS: Evaluate the security of Platform as a Service
(PaaS) offerings.
o SaaS: Assess the security of Software as a Service
(SaaS) applications.
3. Implement Security Measures:
� o Identity and Access Management (IAM): Configure
IAM policies to control access to cloud resources.
o Encryption: Implement encryption for data at rest and
in transit.
o Network Security: Configure network security
controls like security groups and firewalls.
o Data Loss Prevention (DLP): Implement DLP
measures to prevent unauthorized data exfiltration.
o Patch Management: Keep cloud resources up-to-date
with security patches.
4. Simulate Attacks:
o Test Security Controls: Simulate common cloud
attacks (e.g., injection attacks, unauthorized access) to
evaluate the effectiveness of security measures.
o Identify Vulnerabilities: Identify potential
vulnerabilities in the cloud environment.
5. Monitor and Audit:
o Implement Logging and Monitoring: Enable logging
and monitoring to track cloud activities.
o Review Security Logs: Regularly review security logs
for suspicious activity.
Additional Considerations:
Compliance: Ensure compliance with relevant regulations
and industry standards.
Third-Party Assessments: Consider using third-party
assessments to validate the security of cloud services.
Continuous Monitoring: Implement continuous monitoring
and threat detection to identify and respond to security
incidents.
