ELEC S425F Computer and Network Security Mini-Project (20% out of total marks)
Released on 25 March 2022
Submission deadline: Thursday, 27 April 2022 Contents
Task 1: Set up a HTTPS Web Server………………………………………………………2 Step 1. Download Lubuntu pre-installed disk-image from osboxes.org ….2 Step 2. Create a new Virtual Machine……………………………………………….3 Step 3. Switch on the Lubuntu Virtual Machine ………………………………….4
Copyright By PowCoder代写 加微信 powcoder
Task 2: Set up a HTTPS website with self-signed certificate ………………………7 Step 1. Generate a CSR (Certificate Signing Request) ……………………….7 Step 2. Copy the certificate and the private key to suitable folders………12 Step 3. Start Web Server and enable SSL module …………………………… 12 Step 4. Add Virtual Host………………………………………………………………..12 Step 5. Create folders and HTML for website ………………………………….. 14 Step 6. Enable the new site ………………………………………………………….. 14 Step 7. Add entries in the Hosts file ……………………………………………….. 14
Task 3: Install Kali Linux………………………………………………………………………16 Step 1. Download Kali VirtualBox image and import into VirtualBox…….16 Task 4: Access the HTTPS Web Server from Kali……………………………………18
Step 1. Set the network configuration of the HTTPS Web Server (Lubuntu) installed in Project Part One. ………………………………………….. 18
Step 2. Establish HTTPS connection to the Web Sever. ……………………18 Task 5: Denial of Server DOS Attack …………………………………………………….19 Step 1. Install attack tools on the Kali system…………………………………..19 Step 2. Attack in slow message body mode:…………………………………….19 Step 3. Attack in Slowloris mode…………………………………………………….21
Step 4. Try accessing the Web Server when it is under DOS attack using
Firefox………………………………………………………………………………………..22 Task 6: Firewall to mitigate DOS Attack ………………………………………………… 23 Step 1. Check iptables………………………………………………………………….23
Step 2. Implement iptables rule(s) to mitigate the slowhttptest Slowloris mode attack………………………………………………………………………………..23
Task 7: Firewall to block website access………………………………………………..24 Task 8. Demo another DoS attack tool…………………………………………………..24
Task 1: Set up a HTTPS Web Server
Step 1. Download Lubuntu pre-installed disk-image from osboxes.org
Download and Lubuntu_21.10_osboxes.7z (https://www.osboxes.org/lubuntu/#lubuntu-21-10-vbox)
Unzip the file (e.g.Desktop\Security Project – Lubuntu\)
Step 2. Create a new Virtual Machine
Go to https://www.virtualbox.org/
Download and install VirtualBox 6.1, Open VirtualBox, create a new Linux Virtual Machine
Choose ‘Use an existing virtual hard disk file’ and select the unzipped vdi file as hard disk.
Step 3. Switch on the Lubuntu Virtual Machine
Switch on the Lubuntu VM and login with the following account Login: osboxes
Password: osboxes.org
Install Guest Additions CD image
In terminal:
sudo apt install dkms build-essential
cd /media/osboxes/VBox_Gas_6.1.32/
sudo ./VBoxLinuxAdditions.run
Restart the system.
Hint: You can enable Bidirectional Shared Clipboard after installing VB Guest Additions.
Question 1.3 Use the ‘date’ command to show the time and date when you finish Task 1 and capture the screen in your report
Task 2: Set up a HTTPS website with self-signed certificate
!Note: when you do the following steps, you must replace “s1234567” with your HKMU email ID. Otherwise no marks will be given.
Step 1. Generate a CSR (Certificate Signing Request)
Open a new terminal and run the following command
sudo openssl req -new -newkey rsa:2048 -nodes -keyout
s1234567.key -out s1234567.csr
Question 2.1
a) The file “s1234567.key” contains the server private key.
List all information that is contained in the private key, including the modulus, exponent, etc. (Please provide screen-capture(s) including the command(s) you used)
b) The file “s1234567.csr” is the CSR (Certificate Signing Request) that will be used later for creating the certificate.
List all information that is contained in a CSR. (Please provide screen-capture(s) including the command(s) you used)
Generate the Certificate
c) The file s1234567.crt is the digital certificate.
Run the following commands in a terminal:
sudo openssl x509 -in s1234567.csr -out s1234567.crt -req -signkey s1234567.key -days 365
List all information that is contained in the certificate.
(Please provide screen-capture(s) including the command(s) you used) Sample:
Step 2. Copy the certificate and the private key to suitable folders
Step 3. Start Web Server and enable SSL module
Step 4. Add Virtual Host
Copy the certificate and the private key to suitable folders by running the following commands:
sudo cp s1234567.crt /etc/ssl/certs/server.crt
sudo cp s1234567.key /etc/ssl/private/server.key
Run the following commands: sudo apt-get install apache2 sudo a2enmod ssl
sudo service apache2 restart
sudo service apache2 status
Use an editor to create a file named “s1234567.hk.conf” with the following content. Save it in folder: /etc/apache2/sites-available/
ServerAdmin
ServerName s1234567.hk
ServerAlias www.s1234567.hk
DocumentRoot /var/www/s1234567.hk/html/
ErrorLog /var/www/s1234567.hk/logs/http.error.log
CustomLog /var/www/s1234567.hk/logs/http.access.log combined
ServerAdmin ServerName s1234567.hk
ServerAlias www.s1234567.hk
DocumentRoot /var/www/s1234567.hk/html/
ErrorLog /var/www/s1234567.hk/logs/https.error.log
/var/www/s1234567.hk/logs/https.access.log combined
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
Step 5. Create folders and HTML for website
Run the following commands:
sudo mkdir /var/www/s1234567.hk
sudo mkdir /var/www/s1234567.hk/html
sudo mkdir /var/www/s1234567.hk/logs
Add a sample HTML in the folder: /var/www/s1234567.hk/html/ Name it “index.html”. Your full name must be included in the html file.
created by chantaiman
Step 6. Enable the new site
Step 7. Add entries in the Hosts file
Question 2.7 Report your result
a) Use your browser to visit the website with https. Provide screen shot(s) to show that the SSL/TLS site has been set up successfully.
b) Provide screen shot(s) to show the details of the certificate via the browser.
Run the following commands:
sudo a2ensite s1234567.hk
Sudo systemctl reload apache2
Add entries in the file /etc/hosts so that the domain name will be mapped to the IP address of the web server.
Task 3: Install Kali Linux
Step 1. Download Kali VirtualBox image and import into VirtualBox
https://www.kali.org/get-kali/#kali-virtual-machines
Download Kali Linux Virtulbox image, the file name is like kali-linux-2021.4a- virtualbox-amd64.ova.
Set up ‘NAT Network’ in VirtualBox File > Preferences
Network > Adds new NAT network
Set up network configuration of the Kali system Shutdown the Kali system properly.
Kali virtual machine Network setting:
Attached to: NAT Network
Name: NatNetwork (the newly created NAT network)
Switch on the Kali system.
Question 3.1 What is the IP address of your Kali system?
(Please provide screen-capture(s) including the command(s) you used)
Task 4: Access the HTTPS Web Server from 1. Set the network configuration of the HTTPS Web Server (Lubuntu) installed in Project Part One.
Question 4.1 What is the IP address of your Web Server? (Please provide screen-capture(s) including the command(s) you used)
Step 2. Establish HTTPS connection to the Web Sever.
On Kali, open a web browser. Show that you can establish HTTPS connection from Kali to the Web Server.
Shutdown the HTTPS Web Server properly.
Web Server (Lubuntu) virtual machine Network setting: Attached to: NAT Network
Name: NatNetwork (the newly created NAT network)
Switch on the Web Server virtual machine.
Hint: If you encounter security warning regarding the SSL certificate, ignore it and continue.
Question 4.2 Can you establish the HTTPS connection from Kali to the Web Server?
(Please provide screen-capture(s) including the command(s) you used)
Task 5: Denial of Server DOS Attack
Step 1. Install attack tools on the Kali system
sudo apt-get update
sudo apt install libssl-dev
(press enter to use default options)
git clone https://github.com/shekyan/slowhttptest cd slowhttptest
./configure
Step 2. Attack in slow message body mode:
slowhttptest -c 65539 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://IP_WEB_SERVER/index.html -x 10 -p 3 -l 6000
(WEB_SERVER_IP is the IP address of your webserver)
You can see the status of the DOS attack. The webserver is disabled when ‘service available = no’.
Ctrl+C to stop the DOS attack.
Question 5.2 Show the attack HTML report (my_body_stats.html).
xdg-open ./my_body_stats.html
Step 3. Attack in Slowloris mode.
https://en.wikipedia.org/wiki/Slowloris_(computer_security)
slowhttptest -c 65539 -H -i 10 -r 100 -t GET -u https://IP_WEB_SERVER/index.html -x 24 -p 3 -g -o my_header_stats -l 6000
Try accessing the Web Server when it is under DOS attack using wget.
wget https://10.0.2.5/index.html –no-check-certificate
Question 5.3: Explain the wget result when the Web Server is under DOS attack. Provide screen capture(s) if necessary.
Step 4. Try accessing the Web Server when it is under DOS attack using Firefox.
On Kali, close all existing Firefox sessions and open a ‘ Window’.
Try accessing the HTTPS index page (https://IP_WEB_SERVER/index.html)
You can find that the Firefox keep loading but the page cannot be accessed (in the period when slowhttptest ‘service available: NO’).
Note 1: Close all existing Firefox and open a ‘ Window’ to avoid showing a cached result.
Note 2: You can use another virtual machine to test that the availability of the Web Server under DOS attack.
Ctrl+C to stop the DOS attack.
Question 5.4 : Show the attack HTML report again.
Task 6: Firewall to mitigate DOS Attack
Step 1. Check iptables
On the Web Server, check the current Firewall setting.
sudo iptables -L
Step 2. Implement iptables rule(s) to mitigate the slowhttptest Slowloris mode attack.
Using iptables to limit the number of connections from the Kali machine to 20.
Linux kernels come with a packet-filtering framework named Netfilter. Netfilter enables the dropping and modifying traffic coming in and going out of a system, and can be used as a powerful firewall. The iptables is the user-space command-line tool builds upon this functionality. Iptables is installed by default on all many Linux distributions, including Ubuntu, Lubuntu etc.
Hint 1: While slowhttptest still reports that the service is unavailable, in fact, it is only unavailable to the Kali machine.
Your resolution will be evaluated by both effectiveness and efficiency (in short, the simpler solution, the better. Bonus will be given if it could be demonstrated with another virtual machine that your iptables implementation works.
Note: Before setting iptables on the Web Server machine, start the slowloris attack on Kali.
Question 6.2
Task 7: Firewall to block website access
Question 7: You are requested to config the iptables firewall on the Web Server to block the access of Facebook from the Web Server machine.
Task 8. Demo another DoS attack tool
Question 8. Demo another DoS attack tool and write down the detailed steps.
Screen captures:1) the commands you used; 2) access the website before
applying the iptables 3) access the website after applying the iptables
Many companies have firewall configuration to prevent staff accessing some websites unrelated to work.
Screen captures:1) the commands you used; 2) access the facebook before applying the iptables 3) access the facebook after applying the iptables
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com