This Intermediate level, real world lab exercise has students log into a worm-infected CentOS Linux server (ssh terminal only) and follow prescribed steps to secure, clean up and lock down the infected server. Students will use utilities such as chkconfig, service, ps, and kill to examine running services and shut down potentially malicious ones; netstat and nmap to identify rogue network services; iptables to properly configure the firewall; and, package management software such as rpm and yum to verify and repair system packages.
This introductory lab has students scanning a small network subnet using nmap to identify live hosts and open ports. Targets include three virtual machines: a web server, a vulnerable Samba server, and an FTP server, as well as other open network ports. It teaches Linux utilities for reconnaissance and scanning such as whois, ifconfig, and nmap with various command-line switches.
This introductory lab has students learn how to use both symmetric and asymmetric encryption at the Linux command line. This exercise includes an encryption primer and an introduction to symmetric encryption using the Linux utility ccrpyt. It also has students use the Linux gpg utility to create a public/private key pair, as well as encrypt and decrypt a file using public-key cryptography.
This introductory lab has students conducting a password audit using John the Ripper, a free open source password cracking software tool, on a Linux computer.
This introductory lab has students using simple command injection to attempt to gain unauthorized access to data on an intentionally vulnerable web server. The lab document includes a brief primer on command injection and an introduction to DVWA and its command injection tab so students can use command injection to answer a series of lab questions.
This introductory lab has students using simple SQL injection to attempt to gain unauthorized access to data on an intentionally vulnerable web server. The lab document includes a brief SQL primer so that students understand enough to exploit simple SQL injection attacks, followed by an introduction to DVWA and its SQL Injection page for testing injection techniques.
Students will use various block cipher modes of encryption to encrypt files and then compare and contrast based on the degree of data hiding achieved and the impact of bit errors on the encrypted document when it is decrypted.
Students will use Snort to examine a packet capture file and then examine the results using BASE (Basic Analysis and Security Engine), a web front-end for Snort. Students will then examine and implement iptables rules on a Linux virtual machine.
This individual laboratory exercise will familiarize you with the Virginia Cyber Range and provide some hands-on experience with password cracking and buffer overflows.
This Beginner Plus level lab exercise introduction to Linux host-based network security consists of two parts. It will provide some hands-on layered defense experience with hardening a LAMP (Linux, Apache, MySQL, PHP) server by examining what ports, IPs and services are exposed to the network, and work on addressing and securing the outstanding network security issues layer by layer.