GNS3 for Security Practitioners

This guide is only a small part of the security content that can be learned during the "Master's Degree in Computer Engineering" - Cybersecurity Degree. The guide is used by the students as reinforcement during practical classes, but there is much more content that is not found in the guide. Indeed, the student has access to the virtual machine resulting from the steps in the guide (including all the scripts and networks configured for GNS3), so these steps are only used if the student wants to set up their own environment at home. Moreover, vulnerability analyses are very dependent on the living system. The student learns how to use Metasploit and other pentesting tools during the course, although this is not included in deep in the guide. This guide is only a first step towards cybersecurity training.The objective of this guide is to provide useful information for the deployment of a virtual laboratory using GNS3 with the aim of testing security features. In this guide GNS3 is used together with other tools for training in network security. It is possible to install all these tools in a single virtual machine. In addition, the virtual machine must have nested virtualisation enabled in order to run inside other virtual machines (e.g. Kali Linux)

Operating System Response to Router Advertisement Packet in IPv6.

With growth of internet IPv4 address will run out soon. So the need of new IP protocol is indispensable. IPv6 with 128-bit address space is developed and maintain the support of IPv4 protocols with some upgrades such as BGP, OSPF and ICMP. ICMP protocol used for error reporting, neighbor discovering and other functions for diagnosis, ICMP version 6 has new types of packets to perform function similar to address resolution protocol ARP called Neighbor Discovery Protocol NDP. NDP is responsible for address auto configuration of nodes and neighbor discovery. It define new packets for the purposes of router solicitation, router advertisement and others discovery functions

Konfiguraationhallinnan datan käyttö verkkoinfrastruktuurin hallintaan

Configuration management software running on nodes solves problems such as configuration drift on the nodes themselves, but the necessary node configuration data can also be utilized in managing network infrastructure, for example to reduce configuration errors by facilitating node life cycle management. Many configuration management software systems depend on a working network, but we can utilize the data to create large parts of the network infrastructure configuration itself using node data from the configuration management system before the nodes themselves are provisioned, as well as remove obsolete configuration as nodes are decommissioned.Konfiguraationhallintajärjestelmien käyttö ratkaisee tietoliikenneverkon solmuilla (node) esiintyviä ongelmia kuten konfiguraation ajelehtimista, mutta konfiguraationhallintaan vaadittua tietovarastoa voidaan käyttää myös verkkoinfrastruktuurin hallinnassa, esimerkiksi vähentämään konfiguraatiovirheitä helpottamalla solmujen elinkaaren hallintaa. Useat konfiguraationhallintaohjelmistot vaativat toimivan verkon, mutta suuria osia verkkoinfrastruktuurin konfiguraatiosta voidaan luoda käyttäen konfiguraatiohallinnan tietovarastoa ennen kuin solmuja pystytetään, sekä voidaan varmistaa vanhentuneen konfiguraation poistuminen solmuja alas ajattaessa

Honeynet design and implementation

Over the past decade, webcriminality has become a real issue. Because they allow the botmasters to control hundreds to millions of machines, botnets became the first-choice attack platform for the network attackers, to launch distributed denial of service attacks, steal sensitive information and spend spam emails. This work aims at designing and implementing a honeynet, specific to IRC bots. Our system works in 3 phasis: (1) binaries collection, (2) simulation, and (3) activity capturing and monitoring. Our phase 2 simulation uses an IRC redirection to extract the connection information thanks to a IRC redirection (using a DNS redirection and a "fakeserver"). In phase 3, we use the information previously extracted to launch our honeyclient, which will capture and monitor the traffic on the C&C channel. Thanks to our honeynet, we create a database of the activity of IRC botnets (their connection characteristics, commands on the C&C ), and hope to learn more about their behavior and the underground market they create.M.S.Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahama

Gaming LAN setup with Local and Remote Access and Downloads

The Gaming LAN Setup project aims to design and implement a basic functioning, hardened network that could be utilized locally and remotely to allow users access to respective servers for the option to host a session or join. Users will have the ability to securely log into the internal network to download files via a web interface. The network allows the designated user to take a management position in order to perform basic penetration testing and discover vulnerabilities through various scans to maintain the networ

Design and implementation of an UDP/IP Ethernet hardware protocol stack for FPGA based Systems

The main objective of the thesis has been the design and implementation of a complete UDP/IP Ethernet stack that allow us the connection and use of networks by any FPGA device. The stack has been designed around Ethernet, IPv4 and UDP protocols as it was wanted a fast and scalable way of distant communication. Other protocols have been added as a complement in order to improve its operation like ARP and DHCP. The project has focused around the implementation of this stack as a generic IP core, but it has been extended further on with the implementation of an initial data acquisition interface (DAQ) that would allow us to transmit the information of its channels to the network. At the end, the project has been successfully implemented in a real FPGA system. And all the tests have been passed with minimum packet loss, from simple operational test to more final ones like the test of a DAQ service interface

Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks

To ensure functionality and security of network stacks in industrial device, thorough testing is necessary. This includes blackbox network fuzzing, where fields in network packets are filled with unexpected values to test the device’s behavior in edge cases. Due to resource constraints, the tests need to be efficient and such the input values need to be chosen intelligently. Previous solutions use heuristics based on vague knowledge from previous projects to make these decisions. We aim to structure existing knowledge by defining Vulnerabil- ity Anti-Patterns for network communication stacks based on an analysis of the recent vulnerability groups Ripple20, Amnesia:33, and Urgent/11. For our evaluation, we implement fuzzing test scripts based on the Vulnerability Anti-Patterns and run them against 8 industrial device from 5 different device classes. We show (I) that similar vulnerabilities occur in implementations of the same protocol as well as in different protocols, (II) that similar vulnerabilities also spread over different device classes, and (III) that test scripts based on the Vulnerability Anti-Patterns help to identify these vulnerabilities

Customizing Data-plane Processing in Edge Routers

While OpenFlow enables the customization of the control plane of a router, currently no solutions are available for the customization of the data plane. This paper presents a prototype that offers to third parties (even end-users) the possibility to install their own applications on the data plane of a router, particularly the ones operating at the edge of the network. This paper presents the motivation of the idea, the reason why we use OpenFlow even if it does not seem appropriate for the data plane, the architecture and the implementation of our prototype, and a first characterization of the system running in our la