Practical lab


Practical Network Security Policy Implementation

In this lab you will setup a firewall implementing a typical business security architecture. You will use a stateful firewall supporting content security and analysis.

Securing Access to and between Cloud Services using VPNs

In this section of the lab, you will build an extended network with roaming clients connecting into the internal network via VPNs.

Penetration Testing and Intrusion Detection of Firewall Policy Implementation

In this lab you will set up a firewall running a typical business configuration connect a bank server (referred to as Ray’s Bank) and run external penetration testing tools from the external side of the firewall.

Next, you will introduce a command line version of SNORT on the internal network such that you can monitor suspicious traffic arriving at Ray’s Bank. Then you will introduce a full commercial GUI IDS engine (SNORBY) and examine in much more detail the traffic reaching Ray’s Bank – this stage is equivalent to a formal pen test and intrusion analysis carried out by an IT security engineer in practice.

Traffic Interception

In this section of the lab you will commence by extracting private data from an http connection using interception tools. Then you will move on and do the same thing with an https connection. This demonstrates how security services can pull data from encrypted https sessions. This tool is NOT to be used outside this lab.

Lab Report

Please submit a lab report as a PDF file. It doesn't need to have an introduction or conclusions but it should have headings and be written in a formal style.

You should aim for 5-6 pages.

(1) Provide a brief overview of the security architecture and how it has been implemented.

In particular: (i) what ports are open; (ii) the ping policy; (iii) ftp proxy service; (iv) http packet filter and packet service; (v) https packet filter and https proxy service.

When providing this overview we want to know what is the security threat that is being protected against, a summary of the protection applied and how it will counter the threat.

With respect to application filtering it is sufficient to give an example of an application being filtered and how this will provide protection against a specific threat.

(2) Provide a brief introduction including an equipment interconnection diagram for Ray’s Bank. Next provide a summary of the facilities of the three pen testing tools that you will use from the external side of the firewall – Zenmap, FileZilla, Nessus noting the similarities and differences between these tools.

(3) Describe the use of the SNORT engines that you use for Intrusion Detection on the trusted side of the network alongside Ray’s Bank.

Very briefly explain how the command line version functions but then discuss the monitoring and reporting facilities in SNORBY.

Where you identify any remote services in operation (clue: there are four main ones which require your attention) you are to recommend that either they be shut down - or if required for online services - to recommend secure methods of operation.

Note that if you recommend that all ports/services be closed down (hardly realistic!) for this bank then you will need to explain how the systems staff will carry out software maintenance, how patches and updates are to be handled, how new developments are to be installed for clients and how Cloud Services will operate in practice.

(4) Interception of encrypted http traffic – introduced by Black Hat. Provide a brief summary of how the interception engine works and how it is possible to extract personal data out of https connections. Note that we are only interested in the IT engineering side of such an interception system that could be used by intelligence agencies – not the legal nor ethical issues.


Simply completing the three labs themselves is sufficient to show that you have a basic grasp of the material. It is not graded but is worth approximately a C grade (55%).

The remainder of your grade is gained based upon your completion of the report and you will receive a final letter grade based upon the practical work and the report itself.

Criteria 1 2 3 4 Feedback
Security architecture describes the different components including the firewall and their relationship to each other          
Summary of what ports are open and closed, must consider what is the default firewall policy          
Ping policy (threats, how firewall prevents, possible issues caused by countermeasure)          
FTP policy (threats, how firewall prevents, possible issues caused by countermeasure)          
HTTP policy (threats, how firewall prevents, possible issues caused by countermeasure)          
HTTPS policy (threats, how firewall prevents, possible issues caused by countermeasure)          
Equipment interconnection diagram annotated with information such as IP address and network adapter information          
Zenmap (identified main facilities)          
FileZilla (identified main facilities)          
Nessus (identified main facilities)          
Comparison of the three different tools that shows similarities and differences          
Overview of snort capturing how and why it was used in this particular case study          
Overview of snorby capturing how and why it was used in this particular case study          
Identify and recommend how manage risks associated with remote services in operation          
Explanation of the man-in-the-middle attack          
Overview of the main steps in implementing the attack in the lab using the tool and the requirement for a successful attack          
Discussion of how would implement the attack in the real world, in particular against a home user          
No spelling errors or flaws in punctuation, grammar and sentence construction          
Appropriate use of discipline-specific terminology          
Thoughful sentence and paragraph construction          
Displays clarity of though through cogent argument focused on the question          
1 = standard not met 2 = standard partially met 3 = standard met 4 = exceed expectations