Security Labs in OPNET IT Guru

Security Labs in OPNET IT Guru
Security Labs in OPNET
IT Guru
Enginyeria i Arquitectura La Salle
Universitat Ramon Llull
Barcelona 2004
Security labs
Enginyeria i Arquitectura La Salle
Security Labs in OPNET IT Guru
Authors:
Cesc Canet
Juan Agustín Zaballos
Translation from Catalan:
Cesc Canet
-I-
Overview
This project consists in practical networking scenarios to be done with OPNET IT Guru
Academic Edition, with a particular interest in security issues.
The first two parts are a short installation manual and an introduction to OPNET. After
that there are 10 Labs that bring into practice different networking technologies. Every
Lab consists in a theoretical introduction, a step-by-step construction of the scenario
and finally Q&A referring to the issues exposed.
Lab 1: ICMP Ping, we study Ping traces and link failures.
Lab 2: Subnetting and OSI Model, we study tiers 1,2 and 3 of the OSI model, and
the Packet Analyzer tool to observe TCP connections.
Lab 3: Firewalls, we begin with proxies and firewalls. We will deny multimedia traffic
with a proxy, and study the link usage performance.
Lab 4: RIP explains the RIP routing protocol, and how to create timed link failures
and recoveries.
Lab 5: OSPF compares RIP. We study areas and Load Balancing.
Lab 6: VPN studies secure non-local connections. A Hacker will try to access into a
server that we will try to protect using virtual private networks.
Lab 7: VLAN creates user logical groups with Virtual LANs. Studies One-ArmedRouter interconnections.
Lab 8: Dual Homed Router/Host, Lab 9: Screened Host/Subnet. DMZ and Lab
10: Collapsed DMZ explains the static routing tables, ACLs, proxies and internal vs.
perimetric security. Lab 10 is 100% practical, we want you to create it on your own, a
piece of cake if you did the other Labs!
Security labs
Enginyeria i Arquitectura La Salle
Lab 2: Subnetting & OSI model
IP addresses are classified in classes, to divide Internet in subnets, to have a better
use of Internet addresses. Subnet addresses have a subnet part and a host part.
There are 5 different types of classes:
Class
A
Number of
subnet bits
8
Number of host
bits
24
First bits
B
16
16
10...
C
24
8
110..
0...
Address range
0.0.0.0
127.255.255.255
128.0.0.0
192.255.255.255
223.0.0.0
223.255.255.255
–
–
–
Table L2.1 Address classes
A Subnet mask is an address which network part is full of 1s and the host part is full
of 0s. We can obtain the host part of an IP address using an AND operation with its
subnet mask, and the network part using the XOR operation.
Network addresses are defined in the network layer of the OSI model, so routers can
divide networks, but not switches, bridges or hubs.
Lab Description
This lab shows how ITGAE performs subnetting. We are going to design a complex
LAN network, using many different devices (workstations, servers, hubs, bridges,
switches, routers and an Internet cloud), and Class C subnetting. One workstation will
ping another one far away from it, so we can study the ping trace and try to
understand the OSI model from it.
Creating the scenario
1. Open a new Project in OPNET IT Guru Academic Edition (File
New Project)
using these values (use default values for the remainder):
•
Project Name: <your_name>_Subnetting
-2-
Security labs
•
•
Enginyeria i Arquitectura La Salle
Scenario Name: AutoAssignedAddresses
Network Scale: Campus
Press Next several times in the Startup Wizard until a new Project Editor is
opened with a blank grid.
Zoom +
into a small part of the map, so we could do a Zoom – later if
we need some more room if the scenario is quite big.
Open the Object Palette
from the Project Editor, and pick up the
following components from the Sm_Int_Model_List palette:
•
•
•
1 Sm_Application_Config control
1 Sm_Profile_Config control
1 Sm_Int_wkstn control (We’ll do copy & paste to have 22 more units).
From the Cisco palette, pick up this items:
•
3 routers CS_7505_5s_e6_fe2_fr4_sl4_tr4. They appear as Cisco 7505
in the palette, but once you drop them into the Grid you can choose the
model:
L2.2 Choosing a particular Cisco 7505 model
•
2 routers CS_7000_6s_a_e6_fe6_fr4_sl4_tr4 (Cisco 7000 in the
palette).
From the Ethernet palette:
•
4 ethernet16_bridge bridges
•
8 ethernet16_hub hubs
•
1 IP Attribute Config control
-3-
Security labs
Enginyeria i Arquitectura La Salle
From the 3Com palette:
•
1 3C_SSII_3900_4s_ae36_ge3 switch (3Com SSII 3900-36 in the
Palette).
From the internet_toolbox palette:
•
2 ppp_server servers
•
1 ip32_cloud Internet model
Rename the nodes using the names in pictures L2.3 and L2.4.
We need 23
nodes using names 1,2,...23. We don’t want to set the names individually, so
we
just
change
the
name
of
the
number
1
(right
click
Edit
Attributes
Name: 1 and then use Copy & Paste 22 times. OPNET will
manage to assign consecutive node numbers. Change the names of the other
elements as well.
L2.3 Device names
Build up all the wires of the network. Use 10BaseT for all the links except
servers
and
Internet
links
(PPP_DS1).
These
links
are
in
palette
internet_toolbox. Picture L2.4 shows how color and width parameters for the
links have been changed as well, and the Grid is been hidden. This is not
necessary, but details are better seen with this options.
-4-
Security labs
Enginyeria i Arquitectura La Salle
L2.4. The scenario completed with all the links
2. Network addresses definition:
Click on any workstation of the Grid, and use Select Similar Nodes from the
right button option to select all the stations. Click on any station, and use Edit
Attributes from the right-button menu. Mark Apply Changes to Selected
Objects to perform changes on all selected stations at the same time. Change
the following values:
•
IP Host Parameters
Interface Information
o
o
Address: AutoAssigned
Subnet Mask: Class C (natural)
L2.5 Changing attributes to multiple stations
Repeat the same steps for the Cisco 7505 routers (Router 1,2,3). Use the
following values:
•
IP Routing Parameters Loopback Interfaces
row 0
-5-
Security labs
Enginyeria i Arquitectura La Salle
o
Address: AutoAssigned
o
Subnet Mask: Class C (natural).
L2.6 Changing attributes to multiple routers
Do the same steps for the Cisco 7000 routers (Routers 4 and 5). Give
automatic IP addresses to all interfaces from the Project Editor, using:
•
Protocols
IP
Addressing
Auto-Assign IP Addresses.
3. Assigning services to servers:
Assign the following Application: Supported Services:
•
FTP and Telnet Server: File Transfer (Heavy), Telnet Session (Heavy)
•
Printer and DB Server: File Print (Heavy), Database Access (Light).
To assign services, right click on a server, and then click on Edit
Attributes
Application: Supported Services
Edit... On this dialog you
can add on the services. Set the number of services in the rows field, and then
edit the Name of each row. Make sure the field Description is Supported,
and click on OK twice to close the dialogs.
4. Creating the ping traffic demand:
Select two workstations far away one from the other like workstation 23 and
FTP and Telnet Server, and create a ping from the workstation to the server.
Use the ip_ping_traffic object from the internet_toolbox palette, and click
on the traffic start (23) and then the traffic end (FTP and Telnet Server).
When finished, click on Abort Demand Definition.
Right click on the arrow representing the Ping traffic, and click on Edit
Attributes. Set Ping Pattern:Record Route and press OK. Now we can see
all the layer-3 devices the ECHO/ECHO REPLY packets have gone through.
-6-
Security labs
Enginyeria i Arquitectura La Salle
Simulating the Project
•
Click on configure/run simulation, and set Duration to 1 hour(s).
•
Click on Run.
Results analysis
When the simulation is over,
1. Close the simulation window (Close).
2. Write down the IP address of each node and interface. You can get the IP
address doing right click
Edit Attributes and:
•
On
workstations
and
servers,
IP
Host
Parameters
Interface
Information
Address.
•
On routers, IP Routing Parameters
Interface Information and unfold
the hierarchy:
L2.7 IP Addresses of router interfaces
Information is ordered by rows, each row containing information for each
interface of the router. On picture L2.7, interface IF0 has IP address 192.0.1.4.
The only IP addresses that appear are those that are connected to some
network. When a link starts/finishes into a router, OPNET gets a free interface
-7-
Security labs
Enginyeria i Arquitectura La Salle
and assigns it to the links automatically. The way interfaces are assigned
depends on the router model. On Picture L2.7, it’s a Cisco 7505 router. The
real name is CS_7505_5s_e6_fe2_fr4_sl4_tr4 and can be found in the
Attributes. This means "Cisco Systems (CS) with 5 slot chassis, 6 Ethernet
ports, 2 Fast Ethernet Ports, 4 Frame Relay ports, 4 Serial IP connectors (SLIP)
and 4 Token Ring ports”. Finding out the way ports are assigned is somehow
difficult, but you can get this information also right-clicking on the router
model you’re interested in on the Object Palette. The Model Description
dialog describes on the Comments textbox, a complete description of all
interfaces on the Interconnections section:
L2.8 Model Description
Slot#
----0
1
2
3
Technology
Interface#
------------------6 eth10T
0-5
2 eth100T
6-7
4 Token Ring
8-11
4 Frame Relay
12-15
4 SLIP
16-19
RSP1 (reserved)
Table L2.9 Interconnections section
So, if Router 1 has interfaces 0,1,2 reserved, this means these are et10T
(10BaseT). These interfaces are assigned to Hub 1, Switch 1 and Hub 2. They
are assigned using the same order the links were created, and you can see on
the pop up tool tip when you click on a link:
-8-
Security labs
Enginyeria i Arquitectura La Salle
L2.10 Finding out the interface names of a link
Now we are able to find out the IP addresses of all interfaces and networks.
Questions
Q1 Fill up the table with the IP address, subnet address and mask and interface name
for each network and interface:
Station or interface
IP Address
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Router 1 Loopback
Router 1 to Switch 1
Router 1 to Hub 2
Router 1 to Hub 1
Router 2 Loopback
Router 2 to Bridge 2
-9-
Address and
Subnet Mask
Interface
Security labs
Enginyeria i Arquitectura La Salle
Router 2 to Hub 7
Router 2 to Hub 6
Router 3 Loopback
Router 3 to Hub 5
Router 3 to Hub 8
Router 4 Loopback
Router 4 to Printer and DB Server
Router 4 to Internet
Router 4 to Hub 6
Router 5 Loopback
Router 5 to Internet
Router 5 to FTP and Telnet Server
Printer and DB Server
FTP and Telnet Server
Internet Loopback
Q2 According to the table, which devices divide networks?
Q3 Which are the layer-3 networks? Draw the layer 3 networks upon picture L2.4.
Q4 Analyze the ICMP Ping (PING REPORT)
Q5 On the network picture, find out the devices the ECHO and REPLY go through.
Does the ping go through Hub 4 and Router 3? Why some devices appear on the ping
trace and some don’t?
Q6 Why the IP address of Router 3 of the ECHO and REPLY paths is not the same?
Q7 What does the Hop Delay field stands for? Why is the first Hop Delay that low?
Which factors determine the Hop Delay? What is the response time?
Q8 Duplicate the scenario, and call PacketAnalyzer the new one. Follow these steps:
•
Create
a
node
ethernet_pkt_analyzer
(palette
TCP_Window_Size_Reference) and connect it to Hub 6 using 10BaseT
wires. This object is a promiscuous-mode station on the network, and can sniff
traffic using filtering rules.
•
Reassign IP addresses to all stations in the scenario.
•
Create a new profile (TelnetProfile) using application Telnet Session
(Heavy) and assign it to station 13.
•
Edit the attributes of the new device. Modify the filtering rules of the sniffer
with these values:
-10-
Security labs
Enginyeria i Arquitectura La Salle
o
Name: Packet Analyzer
o
Source IP Address: node 13 IP address
o
Capture Filename: <your_name>_capture.txt
L2.10 Editing the Packet Analyzer attributes
This will filter all the traffic coming from station 13, and export the data into a
file.
•
Run the simulation
•
Launch Microsoft Excel, and open the file we just created: File
Open…
L2.11 Opening the export file in Excel
•
Select the option: Original Data Type (?): Delimited and click on Next.
-11-
Security labs
Enginyeria i Arquitectura La Salle
L2.12 Setting up the Assistant (1/2)
•
Select Separators: Comma and click on Finnish.
L2.12 Setting up the Assistant (2/2)
Analyze the data from the file.
-12-
Security labs
Enginyeria i Arquitectura La Salle
Answers
These results refer to data of our simulation, but they may change depending on the
order the interfaces were created.
Q1
Interface or Station
IP Address
Address and
Subnet Mask
1
192.0.2.4
192.0.2.0/24
2
192.0.2.1
192.0.2.0/24
3
192.0.2.2
192.0.2.0/24
4
192.0.1.1
192.0.1.0/24
5
192.0.1.2
192.0.1.0/24
6
192.0.1.3
192.0.1.0/24
7
192.0.3.1
192.0.3.0/24
8
192.0.3.2
192.0.3.0/24
9
192.0.3.3
192.0.3.0/24
10
192.0.3.4
192.0.3.0/24
11
192.0.3.5
192.0.3.0/24
12
192.0.3.6
192.0.3.0/24
13
192.0.4.1
192.0.4.0/24
14
192.0.4.2
192.0.4.0/24
15
192.0.5.1
192.0.5.0/24
16
192.0.5.2
192.0.5.0/24
17
192.0.3.7
192.0.3.0/24
18
192.0.3.8
192.0.3.0/24
19
192.0.6.1
192.0.6.0/24
20
192.0.6.2
192.0.6.0/24
21
192.0.6.3
192.0.6.0/24
22
192.0.6.4
192.0.6.0/24
23
192.0.6.5
192.0.6.0/24
192.0.13.1
192.0.13.0/24
Router 1 to Switch 1
192.0.1.4
192.0.1.0/24
IF0
Router 1 to Hub 2
192.0.3.9
192.0.3.0/24
IF2
Router 1 to Hub 1
192.0.2.3
192.0.2.0/24
IF1
Router 2 Loopback
192.0.17.1
192.0.17.0/24
Router 2 to Bridge 2
192.0.3.11
192.0.3.0/24
IF0
Router 2 to Hub 7
192.0.5.3
192.0.5.0/24
IF2
Router 2 to Hub 6
192.0.4.4
192.0.4.0/24
IF1
Router 3 Loopback
192.0.14.1
192.0.14.0/24
Router 1 Loopback
-13-
Interface
Security labs
Enginyeria i Arquitectura La Salle
Router 3 to Hub 5
192.0.3.10
192.0.3.0/24
IF0
Router 3 to Hub 8
192.0.6.6
192.0.6.0/24
IF1
Router 4 Loopback
192.0.15.1
192.0.15.0/24
Router 4 to Printer and DB Server
192.0.7.2
192.0.7.0/24
IF17
Router 4 to Internet
192.0.8.2
192.0.8.0/24
IF18
Router 4 to Hub 6
192.0.4.3
192.0.4.0/24
IF1
Router 5 Loopback
192.0.16.1
192.0.16.0/24
192.0.9.2
192.0.9.0/24
IF17
192.0.11.1
192.0.11.0/24
IF18
Printer and DB Server
192.0.7.1
192.0.7.0/24
FTP and Telnet Server
192.0.12.1
192.0.12.0/24
Internet Loopback
192.0.11.2
192.0.11.0/24
Router 5 to Internet
Router 5 to FTP and Telnet Server
L2.13 IP Addresses of all the interfaces
Q2 The devices that can divide networks are routers. Hubs, bridges and switches do
not divide them. The Internet cloud divides networks as well.
Q3 There are 16 layer-3 networks with IP addresses 192.0.x.0 with x=1,...17 (x=10
does not exist because it was erased). Six of them are network addresses for the
loopbacks (x=12,13,14,15,16,17).
L2.14 Layer-3 networks
Q4
PING REPORT for "Campus Network.Servidor FTP i Telnet" (192.0.11.2)
DETAILS:
Received
ICMP echo reply packet for a
request packet sent to the following node:
IP Address: 192.0.11.2
Node Name : Campus Network.Servidor FTP i Telnet
PERFORMANCE:
Based on the first ICMP echo request packet
-14-
Security labs
Enginyeria i Arquitectura La Salle
(i.e., a "ping" packet) sent to the above
node, the following metrics were computed:
1. Response Time: 0,00596 seconds
2. List of traversed IP interfaces:
IP Address
Hop Delay
Node Name
----------
---------
---------
192.0.6.5
0,00000
Campus Network.23
192.0.3.10
0,00028
Campus Network.Router 3
192.0.4.4
0,00041
Campus Network.Router 2
192.0.8.2
0,00015
Campus Network.Router 4
192.0.9.1
0,00072
Campus Network.Internet
192.0.11.1
0,00069
Campus Network.Router 5
192.0.11.2
0,00072
Campus Network.Servidor FTP i Telnet
192.0.11.2
0,00001
Campus Network.Servidor FTP i Telnet
192.0.9.2
0,00070
Campus Network.Router 5
192.0.8.1
0,00072
Campus Network.Internet
192.0.4.3
0,00069
Campus Network.Router 4
192.0.3.11
0,00017
Campus Network.Router 2
192.0.6.6
0,00041
Campus Network.Router 3
192.0.6.5
0,00028
Campus Network.23
Note that the IP addresses shown above represent
the address of the output interface on which the
IP datagram was routed from the corresponding
nodes to the next node enroute to its destination
and back.
L2.15 Ping Report
Q5 On the trace appear only layer-3 devices, so hubs, switches and bridges are not
included.
Q6 Forth and back, the Ping packets go through the same router but not the same
interfaces.
Q7 The Hop Delay indicates the delay of the packet going from one router to the next.
Hop Delay is therefore 0 seconds on the first router. Hop Delay is different if the
packet was routed by a router or it had to be retransmitted using a layer-2 device,
etc. The Response Time field is the sum of all the Hop Delays of the ping route.
Q8 Excel shows the packets that are being sent from FTP Server to station 13. We can
see information of the protocol, the frame number, etc.
-15-
Security labs
Enginyeria i Arquitectura La Salle
L2.16 Packet Analyzer export file
-16-
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising