Due date: 7th of June (Update: May 7 2019): Additional requirements will be added at a later date
Late penalties: 10% per day, including weekends and holidays
Part 1: Set up and routing (10 marks)
- Complete labs 1 through 4.
- Create a new virtual network named asg1 with subnet 192.168.X where X is the first two digits of your Seneca student number. Do not use DHCP on this network.
- Create a new virtual machine and install CentOS on it as a minimal install. Name this virtual machine lin1a1 but set its hostname to yourmysenecaid.lin1a1.
- Setup lin1a1 to have two network interfaces where both network interfaces are virtio virtual devices. Next, setup one network interface with IP address 192.168.X.32 and to connect to the asg1 network while the other network interface has IP address 192.168.210.22 and it connects to the network1 network.
- Keep in mind in any networked system you can have just one, and only one, default gateway. So configure the default gateway of lin1a1 to be c7host on the 192.168.210 subnet. Confirm lin1a1 can communicate with the Internet and with hosts on network1.
- Create another minimal CentOS VM: name it lin2a1; set its hostname to yourmysenecaid.lin2a1; let it have one network interface and IP 192.168.X.33 (X being the first two digits of your student ID). By default, after the install, this second VM should be able to access machines on the asg1 network but it will not be able to communicate with any hosts on the network1 network.
- Configure lin2a1, the second VM, to be able to access the Internet and the network1 network via lin1a1. You will need to enable IP forwarding and masquerading on the appropriate interface and the appropriate machine for that to happen.
- Configure both VMs (lin1a1 and lin2a1) to be added to your DNS server. able to connect to c7host.yourmysenecaid.ops, lin1.yourmysenecaid.ops, and lin2.yourmysenecaid.ops by their hostnames (don't be tempted to set up another DNS server, use what you already have from your earlier lab)
- Ensure you start your firewall setup on each VM from the default iptables-services rules. You'll lose marks if you don't have a functional firewall on lin1a1 and on lin2a1.
Part 2: SSH brute-force attack (10 marks)
- Create at least 5 users on lin2, give some of them simple/common names (like "john") and simple or relatively-simple passwords. If you have a complex root password - you might want to change that to something simpler too.
- Find some software to perform a brute-force SSH login attack on lin2 from lin2a2.
- Run the attack. Record how long it took, and what the results were. If it fails to find usable credentials for you - make sure you have an explanation for why that was.
Part 3: Report (10 marks)
Write a report, where you describe (in your own words):
- What you were trying to accomplish.
- What you had to do to set everything up (most important are the networking, routing, and firewall configurations).
- Describe how the tool you chose for Part 2 works, how you used it, and why it gave you the results that it gave you.
- Describe at least two ways to make brute-force SSH attacks less likely to be successful.
- Describe any challenges you ran into and how you solved them.
Screenshots might be helpful but are not required for the report. The report should be at least two pages long, not including screenshots, titles, and other fluff.
Submit the report on Blackboard.