Project Proposal

Jared Doll

16 January 2021

Project Name: Penetration Testing a Cisco Based Network

Project Description:

A network will be designed and built with three routers, two switches, and 4 PCs. The Network will feature several known vulnerabilities which will be exploited. The vulnerabilities will be patched and tested again to ensure the network is more secure. All steps in this process will be extensively documented to ensure the project is comprehensible to a reader and repeatable. PC0 and PC1 will act as workstations on the network. They will perform basic tasks such as ICMP pings to ensure connectivity across the network, and SSH sessions to show vulnerabilities in the network. PC2 will act as a Criminal PC that has breached the network and is now connected to one of the switches within the network. PC2 will use Kali Linux to brute force an SSH session with R2, as well as decrypting the console and Enable passwords of R0. The Kali Linux install on PC2 will also spoof the physical address of PC1 in order to fool the Switchport Security of S1. PC3 will be used exclusively to RDP into PC2 in order to perform the penetration testing remotely.

Network Equipment:

·         3 x Cisco 2800 Series Router

·         2 x Cisco 3750 Series Switch

·         3 x Windows 10 PC

·         1 Dell T410 server running windows server 2016

o   A Kali Linux VM will be run on this server to perform penetration tests on the network

 

Detailed Objective:

1.      Research:

a.       John the ripper

                                                              i.      Deciphering a hashed password into readable text

b.      Nmap

                                                              i.      Nmap will be used to Discover hosts on the network and discover any services they are actively running

c.       Hydra

                                                              i.      Brute forcing SSH Credentials using Wordlists

d.      Exporting Configurations to flash memory on a Cisco router

e.       MacChanger

                                                              i.      Macchanger will be used to spoof the MAC address of PC1 to fool switchport security on a 3750 Series switch.

 

 

 

 

 

2.      Design

a.       Topology

 

 

 

 

 

 

 

 

 

 

b.      IP Scheme

 

 

Device

Interface

IP Address

R0

Ge0/0

192.168.10.1/24

Ge0/1

10.0.0.1/30

R1

Ge0/0

10.0.1.1/30

Ge0/1

10.0.0.2/30

S0/0/0

NA

R2

Ge0/0

192.168.20.1/24

Ge0/1

10.0.1.2/30

PC0

NIC

DHCP Assigned

PC1

NIC

DHCP Assigned

PC2 (Dual NIC)

NIC 1

DHCP Assigned

NIC 2

192.168.0.4

PC3

NIC

192.168.0.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

c.       Basic Router hardening

                                                              i.      A Console and enable password will be set on R0 to be later cracked using John The Ripper on PC2

d.      DHCP and routing Configuration

                                                              i.      Implement OSPF Routing protocol on all routers and test connectivity across the network.

                                                            ii.      Traffic will be allowed anywhere on the Intranet

                                                          iii.      Create two DHCP pools on R1 with R0 and R2 as relay agents.

e.       Switchport Security on S0 and S1

                                                              i.      Switches will use Switchport security to implement Sticky MAC Addresses. If a violation of this rule occurs, Packets will be dropped by the switch (protect mode)

f.        SSH configuration on R2.

                                                              i.      R2 will be configured to allow SSH connections from the 192.168.20.0/24 network

3.      Implementation

a.       Cabling of Network (See Topology above).

                                                              i.      All cables will be made using Cat5e cable. Cables between all devices will be made using standard T568A Pinouts.

                                                            ii.      The intranet will be in the basement of the Network engineer’s home. Ge0/2 from PC2 will run to the second floor. A cable will need to be run from the second floor to the basement to allow this, at the benefit of allowing the engineer to do most of the penetration testing utilizing RDP from PC3 to PC2, which hosts a Kali Linux VM on its secondary NIC card.

b.      Configuring of IP addresses and routing Protocols on all routers

                                                              i.      RIP Routing will be implemented

c.       Configuration of DHCP Pools on R1

                                                              i.      R1 will act as a DHCP server for both the 192.168.10.0/24 and the 192.168.20.0/24 networks

d.      Configuring PCs on the Network

                                                              i.      PCs 0, 1, and 2 will be connected to the appropriate switches and will receive their DHCP configurations from R1.

e.       Macchanger

                                                              i.      Macchanger will be used to spoof the MAC address of PC1 to fool switchport security on a 3750 Series switch. Once the MAC address is changed, ICMP requests will be sent across the network to verify Switchport Security is not dropping packets in protect mode.

f.        Utilizing Nmap

                                                              i.      PC1 will initiate an SSH session with R2. Once the session has connected, PC2 will use Nmap to verify an SSH session is occurring on the Network

g.      Utilizing Hydra

                                                              i.      With the SSH Session discovered on the 192.168.20.0/24 network by PC2, PC2 will then use Hydra to brute force the SSH credentials to R2.

h.      Utilizing John The Ripper.

                                                              i.      The startup config of R0 will be saved the USB flash storage to imitate a company performing a “backup” of the startup config.

                                                            ii.      The USB device will be removed from R0 and plugged into PC2. From here the startup config will be parsed for the encrypted Console and Enable passwords.

                                                          iii.      The Encrypted Console and enable passwords will be converted into Plain text using John the Ripper on PC2.

4.      Testing

a.       Confirm connectivity between PC 0 and 1 using ICMP requests to confirm initial connectivity.

b.      Confirm packets are dropped from Fe0/2 on S1 when PC2 is plugged in instead of PC1 (before Macchanger is used).

c.       Hardening of Network:

                                                              i.      To prevent the vulnerabilities above from being exploited, the network will be hardened, and the vulnerabilities tested again.

1.      Instead of using USB flash storage for a backup on R0, an FTP server will be used to perform backups.

2.      Instead of switchport security being in “protect mode”, “Shutdown mode” will be used to completely shutdown the port Fe0/2 until a network administrator brings the port back online.

3.      The SSH password of R2 will be changed to a more complex password. Hydra will used again to attempt to brute force the SSH session and verify the more complex password is harder to crack.

5.      Documentation

a.       Research References

b.      Project plan

c.       Running configurations of all routers and S1 documented before and after hardening

d.      Implementation documentation

                                                              i.      Nmap Scan

                                                            ii.      Hydra Exploit

                                                          iii.      Macchanger Exploit

                                                          iv.      FTP backup of startup configuration.

e.       Weekly Journals

 

Time Estimate in hours:

Research

Design

Implementation

Testing

Documentation

Total

5

5

20

5

10

50

 

Cost Estimate:

Equipment still needed to perform this project are all Switches and Routers included in the topology above. The equipment will be sourced secondhand from ebay.com at a cost estimate of $250.

Topologies:

            Initial Topology:

            Topology changes:

The topology will remain the same throughout the project with the exception of PC2 replacing PC1 at Fe0/2 on S1 to perform the Macchanger exploit.