Scenario:
After completing a discovery and assessment scan on CSA271.com's assets, the CEO reached out to you with a request to expand the assessment to include the newly acquired critical system, MXP2, which stores highly sensitive data. Additionally, the CEO requested a mechanism to monitor potential attacks on the company's assets, including advanced enumeration and discovery scans.
Due to the current political situation, the CEO expressed concerns about continuous DDOS attacks on MXP2 from adversaries. Therefore, it is recommended to designate a Windows 10 machine for monitoring and detecting various DDOS attempts on the company subnet, such as Sync flood, IP flood, ICMP flood, HTTP DDOS, and TCP UDP flood. It is also advised to set up a protection tool against DDOS attacks, such as ADDOSG.
The company has granted you access to MXP2 server virtual appliances for testing purposes and a Windows 10 machine for monitoring attacks. Please keep in mind that MXP2 contains critical data.
Executive Summary:
The project aims to assess and secure MXP2, a new critical system recently acquired by CSA271.com to store highly sensitive data. Due to concerns about potential DDOS attacks from adversaries, the CEO requested a mechanism to monitor and detect such attempts. Our team set up a security assessment environment comprising MXP2, Kali, and Windows 10 virtual machines. In this environment, we conducted a thorough assessment of MXP2's security and identified vulnerabilities with CVSS scores higher than 8.0. We have provided a detailed solution report on how to mitigate these vulnerabilities and secure the system.
Additionally, we configured Windows 10 with proper tools, including a honeypot, KFSensor Professional, to log and show intruder attempts. This allows us to proactively monitor potential attacks and take appropriate measures to protect the system. KFSensor acts decoy system that can be used to monitor, detect, and analyze intruder attempts. It is highly customizable, allowing users to simulate a variety of vulnerable services, from web servers to file shares, and can be configured to alert administrators of any unusual activity. It provides real-time monitoring and generates detailed reports, making it an effective tool for proactive security management.
To further protect against DDOS attacks, we simulated such attacks and tested a protection tool called ADDOSG. ADDOSG is an open-source software that can monitor network traffic, identify, and mitigate DDOS attacks by analyzing traffic patterns and blocking traffic from known attack sources. Our tests showed that ADDOSG is an effective tool to detect and mitigate DDOS attacks, and we recommend its implementation on MXP2 to provide additional protection against such attacks.
Overall, our project provides a comprehensive assessment of MXP2's security, and our proposed solutions help mitigate vulnerabilities and protect against potential attacks. By implementing our recommendations, CSA271.com can ensure the security of their critical system and safeguard their highly sensitive data.
Deliverables:
i. An Executive Summary report about the project (Problem/Solution)
ii. A solution report how-to mitigate vulnerabilities identified on MXP2 that have CVSS of more than 8.0 (2-3 pages)
iii. Setup Windows 10 with proper tools (like a Honeypot) to log/show the intruders attempts
iv. Set up a protection tool against DDOS attack (e.g ADDOSG)
Test Plan/Proof of Concept:
Two attempts were made to send DOS attacks to the host machine:
1. The below command is flooding IP 10.10.1.3 (Windows 10) machine on port 21 Â with 100 SYN packets.
Â
The screenshot below shows the DOS attack is being detected by the KFSensor with ports shown on the left:
The below command is flooding IP 10.10.1.3 (Windows 10) machine on same port 21 Â with 1000 packets:
The screenshot below shows the DOS attack is being detected by the KFSensor with ports shown on the left:
The screenshot below shows the DOS attack is being detected by the KFSensor with visitors shown on the left:
Â
The screenshot below shows more information about the DOS attack:
Demostration of Protection Tool Against DDOS Attack:
The screenshot below displays the command used to launch a second attack to test whether the newly installed Anti-DDOS software is blocking the DDOS attack. This attack aims to flood a victim machine with packets, as shown in the screenshot, to implement a DDOS attack.
We are using the network tool hping3Â with parameters:
-c: Amount of packets.
-d: Packet size.
-S: The type of attack, in this case a tcp SYN attack.
-p: Indicating port 21 (the port we are flooding).
--flood: What we are doing, flooding a machine with data packets in an atttempt to overwhelm the machine, creating a denial of service attack.
--rand-source: Adding –rand-source does multiple things:
It spoofs our address, preventing the ACK packets that are getting sent back to us from overwhelming our system and creating a DDOS attack on ourselves if the victim machine has more resources than ours. It hides our identity. It creates many connections from many different IPs to help overwhelm the victim machine.
Â
10.10.1.3: IP Address of victim machine.
The screenshot below shows that the DDOS attack is successfully being blocked by our Anti DDOS Software.
Conclusion:
In conclusion, the project successfully assessed and secured MXP2, a critical system storing highly sensitive data for CSA271.com. Our team identified vulnerabilities with CVSS scores higher than 8.0 and provided a detailed solution report on how to mitigate these vulnerabilities and secure the system. Additionally, we configured a Windows 10 machine with proper tools, including a honeypot, KFSensor Professional, to monitor and detect intruder attempts. We also tested and recommended the implementation of ADDOSG, an effective protection tool against DDOS attacks. By implementing our recommendations, CSA271.com can ensure the security of their critical system and safeguard their highly sensitive data.