lab 8.4.3 performing a

CAUTION: This lab may violate legal and organizational security policies. The security analyzer downloaded in this lab should only be used for instructional purposes in a lab environment. Before using a security analyzer on a live network, check with your instructor and network administration staff regarding internal policies concerning the use of these tools.
Objectives

• Download and install security analyzer software.
• Test a host to determine potential security vulnerabilities.

Background / Preparation
Security analyzers are valuable tools used by network administrators and auditors to identify network and host vulnerabilities. There are many vulnerability analysis tools, also known as security scanners, available to test host and network security. In this lab, you will download and install the Microsoft Baseline Security Analyzer (MBSA). MBSA is designed to identify potential security issues related specifically to Microsoft operating systems, updates, and applications. It also identifies unnecessary services that may be running, as well as any open ports.
MBSA runs on Windows Server and Windows XP systems and scans for common security misconfigurations and missing security updates for the operating system as well as most versions of Internet Information Server (IIS), SQL Server, Internet Explorer (IE), and Office products. MBSA offers specific recommendations to correct potential problems.
This lab can be done individually or in teams of two.
The following resources are required:

• Computer running Windows XP Professional to act as the test station.
• High-speed Internet connection for downloading MBSA (unless pre-installed).
• Computer must be attached to the integrated router switch or a standalone hub or switch.
• Optionally, you can have a server running a combination of DHCP, HTTP, FTP, and Telnet (preconfigured).

Step 1: Download and install MBSA

1. Open a browser and go to the MBSA web page at:   http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
2. What is the latest version of MBSA available?

Answer;
MBSA 2.2

1. What are some of the features MBSA provides?

Answer:

• Command-line and Graphical User Interface (GUI) options
• Scan local computer, remote computer, or groups of computer
• Scan against Microsoft’s maintained list of updates (on Microsoft.com) or local server running Software Update Services 1.0
• Scan for common security configuration vulnerabilitie
• Scan for missing security updates
• View reports in MBSA Graphical User Interface or Command Line Interface
• Compatibility with SMS 2.0 and 2003 Software Update Services Feature Pack
• Support for single processor and multiprocessor configurations
• Localized to English, French, German, and Japanese although MBSA 1.2.1 can scan a machine of any local

1. Scroll down the page and select the desired language to begin the download process.
2. Click Continue to validate the copy of Microsoft Windows you are running.
3. Click Download Files below and select the file you want to download. (The English setup file is MBSASetup-EN.msi). Click the Download button on the right of this file. How many megabytes is the file to download?

Answer:
8,4 MB

1. When the File Download – Security Warning dialog box displays, click Save and download the file to a specified folder or the desktop. You can also run it from the download website.
2. Once the download is complete, make sure all other applications are closed. Double-click the downloaded file. Click Run to start the Setup program, and then click Run if you are prompted with a Security Warning. Click Next on the MBSA Setup screen.
3. Select the radio button to accept the license agreement and click Next. Accept the defaults as the install progresses, and then click Finish. Click OK on the final MBSA Setup screen, and close the folder to return to the Windows desktop.

Step 2: Build the network and configure the hosts

1. Connect the host computer(s) to the integrated router, a hub, or a switch as shown in the topology diagram. Host-A is the test station where MBSA will be installed. The server is optional.
2. Set the IP configuration for the host(s) using Windows XP Network Connections and TCP/IP properties. If the host is connected to the integrated router, configure it as a DHCP client; otherwise go to Step 1d.
3. If the host is connected to a hub or switch and a DHCP server is not available, configure it manually by assigning a static IP address.

Which IP address and subnet mask does Host-A and the server (optional) have?
Answer:

• IP address : 192.168.10.1
• Subnet mask : 255.255.255.0

Step 3: Run MBSA on a host

1. Double-click the desktop icon for MBSA or run it from Start > All Programs.  When the main screen displays, which options are available?

Answer:

• Pick a computer to scan
• Pick multiple computer to scan
• Pick a security report to view
• Help
• About
• Microsoft Security Web Site

Step 4: Select a computer to scan

1. On the left side of the screen, click Pick a computer to scan. The computer shown as the default is the one on which MBSA is installed.
2. What are the two ways to specify a computer to be scanned?

Answer:

• Scan using assign Update Services servers only
• Scan using Microsoft Update only

1. Accept the default computer to be scanned. De-select Check for IIS and SQL administrative vulnerabilities, since these services are not likely to be installed on the computer being scanned. Click Start Scan.

Step 5: View security update scan results

1. View the security report. What are the results of the security update scan

Answer:
Tidak ada terjadi masalah apa-apa

1. If there are any red or yellow Xs, click How to correct this. Which solution is recommended?

Answer:
Tida ada terdapat red atau yellow Xs
Step 6: View Windows scan results in the security report

1. Scroll down to view the second section of the report that shows Windows Scan Results. Were there any administrative vulnerabilities identified?

Answer:
Local Account Password Test, Automatic Update, Guest Account, File system.

1. On the Additional System Information section of the screen (below), in the Issue column for Services, click What was scanned, and click Result details under the Result column to get a description of the check that was run. What did you find? When finished, close both popup windows to return to the security report.

Step 7: View Desktop Application Scan Results in the Security report

1. Scroll down to view the last section of the report that shows Desktop Applications Scan Results. Were there any administrative vulnerabilities identified?

Answer:
Macro security

1. How many Microsoft Office products are installed?

Answer:
4

1. Were there any security issues with Macro Security for any of them?

Answer:
Tidak
Step 8: Scan a server, if available

1. If a server with various services is available, click Pick a computer to scan from the main MBSA screen and enter the IP address of the server, and then click Start Scan. Which security vulnerabilities were identified?

Answer:

1. Were there any potentially unnecessary services installed? Which port numbers were they on?

Answer:
Step 9: Uninstall MBSA using Control Panel Add/Remove Programs

1. This step is optional, depending on whether the host will be automatically restored later by a network process.
2. To uninstall MBSA, click Start > Control Panel > Add/Remove Programs. Locate the MBSA application and uninstall it. It should be listed as Microsoft Baseline Security Analyzer 2.0.1. Click Remove, and then click Yes to confirm removal of the MBSA application. When finished, close all windows to return to the desktop.

Step 10: Reflection

1. The MBSA tool is designed to identify vulnerabilities for Windows-based computers. Search the Internet for other tools that might exist. List some of the tools discovered.

Answer:

• Client versions of Windows, including Windows
• Windows Server, including Windows Server 2008
• SQL Server
• Internet Information Server (IIS)
• Internet Explorer
• Microsoft Office

1. Which tools might there be for non-Windows computers? Search the Internet for other tools that might exist and list some of them here.

Answer:
SQL server

1. Which other steps could you take to help secure a computer against Internet attacks?

Answer:
Step 8

CCNA 2labskill chapter 1 lab 1,2 dan 3

Lab 1.2.3 Mapping ISP Connectivity Using Traceroute

Objectives

• Run the Windows tracert utility from a local host computer to a website on a different continent.
• Interpret the traceroute output to determine which ISPs the packets passed through on their way from the local host to the destination website. 
• Draw a diagram of the traceroute path, showing the routers and ISP clouds passed through from the local host to the destination website, including IP addresses for each device.

Background / Preparation 

In this activity, you will use the Windows tracert utility to map Internet connectivity between your local ISP and the other ISPs that it uses to provide global Internet access. You will also map connectivity to the following major Regional Internet Registries (RIRs). However, your instructor may choose different destination websites. 

·         AfriNIC (African Network Information Centre) – Africa Region

·         APNIC (Asia Pacific Network Information Centre) – Asia/Pacific Region

·         ARIN (American Registry for Internet Numbers) – North America Region

·         LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and some Caribbean Islands

·         RIPE NCC (Réseaux IP Européens) – Europe, the Middle East, and Central Asia

This activity can be done individually, in pairs, or in teams. It can be done as an in-class activity or as a homework assignment, depending on whether the classroom computers have access to the Internet.  The following resources are required:

• Host computer with the Windows operating system
• Access to the command prompt
• Internet connection
• Routes Traced worksheet for each destination URL. The worksheet is attached to this lab. Each student completes their own worksheets and gives them to the instructor.
• Global Connectivity Map, which is attached at the end of this lab
•  Access to the PC command prompt

Step 1: Run the tracert utility from a host computer

a.         Verify that the host computer has a connection to the Internet.

b.        Open a Command Prompt window by clicking Start > Run and typing cmd. Alternatively, you may click Start > All programs > Accessories > Command Prompt.

c.         At the prompt, type tracert and your first destination website. The output should look similar to the following:

d.   Save the tracert output in a text file as follows:

1)      Right-click the title bar of the Command Prompt window and choose Edit > Select All.

2)      Right-click the title bar of the Command Prompt window again and choose Edit > Copy.

3)      Open the Windows Notepad program: Start > All Programs > Accessories > Notepad.

4)      To paste the output into Notepad, choose Edit > Paste.

5)      Choose File > Save As and save the Notepad file to your desktop as tracert1.txt.

e.    Run tracert for each destination website and save the output in sequentially numbered files.

f.     Run tracert from a different computer network, for example, from the public library or from a friend’s computer that accesses the Internet using a different ISP (for instance, cable instead of DSL). Save a copy of that output in Notepad and print it out for later reference.

Step 2: Interpret tracert outputs to determine ISP connectivity

Routes traced may go through many hops and a number of different ISPs depending on the size of your ISP and the location of the source and destination hosts. In the example output shown below, the tracert packets travel from the source PC to the local router default gateway to the ISPs Point of Presence (POP) router and then to an Internet Exchange Point (IXP). From there they pass through two Tier 2 ISP routers and then though several Tier 1 ISP routers as they move across the Internet backbone. When they leave the Tier 1 ISPs backbone, they move through another Tier 2 ISP on the way to the destination server at

www.ripe.net.

a. Open the first traceroute output file and answer the following questions. 

1)      What is the IP address of your local POP router? 

Jawab:

Ip address dari local POP Router adalah 192.168.190.6

2)      How many hops did the traceroute packet take on its journey from the host computer to the destination?

Jawab:

sebanyak 16 kali

3)      How many different ISPs did the traceroute packet pass through on its journey from the host computer to the destination?

Jawab:

tracert yg dipakai menunjukan tujuan yg berbeda

Ø  if-1-0-0-1980.mcore3.laa-losangeles.as6453.net [66.110.59.18]

Ø  ix-10-0-0-0.tcore1.lvw-losangeles.as6453.net [216.6.84.49]

Ø  if-10-0.core3.nto-newyork.as6453.net [216.6.57.66]

Ø  if-7-0-0.core2.ad1-amsterdam.as6453.net [80.231.81.45]

Ø  if-4-0.mcore3.njy-newark.as6453.net [216.6.84.2]

4)      List the IP addresses and URLs of all the devices in the traceroute output in the order that they appear on the Routes Traced worksheet. 

5)      In the Network Owner column of the worksheet, identify which ISP owns each router. If the router belongs to your LAN, write “LAN”. The last two parts of the URL indicates the ISP name. For example, a router that has “sprint.net” in its URL belongs to the network of an ISP called Sprint. 

6)      Did the traceroute pass through an unidentified router between two ISPs? This might be an IXP. Run the whois command utility or whois function of a visual traceroute program to identify ownership of that router. Alternatively, go to http://www.arin.net/whois to determine to whom the IP is assigned. 

a.         Complete the worksheet using the traceroute output file for each of the other destination URLs.

b.        Compare your results from the different traceroute output files. Did your ISP connect to different ISPs to reach different destinations?

Jawab:  

ya, melalui hit-nxdomain.opends.com [67.215.65.132]

Dan adapun ISP yang berbeda untuk saling terkoneksi adalah

1.                       xe-1-0-0.r21.newthk02.hk.bb.gin.ntt.net [129.250.3.206]

2.                       p64-4-1-1.r21.tokyjp01.jp.bb.gin.ntt.net [129.250.3.1]

3.                       as-0.r21.Isanca03.us.bb.gin.ntt.net [192.250.6.4]

c.    If you ran a traceroute from a different computer network, check the output for that traceroute file as well. Was the number of hops different to reach the same destination from different local ISPs? Which ISP was able to reach the destination in fewer hops?

Jawab:

ISP yang membutuhkan sedikit hop untuk mencapai tujuannya adalah ISP B (cable service provider)

Walaupun dalam rute yang dituju sama tapi belum tentu jalur yg dilewati juga sama, tetapi memiliki jumlah HOP untuk mencapai destination pada sebuah alamat tracert yang dituju akan tetap sama.

Step 3: Map the connectivity of your ISP

a.    For each traceroute output, draw a diagram on a separate sheet of paper showing how your local ISP interconnects with other ISPs to reach the destination URL, as follows: 

1)      Show all of the devices in sequence from the LAN router to the destination website server. Label all of the devices with their IP addresses.

2)      Draw a box around the local POP router that you identified, and label the box “POP”. 

3)      Draw an ISP cloud around all the routers that belong to each ISP, and label the cloud with the ISP name.

4)      Draw a box around any IXP routers that you identified, and label the box “IXP”. 

b.    Use the Global Connectivity Map to create a combined drawing showing only ISP clouds and IXP boxes. 

Worksheet for Routes Traced

Destination URL: www.ripe.net [193.0.6.139]          Total Number of Hops: 16

Router IP Address	Router URL  (if any)	Network Owner (LAN, Name of ISP or IXP)
192.168.190.6		ns4.unp.ac.id
192.168.37.9	58.26.87.109	tm.net.my
66.110.59.18		losangeles.as6453.net
216.6.84.49		losangeles.as6453.net
216.6.84.2		njy-newark.as6453.net
216.6.57.66		nto-newyork.as6453.net
80.231.81.45		ad1-amsterdam.as6453.net
80.231.81.18		ad1-amsterdam.as6453.net
195.219.150.70		ad1-amsterdam.as6453.net
195.69.144.68		gw.amsix.nikrtr.ripe.net
193.0.6.139		www.ripe.net

CCNA 2 labskill chapter 8

Lab 8.1.3 Security local data and transmitted data

Part 1

Step 1: secure bobs files folder

Step 2: test joes access to bobs files

Part 2

Step 1: identify a secure web page

Step 2: examine secure access to an untrusted source warming

Lab 8.2.1 planning for access lists and port filters

Step 1: Restrict Client A to one subnet

You are asked to restrict client A to only the subnet to which it is currently attached. Client A needs to be able to access server A. but it does not need to accsess the internet or server B. where would you place the access list?

Router	Interface	Allow or Deny?	Input or output filter?	Why?
Router 2	0/0 dan 0/1	deny	input	Karena hanya untuk mengekses server yang berada di internal jaringan dan tidak bisa untuk eksternal jaringan atau jaringan luar

Step 2: Restrict client A access to server A but allow access to server B the internet

You are asked to restrict client B from accessing server B needs internet access and access to server B. where would you place the access list?

Router	Interface	Allow or Derry?	Input or output filter?	Why?
Router 1 dan 3	0/0 dan 0/1	allow	output	Karena diizinkan untu mengakses jaringan internal dan eksternal

Step 3: Allow only client A to access the routers using only SSH

You have been asked to secure access to the routers for only client A. which will be the management PC for those routers. You want to limit access to only SSH from Client A and prevent telnet access. Where would you place the access list?

Router	Interface	Input or output filter?	Port	Allow or Deny?	Why?
Router 1	0/0 dan 0/1	input	0	deny	Jaringan internal
Router 2	0/0 dan 0/1	output	0	allow	Jaringan eksternal
Router3	0/0 dan 0/1	output	0	allow	Jaringan eksternal

Lab 8.2.5 Researching an Anti-X Software Product

Step 1: identify three products

Company	Product
smadav	Smadav
morphic	Morposh
Avira	Avira

Step 2: Compare pricing

Company	Product	Price
microsoft	Windows	Rp.1.500.000
	Linux	free
aple	machintosh	Rp.5.000.000

Lab 8.3.1 Interpreting a service level agreement

Step 1: review typical customer needs

Step 2: Analyze a sample SLA and identify key components

a.       Read over the sample SLA that follows and answer these questions regarding content, ISP responsibilities, and customer requirements.

b.      According to this agreement, can the ISP be held liable for damage to equipment owned by the customer [Client] or data loss that occurs due to accidental actions by ISP vendor staff or other persons? bisa

c.       What are some examples of One Time Services included in the SLA? E-mail service, electronic interchange, online accounting, secure remote workerr support, remote indtrumentation and control system, and backup and recovery service.

d.      What are some examples of On going Services included in the SLA? E-mail service, online acounting

e.       When will regular downtime maintenance be scheduled and how many business days notice must the ISP give of any scheduled downtime? Banyak jam dalam satu hari dan banyak hari dalam senulan.What does the ISP’s network monitoring system do when an error condition is detected? What is the stated availability of the Systems Administrators in the event of a system failure? What is “usage monitoring” and how does the ISP provide this service? Dengan memantau kerja sistem

f.        Regarding problem severity and ISP response time, what is the difference in response between “Level 1 – normal business hours” and “Level 3 – normal business hours”? pada level satu baru mendeteksi problem dan pada level 3 sudah ada pengontrolan

g.      On what factors are the penalties for service outages based?  Provides an estimate for the cost to the customer for a service outage for each of the services the customer wants covered by an SLA.

Lab 8.3.2 conducting a Network capture with wireshark

Step 1: install and launch Wireshark

Step 2: select an interface to  use for capturing pakets

Step 3 : Analysyze web trafict information (optional)

a.       The conection to the google server with a query to the DNS server to lookup the server IP address. The destination server IP address will most likely start with 64.x.x.x what is the source and destination of the first packet sent to the google server?

Source: 192.168.1.103

Destination: 65.24.7.3

b.      Open another browser window and go to the ARIN who is database http://www.arin .net/whois/ or use another whois lookup tool and enter thr IP address of the destination server. To what organization is this IP address assigned? 192.168.1.103

c.       What are the protocols is used to establish the connection to the web server and deliver the web page to your local host? TCP

d.      What is the color used to establish the connection to the server and deliver the web page to your local host? hijau

e.       What is the color used to highlight the traffic between your host and the google web server? gray

Step 5: filter a network capture

a.       Open a command prompt window by clicking start > all programs > run and typing cmd.

b.      Ping a host IP address on your local network and observer? ICMP

c.       When icmp is typed in the filter text box what kind of raffic is was displayed? Ketika kita menge-ping host IP address yang ada di jaringan local kita

d.      Click the filter: Expression button on the wireshark eindow. Scroll down the list and view the filter possibilities there. Are TCP, HTTP,ARP and other protocols listed? Ya ada

Step 6:reflection

a.       There are hundreads of filters listed in the filter: expression option. It may be possible that, in a large network , there would be enormounts and many different types of traffic. Which three filters in the long list do you think might be most useful to a network administrator

b.      Is wreshark a tool for out of band or in band network monitoring

Explain your answare

Lab 8.4.2 planning a backup solution

step 1: choose the media and backup hardware

Equipment / media	price	quality
USB and solid-state drives	$30-$90	medium
fireWire drives	$180	best
CD-RW and DVD+RW/-RW drives	$100	medium

Step 2: design a backup plan and procedure

a.       Describe the equipment recommended and explain why you selected this equipment

Saya memilih media di atas Karena saya melihat dari segi kapasitas dan segi ekonomis

b.      Describe location of the equipment in the network and the network link speeds to the equipment

c.       Describe the backup media to be used and also explain why you selected this media

d.      Describe the backup schedule

e.       Describe the backup and restore procedure, including what kind of backup (Normal, differential, incremental), how it will be tested what kind of maintenance the equipment requires. How tapes will be labeled and where tapes that have been backed up will be stored. When backups need to be restored, what is the procedure for a file a folder a driver (use extra sheets it necessary)

CCNA 2 labskill chapter 7

Lab 7.3.1 Editing the HOSTS file in windows

Step 1: locate the Hosts file in windows

Step 2: edit the Hosts file

Step 3: test the new name mapping

Step 4: reflection

a.       Which other files are located in the \ETC folder with the HOSTS file?

·         Pemetaan IP

·         Host name

·         Pemetaan web server

b.      Which character is used to comment out description text in the HOSTS file? Menggunakan tanda ‘#’ untuk membuat komentar deskripsi

Lab 7.3.3 a Examining Cached DNS information on a windows DNS server

Step 1: use the windows server administrative tool

Step 2: perform a DNS lookup

Step 3: Examine the chaced DNS entries

Step 4: reflection

a.       The DNS server had to do a query to the cisco.com domain name servers to resolve name (www.cisco.com) to an IP address what do you think would happen the next time this website is visited again a few minutes? Maka aka nada ns3 karena alamat www.cisco.com diakses untuk yang ketiga kalinya

b.      What would happen if there are no requests for this website for a longer period of time? Tidak akan terjadi apa-apa record-nya tidak akan bertambah.

Lab 7.3.3.b Creating Primari and secondary forward lookup zones

Step 1: Create a primary forward lookup zone on windows

Step 2: add a host record to the primary forward lookup zone

Step 3: create a secondary forward lookup zone

Step 4: reflection

            What is the major benefit of having a primary and secondary DNS server in a zone?

            Primary DNS server: computer menjalankan fungsi name server baerdasarkan data base yang dimilikinya

            Secondary DNS server: computer menjalankan fungsi name server berdasarkan database yang diambil dari ptimary server