Do My Assignment!

Are coursework assignment or deadlines stressing you?

We can assist you, we solve problems, answer questions and write papers for top grades

Check our clients testimonials and rest assured you’ll get a high quality, plagiarism-free paper, 100% according to your instructions and deadline!

Special offer! Get 20-30% discount on all orders - Check Coupons Section

Posted: December 7th, 2022

Snort rule, cyber security

Snort rule, cyber security

Scenario: You are responsible for security in a company and you need to protect the systems reviews. These are in a well-defined subnet and only specific systems can connect to it (jump points). Jump points allow two network maps. One is connected to the network (unprotected) and the second allows access to protected systems. You must introduce a honeypot into this network in order to detect lateral movements.

What you need to do:

Install a honeypot (OpenCanary). Refer to https://opencanary.readthedocs.io/en/latest/starti…. On another system located in the same network, use a port other than 22 for connections via the SSH protocol (one of your choice).

Via your Security Onion system, write a Snort rule that will generate an alert when it detects a connection to a honeypot coming from another network than that of jump points to the ports administration (ssh) or port knowcking. Implement the rule and ensure that it is hit.

Instructions

a. Create the honeypot (5p)

b. Configure port knocking for honeypot (5p)

c. Inside the snort.conf file activates a new variable that contains the IPs of the honeypots (ex HON_NET) (2.5p)

d. Inside the snort.conf file activates a new variable that contains the ports administration of honeypots (ex HON_PORTS) (5p)

e. Inside the snort.conf file activates a new variable which contains the list of IP addresses of jump points authorized to communicate with honeypots (ex JUMP_NET) (2.5p)

f. Create a single Snort rule that will detect:

– a. Communications (traffic) to a honeypot system (IP and Port via variables) (5p)

– b. Communications (traffic) originating from a system other than the jump points (via

variable) (5p)

– c. The alert generated by your SNORT rule, must contain your last name / first name (5p)

g. Generate traffic that will trigger/hit the rule (5p)

h. Document all the steps via explanations and screenshots (5p

OpenCanary Lab and Port Knocking

For this lab we will use an Ubuntu Server 20.04 virtual machine.

Server Setup

Install and configure an Ubuntu server 20.04.
If you need help we can provide a document with all the steps

Change SSH port

Edit the /etc/ssh/sshd_config file

sudo nano /etc/ssh/sshd_config

Make the line active (delete the leading #) and modify the port. In my example I put it 22222

Save the file and restart the ssh service and restart the machine

service ssh restart
sudo reboot

Installing OpenCanary

Use the following commands to install OpenCanary

sudo apt-get update

sudo apt-get install python3-dev python3-pip python3-virtualenv python3-venv python3-scapy libssl-dev libpcap-dev

pip install markupsafe==2.0.1

virtualenv env/

. env/bin/activate

pip install opencanary

Once the installation is done, it’s time to configure the honeypot. We will create the configuration file and we will make a copy of the original file

opencanaryd –copyconfig

sudo cp /etc/opencanaryd/opencanary.conf /etc/opencanaryd/opencanary.conf.orig

Then we will modify the configuration parameters

sudo nano /etc/opencanaryd/opencanary.conf

Enable http, ssh and mysql services by changing the “false” to “true”

Save the configuration file and start opencanary

opencanaryd –start

Now your Honeypot is functional. You can do an nmap scan to identify open ports

└─$ nmap -p- IP_Honeypot
Starting Nmap 7.91 ( https://nmap.org ) at 2022-11-14 20:06 EST
Nmap scan report for 192.168.126.151
Host is up (0.00020s latency).
Not shown: 65530 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
22222/tcp open easyengine

Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds

Port 22222 is the real ssh. You can hide it using port knocking technique

How to Use Port Knocking To Secure SSH Service in Linux

Check Price Discount

Tags: ,

Order for this Paper or Similar Assignment Help

Fill a form in 3 easy steps - less than 5 mins.

Why Seek Custom Writing Services

Every Student Wants Quality and That’s What We Deliver

Graduate Essay Writers

Only the finest writers are selected to be a part of our team, with each possessing specialized knowledge in specific subjects and a background in academic writing..

Affordable Prices

We balance affordability with exceptional writing standards by offering student-friendly prices that are competitive and reasonable compared to other writing services.

100% Plagiarism-Free

We write all our papers from scratch thus 0% similarity index. We scan every final draft before submitting it to a customer.

How it works

When you opt to place an order with Write my Assignment, here is what happens:

Fill the Order Form

You will complete our order form, filling in all of the fields and giving us as much instructions detail as possible.

Assignment of Writer

We assess your order and pair it with a custom writer who possesses the specific qualifications for that subject. They then start the research/write from scratch.

Order in Progress and Delivery

You and the assigned writer have direct communication throughout the process. Upon receiving the final draft, you can either approve it or request revisions.

Giving us Feedback (and other options)

We seek to understand your experience. You can also peruse testimonials from other clients. From several options, you can select your preferred writer.

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00