Navreet-100944088-Lab4.Detection of Attack by splunk.docx

Lab 4: Detection of Attack by Splunk (Individual Lab) INFT 1202 – Fuad Mustapha Total Marks :40 Introduction to the Lab This lab is in continuation of Lab 3(Configuration of Splunk Universal Forwarder). Part A: We will install openssh-server on our Splunk Forwarder Virtual Machine. After installing this, we would attempt logging in using ssh from a Kali machine using invalid and valid credentials. This Kali attack will be captured by our Splunk Ubuntu Server and would be captured as logs in it. ©fuad.mustapha@durhamcollege.ca Page 1 of 13

Lab 4: Detection of Attack by Splunk (Individual Lab) INFT 1202 – Fuad Mustapha Total Marks :40 Pre-requisites of the lab The pre-requisites (recommended system requirement) are:  Lab 3 Virtual Machine.  Kali Virtual Machine (Attacker machine) with following specifications: o 4 GHz dual core processor or better o 4 GB system memory o 80 GB of free hard drive space o Internet access is helpful Steps of the lab: To get our VM up and running, we will need to execute the following steps: Step 1: Download a Kali Image and launch the VM. Step 2: Install openssh-server on second Ubuntu Universal Forwarder machine. Step 3: Login to Kali and Password Spray our Ubuntu Universal Forwarder machine (Victim Machine)- invalid Credentials (RED TEAM) Step 4: Check the attack captured in first Ubuntu Splunk Server Machine. Step 5: Brute force attack on second Ubuntu Universal Forwarder machine by Kali machine by using Hydra tool in Kali Linux- Successful attack Step 6: Check the successful attack logs in your first Ubuntu Splunk server machine Step 7 : Answer few questions based on the scenario we saw. ©fuad.mustapha@durhamcollege.ca Page 2 of 13

Lab 4: Detection of Attack by Splunk (Individual Lab) INFT 1202 – Fuad Mustapha Total Marks :40 Execution of the lab(Attach Your Screenshots) Step 1: Download a Kali Image and launch the VM. a) Let us download a kali image from kali.org, Use the link below to download kali - https://kali.download/virtual-images/kali-2021.4a/kali-linux-2021.4a- vmware-amd64.7z Note : If you have kali VM from other course, you can use that for this lab. In that case, please make sure it has the necessary tools and configurations required for the lab. It needs to be in the same network as our other two Ubuntu machines. b) Unzip your downloaded kali image using 7zip or any other unzipping tool. Go to VMware and click on file -> open. Navigate to your downloaded and unzipped kali to open it and your Kali VM would be created. Note: This is a kali image downloaded from kali website and you do not need to install it as it is already installed. c) Power it on, username:kali, password: kali [Attach the screenshot] ©fuad.mustapha@durhamcollege.ca Page 3 of 13

Lab 4: Detection of Attack by Splunk (Individual Lab) INFT 1202 – Fuad Mustapha Total Marks :40 Step 2: Install openssh-server on Splunk Forwarder Virtual machine. We would download and enable ssh on our Splunk Forwarder virtual machine using the following commands a) First, we would run command to update our vm using sudo apt update b) Next, we run the command to install a ssh server on our ubuntu machine sudo apt install openssh-server c) Run the command sudo systemctl status ssh to check the status of our ssh server. The status should be green showing running [Attach the screenshot] ©fuad.mustapha@durhamcollege.ca Page 4 of 13

Lab 4: Detection of Attack by Splunk (Individual Lab) INFT 1202 – Fuad Mustapha Total Marks :40 d) To make sure we enable ssh on ubuntu OS firewall just if the vm has one, execute the command sudo ufw allow ssh e) Check the IP address of your Ubuntu Universal Forwarder using ifconfig f) Use the command who to check and confirm your username on your Ubuntu Splunk forwarder. Step 3: Login to Kali and Password Spray our Ubuntu Universal Forwarder machine (Victim Machine)- invalid Credentials (RED TEAM) Let’s have some fun. Let’s play the attacker here. a) Login to your Kali VM using username: kali and Password: Kali. Use the command PS1='[`date "+%D"`] yourname@\h:\w\$ ' to set up your name on the terminal. [Attach the screenshot] ©fuad.mustapha@durhamcollege.ca Page 5 of 13

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help