Firewall and Configuration Analysis Report for Cybersecurity (ICT205)

Verified

Added on 2022/09/27

AI Summary

This report, prepared for a cybersecurity course, provides a comprehensive analysis of firewall configuration and network security. It begins with an executive summary outlining the need for network security in a business context, specifically focusing on a small business with multiple locations. The report is divided into two parts: the first part details the use of Nmap, a network scanner, for host discovery, port scanning, vulnerability detection, and malware detection, including the use of NSE scripts and commands. The second part explores the use of Linux commands, particularly UFW, to check and configure firewall settings, including status checks, enabling/disabling, allowing services, and verifying firewall rules, with examples of securing a web server. The report concludes with a discussion of risk mitigation strategies and the evolution and capabilities of Nmap. The report covers various commands and their outputs, providing a practical guide for network administrators.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Firewall and Configuration 1
FIREWALL AND CONFIGURATION
By (Name)
(Class)
(Tutor)
(Institution)
(City)
(Date)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Firewall and Configuration 2
Executive summary
Canadian Cafe is among small business enterprise which comprises franchise at various
geographical locations. The company has the appropriate network facilities to meet its business
requirements. The major aim of the company is to secure its network across all its geographical
locations. The organization system administrator has realized that the organization network
security needs to be addressed. The company needs to impose a certain level of filtering for its
organization network to be secure. For organization network security to be achieved then the
network administrator needs to have a good understanding of various network attacks and
appropriate network attack mitigation strategies.
Outline
This report which is divided into two parts will highlight how to go about network attack
identification. The first part outlines how a network administrator can use Nmap to gather more
information about their network. Also, this paper has highlighted how network administrators
can use Nmap to detect network vulnerabilities and attacks. The second part outlines how one
can use Linux commands to gather more information about network firewall i.e. check firewall
status and its settings.

Firewall and Configuration 3
Part A: Nmap
1. Kali Linux on Virtual Box and Nmap running
Shown by the figure below
2. Description of Nmap
Network Mapper (Nmap) is one of free and open-source network scanner that was
created by Gordon Lynon. The tool is widely used to discover services and host on one computer
network by analyzing and sending packets. The tool comes with a number of features for probing
a computer network which includes host discovery, operating system detection, and service. The
four Nmap features include host discovery; here the tool can identify hosts on a computer
network. It does this by listing hosts which respond to ICMP and TCP requests. The second
feature is port scanning, here the tool enumerates open ports on the target hosts. The third is
version detection, the tool achieves this feature by interrogating network services on all remote

Firewall and Configuration 4
devices. Forth is OS detection, the tool does this by determining the hardware and operating
characteristics of network devices. The last feature is scriptable interaction with the target where
NMap achieves this by using Nmap scripting engine (Collins, 2002, p. 116).
3. Nmap demonstration
Nmap tool is widely known for its mapping capabilities. Nmap assists in mitigating
network attacks through vulnerability scanning using NSE scripts. Together with Nmap
commands and NSE scripts then one is able to fetch the most popular Common Vulnerabilities
and Exposure (CVEs) from any target system. Also through Nmap, one has the ability to detect
backdoors and malware by running a number of extensive tests on popular OS services like
Proftpd, SMTP, SMB, Vsftpd, and Identd. The tool also has the ability to check for popular
malware signs inside remote servers (Orebaugh, 2011, p. 39).
a) Host discovery
The first step during network reconnaissance is to reduce a set of IP ranges into a list of
interesting or active hosts into a list of interesting or active hosts. Nmap tool offers a wide range
of options to customize the techniques using for host discovery. Example a sample NMAP
detection without the use of NSE scripts covered one of SSH service on port 22 using the
OpenSSH 4.3 version
Figure 1: SSH service port 22 detection using Nmap

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Firewall and Configuration 5
One can continue to gather more information on a target system this is as shown by the host
shown below
Figure 2: Gathering information on a target system (Host discovery)
b) Detecting malware infections on remote hosts
To detect malware on a target system the command nmap –script http malware-host is used, this
is as shown by the screenshots shown below (Figure 3 and figure 4)

Firewall and Configuration 6
Figure 3: Malware detection output
Figure 4: Malware detection continuation
c) Checking malware using Goolge’s malware check
This is done using the command nmap –p80 –script command (Rothwell, 2019, p. 123). This is
as shown by the screenshot shown below

Firewall and Configuration 7
Figure 5: Google’s malware check
d) CVE detection using Nmap
Here a network administrator uses NSE which allows then to use a pre-defined set of
scripts to perform vulnerability scans. The screenshot below shows vulnerability tests against
one system. This is done by running nmap –Pn –script vuln command (Pale, 2012, p. 117). The
output of this command is shown by screenshots shown below figure 6.
Figure 6: CVE detection

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Firewall and Configuration 8
4. Performance of the tool
a) Nmap security features
There are various security features found in Nmap these are;
 Improved NSE functionality: Nmap contains new security scripts example are firewall-
bypass, ssl-heartbleed, oracle-brute-stealth, and ipmi-conf. Nmap is powerful such that
scripts can take on core host discovery
 Better Ipv6 support
 Faster network scanning
 Better TLS/SSL scanning (Stevens, 2012, p. 179)
b) Time take to detect any threat
To detect any threat using Nmap of ports which are to be scanned and number of closed ports. It
also depends on the number of hosts which are being scanned example for one host it takes about
1.95 seconds as shown by the screenshot below

Firewall and Configuration 9
5. Firewall testing using Nmap
Nmap can be used to test the effectiveness of a firewall configuration.
Figure 7: Firewall testing

Firewall and Configuration 10
6. Risk Mitigation plan
Risk mitigation plan in this case is as shown by table one shown below
Plan Activities
Risk identification This done by gathering information about a
network using Nmap. Done using command
nmap (Ip address of the host)
Risk impact assessment This done by assessing the number of hosts
using command nmap –script http malware-
host.
Risk mitigation This is done by disabling all affected port
(Stevens, 2012, p. 148).
Part B: Firewall settings
It is important to note that Nmap networking tool distinguishes between ports which are
reachable but those that are not closed. The tool also assist in distinguishing those ports that are
actively filtered. Before checking firewall settings the first step is to detect both filtered and
closed TCP ports (Tanner, 2019, p. 179). One can then continue to check firewall settings as
shown by the below sections.
Figure 8: Checking firewall setting

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Firewall and Configuration 11
1. Checking firewall status
To check firewall status in Linux ufw command in the terminal is used as shown by the
command shown below
Sudo ufw status. In case the firewall is enabled one is able to see a list of firewall rules; here the
status will remain to be active. On the other hand if firewall is disabled then one will gets
inactive status message. This is as shown by the command shown below.
Figure: 7: check status command

Firewall and Configuration 12
One can continue to get a more detailed firewall status using the sudo ufw status verbose
command as shown by the figure shown below. As shown by the figure below it shows
additional settings which also include the default firewall settings

Firewall and Configuration 13
Figure 8: Verbose command (Checking firewall status)
2. Enabling and disabling a firewall
Figure 9: Enabling firewall

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Firewall and Configuration 14
Figure 10: disabling firewall
3. Allow services
Enable or disable firewall accordingly
One can enable service such as SSH shown by the figure shown below
Figure 11: Allow SSH service

Firewall and Configuration 15
Figure 12: Disable SSH service
4. Verify firewall rules
This is done to verify after adding some services such as HTTP and TCP
Figure 13: Verify firewall rules

Firewall and Configuration 16
5. Securing web server
First rejecting HTTP service and the accepting HTTPs
Figure 13: Rejecting HTTP service
Allowing HTTPS

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Firewall and Configuration 17
Figure 14: Allow HTTPs
6. Allow a range of ports from 20 to 80
One can specify port ranges with UFW. This is as shown by the command shown below. This is
for both allow specific ranges 20 to port 80 and disable specific ranges 100 to 500 as shown by
the screenshot shown below
Figure 15: Allow and disable specific ranges of ports

Firewall and Configuration 18
7. Verify firewall rules
One can create firewall rules and verify them which applies only to certain network interface
(Vasudevan, 2015, p. 237). One can look up for network interface as shown by the screenshot
shown below

Firewall and Configuration 19
Figure 16: Verify network interface
8. Allowing HTTP from a certain port or subnet
Here one can use sudo command to allow one server to receive HTTP traffic on port 80 as shown
by the below screenshot. The screenshot is both allow and deny HTTP request on port 80
Figure 17: Allow and deny HTTP traffic from port 80

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Firewall and Configuration 20
9. Block connections from a network interface
Figure 18: Blocking connections from a network interface

Firewall and Configuration 21
Conclusion
From this paper it is evident that Nmap has evolved. The tool can be used to monitor
single hosts and vast networks which encompasses lots of devices and subnets. It is also evident
that the tool is flexible is able to gather network information by gathering raw packets to all
system ports. The major reason network administrators need to use nmap is the ability to use
various type of packet structures.

Firewall and Configuration 22
References
Collins, 2002. Red Hat Linux Networking and system administration. 2nd edition ed. New York: M & T
books.
Orebaugh, 2011. Nmap in enterprise: Your guide to network scanning. 2nd ed. s.l.:Syngress.
Pale, 2012. Nmap 6: Network Exploration and Security Auditing Cookbook. 3rd ed. s.l.:Pack publishing.
Rothwell, 2019. Linux essentials for cybersecurity. indanapolis: s.n.
Stevens, F., 2012. TCP/IP Illustrated. Boston Press: Addison-EWesley.
Tanner, 2019. Cyber security Blue team toolkit. 3rd ed. New York: Wiley publisher.
Vasudevan, 2015. Computer networking. New Delhi: Alpha Science press.