Cybersecurity Essentials - 005 Lab Assignment

Maria Jannet Jackline Chong

Department of Cybersecurity, Lewis University

SP25-CPSC-50600-005, Cybersecurity Essentials-005

[Link] Cho

April 5, 2025
 Introduction

With the evolving trends in Cybersecurity, its future is unpredictable. Organizations are

facing so many cyber threats. So, there is a need to have proper tools and accurate prediction

methods of risks and threats. With a proactive approach, organizations can mitigate those threats

and vulnerabilities in a timely manner. With the continuous evolving of malware, the threat

actors are also increased. The complexity, frequency, and scope of such attacks pose a great

challenge to organizations. The information security community should adopt a principle of the

CIA triad, which is a combination of confidentiality, integrity, and availability. Organizations can

build a strong security infrastructure by adhering to these principles. With this proactive

approach, they can build goals and objectives for their security programs. If any of these

principles are violated, the organizations can ensure that their security has been compromised.

This report presents a network diagram consisting of a router, firewall, Linux_machine 1, Linux

_machine 2, and Windows. An explanation of the testing infrastructure is given, along with the

definitions of the local services. The attack surfaces are reviewed along with the detailed

definitions of the risk and threat table. Through packet capture analysis, the vulnerabilities are

successfully detected.

Explanation Of The Testing Infrastructure

Figure 1

Installing CentOS
Note. The screenshot shows the installation process of CentOS, marking the setup of a Linux

server.

Figure 2

Installing Ubuntu
Note. The screenshot demonstrating the installation of Ubuntu provides another perspective on

Linux security.

Figure 3

Installing Windows

Note. The screenshot captures the Windows installation, simulating the client's behavior in the

network.

Figure 4

Network Configuration Linux_machine 1

Figure 5

Network Configuration Linux_machine 2

Note. Network configuration for Linux machine 2, emphasizing systematic setup requirements.
Figure 6

Network Configuration for Windows

Note. Network configuration for the Windows machine, aligning it with required settings for

effective communication.

The testing infrastructure consists of a router, a firewall, Linux machine 1, Linux

machine 2, and a Windows machine. The design is suitable to simulate an environment where

this network security application compatibility and other behaviours of the system can be tested.

As an application program, the firewall can run on any platform, in this testing process, it has

been run on Windows. It implements policies and rules to protect the network. With the router,

the different networks have been connected and network traffic has been managed. Linux

machines 1 and 2 acted as testing servers of network configurations. Windows has been used to

simulate a client's behaviour from a Windows environment. With this infrastructure, network

security can be measured, and simulations of different network scenarios and security policies

have been done. With this testing infrastructure, a proactive strategy can be built, and
vulnerabilities in this system can be found. The purpose of this testing infrastructure is to

properly identify and address flaws in security.

Explanation of the Network Diagram

Figure 7

Network Diagram

Note. Network diagram illustrating the interconnected architecture of the router, firewall, and

servers for enhanced cybersecurity testing.

This network diagram shows a basic architecture in which different devices are

interconnected through a router and firewall. With this architecture, secure Internet access has

been ensured. The router is at the center and serves as a primary gateway. It manages data traffic

between the internal network and the external internet. The assigned IP address of the router

connects the devices. So the communications and the resources can be shared. The firewall

improves security as it inspects the incoming and outgoing packets of data. It applies rules to
prevent unwanted access and protect the infrastructure from any potential cyberattacks (Fortinet,

2025). This secure environment consists of one Windows and two Linux machines; the Linux

machines serve as servers.

Definition of the Local Services

In this testing infrastructure, the local services include one router, firewall, one Windows

machine, and two Linux machines act as servers. In this infrastructure, the router would handle

basic network routing. In this infrastructure, different machines can communicate. The firewall

has predefined rules by which it can control traffic. Each machine, such as Linux 1, Linux 2, and

Windows, has unique IP addresses for communication over the network. The IP address of

Linux machine 1 is [Link], Linux machine 2 is [Link], and Windows machine is

[Link].

Reviewing The Attack Surfaces

Figure 8

Packet capturing
Note. Screenshot showing packet capture in progress with Wireshark, detailing network traffic

analysis

To review the attack surface testing is done. First, CentOS is installed. This approach is

allowed to assess the security of the Linux-based system, and then Ubuntu is installed. Ubuntu

installation gives another perspective on Linux security and vectors of attack. Then Windows is

installed. The knowledge of its security vulnerabilities is vital to comprehensively testing the

attack surface (Carpenter, 2021). Then, the network is configured. It's a critical part of the attack

surface testing. With this approach, it has been known how the system's communications and

exploitation are done. After that, packet capture is performed. Wireshark has been used to

analyze network traffic and identify potential vulnerabilities. The captured packets contain

information about the attackers. With the help of this information, the network traffic has been

analyzed, and identifications of potential vulnerabilities have been done. It formed an

understanding of how attackers might exploit the vulnerabilities.

Threats

Operating System Vulnerabilities

Each OS has a vulnerability inherently. Attackers can exploit the system through outdated

software. Each service and software which are installed in the system could have vulnerabilities,

and attackers can gain unauthorized access through these vulnerabilities. Security settings needed

to be proper as systems with improper settings and open ports can enable attackers to gain

unauthorized access (Fortinet, 2025).

Network Misconfigurations

Firewalls, intrusion detection systems needed to be implemented to prevent the attacks.

Network segmentation needed to be strong to prevent the attackers from exploiting the system.

Routers, network devices need to be secured properly; otherwise, there is a risk of being

compromised.

Packet Capture Analysis

Through the packet capture tools such as wireshark, sensitive data such as usernames,

passwords, and financial information can be captured. Attackers can gain this information and

exploit it. Malicious traffic can be captured through packet capture. The legitimate traffic can

also be captured through the packet capture. Proper analyzation of this traffic needed to be done

to ensure if they are used for attacks. Attackers can also use the packet capture to map the

topology of the network. With this data, they can identify vulnerable targets.

Risks

Networks store data so the attackers can use this sensitive data for attack purposes. Once

they have control over the system, they can install malware and steal data. For these attacks, it is
possible that the network services can be disrupted and face downtime. As stated earlier, the

attackers can gain information from financial transactions through packet capture, so they can

use this information for reputational damage. The cost to recover from such incidents is high, so

organizations need to be careful to implement proper security systems and update software

regularly to prevent such attacks. Without such actions, they can face legal penalties.

Table 1

Risk and Threat Table

Assessts Availablity Confidentiality Intrigrity

Hardware Services can be An USB drive which Firewalls have

declined if equipment is unencrypted is Inadequate policies.

is stolen or disabled. stolen.

Software Due to the deleted A software copy is Modifications of a

programs, the users made by working program are

can't access the unauthorized persons done to make it fail

systems. or organizations for during execution or to

attack (Walkowski, execute something

2019). sinister.

Data For deleted files users Reading of data is Modifications and

can't access to them. done without fabrications of the

authorization. With existing files are

the statistical data the done.

be found.

Communications Due to destroyed or Reading and Duplications,

Lines and Networks deleted messages, observation of recording of

communications lines message patterns are messages are done.

or networks are done. Fabrications are done

unavailable. with false messages.

Result

For assessing the attack surfaces, the Installation of CentOs, Ubuntu Windows, and Linux

1 and linux 2 servers is done. The goal was to analyze the captured packets and to identify the

vulnerabilities and misconfigurations that are present in the system. Wireshark has been used to

capture the packets of data. After the packet capture has been done, it can be seen that some

unnecessary services are open. Some weak configurations are found as well as some malicious

traffic. With this information, it can be said that unnecessary services needed to be disabled to

prevent the attackers from potential attacks. The system requires the use of strong passwords as

well as updated software to patch vulnerabilities that are known vulnerabilities. The systems

need to implement the tools to detect and prevent unauthorized activity. Tools such as intrusion

detection systems needed to be implemented in the system to make it more secure.

Conclusion

With the testing of the attack surface, it has been cleared that there are several

vulnerabilities present in the open ports and the CentOs. The attack surface testing revealed weak

passwords on Ubuntu and outdated passwords on Windows. With the network traffic analysis, it
has been seen that there are attempts to exploit the vulnerabilities. For mitigation for such risks,

recommendations to disable unnecessary services and implement strong authentication protocols,

updating software and implementation of intrusion detections system has been given. Continuous

monitoring and security testing are required to prevent attacks and make the environment secure.
 References

Walkowski, D. (2019, July 8). What is the CIA triad? F5 Labs.

[Link]

Fortinet. (2025). What is a cyber attack? Fortinet Cyber Glossary.

[Link]

Carpenter, P. (2021, September 16). 7 tips for building a strong security culture. TechTarget.

[Link]