Maharashtra College

INFORMATION SECURITY
Practical File
TYIT

Prof. Ismail H. Popatia

Asst. Prof
Computer Science Dept
Maharashtra College

2024
Information Security TYIT

PRACTICAL NO 1:
Configure Cisco Routers for Syslog, NTP, and SSH
Operations
OSPF, MD5 Authentication

• OSPF is a routing protocol. Two routers speaking OSPF to each other exchange
information about the routes they know about and the cost for them to get there.

• When many OSPF routers are part of the same network, information about all of the
routes in a network are learned by all of the OSPF routers within that network —
technically called an area. (We’ll talk more about area as we go on).

• Each OSPF router passes along information about the routes and costs they’ve heard
about to all of their adjacent OSPF routers, called neighbors.

• OSPF routers rely on cost to compute the shortest path through the network between
themselves and a remote router or network destination.

• The shortest path computation is done using Djikstra’s algorithm. This algorithm isn’t
unique to OSPF. Rather, it’s a mathematical algorithm that happens to have an obvious
application to networking.

MD5 Authentication

• MD5 authentication provides higher security than plain text authentication.

• This method uses the MD5 algorithm to compute a hash value from the contents of the
OSPF packet and a password (or key).

• This hash value is transmitted in the packet, along with a key ID and a non-decreasing
sequence number.

• The receiver, which knows the same password, calculates its own hash value.

• If nothing in the message changes, the hash value of the receiver should match the hash
value of the sender which is transmitted with the message.

• The key ID allows the routers to reference multiple passwords.

• This makes password migration easier and more secure.

ISMAIL H P Page 2
Information Security TYIT

• For example, to migrate from one password to another, configure a password under a
different key ID and remove the first key.

• The sequence number prevents replay attacks, in which OSPF packets are captured,
modified, and retransmitted to a router.

• As with plain text authentication, MD5 authentication passwords do not have to be the
same throughout an area. However, they do need to be the same between neighbors.

Example

Consider the following topology

ISMAIL HP Page 3
Information Security TYIT

Configuring PCO

P PCO X

Physical Config Desktop Programming Attreutes

Configuring PC1

? PC1 - X

Physical Config Desktop Programming Attributes

ISMAIL HP Page 4
Information Security TYIT

Configuring NTP Server

* NTP X

pnysical Config Services Cesk~.cc Programing Arirtoutes

Configuring SYSLOG Server

P SVSLOG X

Physical Config Services Deshoo Programming Attrtutes

ISMAIL HP Page 5
Information Security TYIT

Configuring RouterO

RouterO X

Physical Config CLI Attributes

GLOBAL
Settings
Algorithm Settings
ROUTING
Static
RIP
SWITCHING
VLAN Database
INTERFACE
I GigabitEthernetO/O |
GigabitEthernetO/1

RouterO — X

Physical Config CLI Attributes

GLOBAL
Settings
Algorithm Settings
ROUTING
Static
RIP
SWITCHING
VLAN Database
INTERFACE
GigabitEthernetO/O
| GigabitEthernetO/1 |

ISMAIL HP Page 6
Information Security TYIT

Configuring Routeri

Router! — X

Physical Config CLI Attributes

Eauivalent IOS Commands

P Routeri

Physical Config CLI Attributes

GLOBAL
Settings
Algorithm Settings
ROUTING
Static
RIP
SWITCHING
VLAN Database
INTERFACE
GigabitEthernetO/O
GigabitEthernetO/1 |

ISMAIL HP Page 7
Information Security TYIT

Part 1: Configure OSPF MD5 Authentication

ROUTER 0: Type the following command in the CLI mode
Router>enable
Router#configure terminal
Router(config)#router ospf 1
Router(config-router)#network [Link] [Link] area 1
Router(config-router)#network [Link] [Link] area 1
Router(config-router)#exit
Router(config)#exit
Router#
ROUTER 1: Type the following command in the CLI mode
Router>enable
Router#configure terminal
Router(config)#router ospf 1
Router(config-router)#network [Link] [Link] area 1
Router(config-router)#network [Link] [Link] area 1
Router(config-router)#exit
Router(config)#exit
Router#
Now we verify the connectivity by using the following
S’ PC1 — X

Physical Config Debtor Programming Attributes

Top

ISMAIL HP Page 8
Information Security TYIT

Hence OSPF has been verified

MDS Authentication

ROUTER 0: Type the following command in the CLI mode

Router>enable
Router#
Router#configure terminal
Router(config)#interface GigabitEthemetO/ 1
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#ip ospf message-digest-key 1 md5 smile
Router(config-if)#exit
Router(config)#exit

ROUTER 1: Type the following command in the CLI mode

Router>enable
Router#
Router#configure terminal
Router(config)#interface GigabitEthemetO/ 1
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#ip ospf message-digest-key 1 md5 smile
Router(config-if)#exit
Router(config)#exit

Verify the MDS Authentication using the following command in the

CLI mode of RouterO
Router#show ip ospf interface gigabitEthemet 0/1

We get the following output:

GigabitEthemetO/ 1 is up, line protocol is up
Internet address is [Link]/24, Area 1
Process ID 1, Router ID [Link], Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) [Link], Interface address [Link]
Backup Designated Router (ID) [Link], Interface address [Link]
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

ISMAIL H P Page 9
Information Security TYIT

Hello due in [Link]

Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1 , Adjacent neighbor count is 1
Adjacent with neighbor [Link] (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1

MD5 Authentication has been verified

ISMAIL H P Page 10
Information Security TYIT

b) NTP

• Network Time Protocol (NTP) is a TCP/IP protocol used to synchronize

computer clocks across data networks.
• NTP was developed in the 1980s by D.L. Mills at the University of Delaware
to achieve highly accurate time synchronization and to sustain the effects of
variable latency over packet-switched data networks through a jitter buffer.

We use the same topology to study the given protocol

Configure NTP Server and enable the NTP service

r NTP X

Physical Config Services Desktop Programmrig Attnbutes

SERVICES
NTP
HTTP
DHCP Service ® On O off
DHCPvS Autnenncatjon

TFTP
O Enable ® Disable
DNS
SYSLOG Key Password:
AAA
4 February 2020 4 1109:24AM C
NTP
EMAIL
Sun Mon Tue Wed Thu Fri Sat
FTP
loT
26 27 28 29 30 31 1
VM Management
Radius EAP
2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

1 2 3 4 5 6 7

Top

We must disable the NTP service on other servers else output won’t be obtained

ISMAIL HP Page 11
Information Security TYIT

Now Go to CLI Mode of Router4 and type the following commands on both the
Routers

Router#config
Router#con figure t
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server [Link]
Router(config)#ntp up
Router(config)#ntp update-calendar
Router(config)#exit
Router#

To verify the Output we use the following command

Router#show clock
[Link].985 UTC Tuc Feb 18 2020
Router#

ISMAIL HP Page 12
Information Security TYIT

c) SYSLOG server
Configure SYSLOG Server and enable the service

• Syslog is a way for network devices to send event messages to a logging server
- usually known as a Syslog server.
• The Syslog protocol is supported by a wide range of devices and can be used to
log different types of events.
• For example, a router might send messages about users logging on to console
sessions, while a web-server might log access-denied events.

Turn ON the SYSLOG service on the server

* SVSLOG X

Physical Config Le". ices Desktop Programmrig Attributes

SERVICES
Syslog
HTTP
Syslog
DHCP
DHCPv6 Service © On O Off
TFTP
Time HostName Message
DNS
SYSLOG
AAA
NTP
EMAIL
FTP
loT
VM Management
Radius EAP

Clear Log

ibp

And Turn OFF on all other Servers

ISMAIL HP Page 13
Information Security TYIT

Now Go to CLI Mode of any Router and type the following commands in all the
Routers.

Router#
Router#configure terminal
Router(config)#logging 1 92. 1 68. 1 .2
Router(config)#exit
Router#

Output:

* SYSLOG X

Physical Config Ser. ces Desktop Programming Attributes

SERVICES
Syslog
HTTP
Syslog
DHCP
DHCPv6 Service ® On O off
TFTP
Time Ho stNa me Message
DNS
4M
1£ Q 2 9
SYSLOG %SYS-5-CONFIG_t Configured from c...
AAA %SYS^LOGGINGHOST_STARTSTOP
NTP Logging to host 192 168.12 port 514 s .

B4ML
FTP
IOT
VM Management
Radius EAP

Clear Log

ibp

ISMAIL HP Page 14
Information Security TYIT

d) SSH

• An SSH server is a software program which uses the secure shell

protocol to accept connections from remote computers.
• The way SSH works is by making use of a client-server model to allow
for authentication of two remote systems and encryption of the data that
passes between them.
• It organizes the secure connection by authenticating the client and
opening the correct shell environment if the verification is successful.

Now Go to CLI Mode of RouterO and type the following commands.

Router#configure terminal
Router(config)#ip domain-name [Link]
Router(config)#hostname R 1
R 1 (config)#
Rl(config)#crypto key generate rsa

The name for the keys will be: [Link]

Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

R 1 (config)#line vty 0 4
RI (config-1ine)#transport input ssh
Rl(config-line)#login local
R 1(config-line)#exit
Rl(config)#usemame ismail privilege 15 password cisco
RI (config)#

Output: Go to cmd of PC1 and type the command

ssh -I ismail [Link] and type the password cisco

ISMAIL H P Page 15
Information Security TYIT

p PC - X

Phys>cal Config Desktop Programming Attributes

LI Ibp

Hence SSH is also verified

For video demonstration of the above practical scan the QR-code

ISMAIL H P Page 16