<a href="https://colab.research.google.com/github/blacktalenthubs/Dynamic-Application-Security-Testing/blob/main/week6.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>



---

# Week 6: Infrastructure Security

## Overview

Week 6 focuses on enhancing the security of infrastructure components. This includes practical exercises on DDoS simulation, securing EC2 instances, using network security tools, configuring VPC security, utilizing AWS WAF and Shield, and setting up Intrusion Detection Systems (IDS).

### Lab 1: DDoS Simulation Testing

**Objective:**
Understand the impact of Distributed Denial of Service (DDoS) attacks on web servers and learn how to mitigate these attacks using AWS Shield and other strategies.

#### Steps:

1. **Set Up a Target Web Server:**
   - **Launch an EC2 Instance**:
     1. Go to the AWS Management Console.
     2. Navigate to the EC2 Dashboard.
     3. Click on "Launch Instance".
     4. Choose an Amazon Machine Image (AMI) like Amazon Linux 2.
     5. Select an instance type (e.g., t2.micro for free tier).
     6. Configure the instance details and add storage as needed.
     7. Add a tag with the name "WebServer".
     8. Configure Security Group: Allow HTTP (port 80) and SSH (port 22) access.
     9. Review and launch the instance.
   - **Install a Web Server**:
     ```bash
     sudo yum update -y
     sudo yum install httpd -y
     sudo systemctl start httpd
     sudo systemctl enable httpd
     echo "Hello World from $(hostname -f)" > /var/www/html/index.html
     ```

2. **Simulate DDoS Attack:**
   - **Install LOIC (Low Orbit Ion Cannon)** on a separate machine:
     1. Download LOIC from GitHub: [LOIC GitHub](https://github.com/NewEraCracker/LOIC).
     2. Run LOIC and enter the target web server's public IP address.
     3. Start the attack and monitor the web server's response.

3. **Mitigation Strategies:**
   - **Enable AWS Shield**:
     1. AWS Shield is automatically enabled for all AWS customers.
     2. Optionally, enable AWS Shield Advanced for enhanced protection.
   - **Implement Rate Limiting and Load Balancing**:
     1. Set up an Application Load Balancer (ALB) in front of your web server.
     2. Configure the ALB with target groups and health checks.

**Explanation:**
This lab demonstrates the potential damage of DDoS attacks and the importance of implementing protective measures. AWS Shield and load balancing help mitigate these attacks, ensuring service availability.

### Lab 2: EC2 Key Pairs and Remediation

**Objective:**
Learn to securely access and manage EC2 instances using key pairs, and implement best practices to secure SSH access.

#### Steps:

1. **Create an EC2 Key Pair:**
   - **Generate a Key Pair**:
     1. Navigate to the EC2 Dashboard.
     2. Under "Network & Security", click on "Key Pairs".
     3. Click on "Create Key Pair".
     4. Provide a name and choose the file format (PEM for Linux, PPK for Windows).
     5. Download the key pair file.

2. **Launch an EC2 Instance:**
   - **Launch an Instance Using the Generated Key Pair**:
     1. Follow the steps from Lab 1 to launch a new EC2 instance.
     2. Select the previously created key pair during the instance launch.

3. **Secure SSH Access:**
   - **SSH into the EC2 Instance**:
     ```bash
     ssh -i /path/to/keypair.pem ec2-user@<public-ip-address>
     ```
   - **Implement SSH Security Best Practices**:
     1. **Change the Default SSH Port**:
        ```bash
        sudo nano /etc/ssh/sshd_config
        # Change Port 22 to Port 2222 (or another port)
        sudo systemctl restart sshd
        ```
     2. **Disable Root Login**:
        ```bash
        sudo nano /etc/ssh/sshd_config
        # Set PermitRootLogin to no
        sudo systemctl restart sshd
        ```

**Explanation:**
This lab emphasizes the importance of secure access to cloud resources. Using key pairs for authentication is more secure than passwords, and applying best practices for SSH further hardens security.

### Lab 3: Network Security Tools

**Objective:**
Explore and use various network security tools to monitor, analyze, and secure network traffic.

#### Steps:

1. **Install and Use Nmap:**
   - **Install Nmap**:
     ```bash
     sudo yum install nmap -y
     ```
   - **Perform Network Scanning**:
     ```bash
     nmap -sP 192.168.0.0/24
     nmap -A <target-ip>
     ```

2. **Install and Use Wireshark:**
   - **Install Wireshark**:
     ```bash
     sudo yum install wireshark -y
     ```
   - **Capture and Analyze Network Traffic**:
     1. Start Wireshark and select the network interface.
     2. Capture packets and analyze them.

3. **Install and Use tcpdump:**
   - **Install tcpdump**:
     ```bash
     sudo yum install tcpdump -y
     ```
   - **Capture Network Packets**:
     ```bash
     sudo tcpdump -i eth0
     sudo tcpdump -i eth0 -w capture.pcap
     ```

**Explanation:**
Network security tools are essential for identifying vulnerabilities, monitoring traffic, and diagnosing issues. Nmap, Wireshark, and tcpdump are widely used tools for network reconnaissance and analysis.

### Lab 4: VPC Security (Flow Logs, Traffic Mirroring)

**Objective:**
Configure and use VPC Flow Logs and Traffic Mirroring to monitor and analyze network traffic within a VPC.

#### Steps:

1. **Enable VPC Flow Logs:**
   - **Enable Flow Logs**:
     1. Navigate to the VPC Dashboard.
     2. Select a VPC and click on "Create Flow Log".
     3. Configure the log destination (e.g., CloudWatch Logs or S3).

2. **Set Up Traffic Mirroring:**
   - **Create a Traffic Mirror Session**:
     1. Navigate to the VPC Dashboard.
     2. Under "Traffic Mirroring", create a mirror target and filter.
     3. Create a mirror session linking the target and filter.

**Explanation:**
VPC Flow Logs and Traffic Mirroring provide visibility into network traffic, helping identify potential security threats and anomalies. These tools are crucial for maintaining a secure VPC environment.

### Lab 5: Security Groups and NACLs

**Objective:**
Configure Security Groups and Network Access Control Lists (NACLs) to control traffic to and from EC2 instances and subnets within a VPC.

#### Steps:

1. **Create Security Groups:**
   - **Define Inbound and Outbound Rules**:
     1. Navigate to the EC2 Dashboard.
     2. Under "Network & Security", click on "Security Groups".
     3. Create a new security group and add rules for SSH, HTTP, etc.

2. **Configure NACLs:**
   - **Set Up NACLs**:
     1. Navigate to the VPC Dashboard.
     2. Under "Network ACLs", create a new ACL.
     3. Add rules for inbound and outbound traffic.

**Explanation:**
Security Groups and NACLs are fundamental for securing AWS environments. They act as virtual firewalls, controlling traffic flow at both the instance and subnet levels.

### Lab 6: AWS WAF and Shield

**Objective:**
Protect web applications from common web exploits and DDoS attacks using AWS Web Application Firewall (WAF) and AWS Shield.

#### Steps:

1. **Set Up AWS WAF:**
   - **Create Web ACLs and Rules**:
     1. Navigate to the WAF & Shield Dashboard.
     2. Create a new web ACL and add rules to block common web exploits.
     3. Associate the web ACL with a CloudFront distribution or ALB.

2. **Enable AWS Shield:**
   - **AWS Shield Standard** is automatically enabled for all AWS customers.
   - **Enable AWS Shield Advanced** for enhanced protection (optional).

**Explanation:**
AWS WAF and Shield provide robust protection against web attacks and DDoS. This lab helps students understand how to configure and use these services to safeguard web applications.

### Lab 7: Intrusion Detection Systems (IDS)

**Objective:**
Set up and use Intrusion Detection Systems (IDS) such as Snort and Suricata to monitor and detect network intrusions.

#### Steps:

1. **Install Snort:**
   - **Set Up Snort**:
     ```bash
     sudo yum install snort -y
     sudo snort -c /etc/snort/snort.conf -i eth0
     ```

2. **Install Suricata:**
   - **Configure Suricata**:
     ```bash
     sudo yum install suricata -y
     sudo suricata -c /etc/suricata/suricata.yaml -i eth0
     ```

3. **Analyze Alerts:**
   - **Review IDS Alerts**:
     1. Check logs and alerts generated by Snort and Suricata.
     2. Use Kibana to visualize and analyze the alerts.

**Explanation:**
IDS tools like Snort and Suricata are crucial for detecting and responding to network intrusions. This lab teaches students how to deploy and use these tools effectively.

### Lab 8: AWS VPC Flow Logs

**Objective:**
Enable and analyze AWS VPC Flow Logs to gain insights into network traffic within a VPC.

#### Steps:

1. **Enable Flow Logs:**
   - **Enable Flow Logs for a VPC**:
     1. Navigate to the VPC Dashboard.
     2. Select a VPC and click on "Create Flow Log".
     3. Configure the log destination (e.g., CloudWatch Logs or S3).

2. **Analyze Flow Logs:**
   - **Use Amazon CloudWatch or S3 to Store and Analyze Logs**:
     1. Navigate to CloudWatch Logs or S3.
     2. Review and analyze the flow logs for insights into network traffic.

**Explanation:**
VPC Flow Logs capture detailed information about IP traffic within a VPC. Analyzing these logs helps in identifying security issues and optimizing network performance.

### Lab 9: AWS Traffic Mirroring

**Objective:**
Set up AWS Traffic Mirroring to capture and analyze network traffic for security monitoring and troubleshooting.

#### Steps:

1. **Configure Traffic Mirroring:**
   - **Set Up Traffic Mirroring for a Specific ENI (Elastic Network Interface)**:
     1. Navigate to the VPC Dashboard.
     2. Under "Traffic Mirroring", create a mirror target and filter.
     3. Create a mirror session linking the target and filter.

2. **Analyze Mirrored Traffic:**
   - **Use Tools Like Wireshark to Analyze the Mirrored Traffic**:
     1. Capture traffic using the mirror session.
     2. Analyze the captured traffic with Wireshark or similar tools.

**Explanation:**
AWS Traffic Mirroring provides real-time network traffic capture, enabling deep packet inspection for security monitoring and troubleshooting.

### Lab 10: IDS Tools (Snort, Suricata)

**Objective:**
Deploy and use Snort and Suricata as Intrusion Detection Systems (IDS) to monitor and secure network traffic.

#### Steps:

1. **Install Snort:**
   - **Set Up and Configure Snort**:
     ```bash
     sudo yum install snort -y
     sudo snort -c /etc/snort/snort.conf -i eth0
     ```

2. **Install Suricata:**
   - **Set Up and Configure Suricata**:
     ```bash
     sudo yum install suricata -y
     sudo suricata -c /etc/suricata/suricata.yaml -i eth0
     ```

3. **Monitor and Analyze:**
   - **Use Snort and Suricata to Monitor Network Traffic and Analyze Alerts**:
     1. Review logs and alerts generated by the IDS tools.
     2. Visualize and analyze the alerts using Kibana.

**Explanation:**
Deploying IDS tools like Snort and Suricata is essential for proactive network security monitoring. This lab provides hands-on experience in setting up and using these tools to detect and respond to threats.

---
