COURSE

Identify Non-Secure Network Traffic

Course

In this IT Pro Challenge virtual lab, you will get hands-on experience using Wireshark to sniff network traffic and detect non-secure protocols being used in the environment. You will investigate evidence of secured versus non-secure traffic. The skills you will learn in this lab are essential for network security analysts and penetration testers.

Full access included with 
Insider Pro
 and 
Teams

0

H

45

M
Time

Beginner

i
Designed for learners who have no prior work experience in IT or Cybersecurity, but are interested in starting a career in this exciting field.
Designed for learners with prior cybersecurity work experience who are interested in advancing their career or expanding their skillset.
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this course

Read More

Skills you'll gain

Course Outline

No items found.
No items found.
No items found.
No items found.
Course Description

Lab Overview:

This hands-on lab provides a network security analyst with a basic understanding of how to investigate whether non-secure protocols are being used within your environment. A non-secure protocol is considered a protocol that does not have a minimal level of protection (i.e., encryption) as it traverses the network. Without encryption, sensitive information can be easily captured and used to exploit an organization and its network resources further. You will generate HTTP, HTTPS, and FTP traffic within the lab and capture the network traffic from a server’s ethernet network interface, using Wireshark. You will then analyze the captured packets and determine if the traffic is in plain text or encrypted.

Understand the scenario

You are a network security analyst for a company that uses the Windows operating system. You are concerned that systems on your network may be using non-secured protocols and transmitting traffic in plain text (i.e., unencrypted). You need to capture network traffic to determine if non-secure network protocols are being used. In this challenge, you will capture and view HTTP, HTTPS, and FTP traffic. In this lab, you will use a Windows Server 2016 and a Linux virtual machine to complete these tasks. You will directly connect to the virtual machine consoles in the lab environment.

Capture and view HTTP traffic:

For the first part of this lab, you will set up the packet capture tool, Wireshark, to capture traffic on a Windows Server 2016 ethernet network interface. Once the packet capture is running, you will use a Linux virtual machine to generate traffic. You will use a Linux command-line tool, wget, to initiate an HTTP GET request to the server’s IIS web page and retrieve the index.html page. This tactic mimics someone browsing to your web server. You will then switch back to your Wireshark packet capture, stop the capture, and investigate to find the HTTP traffic.

Capture and view HTTPS traffic:

In this section, you will configure your IIS server to enforce TLSv1.2 encryption by using HTTPS. Once your server is configured, you will restart a packet capture and reissue a wget command. This time, you will learn how to use wget to retrieve an HTTPS web page. You will then switch back to your Wireshark packet capture, stop the capture, and investigate the HTTPS traffic. Is it secure?

Configure an FTP server site:

To further explore non-secure protocols, you will enable your server to host an FTP site. The file transfer protocol (FTP) is notorious for being non-secure. It is generally poor practice to use FTP, and you will see why. Once your FTP site is set up, you will resume your packet capture, switch back to your Linux virtual machine, and connect to the FTP site via command line. After successfully connecting, you will then switch back to Wireshark, stop the packet capture, and inspect the traffic for non-secure FTP.

Capture and view FTP traffic:

Once your FTP site is set up, you will resume your packet capture, switch back to your Linux virtual machine, and connect to the FTP site via command line. After successfully connecting, you will then switch back to Wireshark, stop the packet capture, and inspect the traffic for non-secure FTP packets. What will you see that an attacker could use against you and your organization?

Lab Summary Conclusion:

In this hands-on virtual lab, you will learn how to assess network traffic packet captures for security weaknesses, such as a lack of encryption. You will learn how to use Wireshark to perform packet captures, analyze the traffic captured, and use the Linux command line to generate traffic, such as HTTP, HTTPS, and FTP. These skills are essential for network security analysts and penetration testers.

Other Challenges in this series

  • GUIDED CHALLENGE: Configure Linux Firewall ACL Rules
  • ADVANCED CHALLENGE: Can You Secure Host Settings Through Firewall Settings and Group Policy?

Train Your Team

Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

Included in a Path

Instructors

No items found.
Learn

Learn core concepts and get hands-on with key skills.

Practice

Exercise your problem-solving and creative thinking skills with security-centric puzzles

Prove

Assess your knowledge and skills to identify areas for improvement and measure your growth

Get Hands-on Learning

Put your skills to the test in virtual labs, challenges, and simulated environments.

Measure Your Progress

Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

Connect with the Community

Connect with peers and mentors through our supportive community of cybersecurity professionals.

Success from Our Learners

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

Cassandra

Information Security Analyst/Cisco Systems

"I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

Casey

Cyber Systems Engineer/BDO

"Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

Angel

Founder,/ IntellChromatics.

Identify Non-Secure Network Traffic

In this IT Pro Challenge virtual lab, you will get hands-on experience using Wireshark to sniff network traffic and detect non-secure protocols being used in the environment. You will investigate evidence of secured versus non-secure traffic. The skills you will learn in this lab are essential for network security analysts and penetration testers.

0
45
M
Time
Beginner
difficulty
ceu/cpe

Course Content

Course Description

Lab Overview:

This hands-on lab provides a network security analyst with a basic understanding of how to investigate whether non-secure protocols are being used within your environment. A non-secure protocol is considered a protocol that does not have a minimal level of protection (i.e., encryption) as it traverses the network. Without encryption, sensitive information can be easily captured and used to exploit an organization and its network resources further. You will generate HTTP, HTTPS, and FTP traffic within the lab and capture the network traffic from a server’s ethernet network interface, using Wireshark. You will then analyze the captured packets and determine if the traffic is in plain text or encrypted.

Understand the scenario

You are a network security analyst for a company that uses the Windows operating system. You are concerned that systems on your network may be using non-secured protocols and transmitting traffic in plain text (i.e., unencrypted). You need to capture network traffic to determine if non-secure network protocols are being used. In this challenge, you will capture and view HTTP, HTTPS, and FTP traffic. In this lab, you will use a Windows Server 2016 and a Linux virtual machine to complete these tasks. You will directly connect to the virtual machine consoles in the lab environment.

Capture and view HTTP traffic:

For the first part of this lab, you will set up the packet capture tool, Wireshark, to capture traffic on a Windows Server 2016 ethernet network interface. Once the packet capture is running, you will use a Linux virtual machine to generate traffic. You will use a Linux command-line tool, wget, to initiate an HTTP GET request to the server’s IIS web page and retrieve the index.html page. This tactic mimics someone browsing to your web server. You will then switch back to your Wireshark packet capture, stop the capture, and investigate to find the HTTP traffic.

Capture and view HTTPS traffic:

In this section, you will configure your IIS server to enforce TLSv1.2 encryption by using HTTPS. Once your server is configured, you will restart a packet capture and reissue a wget command. This time, you will learn how to use wget to retrieve an HTTPS web page. You will then switch back to your Wireshark packet capture, stop the capture, and investigate the HTTPS traffic. Is it secure?

Configure an FTP server site:

To further explore non-secure protocols, you will enable your server to host an FTP site. The file transfer protocol (FTP) is notorious for being non-secure. It is generally poor practice to use FTP, and you will see why. Once your FTP site is set up, you will resume your packet capture, switch back to your Linux virtual machine, and connect to the FTP site via command line. After successfully connecting, you will then switch back to Wireshark, stop the packet capture, and inspect the traffic for non-secure FTP.

Capture and view FTP traffic:

Once your FTP site is set up, you will resume your packet capture, switch back to your Linux virtual machine, and connect to the FTP site via command line. After successfully connecting, you will then switch back to Wireshark, stop the packet capture, and inspect the traffic for non-secure FTP packets. What will you see that an attacker could use against you and your organization?

Lab Summary Conclusion:

In this hands-on virtual lab, you will learn how to assess network traffic packet captures for security weaknesses, such as a lack of encryption. You will learn how to use Wireshark to perform packet captures, analyze the traffic captured, and use the Linux command line to generate traffic, such as HTTP, HTTPS, and FTP. These skills are essential for network security analysts and penetration testers.

Other Challenges in this series

  • GUIDED CHALLENGE: Configure Linux Firewall ACL Rules
  • ADVANCED CHALLENGE: Can You Secure Host Settings Through Firewall Settings and Group Policy?

This course is part of a Career Path:
No items found.

Instructed by

Provider
Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Identify Non-Secure Network Traffic Certificate of Completion