This lab provided practical experience in packet crafting as well as network enumeration and protocol analysis with Wireshark and Scapy as tools. Accessing the designated Dell Tower through an Ubuntu system taught me to discover the private network’s addressing scheme as well as determine network interfaces while examining network traffic. Network data flow analysis was achieved by capturing packets in Wireshark and applying filters based on protocol types and destination addresses. By constructing Ethernet packets with Scapy I learned about the transmission and structure of packet headers. The ARP task clarified Address Resolution Protocol's function in network communication and how it matches IP addresses to MAC addresses through ARP requests. The examination of the IRC protocol expanded my comprehension of application-layer communication and clarified the structured format used in client messages. This lab session strengthened my foundational networking skills and taught me how to analyze packets while showing me which tools are crucial for inspecting and modifying network traffic. 

I studied the basic concepts of HTTP requests and network traffic examination by using curl, netcat, Wireshark, and browser developer tools. Through manual creation of HTTP requests using GET, POST, and PUT methods I performed an analysis of their structure and network behavior. Wireshark allowed me to capture HTTP traffic so I could learn about request and response formatting and transmission. I conducted an examination of form submissions to explore the differences in query parameter handling between GET and POST methods. I used web developer tools to gather network performance data from an actual website and examined metrics including the number of requests made, the total data transferred, and how long pages took to load. As my final step I studied HTTP storage and decoding methods through CyberChef and Storage Inspector tools. This laboratory work enhanced my grasp of web protocols while strengthening my knowledge of HTTP communication and network traffic analysis to reinforce essential web security and performance principles.

I explored the Domain Name System (DNS) by examining its functionality, modifying local name resolution, and analyzing DNS traffic using Wireshark. First, I reviewed key concepts from the lecture, including DNS ports, TTL, A and AAAA records, and the role of resolvers. Then, I manipulated the /etc/hosts file to override domain name resolution, redirecting traffic meant for facebook.com to netdev.scrivnor.cikeys.com. This demonstrated how local name resolution takes precedence over external DNS lookups. Finally, I conducted a scavenger hunt using a provided pcapng file, applying Wireshark filters to identify specific DNS queries and responses, such as those for AAAA records, NXDOMAIN errors, and responses with high TTL values. This lab strengthened my understanding of DNS resolution, name spoofing, and packet analysis, reinforcing its importance in both system administration and cybersecurity. 

I worked with IP networking concepts, switch configuration, automated OS installation, and subnetting. First, I conducted IP enumeration to determine my machine’s IP address, subnet mask, available host range, and default gateway. Then, I configured a Cisco switch (sw2) to function as a backup for sw1, including setting up trunk and access ports, assigning an IP address, and enabling remote management via Telnet. I also connected the switch to the network and verified its functionality. Next, I performed an automated Debian installation over the network using a preseed file, ensuring that the NUC was properly configured to pull installation instructions from a remote server. Finally, I reinforced my subnetting skills by designing a network for three campus buildings using ipcalc, determining the appropriate subnet masks and IP ranges for each. This lab deepened my understanding of networking fundamentals, switch configuration, and subnetting, all of which are essential for managing enterprise networks efficiently.  

I explored network routing, packet tracing, sockets, and Network Address Translation (NAT). First, I used mtr and Wireshark to analyze the path packets take across the internet, learning how TTL values and ICMP responses reveal intermediate routers. Then, I manually crafted and sent ICMP packets using Scapy to confirm routing behavior. Next, I worked with sockets by establishing a TCP connection between two machines using ncat, analyzing the connection with the ss command to identify the 4-tuple that uniquely defines a network session. Finally, I revisited NAT concepts by examining an SSH session capture and determining how IP addresses and port translations affect network communication. This lab provided valuable hands-on experience in understanding network traffic flow, debugging routing issues, and analyzing real-world NAT behavior. 

I explored cryptographic concepts related to certificates, hashing, encoding, and digital signatures. I started by generating random data and encoding it using Base64, then learned how hashing provides file integrity verification. I also created a public-private key pair and analyzed its components to understand RSA encryption. Using my private key, I signed a file and verified the signature using my public key, demonstrating the foundation of digital authentication. Additionally, I generated a Certificate Signing Request (CSR) and configured it with Subject Alternative Names (SANs) to support multiple domains. By submitting the CSR for signing and validating the returned certificate, I gained practical experience in SSL/TLS certificate management. This lab reinforced my understanding of how cryptography secures web communications, ensuring data integrity, authentication, and confidentiality. 

I explored the fundamentals of the Transmission Control Protocol (TCP), including the three-way handshake, sequence numbers, retransmissions, and congestion control. I established and analyzed TCP connections using Wireshark and ncat, identifying sequence numbers and socket tuples to understand how TCP initializes and maintains reliable communication. By simulating a failed connection attempt, I observed TCP’s retransmission behavior and exponential backoff strategy, which prevents network congestion. Additionally, I examined TCP’s byte-based sequence numbers and acknowledgments by uploading a file over HTTP, analyzing how data is broken into segments and reassembled. The TCP Stream Graph helped visualize congestion control mechanisms such as slow start. This lab deepened my understanding of how TCP ensures reliable data transfer, manages network congestion, and maintains efficient communication between hosts. 

I explored malware detection, forensic analysis, and honeypot investigation. I started by executing a fake malware script that created disguised processes to simulate a real-world infection. Using forensic tools, I analyzed a system’s process list to identify suspicious activity, focusing on hidden executables and processes running from unusual locations like /tmp. I learned how malware can masquerade as legitimate system processes and how environment variables can reveal their origins. In the second task, I analyzed a honeypot that had been compromised, identifying a crypto-mining malware infection. By investigating system logs, running processes, and network connections, I traced the malware’s origin, examined its method of execution, and identified its external communication. This lab strengthened my understanding of incident response, forensic investigation techniques, and the importance of proactive security measures in detecting and mitigating cyber threats. 

My experience in access control management expanded through Linux and Windows system implementations. The initial exercise taught me how to handle Active Directory (AD) accounts and organizational units while using Group Policy Objects (GPO) to implement access control in Windows. Through the second exercise I learned to create and manage user accounts and groups in Linux while establishing directories and file permissions which enhanced my knowledge of ownership and permission configurations to maintain security. The third exercise enabled me to use Windows Admin Center (WAC) for Role-Based Access Control (RBAC) implementation to effectively restrict user activities and enforce system management policies. The exercises demonstrated how access control mechanisms play a critical role in safeguarding system integrity, confidentiality, and availability within various operating systems. 

This lab shows the implementation of password policies through the Group Policy Management Console (GPMC) in an Active Directory (AD) Domain Controller setting. Administrators can improve security for the NDE.com domain by establishing strict password rules through a Group Policy Object (GPO). This policy requires user passwords to adhere to complexity standards which include a minimum length requirement as well as the presence of uppercase letters, lowercase letters, numbers and special characters. The policy requires Martin to update their password at their subsequent login. The system performs tests which block weak passwords while implementing the new password policy requirements. The use of gpupdate /force to enforce group policies makes sure every domain user follows security protocols which protects against brute-force attacks and blocks unauthorized access. 

The eight exercises provided practical experience in setting up and  safeguarding network environments through multiple tools and  methods. My training included setting up host-based firewalls with  iptables on Linux and Windows Defender Firewall on Windows systems  for managing both inbound and outbound network traffic. I studied  network-based firewall protection through pfSense to understand how to  block unwanted websites, disable insecure ports, and apply time-based  firewall control for better network security. I configured intrusion  detection systems such as Suricata and integrated these with Splunk  SIEM to monitor real-time attacks and analyze system logs. To monitor  malicious network activity I implemented HoneyBOT which functions  as a honeypot tool through the simulation of vulnerable services. I  established a Virtual Private Network (VPN) through SoftEther VPN to  provide secure remote access to a company's network. Through these  exercises I gained practical skills in network security and firewall  configurations while learning about intrusion detection and VPN  implementation which enabled me to defend and manage modern  network infrastructures efficiently. 

The three exercises provided me with practical skills in cloud security  through virtualization and access management tools. The first exercise  taught me to use Docker-Bench-Security to audit Docker security by  identifying vulnerabilities and learning to enhance Docker security  settings. During Exercise 2 I explored AWS Identity and Access  Management (IAM) by creating IAM groups and users, assigning  policies to them and activating Multi-Factor Authentication (MFA) for  increased security. These exercises illustrated how critical role-based  access control and authentication systems are to securing cloud  platforms. Exercise 3 required me to address Amazon S3 storage  security through the use of Access Control Lists (ACLs) combined with  bucket policies to handle permissions and safeguard data. Through  access restriction policies I gained knowledge on protecting cloud data  from unauthorized access. Through these exercises I understood the  necessity of protecting cloud systems by applying optimal security  measures and monitoring configurations while maintaining secure access controls and reducing cloud computing and container-based risks.