ACCESS CONTROL & NETWORK TRAFFIC ANALYSIS
Overview
This project demonstrates practical implementation of logical access control hardening and network traffic analysis on a Windows environment. The objective was to evaluate password security, enforce secure authentication policies, and analyze network traffic using industry-standard tools.
The work focuses on preventive and detective security controls, combining password vulnerability assessment, Windows policy enforcement, and packet inspection to identify and filter relevant network activity.
Scope & Objectives
Assess password strength using offline attack techniques
Harden local authentication and account policies on Windows
Analyze network traffic to isolate hosts, protocols, and sensitive patterns
Demonstrate practical use of security tools commonly used in IT and SOC environments
Environment
Operating System: Windows 10 Pro
Network: Local LAN (192.168.0.0/24)
Tools Used:
L0phtCrack
Local Security Policy Editor (secpol.msc)
Group Policy Editor (gpedit.msc)
Wireshark
Part 1 – Password Security Assessment
User Account Configuration
Multiple local user accounts were created to simulate a small corporate workstation environment:
Administrator account
Guest account
Standard user accounts
Passwords of varying complexity were intentionally configured for testing purposes.
Password Attack Simulation
Password strength was evaluated using L0phtCrack through:
Dictionary attacks
Brute-force attacks
Results were reviewed to identify weak credentials and common password vulnerabilities.
This scenario simulates a small corporate environment where a security analyst is responsible for evaluating password strength and authentication controls. Local user accounts representing different access levels were created in order to assess password resilience using offline analysis techniques.
As the network admin, you will run L0phtCrack 2 times, first for the dictionary attack and second for the brut force attack to break the passwords. Show the results and analyze it briefly
Local user accounts were created to simulate different access levels:
- Administrator
- Guest
- Standard users
These accounts were used exclusively for password strength testing and policy enforcement.
Password strength was assessed using L0phtCrack by executing dictionary and brute-force attack simulations against test user accounts. Results were analyzed to identify weak credentials and inform access-control hardening decisions.
Dictionary attack results
The results show that the passwords for Christ Selfridge and Guest1 were easily cracked within 11s. There is No surprised there, as these passwords lacked complexity and were among the most commonly used passwords at some point.
Brute-force attack outcomes
After performing the brute-force attack, none of the remaining passwords were successfully cracked. This outcome was expected due to their increased complexity. The remaining passwords demonstrated characteristics of strong credentials, including sufficient length, a mix of uppercase and lowercase characters, numeric values, special characters, and the use of uncommon words. These factors significantly increased resistance to brute-force attacks.
The recommended access control measures were implemented using Windows Local Security Policy and Group Policy Editor, ensuring consistent enforcement of password and account lockout configurations across the system.
i. Enforce password history Change for 4 passwords remembered
ii. Maximum password age
- Change for 30 days
iv. Minimum password length
Part 2 – Network Traffic Analysis (Wireshark)
Wireshark was used to capture and analyze packets on the local network in order to identify specific traffic patterns.
Traffic Analysis Performed
Monitoring all traffic on the 192.168.0.0/24 subnet
Isolating traffic for a specific host
Filtering traffic by:
Source IP address
Destination IP address
HTTP traffic (port 80)
Ethernet MAC address patterns
TCP packets containing the keyword "password"
This scenario simulates a small corporate network where a security analyst is tasked with monitoring and analyzing packet-level network activity using Wireshark. The objective is to identify and isolate traffic associated with a specific host within the local subnet, based on its IP and MAC address, in order to assess communication patterns and potential security risks.
Network traffic associated with a specific host was isolated to analyze communication behavior and identify inbound and outbound connections.
IP traffic originating from the selected host was filtered to examine outbound communications and protocol usage.
IP traffic destined for the selected host was isolated to analyze inbound connections and potential exposure.
HTTP traffic on destination port 80 was filtered to identify unencrypted web communications and potential exposure of sensitive data.
A Packets associated with a specific Ethernet MAC address were filtered to trace device-level network activity.
TCP packets containing the keyword "password" were identified to demonstrate the risks associated with transmitting sensitive information over unencrypted channels.
