Basic Firewall Lab. Lab Objectives. Configuration



Similar documents
Lab Configuring Access Policies and DMZ Settings

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Lab Configuring Access Policies and DMZ Settings

Lab Exercise Configure the PIX Firewall and a Cisco Router

Applied Security Lab 2: Personal Firewall

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

How To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)

Using Virtual Machines

CIS 4361: Applied Security Lab 4

Install MS SQL Server 2012 Express Edition

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

CNW Re-Tooling Exercises

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Firewalls and Software Updates

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT EIGHT. Ubuntu Security.

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

XenApp/Citrix Program Neighborhood Installation

Lab - Configure a Windows Vista Firewall

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Lab Objectives & Turn In

Introduction to Network Security Lab 1 - Wireshark

HoneyBOT User Guide A Windows based honeypot solution

Windows Server 2008 R2 Initial Configuration Tasks

Lab - Configure a Windows 7 Firewall

Installation Guide For Choic Enterprise Edition

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara

Setting Up Scan to SMB on TaskALFA series MFP s.

Lab - Observing DNS Resolution

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

LAB THREE STATIC ROUTING

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Lab - Observing DNS Resolution

Connection and Printer Setup Guide

Building a Penetration Testing Virtual Computer Laboratory

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Multi-Homing Dual WAN Firewall Router

Immersion Day. Creating an Elastic Load Balancer. Rev

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

State Health Repository Tool (SHRT) Testing Instructions

KeyControl Installation on Amazon Web Services

Deploying Windows Streaming Media Servers NLB Cluster and metasan

F-Secure Messaging Security Gateway. Deployment Guide

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Lab Configure Cisco IOS Firewall CBAC

SECURE FTP CONFIGURATION SETUP GUIDE

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

How to configure your Windows PC post migrating to Microsoft Office 365

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

1 Download & Installation Usernames and... Passwords

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual


Lab assignment #1 Firewall operation and Access Control Lists

F-SECURE MESSAGING SECURITY GATEWAY

Assignment 3 Firewalls

User Guide. You will be presented with a login screen which will ask you for your username and password.

Setting up VNC, SAMBA and SSH on Ubuntu Linux PCs Getting More Benefit out of Your Local Area Network

Step-by-Step Configuration

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Lab Conducting a Network Capture with Wireshark

MultiSite Manager. Setup Guide

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

RAPID BROADBAND INSTALLATION RAPID BROADBAND SUPPORT CONTACT DETAILS. AND TROUBLESHOOTING GUIDE. Tel:

How to Configure Captive Portal

How to set up your Secure in Outlook 2010*

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Transparent Firewall/Filtering Bridge - pfsense By William Tarrh

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

NYU-Poly VLAB Introduction LAB 0

GENERAL FILE TRANSFER GUIDELINES

Lab Editing the HOSTS File in Windows

Lab - Using Wireshark to View Network Traffic

CDH installation & Application Test Report

How To Test The Bandwidth Meter For Hyperv On Windows V (Windows) On A Hyperv Server (Windows V2) On An Uniden V2 (Amd64) Or V2A (Windows 2

TABLE OF CONTENTS. Change Server Port in OBIEE 11g Page 2 of 15

Modern snoop lab lite version

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Smoking and any food or drinks are not permitted in the Applications Lab!

10 Configuring Packet Filtering and Routing Rules

Lab Developing ACLs to Implement Firewall Rule Sets

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

ILTA HANDS ON Securing Windows 7

Penetration Testing LAB Setup Guide

IP-PBX Quick Start Guide

Automatic Hotspot Logon

Network Packet Analysis and Scapy Introduction

Installing the SSH Client v3.2.2 For Microsoft Windows

Microsoft Labs Online

NetSupport DNA Configuration of Microsoft SQL Server Express

Maple T.A. Beginner's Guide for Instructors

Apache Configuration

Transcription:

Basic Firewall Lab Firewalls are devices that filter traffic. Typically they are placed at boundaries between secure and less secure systems or networks. When traffic enters a firewall the firewall compares the traffic to a list of rules until it reaches a rule that applies to the traffic. Then it performs the task set in the rule. A firewall can be either a feature of a software package or a dedicated hardware platform. Lab Objectives By the end of this lab, you will be able to: Determine the connectivity of two network computers. Change access to those computers using firewall rules. Remember to read the report requirements at the end of this document before you start the lab to see what is required to hand into the instructor. Unless otherwise stated by the instructor, this lab is to be completed as a team. The report is to be written as a team. Configuration 1. In this lab, we will be using a Linux Operating System. 2. We will use a terminal screen to manually enter commands to test connectivity. 3. We will use the graphical user interface for ufw to manipulate firewall settings. Stateful/Stateless firewalls Firewalls come in two basic types; the Stateful and the Stateless. The Stateful firewall keeps track of both outgoing and incoming traffic and keeps track of the network connections and streams. For example, a stateful firewall might be set to deny all traffic unless you initiate the communications. In other words hackers would not be able to initiate unsolicited communications with your network. Stateless firewalls watch network traffic, and restrict or block packets based on source and destination addresses or other static values. They are not 'aware' of traffic patterns or data flows. A stateless firewall uses simple rule sets that do not account for the possibility that a packet might be received by the firewall 'pretending' to be something you asked for. Firewall best practices There is an old joke: How do you configure your firewall? Deny everything and wait for the phone to ring. Granted, it s not a very funny joke but it does illustrate firewall best practices. If you were to actually deny all inbound and out bound traffic your phone would immediately start ringing with incensed users demanding that you turn on the traffic they require to do their jobs. Then you could ensure that your firewall would only be open to the traffic that was absolutely necessary. Anything not specifically approved is forbidden. The reason it is best to be strict with network traffic is that every port, protocol, service, and application your system is open to brings its own set of vulnerabilities for hackers to exploit. Page 1 of 6

GUFW The Graphical Uncomplicated Firewall is Ubuntu s attempt to make a friendly graphical user interface for their text based UFW or Uncomplicated Firewall. Task 1 Restrict the Access to your computer using firewall settings. Step 1. Logon to your virtual machine: http://up.ist.psu.edu/up/up_vhol (use Administrator and PW: password) Step 2. Find and open your team s virtual machine that was assigned by your instructor or TA. Step 3. Go to the Console tab Step 4. Determine the connectivity and protocol availability Open Firefox by going to Applications > Internet > Firefox Web Browser. Type 192.168.0.5 for the URL address. You should see the XAMPP webserver website. Leave this website open. Page 2 of 6

Step 5. Go to Applications > Accessories > Terminal Step 6. Step 7. Step 8. Type ping 192.168.0.5 and hit the Enter key. This will show you whether there is connectivity between your system and the system with the address 192.168.0.5, and the speed of the connection. Press Ctrl + C to stop the pinging. Type ssh 192.168.0.5. When prompted, Type yes (no quotes) to continue. If it asks you for the password, then the connectivity for the ssh protocol is available. Type password (no quotes). (Note: when you type the password, it is hidden from view and appears as if you are not typing anything) Type exit. Type ssh 192.168.0.7 to see if you can connect to that machine. Click yes again. The password is again password. After you are done, type "exit" Page 3 of 6

Step 9. Type ifconfig. Look for the inet address under eth0 to determine your local IP address (write this down or keep the window open, you ll need it later). Step 10. Now that we have shown that the machine can connect with another machine lets trim the connectivity. On the Linux top menu, go to System > Administration > Firewall Configuration. Step 11. Click unlock, enter the password password, and then check the Enabled box. Step 12. Set both the incoming and the outgoing to deny. Step 13. Now test the connection using the http (firefox window) and ssh protocols in addition to the ping command by repeating steps 4 through 8 in the terminal window. You should get no connectivity. Type ssh 192.168.0.5 (Hint If it takes much longer than normal for a result than you have successfully denied connectivity.) Page 4 of 6

Type ping 192.168.0.5 Step 14. Now let s add a rule allowing web traffic. On the Firewall Configuration window, click the Add button. Step 15. Under the preconfigured tab select Allow, Out, Service, Http. Since this is a stateful firewall, traffic is allowed out for a service or application and traffic is allowed in. Click the Add button and then click the Close button. The Firewall status should now look like this: Step 16. Now test the connection by repeating steps 4 through 8. You should get connectivity on Firefox, but not on SSH or pinging. Step 17. Now let s connect the SSH for 192.168.0.5 address only. Most users would want web traffic from the entire internet, while SSH allows secure access between machines. We will want to limit traffic to just the essentials. Page 5 of 6

Click the Add button on the Firewall Configuration window. Under the Advanced tab select Allow, Out, Both. Then add the address, 192.168.0.5 in the To box. To indicate the protocol, type ssh in the small box next to it. You could also use the protocol s port, which in this case is 22. Click the Add button and then click the Close button. Step 18. Repeat steps 4 8. This will show that you can now connect with SSH as well as http (Firefox), but ping still will not respond. Interesting thing is that you can connect to the Webserver on 192.168.0.7 but you can t SSH to it. Go to Firefox and type 192.168.0.7 in the address screen. You should see the same Xampp for Linux page. Report: Clearly state your results of this project. You are expected to hand in a report in the following format: A cover page (including project title) with team name and team members A table of contents with page numbers Use double spaced type for convenient grading Number pages. Font size 12, single column Save the Microsoft Word document with the team name in the title. Upload the document into the appropriate ANGEL dropbox. The report should have the following sections. Each section should cover all the topics described below. Take screenshots if it is necessary. You may want to include more than what is specified. Section 1 Complete the following: 1. Include screen shots of the following steps in Task 1: Steps 4, 6, 7, 8, 9, 13, 16, and 18 though with steps 4 8 and for each repetition of steps 4 8 you only need one screenshot showing all of the text from your terminal screen and your Firefox attempts. 2. Why do you want to limit access to your system? 3. Explain what a port is and how it relates to a protocol or service/application. 4. What does SSH allow you to do? 5. Explain why pinging to 192.168.0.5 appears to result in no connectivity between the address and your machine, but you are able to SSH into that address. 6. What settings would you use to deny HTTP traffic to 192.168.0.7, but allow the use of SSH from your address to that address? 7. Give a realistic scenario in which you would want to restrict HTTP, SSH, or a similar protocol to or from a machine. How would you configure the firewall to achieve those restrictions? Grading Rubric This project has a number of specific requirements. The requirement for each section is documented in the above project instruction Report. Whether you receive credit depends on the following situations: You will get full credit on one item, if it is correctly reported as required and well written. You will get half credit on one item, if it is reported as required but there is something Page 6 of 6

definitely wrong. You will not get any credit for one item, if it is not reported. Scoring: Section I: 7 items (100%): Items 1 6 are worth 14% each. Item 7 is worth 16% Note Be sure to include your name and email address in the report. The report should be turned in before class on the specified due date. Late submissions will be issued a grade deduction especially if permission is not obtained from the instructor. The instructor reserves the right to grant or reject extra time for report completion. Interesting links: How to protect your Ubuntu PC from intruders http://www.youtube.com/watch?v=8lwxk5iln_i&feature=related GUFW Community Documentation https://help.ubuntu.com/community/gufw GUFW Create Firewall Configurations Easily with GUFW on Ubuntu. http://www.linux.com/learn/tutorials/429427:create firewall configurations easily with gufw onubuntu UFW Uncomplicated Firewall This is the command line version that GUFW was based on. https://help.ubuntu.com/community/ufw Page 7 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information