CIS 4361: Applied Security Lab 4



Similar documents
Applied Security Lab 2: Personal Firewall

Lab Configuring Access Policies and DMZ Settings

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Configuring Network Load Balancing with Cerberus FTP Server

Pre-lab and In-class Laboratory Exercise 10 (L10)

FortKnox Personal Firewall

How to set up popular firewalls to work with Web CEO

Step-by-Step Configuration

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Using Protection Engine for Cloud Services for URL Filtering, Malware Protection and Proxy Integration Hands-On Lab

CNW Re-Tooling Exercises

Service Managed Gateway TM. How to Configure a Firewall

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

SecuraLive ULTIMATE SECURITY

Lab Configuring Access Policies and DMZ Settings

Instructions for Connecting to PACS outside of a Regional Facility

Windows Server 2008 R2 Initial Configuration Tasks

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

Troubleshooting Guide

Lab - Configure a Windows 7 Firewall

Connection and Printer Setup Guide

Reference and Troubleshooting: FTP, IIS, and Firewall Information

IIS, FTP Server and Windows

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Lab SBS14.FARM_Hyper-V - Using SharePoint with Outlook and Lync

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

client configuration guide. Business

Outlook Express POP Instructions - Bloomsburg University Students

Security threats and network. Software firewall. Hardware firewall. Firewalls

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

Supervisor 10 Remote Access Users Guide Last Update: 10/27/14

RSA SecurID Ready Implementation Guide

ILTA HANDS ON Securing Windows 7

Important Notes for WinConnect Server VS Software Installation:

Installation Guide For Choic Enterprise Edition

Quick Installation Guide Network Management Card

Windows Live Mail Setup Guide

escan SBS 2008 Installation Guide

Setting Up and Configuring programs to Work with NetOp

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

Firewalls and Software Updates

TE100-P21/TEW-P21G Windows 7 Installation Instruction

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Step-by-Step Configuration

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

CONNECT-TO-CHOP USER GUIDE

enicq 5 System Administrator s Guide

Installing and Configuring vcloud Connector

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

FileMaker Server 15. Getting Started Guide

Advanced Event Viewer Manual

Lab - Configure a Windows Vista Firewall

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Configuring Outlook Express

How to Program a Commander or Scout to Connect to Pilot Software

Configuring the WT-4 for ftp (Ad-hoc Mode)

enervista UR Setup Software Quick Connect Instructions:

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

Network Scanner Tool R3.1. User s Guide Version

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Important Notes for WinConnect Server ES Software Installation:

SmartSync Monitor Help

Remote Access for Cisco Unity 8.x

Immotec Systems, Inc. SQL Server 2005 Installation Document

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Installation of MicroSoft Active Directory

FTP, IIS, and Firewall Reference and Troubleshooting

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

Install and Configure Oracle Outlook Connector

The PostBase Connectivity Wizard

Contents. VPN Instructions. VPN Instructions... 1

Lab - Configure a Windows XP Firewall

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Best Practice Configurations for OfficeScan (OSCE) 10.6

Print Audit 6 - SQL Server 2005 Express Edition

Pearl Echo Installation Checklist

Installation and Troubleshooting Guide for SSL-VPN CONNECTIONS Access

MFC8890DW Vista Network Connection Repair Instructions

Docufide Client Installation Guide for Windows

Follow these steps to configure Outlook Express to access your Staffmail account:

Getting Started with Vision 6

Installation and Connection Guide to the simulation environment GLOBAL VISION

Multi-Homing Dual WAN Firewall Router

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Reporting works by connecting reporting tools directly to the database and retrieving stored information from the database.

Sophos for Microsoft SharePoint startup guide

Installing FileMaker Pro 11 in Windows

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Easy Setup Guide for the Sony Network Camera

Transcription:

CIS 4361: Applied Security Lab 4 Network Security Tools and Technology: Host-based Firewall/IDS using ZoneAlarm Instructions: The Lab 4 Write-up (template for answering lab questions -.doc) can be found on the course website under the Assignment s section. Save Lab 4 write-up results using following format: Team#_Lab4.doc where the # is the number of your team Lab Write-up s must be uploaded to Blackboard in the Assignment s folder where the laboratory assignment description is located. ALL resources used to complete this assignment must be referenced and sited, this includes, books, articles, websites, etc.) Lab submissions must be typed using the Lab 4 Write-up template! Only submit ONE Lab Write-up per team Goal: In this lab you will learn how to: Use a host-based firewall/ids to detect system-level attacks. Background: A simple definition of firewall is a method and/or software or hardware that regulates the level of trust between two networks using hardware, software, or both in combination. Normally, one of these networks is a trusted network such as a corporate LAN, while the other is considered to be untrusted, such as the Internet. There are four primary categories that firewalls fall into: Packet filtering A packet-filtering firewall examines the header of each packet and decides whether to let the packet continue or not based upon a defined set of rules such as source/destination IP address, source/destination port, protocol involved, and so on. Stateful packet inspection A stateful packet firewall takes packet filtering up a notch. SPI firewalls keep a running log of the actions particular packets bring about, where they go, and so on. This allows the current status quo to be monitored for adnormalities, whether it involves a sequence of events or possibly Application-layer data that performs some forbidden action. Application-level proxies A application-level proxy actually serves as a buffer of sorts between incoming data and the system it is trying to acess. These firewalls run a portion of the Application-layer code that is coming in and determine whether its behavior is acceptable before letting it pass. However, this type of firewall does incorporate some additional overhead. Circuit-level proxies A circuit-level proxy performs most of the functions of SPI firewalls and application-level proxies, making them the most versatile of the firewall technologies being created today. Two types of firewalls are often employed on a network network-based or host-based. Networkbased firewalls are the most common, sitting between two entire networks and monitoring the incoming and outgoing traffic. A host-based firewall, on the other hand, views the host (e.g., your desktop computer or an individual server) as one network and the LAN as the other. Host-based firewalls are also commonly referred to as personal firewalls. Procedure:

This lab will walk through some common configuration and attack detection and blocking with the trial version of ZoneAlarm. 1. Click to install the executable file entitled: zapsetup_50_590_015.exe. When the initial installation windows open, click Next. 2. You are presented with the User Information window. 3. Enter the required information in the text boxes on the form, and then make sure that the check boxes at the bottom of the page are unchecked. Click Next to proceed. You see the software s License Agreement. Check the check box at the bottom of the page, and then click Install. 4. The installation runs, and you are presented with a User survey window. Fill in the necessary information, and then click Finish. A dialog box asks if you would like to start ZoneAlarm. Click Yes. 5. The first dialog box asks which version you want. For this lab, you are installing and running the 15-day trial of ZoneAlarm Pro, so click the link you see under Option 2. The Configuration Wizard opens. Click Next. 6. You will be asked whether you wish to anonymously share your setting. 7. Click the No, thanks option, and then click Next. 8. Next, you need to configure the Program AlertAdvisor. To do this, click the Manual button, and click Next. The Privacy Control dialog box appears offering various options controlling pop-ups and other cookies. For this lab, leave both the Privacy Control and Cache Cleaner check boxes blank, and click Next. 9. The final setup page appears. Click Done. 10. When the install is finished, click Ok to restart your computer. When your machine starts up, you may be prompted for a license key, in which case leave the license key blank and accept the trial version. You are prompted to go through a tutorial, and it is recommended that you take the time to do so. ZoneAlarm then detects your network settings. 11. After reviewing the detected settings, click Next, and you are asked whether you trust the network the ZoneAlarm has detected. For this lab, select the second option you DO NOT trust the network. 12. You are now prompted to give this network a name. Enter LAB_3 in the field, click Next. You will see the summary screen. Click Finish. 13. Click Finish to complete the setup. Now the ZoneAlarm overview console appears.

**From time to time, ZoneAlarm alerts you that some sort of program or service is trying to access resources on your system. An example is shown in Figure 1.** Figure 1: ZoneAlarm Alert Window ZoneAlarm typically has recommended settings for the common ports and services active on networks. For this lab, accept the recommendations for any of these that appear while you are going through the lab, and each time, be sure to check the Remember this setting option. 14. Click the Firewall tab on the left side. There are three tabs along top of the screen labeled Main, Zones, and Expert. Click the Main tab if necessary, and you see two slider controls that define the level of security for both Trusted and Internet Zones. Based on the default settings, the Internet Zone is set to High, and the Trusted Zone is set to Medium. You can define custom settings by clicking the Custom buttons. Click Custom next to the Internet Zone setting. You should see a dialog box like that in Figure 2. Figure 2: Custom Firewall Settings for the Internet Zone A.) What filtering rules are currently selected for High security settings for Internet Zone? B.) What filtering rules are currently selected for Medium security settings for Internet Zone?

15. Do not change any of these settings for this lab. Click Cancel. Now, click the middle tab, Zones. Here you can see the lab network you have defined as an Untrusted network (which ZoneAlarm defines as the Internet zone). 16. Click the Program Control tab on the left side. This is where you can define the level of access and permission that system services and applications have. Click the Programs tab in the middle along the top ZoneAlarm, as shown in Figure 3. Figure 3: ZoneAlarm Program Console 17. You can also add programs manually. Add a program manually by clicking the Add Button. 18. Manually Add Microsoft Office Word, if not listed. Hint: File located in the Office11 folder. Program entitled WINWORD. Once you have manually added Microsoft Office Word, highlight the MICROSOFT WORD program listed, and click the Options button in the lower-right corner of the screen. You see a dialog box like the one shown in Figure 4. Figure 4: Program Options Screen

C.) Is the program you selected allowed to access the Internet? D.) Is this program automatically set up with e-mail protection? Are its components authenticated? 19. When you are finished looking at the program options, click Cancel and then click the Components tab. You are shown the individual operating system and application components detected by ZoneAlarm. Typically, when an application tries to perform an action, ZoneAlarm verifies that the component is doing something within its normal scope of operation. 20. Click the button labeled Alerts & Logs along the left side of the window. 21. Set Alert Events Shown to High, make sure Event Logging is Turned On, and then set Program Logging to High. Click the Advanced button. You will see the screen shown in Figure 5, allowing you to make many granular changes to the types of alerts and logs that are managed by ZoneAlarm, as well as define the normal rotation of logs and how they are displayed in the System Tray (optional). E.) What Events are configured to generate an alert and/or are logged due to blocked traffic? 22. To perform a simple test of ZoneAlarm s filtering capabilities, open a command prompt by clicking Start, and Run, and then type cmd. Press Enter. F.) What is the command that you should type at the command prompt to find your IP address? 23. Type the following command that follows using your own system IP address. ping <Your IP address>

**ZoneAlarm detects a new program (ping) trying to access system resources, and alerts you.** 24. Make sure that the Remember this setting check box is unchecked, then click Allow. 25. Repeat the ping command at the command prompt. You are presented with a Repeat Program alert much like the one you just saw. This time, click Deny. G.) What do you see in your command window? 26. This was a straightforward example used to illustrate the basic principles of the program. In reality, the network environment is usually more chaotic. For example, had an NMAP port scan or LANGuard port scanner been running against your system, many alerts would have been generated. ZoneAlarm has a vast number of configuration options that can be set; you can block Web content, e-mail attachment types, viruses, and so on. To get an idea of the level of granularity that can be achieved with ZoneAlarm, click the Firewall tab on the menu along the left side of the console. Select the Expert tab, and then click Add. The Add Rule dialog box opens as shown in Figure 5. Here you can either allow or deny access to specific source address(es), destination address(es), and protocols. You can even designate the time for access or denial to be enacted. Figure 5: ZoneAlarm Custom Rule configuration H.) In what ways does ZoneAlarm perform as an intrusion detection system? I.) In what ways is it more like a firewall?

BONUS (+5): Add a simple rule that will block email (transfer protocol type) from the following Blackholed IP address: 111.157.89.1. J.) What are the values that you defined in your Add Rule dialog box? Rank: Name: Comments: State: Action: Track: Source: Destination: Protocol: Time:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information