CompTIA Security +

Security Portfolio Practical

Table of Contents

Aim and Objectives…………………………………………………………………………………………………………………………3

Task 1 Active Directory, DNS and Print Services………………………………………………………………………………….4

Task 2 Exchange Server………………………………………………………………………………………………………………….32

Task 3 Barracuda Spam Filter………………………………………………………………………………………………………….39

Task 4 Microsoft Office Outlook……………………………………………………………………………………………………..44

Task 5 Site-to-site VPN…………………………………………………………………………………………………………………..55

Task 6 Radius Server AAA……………………………………………………………………………………………………………….60

Task 7 TACACS + Server AAA…………………………………………………………………………………………………………..64

Task 8 Vulnerability Assessment……………………………………………………………………………………………………..66

Task 9 NVD – National Vulnerability Database……………………………………………………………………………………71

Task 10 CISCO Intrusion Prevention Configuration……………………………………………………………………………73

Task 11 CISCO Context Based Access Firewall…………………………………………………………………………………..77

Task 12 CISCO Zone Based firewall………………………………………………………………………………………………….80

Task 13 Fortinet Unified Threat Management………………………………………………………………………………….84

Task 14 Cyberoam Unified Threat management……………………………………………………………………………….87

Recommendation……………………………………………………………………………………………………………………………………92

REFERENCES …………………………………………………………………………………………………………………………………………..93

 

Aim

 

The aim of this assessment is to discuss the methods on securing hardware and software in an environment.

Objectives:

 

• To explain how to install and configure windows network
• To discuss the firewall installation and IDS correctly
• To deliberate the use of mail server
• To enable remote access
• To outline the five vulnerabilities found in computer
• To demonstrate blocked vulnerabilities
• To make a demonstration of VPN

Task 1 Active Directory, DNS and Print Server

Active Directory is designed by Microsoft for directory services and is part of Windows 2000 architecture. It is a standard system for network management for user’s data, security and resources. It has a minimum system requirement which is 1.4GHz, 512MB RAM, 64GB disk space and an ethernet adapter. [1] Rouse. (2016).

Steps on how to setup an Active Directory:

1.  Open the Server Manager from the windows start button.

Figure 1.1 Dashboard of Server Manager

2. In the deployment configuration select the “Add a domain controller”

Figure 1.2 Deployment Configuration – Adding a domain

3. In the deployment configuration select the “Add new Forest”

Figure 1.3 Deployment Configuration – Adding a new Forest

4. In the Root domain name below the domain information type the desired root domain name.

Figure 1.4 Specifying the Root domain name

5. In the domain controller option type the desired password and confirm your password.

Figure 1.5 Domain Controller dialog box

6. Additional option for adding the NetBIOS domain name

Figure 1.6 Adding NetBIOS domain name

7. Selection of paths where to put the AD DS database log files

Figure 1.7 Location of the AD DS database log files

8. Reviewing the options for the selected active directory domain services

Figure 1.8 Review selection

9. Checking the installation guide before installing all desired settings

Figure 1.9 Prerequisites check

10. Once installed, verify the username and password.

Figure 1.10 Windows Server Login page

11. In the network and sharing centre, go to change adapter settings then go to properties.

Figure 1.11 Ethernet properties

12. Once the properties are clicked, enter the desired IP address, subnet mask and default gateway.

Figure 1.12 Internet protocol TCP and IPv4 properties

13. Domain controller has been set together with the IP addresses.

Figure 1.13 Network and Sharing Center

14. Editing the Computer Name/Domain and joining in the domain

Figure 1.14 Domain name changes

15. In the Server Manager, choose the Active Directory and Users

Figure 1.15 Server Manager GUI

16. In the Active directory users and computers, you can find all the list information about the domain.

Figure 1.16 Active directory users and computers

17. In the Active directory users and computers, add New Object then type the desired name.

Figure 1.17 New Object Dialog box

18. As you could see the ITD was added to the Active Directory Users

Figure 1.18

19. Filling up the New Object to be created in the ITD domain

Figure 1.19a New Object fill-up dialog box

Figure 1.19b New Object was created successfully

20. Creating the group name for the new object

Figure 1.20 New Object – Group

21. Manager was successfully added to the ITD domain

Figure 1.21 Active Directory – Bryan David and Manager

Print Server

1. Download a copy of the HP printer installer from the official HP website.

Figure 1.1.1 HP website

2. From the HP website, download the installer of the selected printer.

Figure 1.1.2HP installer

3. This will be the .exe file of the HP printer installer

Figure 1.1.3 HPePrintAPPx64bit

4. In the server manager, select the add role and features.

Figure 1.1.4Server Manager dashboard

5. Adding roles and features wizard for the HP printer

Figure 1.1.5Roles and features wizard

6. Select the role-based or feature-based installation for the print server.

Figure 1.1.6Installation type for HP printer server

7. In the server selection, select a server from the server pool.

Figure 1.1.7 Server Selection

8. Add the print and document services as the feature for the HP printer.

Figure 1.1.8 Add roles and feature wizard

9. In the print and document services, click next.

Figure 1.1.9 Print and document services

10.  Tick the Print server, scan server and internet printing for the role of HP print services.

Figure 1.1.10 role services for the HP printer

11. In the Web server role(IIS), click next.

Figure 1.1.11 Web server role (IIS)

12. Select all role services for the Print server desired.

Figure 1.1.12 Web server for role service

13. For the confirmation of the roles and features, review all selected and desired roles to be added.

Figure 1.1.13 Confirmation of roles and features

14. The result for the roles and features together with the installation of all roles added.

Figure 1.1.14 Result dialog box for the roles and features

15. In the server manager, select the print management.

Figure 1.1.15Print management dropdown list

16. In the print management, select filters, All printers.

Figure 1.1.16 Print management

17. In the all printers’ dropdown list, select the desired printer.

Figure 1.1.17 All printers

18. Click the downloaded printer installer from the files downloaded.

Figure 1.1.18 Printer installer

19. The HP ePrint installer, click install.

Figure 1.1.19installer for the HP printer

20. The HP printer installer will install automatically.

Figure 1.1.20 HP printer installer

21. The HP printer installation is successful

Figure 1.1.21 Printer installation

22. Go back to the print management to select the desired printer.

Figure 1.1.22Print management

23. The HP printer will appear in the print management.

Figure 1.1.23 HP printer in the print management

24. In the deploy with group policy, browse the group policy object name.

Figure 1.1.24 Deploy with GP

25. In the browse for GPO, select the desired domain name.

Figure 1.1.25 Browse GPO

26. Select the Printer Group Policy with the domain ‘bryan.com’

Figure 1.1.26 Browse GPO

27. In the deploy with GP, add the bry GPO.

Figure 1.1.27 deploy with GP

28. Printer deployment is successful

Figure 1.1.28 Print management dialog box

29.  Verification for the successful printer deployment

Figure 1.1.29 deployment successful dialog box

30. HP eprint is successfully configured.

Figure 1.1.30 print management dialog box

31. In the HP printer, right click then click the properties.

Figure 1.1.31 properties of the HP printer

32. In the properties, select the security tab.

Figure 1.1.32 security tab for the HP printer properties

33. In the security tab of the HP printer, select the administrator then tick the allow button for the print, manage the printer and manage documents.

Figure 1.1.33 permission for administrator

Task 2 Exchange Server

Exchange server is a Microsoft product for messaging system that includes mail server, email client and groupware application. It is mainly design for companies for the employees to share information easily via taking advantage of Outlook server such that the company’s calendar and contact lists are always in sync. Minimum requirement for the exchange server is as follows: 64-Bit processor, 512GB RAM, 64GB disk space and an ethernet adapter. [2] Microsoft. (2017).

Setup Procedure:

1. Install Windows Server.
2. Insert the DVD installer for MS Exchange and use command prompt and enter the following commands:

d:, dir, cd exch…

Figure 2.1 CMD installation of exchange server

3. Inside the drive D (installer disk) type in the following commands:

setup /prepareschema

setup /prepareAD /OrganizationName:Avonmore

setup /PrepareAllDomains

4. Open PowerShell and type in the command below:

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy –Restart

Set-Service NetTcpPortSharing –StartupType Automatic

5. Install the office filter pack found inside the cd installer.
6. Install exchange server 2010

Figure 2.2 Installation of exchange server

7. In the Exchange server 2010 setup, click next.

Figure 2.3 Introduction

8. In the installation type, select the typical exchange server installation.

Figure 2.4 Installation type

9. In the exchange organization, type your desired name.

Figure 2.5 Exchange Organization

10. In the client setting select’No’.

Figure 2.6 Client Setting

11. Type your desired name for your client access.

Figure 2.7 Configure Client Access Server external domain

12. Select the “I don’t wish to join the program at this time”

Figure 2.8 Customer Experience Improvement Program

13.  In the readiness checks, review all the selected mode before installation.

Figure 2.9 Readiness Checks

14. Upon completion, click finish.

Figure 2.10 Completion

Configuring Mailbox Roles

In this setup, we are going to configure the Exchange server to perform multiple in order for our users to send and receive emails. We need to include the following: (1) Hub transport – responsible for routing messages (2) Client Access – offers all available protocol access to mailboxes (3) Mailbox – this contains the mailboxes and public folders. We need these three roles for the Exchange Management Console to make the necessary changes.

1. Open Exchange Management Console and choose Organization Configuration on the left pane. Select your server and click New Mailbox Database on the right.

Figure 2.11 Exchange Management Console

2. Follow the onscreen instruction on setting the location for the database and click on Finish once done.

Figure 2.12 New Mailbox Database

Sending and receiving emails via web browser:

1. To access the web mail, we simply go type in the URL of the server and add /owa on the address.

Figure 2.13 Outlook Web App

2. Upon successful login the user will be presented by an Outlook Web App and he can then start sending and receiving emails.

Figure 2.14 Email Test

Task 3 Barracuda Spam Filter

Barracuda Spam Filter is an integrated software and hardware solution to protect the email server from virus, spam, spoofing and spyware attacks.  [3] Barracuda. (2017).

These are the steps for the users on how to setup:

1. Login to Barracuda Spam Filter as administrator and add the IP configuration, DNS, and domain name of the email server admincore.com

Figure 3.1 Basic Set up for Email Security

Figure 3.2 Email server Setup

Figure 3.3 Virus and Spam protection

2. Setup the quarantine procedure for emails that contain spam and viruses.

Figure 3.4 All inbound setting for email protection

3. Updates allows the spam filter system to determine incomming spam threats

Figure 3.5 Updates for barracuda Part 1

Figure 3.6 Updates for barracuda Part 2

4. The Domain tab will allow to add allow or block domain.

Figure 3.7 Domain manager

5. Spam Scoring Limit will limit the block, quarantined and tag mails.

Figure 3.8 Inbound and outbound Spam scoring limits

6. The Rate Control will allow the administrators to set connections per IP address allowed.

Figure 3.9 Rate Control

7. Sender Filters will filter all mails incoming to the mail server.

Figure 3.10 Incoming email filters

Task 4 Microsoft Office Outlook

Microsoft Office Outlook is an information manager for Microsoft. It includes email application, calendar, contacts list, notepad, journal and also web browsing. It can be used with exchange server, SharePoint server or a stand-alone program. It is commonly used as the email server for all companies worldwide as it is easy to use and has a lot of function. [4] Rouse. (2012).

Steps on how to manage MS Outlook:

1. In the start button of the windows server select the Microsoft Outlook 2010.

Figure 4.1 Microsoft Outlook 2010

2. In the control panel, look for the Mail setup – Outlook

Figure 4.2 Mail Setup – Outlook

3. Selectin the account settings for the email

Figure 4.3 Account settings for Outlook

4. Then add new account, select manually configure server settings.

Figure 4.4 Add new Account dialog box

5. Select the Internet E-mail in the add new account settings.

Figure 4.5 Add new Account dialog box

6. Type the desired user information, server information and logon information, the click next.

Figure 4.6 User, server and logon information for the New account

7. Type this URL ‘https://help.yahoo.com/kb/SLN4724.html”This information is important to setup the email for the outlook

Figure 4.7 Yahoo mail POP setting

8. After setting up the new account. Click next.

Figure 4.8 Add new account information

9. Type your desired email address in the internet E-mail settings

Figure 4.9 internet E-mail settings

10. In the outgoing server, select the “same settings as my incoming mail server”.

Figure 4.10 Internet e-mail setting for the outgoing server

11. Go to the advanced setting then copy the information from the POP yahoo mail setting.

Figure 4.11 Advanced setting for the e-mail

12. Be sure to test the account settings to verify the email services.

Figure 4.12 test account settings

13. As you could see all the emails are in the e-mail list accounts.

Figure 4.13 email settings

14. In the data files, we could see the location of the email.

Figure 4.14 data files of the email

15. Official dashboard for the outlook which contains all email in one program.

Figure 4.15 Microsoft Outlook

16. Click in the New email to test the email server/

Figure 4.16 pop up window for the email

17. Email setup for the [email protected] which includes all information.

Figure 4.17 Microsoft outlook

18. Testing client to client email

Figure 4.18 email test

19. The test is currently progressing since the email will be sent to the client.

Figure 4.19 MS outlook dashboard

20. Microsoft outlook test message in the Yahoo mail website.

4.20 Yahoo mail

21. Test email for the client to client email server

Figure 4.21 client to client email server

Task 5 Site-to-site VPN

Using VPN for the router in CISCO network provides more secured connection of transmitting data over public network. It can reduce the overpriced costs of leased lines. For the site-to-site VPNs it will provide a tunnel using IPsec between two branches of offices. Another use of site to site VPN is the remote access for the client and server for small offices.

Site to site VPN topology

 

Device	Interface	IP Address	Subnet Mask	Default Gateway	Switch Port
R1	FA 0/1	192.168.1.1	255.255.255.0	N/A	SW1 FA0/1
	S0/0/0 (DCE)	10.1.1.1	255.255.255.252	N/A	N/A
R2	S0/0/0	10.1.1.2	255.255.255.252	N/A	N/A
	S0/0/1 (DCE)	10.2.2.2	255.255.255.252	N/A	N/A
R3	FA0/0	192.168.3.1	255.255.255.0	N/A	SW2 FA0/1
	S0/0/1	10.2.2.1	255.255.255.252	N/A	N/A
PC-A	NIC	192.168.1.3	255.255.255.0	192.168.1.1	SW1 FA0/2
PC-B	NIC	192.168.3.3	255.255.255.0	192.168.3.1	SW2 FA0/2

Router 1 Configuration

hostname R1

!

cryptoisakmp policy 10

encraes 256

authentication pre-share

group 5

lifetime 3600

!

cryptoisakmp key cisco123 address 10.2.2.1

!

cryptoipsec security-association lifetime seconds 1800

!

cryptoipsec transform-set 50 esp-aes 256 esp-sha-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.2.2.1

setpfs group5

set security-association lifetime seconds 900

set transform-set 50

match address 101

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.252

clock rate 64000

crypto map CMAP

!

routereigrp 100

network 192.168.1.0

network 10.1.1.0 0.0.0.3

no auto-summary

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

login

!

linevty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

login

!

end

Router 2

hostname R2

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

!

interface Serial0/0/1

ip address 10.2.2.2 255.255.255.252

clock rate 64000

!

routereigrp 100

network 10.1.1.0 0.0.0.3

network 10.2.2.0 0.0.0.3

no auto-summary

!

end

Router 3

hostname R3

!

cryptoisakmp policy 10

encraes 256

authentication pre-share

group 5

lifetime 3600

!

cryptoisakmp key cisco123 address 10.1.1.1

!

cryptoipsec security-association lifetime seconds 1800

!

cryptoipsec transform-set 50 esp-aes 256 esp-sha-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.1.1

setpfs group5

set security-association lifetime seconds 900

set transform-set 50

match address 101

!

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/1

ip address 10.2.2.1 255.255.255.252

crypto map CMAP

!

routereigrp 100

network 10.2.2.0 0.0.0.3

network 192.168.3.0

no auto-summary

!

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

login

!

linevty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

login

!

End

Check:

Router 1

 

As you could see in the CLI of the R1 all the connection of the inbound and outbound is ACTIVE

Router 3

As you could see in the CLI of the R3 all the connection of the inbound and outbound is ACTIVE

Task 6 Radius Server AAA

 

For basic authentication, AAA or the Authentication, authorization and accounting can be configured to access the local database for client logins. It will be difficult since it must be configured in every router. To take full advantage of the AAA, radius server AAA will be used. When the client attempts to login in the router, the router will show the router references to the external server database for verification that the client is using a valid username and password.

Topology for the radius Server AAA

 

Device	Interface	IP Address	Subnet Mask	Default Gateway	Switch Port
R1	FA0/1	192.168.1.1	255.255.255.0	N/A	S1 FA0/5
	S0/0/0 (DCE)	10.1.1.1	255.255.255.252	N/A	N/A
R2	S0/0/0	10.1.1.2	255.255.255.252	N/A	N/A
	S0/0/1 (DCE)	10.2.2.2	255.255.255.252	N/A	N/A
R3	FA0/1	192.168.3.1	255.255.255.0	N/A	S3 FA0/5
	S0/0/1	10.2.2.1	255.255.255.252	N/A	N/A
PC-A	NIC	192.168.1.3	255.255.255.0	192.168.1.1	S1 FA0/6
PC-C	NIC	192.168.3.3	255.255.255.0	192.168.3.1	S3 FA0/18

 

For the Radius server AAA, you can simply configure the users and keys from host that will use for authentication.

Router Configuration

 

Router 1

hostname R1

!

enable secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

aaa new-model

!

aaa authentication login default group radius none

!

no ip cef

no ipv6 cef

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.252

clock rate 64000

!

router eigrp 100

network 192.168.1.0

network 10.1.1.0 0.0.0.3

no auto-summary

!

ip classless

!

ip flow-export version 9

!

radius-server host 192.168.1.3 auth-port 1645 key ciscoaaapass

!

line con 0

exec-timeout 5 0

password 7 0822455D0A165445415F59

logging synchronous

!

line vty 0 4

exec-timeout 5 0

password 7 0822455D0A165445415F59

!

end

 

Verification

 

 

 

In the running configuration, the router will connect to the radius server for verification in the login console oof the router.

 

 

 

 

Using telnet, the client computer could connect to the router using RADIUS authentication.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Task 7 TACACS + Server AAA

TACACS or the Terminal Access Controller Access-Control System Plus is a protocol from CISCO systems and was released I 1993. TACACS+ don’t implements transmission control. Compared to the Radius, which encrypts only the user’s password as it travels from one client to another client. All other information in Radius will be able to see so it is vulnerable compared to TACACS+. In TACACS+, it encrypts all information including all other information traveling in the network.

Topology for the TACACS+ server AAA

 

TACACS+ configuration

 

hostname R2

!

enable secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

Username bryan secret 5 $1$mERr$WvpW0n5HghRrqnrwXCUUl.

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

!

interface Serial0/0/1

ip address 10.2.2.2 255.255.255.252

clock rate 64000

!

router eigrp 100

network 10.1.1.0 0.0.0.3

network 10.2.2.0 0.0.0.3

no auto-summary

!

tacacs-server host 192.168.1.3 key tacacspass

!

login local

!

line aux 0

!

line vty 0 4

!

end

Verification:

This router will use TACACS+ on server 192.168.1.3 and the information inputed on the username and password will be verified.

Task 8 Vulnerability Assessment using GFI Languard

GFI Languard is used for scanning network security and patching management solution. It provides a complete platform of your network setup, risk analysis and maintains a secure and compliant network. This process includes scanning the network to discover all your devices connected in the network including mobile devices and search for security issues. All devices can be managed either by performing remotely with agent or none. For a remote agentless scan, specify first your target devices scanning profile that indicates what to look for, enter proper authorizations. [5] GFI. (n.d.).

Steps on how to setup and use GFI Languard:

1.       Alerting Options of GFI Languard can be found by logging to the console.

Figure 8.1 Alerting option configuration

2. Setup an email address where the alert will be coming from and also specify a recipient.

Figure 8.2 General setup for email addresses

3. Next is the vulnerability assessment settings. It will provide an option which profile will be scanned and activate high security vulnerabilities.

Figure 8.3 Profile options for vulnerability assessment

4. The profiles selected can be edited so that administrators can add and remove different items that would be included or excluded on the scan.

Figure 8.4 Vulnerabilities profiles

5. Network and software auditing for the administrator based on the profile chosen.

Figure 8.5 Each profile can be further customized to best fit the requirement of the organization.

Figure 8.6 Scanning options for network and software audit

6. Scheduling a scan for GFI Languard makes vulnerability scanning an easy for administrators. It offers a Scheduled Scan option to perform scan at specific date and time.

Figure 8.7 Performing scheduled scan

Figure 8.8 Type of scan desired

Figure 8.9 specific day and time to avoid affecting user’s productivity

Figure 8.10 Successful scheduled scan

Task 9 NVD – National Vulnerability Database

NVD is the U.S. government source of standards from NIST – National Institute of Standards and Technology based on vulnerability management data characterized using the Security Content Automation Protocol (SCAP). The data from NVD enables automation of security administration, vulnerability dimension, and acquiescence. NVD includes database of checklists in security and software flaws, malfunctions, merchandise names, and impact metrics. [6] NVD. (2017, October).

Here are 5 vulnerabilities that are listed on the website:

1.       CVE-2017-16543 Detail

• It is for Zoho ManageEngine Applications Manager 13 that permits SQL injection via GraphicalView.do using crafted viewProps yCanvas field.

Source:	MITRE	Last Modified:	11/05/2017
	US-CERT/NIST	Original release date:	11/05/2017

2. CVE-2017-16545 Detail

• It is the ReadWPGImage purpose in coders/wpg.c in GraphicsMagick 1.3.26 malfunction to validate colormapped images and allows remote attackers to have a DoS or probably have unnamed other causes via malformed image.

Source:	MITRE	Last Modified:	11/05/2017
	US-CERT/NIST	Original release date:	11/05/2017

3. CVE-2017-16546 Detail

• It is the ReadWPGImage purpose in coders/wpg.c in ImageMagick 7.0.7-9 malfuntion to validate the colormap index in a WPG palette and allows remote attackers to cause DoS or probably have unnamed other causes via malformed file.

Source:	MITRE	Last Modified:	11/05/2017
	US-CERT/NIST	Original release date:	11/05/2017

4. CVE-2017-16547 Detail

• It is the DrawImage purpose in magick/render.c in GraphicsMagick 1.3.26 malfuntion to look for popup keywords that are liked with push keywords and allows remote attackers to cause a DoS or perhaps have unnamed causes via a crafted file.

Source:	MITRE	Last Modified:	11/06/2017
	US-CERT/NIST	Original release date:	11/06/2017

5. CVE-2017-16548 Detail

• It is a receive_xattr function in xattrs.c for rsync 3.1.2 and 3.1.3-development that didn’t verify a trailing with ‘’ character in an xattr code and allows remote attackers to cause DoS attack or perhaps have unspecified other causes by sending constructed data to the daemon server.

Source:	MITRE	Last Modified:	11/06/2017
	US-CERT/NIST	Original release date:	11/06/2017

Task 10 CISCO Intrusion Prevention Configuration

The CISCO Intrusion Prevention System or the IPS are used to alert attack patterns when security breach occurs. IPS together with the router with a secured internet firewall, it can be powerful defence mechanism for the network.

Topology for CISCO Intrusion Prevention Configuration

Device	Interface	IP Address	Subnet Mask	Default Gateway
R1	Fa0/1	192.168.1.1	255.255.255.0	N/A
	S0/0/0	10.1.1.1	255.255.255.252	N/A
R2	S0/0/0	10.1.1.2	255.255.255.252	N/A
	S0/0/1	10.2.2.2	255.255.255.252	N/A
R3	Fa0/1	192.168.3.1	255.255.255.0	N/A
	S0/0/1	10.2.2.1	255.255.255.252	N/A
PC-A	NIC	192.168.1.3	255.255.255.0	192.168.1.1
PC-C	NIC	192.168.3.3	255.255.255.0	192.168.3.1

Router 1 Configuration

hostname R1

!

enable secret 5 $1$mERr$oM/JyxYqfgpr/DlQ0ZM/h.

!

no ip cef

no ipv6 cef

!

no ip domain-lookup

!

spanning-tree mode pvst

!

ip ips config location flash:ipsdir retries 1

ip ips name iosips

ip ips signature-category

category all

retired true

category ios_ips basic

retired false

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip ips iosips out

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.0

!

router eigrp 10

network 192.168.1.0

network 10.0.0.0

auto-summary

!

logging 192.168.1.50

line con 0

exec-timeout 0 0

password conpass

logging synchronous

login

!

line aux 0

exec-timeout 0 0

password auxpass

login

!

line vty 0 4

exec-timeout 0 0

password vtypass

login

!

End

Verify settings

1. The command show ip ips all will display an IPS configuration status summary

2. PC-C to PC-A: The pings should fail. This is because the IPS rule for event-action of an echo request was set to “deny-packet-inline

3. PC-A to PC-C: The ping should be successful. This is because the IPS rule does not cover echo reply. When PC-A pings PC-C, PC-C responds with an echo reply

Task 11 CISCO Context Based Access Firewall

The CISCO Context-Based Access Control or the CBAC is used to make a CISCO IOS firewall. In this task, we will create a basic CBAC configuration on the 3^rd router in which it will provide access to the server outside of the network. After it is configured, verification of the firewall from internal and external hosts.

Topology for CISCO Context Based Access Firewall

Device	Interface	IP Address	Subnet Mask	Default Gateway
R1	Fa0/1	192.168.1.1	255.255.255.0	N/A
	S0/0/0	10.1.1.1	255.255.255.252	N/A
R2	S0/0/0	10.1.1.2	255.255.255.252	N/A
	S0/0/1	10.2.2.2	255.255.255.252	N/A
R3	Fa0/1	192.168.3.1	255.255.255.0	N/A
	S0/0/1	10.2.2.1	255.255.255.252	N/A
PC-A	NIC	192.168.1.3	255.255.255.0	192.168.1.1
PC-C	NIC	192.168.3.3	255.255.255.0	192.168.3.1

Router 3 Configuration

hostname R3

!

no ip cef

no ipv6 cef

!

no ip domain-lookup

!

ip inspect name IR icmp audit-trail on timeout 3600

ip inspect name IR telnet audit-trail on timeout 3600

ip inspect name IR http audit-trail on timeout 3600

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/1

ip address 10.2.2.1 255.255.255.252

ip access-group ACL in

ip inspect IR out

!

ip classless

ip route 192.168.3.0 255.255.255.0 10.2.2.2

ip route 10.2.2.0 255.255.255.252 10.2.2.2

ip route 10.1.1.0 255.255.255.252 10.2.2.2

ip route 192.168.1.0 255.255.255.252 10.2.2.2

!

ip flow-export version 9

!

ip access-list extended ACL

deny ip any any

!

logging 192.168.1.3

line con 0

!

line aux 0

!

line vty 0 4

login

!

End

Verify Firewall Functionality

1. Open a Telnet session from PC-C to R2 and while the session is active, run: m show ip inspect sessions

2. PC-C to PC-A would allow a ping but will refuse a telnet session.

3. PC-A to PC-C would block all traffic.

4. Syslog of PC-A logs all attempts

Task 12 CISCO Zone Based firewall

The CISCO Zone-based firewall is a new configuration model of CISCO policies for multi0interface routers. It also increases the firewall protection application and has a default auto deny all policy that hinders the traffic between firewall security zones unless the user access has been granted to allow desirable traffic to a network.

Device	Interface	IP Address	Subnet Mask	Default Gateway
R1	Fa0/1	192.168.1.1	255.255.255.0	N/A
	S0/0/0	10.1.1.1	255.255.255.252	N/A
R2	S0/0/0	10.1.1.2	255.255.255.252	N/A
	S0/0/1	10.2.2.2	255.255.255.252	N/A
R3	Fa0/1	192.168.3.1	255.255.255.0	N/A
	S0/0/1	10.2.2.1	255.255.255.252	N/A
PC-A	NIC	192.168.1.3	255.255.255.0	192.168.1.1
PC-C	NIC	192.168.3.3	255.255.255.0	192.168.3.1

Router 3 Configuration

hostname R3

!

enable secret 5 $1$mERr$TfFTxE.mmb5O5BVC56ndL0

!

spanning-tree mode pvst

!

class-map type inspect match-all INclassMAP

match access-group 101

!

policy-map type inspect POLICYmap

class type inspect INclassMAP

inspect

!

zone security INzone

zone security OUTzone

zone-pair security ZONEpair source INzone destination OUTzone

service-policy type inspect POLICYmap

!

interface FastEthernet0/1

ip address 192.168.3.1 255.255.255.0

zone-member security INzone

duplex auto

speed auto

!

interface Serial0/0/1

ip address 10.2.2.1 255.255.255.252

zone-member security OUTzone

!

ip classless

ip route 10.2.2.0 255.255.255.252 10.2.2.2

ip route 10.1.1.0 255.255.255.252 10.2.2.2

ip route 192.168.1.0 255.255.255.0 10.2.2.2

!

access-list 101 permit ip 192.168.3.0 0.0.0.255 any

!

line con 0

exec-timeout 0 0

password ciscoconpa55

logging synchronous

login

!

line aux 0

!

line vty 0 4

exec-timeout 0 0

password ciscovtypa55

login

!

End

Test Firewall Functionality: from INSIDE zone to OUTSIDE zone

1. Ping from PC-C to PC-A

2. Telnet session from PC-C to R2

3. Issuing command on Router 3: show policy-map type inspect zone-pair sessions

Test Firewall Functionality: from OUTSIDE zone to INSIDE zone

1. From the PC-A server command prompt, ping PC-C.

2. From router R2, ping PC-C.

Task 13 Fortinet Unified Threat Management

Fortinet Unified threat management is a tool for security management which is used by an administrator for monitoring and managing all security-related applications and components in infrastructure in one graphic user interface console.  [7] Fortinet. (2017, October 12).

Steps on how to configure Fortinet IPS:

1. Intrusion Protection can be configured by choosing security profiles and clicking on Intrusion Protection.

Figure 13.1 Administrator can choose which signature would the allow or deny

2. Data leak prevention is another way to filter out security threats which has a sensor based scanner for an administrator to specify messages in an incoming information.

Figure 13.2 Data leak prevention in security profiles

3. VPN Tunnels are used to set up VPN connection

Figure 13.3 VPN tunnels configuration

Figure 13.4 VPN tunnel authentication

Task 14 Cyberoam Unified Threat Management

Cyberoam Unified Threat Management caters intense security to businesses from small to large companies. It has a layer 8 identity-based platform with multiple security features. It uses extensible Security Architecture or ESA to eliminate all kinds of security threats. [8] Sophos. (2017).

Minimum System Requirements:

• PC with virtual machine(Hyper-V)
• 1GB vRAM
• 2 Virtual Network Interfaces (vNIC)
• Primary Disk with 6GB size
• Auxiliary Disk with 100GB size
• 1 Serial Port
• 1 USB Port

Steps on how to configure Cyberoam UTM:

1. Download the Cyberoam installer from the website

Figure 14.1 website of Cyberoam UTM

2. Install Cyberoam Firewall on a virtual machine and be sure that the minimum system requirements are met.

Figure 14.2 login dialog box of Cyberoam

3. Run the virtual machine

.

Figure 14.3 Running virtual machine(Hyper-V)

4. On another virtual machine on the same computer (connected via VLAN), open Internet Explorer and go to http://172.16.16.16. Use admin as username and password.

Figure 14.4 login page using the designated URL

5. After logging in, the dashboard would show up displaying the status of the firewall.

Figure 14.5 Dashboard of Cyberoam UTM

6. Securing Cyberoam firewall enables user to configure appliance access thru a wizard that helps administrator setup basic Cyberoam firewall and enable user restrictions. It is based on checklists whether protocol will be enable or disable.

Figure 14.6 Appliance access of Cyberoam

7. Using Identity base policy in Cyberoam is a secured way to setup an access privilege. The user has a variety of selection based on the network’s requirement.

Figure 14.7 Identity based policy of Cyberoam

8. Using Cyberoam surfing quota will ensure that all users would comply to company’s policy. It will limit all the users on how much data was consumed at a given time period. This limit must be done by administrator.

Figure 14.8 Surfing quota of Cyberoam

9. Using Cyberoam remote VPN will enable the user to remotely connect the server to private network using VPN. It is done using web console and client outline.

Figure 14.9 remote VPN of Cyberoam

Recommendation:

When implementing a secured and reliable network, it entails a lot of consideration. These considerations can be split into three main categories includes hardware, software and user requirements. The main consideration is the hardware requirements. Hardware cost is just the beginning since it needed to upgrade and maintain it regularly that could affect business network downtime and performance of the employees. These means that the company should make the best decision on what computers, firewalls to purchase. Storage is also the problem since the company is growing the data stored in the server will also increase. Lastly, the availability of the computer, since all computers are shipped from one manufacturer to the client, it will take time. Another consideration in implementation is the software requirements. First is the software legitimacy. All computers should run genuine software to prevent bugs and errors. Also, the software of all computers including the operating system must be regularly updated. Lastly, the user requirements are required for implementation. As an IT, it is our job to create a secured network environment and lessen the complex work for the end users.

For all of these requirements, the company would always hire an IT specialist for a secured and reliable network infrastructure. In the world we live today, the security breaches are more often than ever before. Implementing a server setup requires maximum consideration and investment on the company but it starts with an IT staff. For the growing IT businesses, all our data and information including networks will be cloud based program. As we enter to the future of IT infrastructure, cloud computing will be the best for integrated networks.

REFERENCES with APA format:

[1] Rouse. (2016). What is Active Directory? – Definition from WhatIs.com. Retrieved November 10, 2017, from http://searchwindowsserver.techtarget.com/definition/Active-Directory

[2] Microsoft. (2017). What’s new in Exchange 2016. Retrieved November 10, 2017, from https://technet.microsoft.com/en-us/library/jj150540(v=exchg.160).aspx

[3] Barracuda. (n.d.). Barracuda Spam Firewall. Retrieved November 10, 2017, from https://www.barracuda.com/landing/pages/spamfirewall/

[4] Rouse. (2012). What is Microsoft Outlook? – Definition from WhatIs.com. Retrieved November 10, 2017, from http://searchexchange.techtarget.com/definition/Microsoft-Outlook

[5] GFI. (n.d.). Network Security, Network Monitor and Network scanner with Vulnerability Scanning, Patch Management and Application Security | GFI LanGuard performs vulnerability assessments to discover threats early. Retrieved November 10, 2017, from https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard

[6] NVD. (2017, October). Vulnerabilities. Retrieved November 10, 2017, from https://nvd.nist.gov/vuln/full-listing/2017/11

[7] Fortinet. (2017, October 12). Retrieved November 10, 2017, from https://en.wikipedia.org/wiki/Fortinet

[8] Sophos. (2017). Retrieved November 10, 2017, from https://www.cyberoam.com/microsite/unified-threat-management