TASK: Setup a basic network infrastructure and setup PFsense.
The lab contains three nested virtual machines represented by the following topology:
Use the lab to perform questions 1 to 5 of this assessment, following the instructions contained in each question.
1. Use the supplied Microsoft Azure lab to complete this task
a. Install the Active Directory role on the Windows 2019 Server nested virtual machine.
b. Create a security group named “Finance”
c. Define three users named Tom, Dick, and Harry.
d. Add Tom and Harry to the Finance security group.
e. Create a folder named “Finance Documents” on the C:\ drive of the Windows 2019 Server nested VM.
f. Restrict access to the Finance Documents folder to members of the Finance security group.
Provide a screenshot demonstrating that active directory has been installed on the nested VM:
Provide a screenshot showing the three users (Tom, Dick and Harry):
Provide a screenshot showing the Finance security group with Tom and Harry as members:
Provide a screenshot showing access permissions on the “Finance Documents” folder after completing all steps in this task:
2. Use the supplied Microsoft Azure lab to complete this task. Sign-in to pfsense from the Windows 10 nested VM.
a. Create a new Group/Segment named “Research Department” that will be used to enable researchers to access the Internet from the LAN
b. Configure a new interface and associate it with the Research Department zone
c. Create a bridge interface linking the new Zone with the existing LAN interface
d. Create a firewall rule allowing hosts in the new Zone to access the WAN
Provide screenshots of your completed configuration at each step (a to d) here:
1. New group
2. New interface for new group
3. Bridge new zone with existing LAN
4. Creating a firewall rule to allow hosts from new zone (source network) to WAN (destination)
3. Use the supplied Microsoft Azure lab to complete this task. Sign-in to pfsense from the Windows 10 nested VM.
a. Create a packet capture, filtering outbound and inbound traffic for the windows 10 machine.
Provide screenshots of the Display Filter properties and Captured Packet list here:
Captured packets:
Installed WireShark to inspect packet capture in more detail:
Image showing filters:
4. Use the supplied Microsoft Azure lab to complete this task. Sign-in to pfsense from the Windows 10 nested VM.
a. Configure settings to enable a VPN tunnel through IPsec
b. Create a firewall rule to enable the remote VPN users access both the LAN
c. Enable IPsec (remote access) VPN with a preshared key
Provide screenshots of your completed configuration at each step (a to c) here:
a)
a)
b)
c)
5. Use the supplied Microsoft Azure lab to complete this task. Sign-in pfsense from the Windows 10 nested VM.
a. Configure firewall settings to enable detection of malicious software
Installed Snort
Installed Interface for WLAN and LAN
Manually updated the rules
6. Create a logical topology diagram of a WLAN using CISCO Packet Tracer. The diagram should include 3 laptops and a smart phone connected to a wireless access point (WAP). The mobile devices must obtain their local IP address from a DNS server also attached to the access point. Use the subnet 192.168.1/24 when defining the DNS service.
Provide a screenshot of the configuration screen of the DHCP service here:
7. Produce flow-charts representing the steps involved in authenticating and associating wireless devices to
a. An open WLAN
b. A WLAN with Shared Authentication
c. A WLAN with Extensible Authentication Protocol (EAP)
a.
b.
c.
9. Create a checklist that could be used by your organisation’s network administrator to ensure that the wireless local area network (WLAN) in the new Sydney branch office is hardened against cyber-attack. Your answer should include at least six items covering a variety of different control types.
The Sydney office is to be setup with a Radius server utilising 128bit AES encryption.
TRAINING. Ensure all staff are given appropriate training on how to safely use the WLAN, including reasons why they should not share the WIFI password.
AUTHENTICATION. Ensure all staff are directed on the minimum password requirements and are using their own unique credentials (Radius server requirement).
AUTHENTICATION. Check the Radius server is correctly configured.
ENCRYPTION. Check that the access point has a minimum of 256 bit encryption enabled.
PROTECT THE NETWORK. Ensure that SSID is not broadcast.
IDS and IPS. Check the installation of both IDS and IPS systems to harden the network against malicious activity.
MAC FILTERING. Check Mac Filtering is enabled.
FIREWALL. Check the firewall has been configured to fully protect the organisations network.
UNUSED PROTOCOLS. Ensure all unused protocols on the network disabled.
SECURITY. Cyber Security staff to undertake comprehensive security assessments, which includes penetration testing, of the WLAN network at regular and random intervals.
10. Generate a Certificate Signing Request (CSR) and Private Key for the domain ozcasual.com Your certificates should have a key size of at least 2048 bits.
-----BEGIN CERTIFICATE REQUEST----- MIICyTCCAbMCAQAwVjFUMAkGA1UEBhMCQVUwDwYDVQQIDAhWaWN0b3JpYTAQBgNV BAcMCU1lbGJvdXJuZTAPBgNVBAoMCE96Y2FzdWFsMBMGA1UEAwwMb3pjYXN1YWwu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhfkVumrF2PS/7hc bt9SOeQFSNO5Y4ZjAPLRInWH5JR1tPxa7tb24C7Kf2WJaSNTHtwOXXE1PuNJuief TwZsD5dGDzVFdDPEqWUMh0NYhlshlcQloCO4yh5u2WnPd7MVoSzo26mWlm4uc7J9 +SwVTXGsbeGCUHSIpOg2Z2GS/yWiCCiIC5whOD+KWJamaX710lD7J+0xxtrus0xj oe/iJnSEAcevaVEGHMeU466Fv9T93SejBuigwdJKMJImMi7Z1KMkumfLwo3MwphR YtE/KkPuTx8hBoqoCIQv+/28nqMTe0LZ4ZdjBgGpfeVD0zJm90xr+OpGt+l4LSST CnnonwIDAQABoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUICsTTzaqYEPF Mlcm30A/PJz1Ad8wCwYJKoZIhvcNAQELA4IBAQBxrlhM3tOUK5aufXVjE6eUV4iC RxiS06LAlKwjriEqPR+tu4faZ0V78uRF84vNi5LKPJBRSArkq70efF0hc1/FuB3e 3zJJNBjgB/6V3//eZfWbNTt5NHkpi8qfEcZ0c4moRD3lJFepJs5SaLx7dNU/sP9E 8eHN1XHvy1Mw/Npk66mgxJKnvyU7SE60OiN9ZAXrRMTSEuIgdjfEaRMuo5kHbvvb uHuDh4oUjOWz1AfZtlu6uhHWu6B9xrZ1QfC7P4IWkJYswcdjhaFNT/jacT+9e0Hi bnThW6LCe+UEi/+ZfpQykXwTgjAYq4A8JQlJoHl8vpInXG3aZ5kn1pl6tgh7 -----END CERTIFICATE REQUEST-----
11. Generate a MD5 Hash of the following strings:
a. “Victoria University”
b. “22603VIC - Certificate IV in Cyber Security”
ad6aa003afacfa0747cef6631b428b15
3327396e058b8a7ac5d331fd41f4f492
12. Using the secret key “Certificate IV in Cyber Security”, decrypt the following text that was encrypted with 256-bit AES encryption to reveal a famous quotation.
3MVRZ6AWWO/kmwIwkwUNpMh5XoUWySiWUtwYIeelX2znmVm2jpfuVlsogHIQEvif2GPp8xBP83Fs5vgTYtD1ZQ==
ANSWER
Amateurs hack systems, professionals hack people
14. Complete the table below comparing the key features of each network monitoring product.
15. Based on your findings in Question 14, which system would you implement and why?
ANSWER:
I would recommend Paessler PRTG because it has both cloud, agent and hybrid setup options. There is also an app so you can monitor the network on your smart phone which I think is very useful.