RECENT PROJECTS
PROJECT // 01
Configuration of The Raspberry Pi with TFT screen
PROJECT // 02
IoT device Camera Module over Arduino
PROJECT // 03
IoT device Camera Module over Raspberry Pi
FUTURE PROJECTS // 04
On WebSecurity Local File Inclusion, Service Exploitation, Cross-Site Scripting
FUTURE PROJECTS // 05
Log Analysis - Flags, Windows Security Logs, Corrupt Windows Security Logs, Linux Authentication Log, Apache Log, Network Data Capture
FUTURE PROJECTS // 06
Cryptography - Hashing Algorithms, Cracked Algorithms, Windows Passwords, Advanced Cryptography, Steganography,
LED Cube 8x8x8: Using Arduino Kit
You should have an understanding of:
-
Basic electronics. (We would recommend against building this as your very first electronics project. But please read the Instructable. You'll still learn a lot!)
-
How to solder.
-
How to use a multimeter etc.
-
Writing code in C (optional. We provide a fully functional program, ready to go)
-
POD Topology:
Lab Settings
Required Virtual Machines and Applications
Log in to the following virtual machines before starting the tasks in this lab:
Windows 7 Internal Attack Machine 192.168.100.5
Windows 7 student password password
BackTrack 5 Internal Attack Machine 192.168.100.3
BackTrack 5 root password password
Windows 2k3 Server Internal Victim Machine 192.168.100.201
Windows 2k3 Server administrator password password
Linux Sniffer No IP addresses
Linux Sniffer root password toor
BackTrack 4 External Attack Machine 10.10.19.148
BackTrack 4 External root password password
Windows 2k3 Server External Victim Machine 10.10.19.202
Windows 2k3 Server administrator password password
Windows 7 Internal Attack Login:
1. Click on the Windows 7 Internal Attack icon on the topology.
2. If required, enter the username, student (verify the username with your instructor). 3. Type in the password, password, and press enter to log in (verify the password with your instructor).
Linux Sniffer Login:
1. Click on the Linux Sniffer icon on the topology.
2. Type root at the bt login: username prompt and press enter.
3. At the password prompt, type toor and press enter.
4. To start the GUI, type startx at the root@bt:~# prompt and press enter.
BackTrack 5 Internal Attack Login:
1. Click on the BackTrack 5 Internal Attack icon on the topology.
2. Type root at the bt login: username prompt and press enter.
3. At the password prompt, type password and press enter.
4. To start the GUI, type startx at the root@bt:~# prompt and press enter.
Windows 2003 Server Login: (internal and external victim machines):
1. Click on the Windows2k3 Server Internal Victim icon on the topology
2. Use the PC menu in the NETLAB+ Remote PC Viewer to send a Ctrl-Alt-Del (version 2 viewer), or click the Send Ctrl-Alt-Del link in the bottom right corner of the viewer window (version 1 viewer).
3. Enter the User name, Administrator (verify the username with your instructor).
4. Type in the password, password, and click the OK button (verify the password with your instructor).
5. Repeat these steps to log into the Windows 2k3 Server External Victim.
BackTrack 4 External Attack Login:
1. Click on the BackTrack 4 External Attack icon on the topology.
2. Type root at the bt login: username prompt and press enter.
3. At the password prompt, type toor and press enter.
4. To start the GUI, type startx at the stroot@bt:~# prompt and press enter.
1 Using tcpdump to Capture Network Traffic
Part of a network administrator’s job can be to capture and analyze network traffic. This is done for a variety of reasons, including the identification of the cause of bottlenecks, determining who is responsible for certain download activity, or analyzing an intrusion. There are many tools that can be utilized to capture network traffic, including tcpdump.
1.1 Using tcpdump
The Linux distribution BackTrack is installed on the sniffer. BackTrack is a distribution used by security professionals for penetration testing and forensics.
Topology: This designed is to describe how pfSense performs rule matching and a basic strict set of rules.
-
Always remember that rules on Interface tabs are matched on the INCOMING Interface.
-
The approach described in this document is not the most secure, but will help understand how rules are setup.
Basic lock down of the LAN and DMZ out going rules
Outbound LAN
-
Make sure the “Default LAN > any” rule is either disabled or removed.
-
Allow DNS access - if pfSense is the DNS server, use LAN address, if using outside DNS create rule to allow TCP/UDP 53 to anywhere
-
Allow TCP/UDP 53 (DNS) from LAN subnet to LAN Address, -or-
-
Allow TCP/UDP 53 (DNS) from LAN subnet to Upstream DNS Servers, -or-
-
Allow TCP/UDP 53 (DNS) from LAN subnet to anywhere
-
-
Allow all users to browse web pages anywhere.
-
Allow TCP 80 (HTTP) from LAN subnet to anywhere
-
-
Allow users to browse secure web pages anywhere.
-
Allow TCP 443 (HTTPS) from LAN subnet to anywhere
-
-
Allow users to access FTP sites anywhere.
-
Allow TCP 21 (FTP) from LAN subnet to anywhere
-
-
Allow users to access SMTP on a mail server somewhere.
-
Allow TCP 25 (SMTP) from LAN subnet to anywhere
-
-
Allow users to access POP3 on a mail server somewhere.
-
Allow TCP 110 (POP3) from LAN subnet to anywhere
-
-
Allow users to access IMAP on a mail server somewhere.
-
Allow TCP 143 (IMAP) from LAN subnet to anywhere
-
-
To allow remote connections to an outside windows server, configure a rule for Remote administration.
-
Allow TCP/UDP 3389 (Terminal server) from LAN subnet to IP address of remote server
-
-
To allow LAN to access windows shares on the DMZ, allow NETBIOS/Microsoft-DS from the LAN to the DMZ
-
Allow TCP/UDP 137 from LAN subnet (NETBIOS) to DMZ subnet
-
Allow TCP/UDP 138 from LAN subnet (NETBIOS) to DMZ subnet
-
Allow TCP/UDP 139 from LAN subnet (NETBIOS) to DMZ subnet
-
Allow TCP 445 from LAN subnet (NETBIOS) to DMZ subnet
-
Outbound DMZ
-
By default, there are no rules on OPT interfaces.
-
To allow servers to use Windows update or browse the WAN
-
Allow TCP 80 from DMZ subnet (HTTP) to anywhere
-
Allow TCP 443 from DMZ subnet (HTTP) to anywhere
-
-
If an external DNS server is used, allow the computers to leave the network to connect to a DNS server.
-
Allow TCP/UDP 53 from DMZ subnet (DNS) to IP address of the upstream DNS server (s)
-
-
To allow servers to use a remote time server open UDP port 123
-
Allow UDP 123 from DMZ subnet (NTP) to IP address of remote time server -or-
-
Allow UDP 123 from DMZ subnet (NTP) to any
-
Setup isolating LAN and DMZ but each with unrestricted Internet access
The strict approach above may not be necessary if outbound access should be more lenient, but still controlled between local interfaces. The following setup can be used instead.
Prerequisites/Assumptions
This assumes all local networks are privately numbered, and that interfaces have already been configured.
Create an alias (Firewall > Aliases) called RFC1918 containing 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8
LAN Configuration
-
Allow TCP/UDP from LAN subnet to LAN Address port 53 for DNS from the firewall
-
Allow TCP from LAN subnet to LAN address port 443 for accessing the GUI
-
Allow ICMP from LAN subnet to LAN address to ping the firewall from the LAN
-
Allow any traffic required from LAN to DMZ (if any)
-
Reject Any from LAN subnet to RFC1918 -- Do not allow LAN to reach DMZ or other private networks
-
Allow Any from LAN subnet to any -- Internet access rule
DMZ Configuration
-
Allow TCP/UDP from DMZ subnet to DMZ Address port 53 for DNS from the firewall
-
Allow TCP from DMZ subnet to DMZ address port 443 for accessing the GUI (optional)
-
Allow ICMP from DMZ subnet to DMZ address to ping the firewall from the DMZ
-
Allow any traffic required from DMZ to LAN (if any)
-
Reject Any from DMZ subnet to RFC1918 -- Do not allow DMZ to reach LAN or other private networks
-
Allow Any from DMZ subnet to any -- Internet access rule