Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
syssec:final_project [2019/05/02 20:17] vnbruno [Part II - Choose your Path (60 pts)] |
syssec:final_project [2020/12/05 23:17] aibekzhy [Linux (LAMP Stack)] |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| {{:topology_example.png?850|}} | {{:topology_example.png?850|}} | ||
| + | ## Part II - Windows + Linux (60 pts) | ||
| - | ## Part II - Choose your Path (60 pts) | + | Here is the overview of Windows(30 pts), Linux(30 pts) and Firewall setup that you will need to perform: |
| - | + | ||
| - | There are two paths you can take for this. Linux based or Windows... both are about equal work, this should give you s chance to gain more depth in what you are interested. Choose on for the project. YOU DO NOT NEED TO DO BOTH. | + | |
| ### Windows (Active Directory) | ### Windows (Active Directory) | ||
| - | * pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment | + | * 1 Windows client (10 ONLY) |
| - | * 1 Windows client (10 or 7) | + | |
| * Windows Server (2016 or 2019), this will be your Domain Controller | * Windows Server (2016 or 2019), this will be your Domain Controller | ||
| - | * follow the Windows homework, setup the same stuff | + | * follow the Windows homework, set up the same stuff (users, groups, GPO) |
| + | * Creds: Username - Admin/Administrator, Password: - Change.me! | ||
| ### Linux (LAMP Stack) | ### Linux (LAMP Stack) | ||
| - | * just like we did in the Services assignment | + | * setup MediaWiki, as set up in the Services homework |
| * remote database and a webserver | * remote database and a webserver | ||
| - | * database should have MySQL or MongoDB | + | * Linux Client with GUI (so you can check your website) |
| - | * webserver should have Apache, PHP and Wordpress | + | * database that will host data for MediaWiki |
| + | * webserver should have Apache, MediaWiki | ||
| + | * Creds: Username - sysadmin, Password: - changeme | ||
| + | ### pfSense vs Palo Alto | ||
| + | pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment. Please let @aibek know if you would like Palo Alto. By default, you will get pfSense | ||
| ## Part III - Risk (30 pts) | ## Part III - Risk (30 pts) | ||
| - | Use what you learned in the Risk Management lecture, this portion of the project has no _wrong_ answer. Choose 5 controls you learned in the Risk Management lecture, implement these into your environment. Then just write a quick paragraph on the control and how you plan or did implement it in the project. | + | Use what you learned in the Risk Management lecture and Choose 5 Technical controls you learned in the Risk Management lecture and implement these into your environment. These controls must come from the CIS top 20 control list: https://www.cisecurity.org/controls/cis-controls-list/ |
| + | |||
| + | |||
| + | You must submit proof of your Implementation (Screenshot is fine). In a two to three page paper summarize the 5 controls that you have implemented. In this paper please summarize the specific control, what risk(s) is being mitigated (for each control implemented), and why CatFlix will benefit from this implementation. | ||
| + | |||
| + | |||
| + | If you decide to implement any sort of inventory list please submit this as an excel sheet/word document with a table in it. | ||
| + | |||
| - | https://www.rapid7.com/solutions/compliance/critical-controls/ | + | Examples of technical controls to implement [Controls - Evidence]: |
| + | * **Hardware Inventory list** - You can just submit your **topology** for this. Normally this is done with a Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof) | ||
| + | * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome) | ||
| + | * **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. | ||
| + | * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts) | ||
| + | * **Maintenance, Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files) | ||
| + | * etc... Reach out to Jay if you are unsure about anything! | ||
| - | ## Part IIII - Deliverable | + | ## Part IV - Deliverable |
| Line 55: | Line 71: | ||
| - the static IP on all VMs | - the static IP on all VMs | ||
| - LAN/WAN and DMZ configuration in pfSense or Palo Alto | - LAN/WAN and DMZ configuration in pfSense or Palo Alto | ||
| - | - service working and running, like you did in the previous assignment, each route will be about 10 screenshots in total for all of this | + | - service working and running as you did in the previous assignment, each route will be about 10 screenshots in total for all of this |
| + | - <color #ed1c24>**ENSURE TO ADD ALL CREDENTIALS INTO THE SUBMISSIONS, SO THAT SECDEV IS ABLE TO CHECK YOUR WORK**</color> | ||
| As usual, if you have any questions please ask in the `System Security` channel! | As usual, if you have any questions please ask in the `System Security` channel! | ||