Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
syssec:final_project [2019/05/02 21:08] vnbruno |
syssec:final_project [2020/12/08 15:56] (current) aibekzhy [Linux (LAMP Stack)] |
||
---|---|---|---|
Line 14: | Line 14: | ||
{{:topology_example.png?850|}} | {{:topology_example.png?850|}} | ||
+ | ## Part II - Windows + Linux (60 pts) | ||
- | ## Part II - Choose your Path (60 pts) | + | Here is the overview of Windows(30 pts), Linux(30 pts) and Firewall setup that you will need to perform: |
- | + | ||
- | There are two paths you can take for this. Linux based or Windows... both are about equal work, this should give you s chance to gain more depth in what you are interested. Choose on for the project. YOU DO NOT NEED TO DO BOTH. | + | |
### Windows (Active Directory) | ### Windows (Active Directory) | ||
- | * pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment | + | * 1 Windows client (10 ONLY) |
- | * 1 Windows client (10 or 7) | + | |
* Windows Server (2016 or 2019), this will be your Domain Controller | * Windows Server (2016 or 2019), this will be your Domain Controller | ||
- | * follow the Windows homework, setup the same stuff (users, groups, GPO) | + | * follow the Windows homework, set up the same stuff (users, groups, GPO) |
+ | * Creds: Username - Admin/Administrator, Password: - Change.me! | ||
### Linux (LAMP Stack) | ### Linux (LAMP Stack) | ||
- | * pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment | + | * Set up MediaWiki using the same workflow as the Services homework. |
- | * setup Wordpress, just like we did in the Services assignment | + | * Hosts (3, all on the DMZ): |
- | * remote database and a webserver | + | * Linux Desktop Client with GUI (so you can check your website) |
- | * database should have MySQL or MongoDB | + | * CentOS Database supporting MariaDB hosting data for MediaWiki |
- | * webserver should have Apache, PHP and Wordpress | + | * Linux (Web) Webserver: Apache, PHP, MediaWiki |
+ | * Credentials: Reflect all machine UIDs AND the resulting MediaWiki site. | ||
+ | * Username - sysadmin, Password: - changeme | ||
+ | * Evaluation: A SecDev grader will use the above credentials to create their own page on your device. | ||
+ | * If your installation is successful, the grader's created page will persist on your MediaWiki. | ||
+ | ### pfSense vs Palo Alto | ||
+ | pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment. Please let @aibek know if you would like Palo Alto. By default, you will get pfSense | ||
## Part III - Risk (30 pts) | ## Part III - Risk (30 pts) | ||
- | Use what you learned in the Risk Management lecture, this portion of the project has no _wrong_ answer. Choose 5 controls you learned in the Risk Management lecture, implement these into your environment. Then just write a quick paragraph on the control and how you plan or did implement it in the project. | + | Use what you learned in the Risk Management lecture and Choose 5 Technical controls you learned in the Risk Management lecture and implement these into your environment. These controls must come from the CIS top 20 control list: https://www.cisecurity.org/controls/cis-controls-list/ |
+ | |||
+ | |||
+ | You must submit proof of your Implementation (Screenshot is fine). In a two to three page paper summarize the 5 controls that you have implemented. In this paper please summarize the specific control, what risk(s) is being mitigated (for each control implemented), and why CatFlix will benefit from this implementation. | ||
+ | |||
+ | |||
+ | If you decide to implement any sort of inventory list please submit this as an excel sheet/word document with a table in it. | ||
+ | |||
- | https://www.rapid7.com/solutions/compliance/critical-controls/ | + | Examples of technical controls to implement [Controls - Evidence]: |
+ | * **Hardware Inventory list** - You can just submit your **topology** for this. Normally this is done with a Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof) | ||
+ | * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome) | ||
+ | * **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. | ||
+ | * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts) | ||
+ | * **Maintenance, Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files) | ||
+ | * etc... Reach out to Jay if you are unsure about anything! | ||
Line 56: | Line 74: | ||
- the static IP on all VMs | - the static IP on all VMs | ||
- LAN/WAN and DMZ configuration in pfSense or Palo Alto | - LAN/WAN and DMZ configuration in pfSense or Palo Alto | ||
- | - service working and running, like you did in the previous assignment, each route will be about 10 screenshots in total for all of this | + | - service working and running as you did in the previous assignment, each route will be about 10 screenshots in total for all of this |
+ | - <color #ed1c24>**ENSURE TO ADD ALL CREDENTIALS INTO THE SUBMISSIONS, SO THAT SECDEV IS ABLE TO CHECK YOUR WORK**</color> | ||
As usual, if you have any questions please ask in the `System Security` channel! | As usual, if you have any questions please ask in the `System Security` channel! |