syssec:final_project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
syssec:final_project [2019/05/02 20:17]
vnbruno [Part II - Choose your Path (60 pts)]
syssec:final_project [2020/12/08 15:56] (current)
aibekzhy [Linux (LAMP Stack)]
Line 14: Line 14:
 {{:​topology_example.png?​850|}} {{:​topology_example.png?​850|}}
  
 +## Part II - Windows + Linux (60 pts)
  
-## Part II - Choose your Path (60 pts) +Here is the overview of Windows(30 pts), Linux(30 pts) and Firewall setup that you will need to perform:
- +
-There are two paths you can take for this. Linux based or Windows... both are about equal workthis should give you s chance ​to gain more depth in what you are interested. Choose on for the project. YOU DO NOT NEED TO DO BOTH.+
  
  
 ### Windows (Active Directory) ### Windows (Active Directory)
  
-* pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment +* 1 Windows client (10 ONLY
-* 1 Windows client (10 or 7+
 * Windows Server (2016 or 2019), this will be your Domain Controller * Windows Server (2016 or 2019), this will be your Domain Controller
-  * follow the Windows homework, ​setup the same stuff +  * follow the Windows homework, ​set up the same stuff (users, groups, GPO) 
 +* Creds: Username - Admin/​Administrator,​ Password: - Change.me!
  
 ### Linux (LAMP Stack) ### Linux (LAMP Stack)
  
-just like we did in the Services ​assignment +Set up MediaWiki using the same workflow as the Services ​homework. 
-remote database and a webserver +Hosts (3, all on the DMZ): 
-  * database should have MySQL or MongoDB +  * Linux Desktop Client with GUI (so you can check your website) 
-  * webserver should have Apache, PHP and Wordpress+  * CentOS Database supporting MariaDB hosting data for MediaWiki 
 +  * Linux (Web) Webserver: ​Apache, PHP, MediaWiki 
 +* Credentials:​ Reflect all machine UIDs AND the resulting MediaWiki site. 
 +  * Username - sysadmin, Password: - changeme 
 +* Evaluation: A SecDev grader will use the above credentials to create their own page on your device.  
 +  * If your installation is successful, the grader'​s created page will persist on your MediaWiki. ​
  
 +### pfSense vs Palo Alto
 +pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment. Please let @aibek know if you would like Palo Alto. By default, you will get pfSense
  
  
 ## Part III - Risk (30 pts) ## Part III - Risk (30 pts)
  
-Use what you learned in the Risk Management lecture, this portion of the project has no _wrong_ answer. ​Choose 5 controls you learned in the Risk Management lectureimplement these into your environment. ​Then just write quick paragraph on the control and how you plan or did implement ​it in the project+Use what you learned in the Risk Management lecture ​and Choose 5 Technical ​controls you learned in the Risk Management lecture ​and implement these into your environment. ​These controls must come from the CIS top 20 control list: https://​www.cisecurity.org/​controls/​cis-controls-list/​ 
 + 
 + 
 +You must submit proof of your Implementation (Screenshot is fine). In two to three page paper summarize ​the 5 controls that you have implemented. In this paper please summarize the specific ​control, what risk(s) is being mitigated (for each control implemented), ​and why CatFlix will benefit from this implementation.  
 + 
 + 
 +If you decide to implement ​any sort of inventory list please submit this as an excel sheet/word document with a table in it. 
 + 
  
-https://www.rapid7.com/​solutions/​compliance/​critical-controls/ ​+Examples of technical controls to implement [Controls - Evidence]: 
 +  * **Hardware Inventory list** - You can just submit your **topology** for thisNormally this is done with a Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof) 
 +  * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the systemJust list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome) 
 +  * **Controlled use of Admin Privileges**Screenshot what admins are on a particular system.  
 +  * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations,​ and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts) 
 +  * **Maintenance,​ Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files) 
 +  * etc... Reach out to Jay if you are unsure about anything!
  
  
-## Part IIII - Deliverable ​+## Part IV - Deliverable ​
  
  
Line 55: Line 74:
 - the static IP on all VMs - the static IP on all VMs
 - LAN/WAN and DMZ configuration in pfSense or Palo Alto - LAN/WAN and DMZ configuration in pfSense or Palo Alto
-- service working and running, like you did in the previous assignment, each route will be about 10 screenshots in total for all of this+- service working and running ​as you did in the previous assignment, each route will be about 10 screenshots in total for all of this 
 +- <color #​ed1c24>​**ENSURE TO ADD ALL CREDENTIALS INTO THE SUBMISSIONS,​ SO THAT SECDEV IS ABLE TO CHECK YOUR WORK**</​color>​
  
 As usual, if you have any questions please ask in the `System Security` channel! As usual, if you have any questions please ask in the `System Security` channel!
  • syssec/final_project.1556828272.txt.gz
  • Last modified: 2019/05/02 20:17
  • by vnbruno