Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
syssec:final_project [2019/05/03 00:10] abitar [Part III - Risk (30 pts)] |
syssec:final_project [2020/12/08 15:56] (current) aibekzhy [Linux (LAMP Stack)] |
||
---|---|---|---|
Line 14: | Line 14: | ||
{{:topology_example.png?850|}} | {{:topology_example.png?850|}} | ||
+ | ## Part II - Windows + Linux (60 pts) | ||
- | ## Part II - Choose your Path (60 pts) | + | Here is the overview of Windows(30 pts), Linux(30 pts) and Firewall setup that you will need to perform: |
- | + | ||
- | There are two paths you can take for this. Linux based or Windows... both are about equal work, this should give you s chance to gain more depth in what you are interested. Choose on for the project. YOU DO NOT NEED TO DO BOTH. | + | |
### Windows (Active Directory) | ### Windows (Active Directory) | ||
- | * pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment | + | * 1 Windows client (10 ONLY) |
- | * 1 Windows client (10 or 7) | + | |
* Windows Server (2016 or 2019), this will be your Domain Controller | * Windows Server (2016 or 2019), this will be your Domain Controller | ||
- | * follow the Windows homework, setup the same stuff (users, groups, GPO) | + | * follow the Windows homework, set up the same stuff (users, groups, GPO) |
+ | * Creds: Username - Admin/Administrator, Password: - Change.me! | ||
### Linux (LAMP Stack) | ### Linux (LAMP Stack) | ||
- | * pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment | + | * Set up MediaWiki using the same workflow as the Services homework. |
- | * setup Wordpress, just like we did in the Services assignment | + | * Hosts (3, all on the DMZ): |
- | * remote database and a webserver (one of these should be GUI so you can check your website) | + | * Linux Desktop Client with GUI (so you can check your website) |
- | * database should have MySQL or MongoDB | + | * CentOS Database supporting MariaDB hosting data for MediaWiki |
- | * webserver should have Apache, PHP and Wordpress | + | * Linux (Web) Webserver: Apache, PHP, MediaWiki |
+ | * Credentials: Reflect all machine UIDs AND the resulting MediaWiki site. | ||
+ | * Username - sysadmin, Password: - changeme | ||
+ | * Evaluation: A SecDev grader will use the above credentials to create their own page on your device. | ||
+ | * If your installation is successful, the grader's created page will persist on your MediaWiki. | ||
+ | ### pfSense vs Palo Alto | ||
+ | pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment. Please let @aibek know if you would like Palo Alto. By default, you will get pfSense | ||
Line 51: | Line 55: | ||
Examples of technical controls to implement [Controls - Evidence]: | Examples of technical controls to implement [Controls - Evidence]: | ||
- | * **Hardware Inventory list** - Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof) | + | * **Hardware Inventory list** - You can just submit your **topology** for this. Normally this is done with a Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof) |
* **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome) | * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome) | ||
* **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. | * **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. | ||
* **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts) | * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts) | ||
* **Maintenance, Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files) | * **Maintenance, Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files) | ||
- | * Etc... Reach out to Alex/Jay if you are unsure about anything! | + | * etc... Reach out to Jay if you are unsure about anything! |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
Line 81: | Line 74: | ||
- the static IP on all VMs | - the static IP on all VMs | ||
- LAN/WAN and DMZ configuration in pfSense or Palo Alto | - LAN/WAN and DMZ configuration in pfSense or Palo Alto | ||
- | - service working and running, like you did in the previous assignment, each route will be about 10 screenshots in total for all of this | + | - service working and running as you did in the previous assignment, each route will be about 10 screenshots in total for all of this |
+ | - <color #ed1c24>**ENSURE TO ADD ALL CREDENTIALS INTO THE SUBMISSIONS, SO THAT SECDEV IS ABLE TO CHECK YOUR WORK**</color> | ||
As usual, if you have any questions please ask in the `System Security` channel! | As usual, if you have any questions please ask in the `System Security` channel! |