syssec:final_project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
syssec:final_project [2019/05/03 00:10]
abitar [Part III - Risk (30 pts)]
syssec:final_project [2020/12/08 15:56] (current)
aibekzhy [Linux (LAMP Stack)]
Line 14: Line 14:
 {{:​topology_example.png?​850|}} {{:​topology_example.png?​850|}}
  
 +## Part II - Windows + Linux (60 pts)
  
-## Part II - Choose your Path (60 pts) +Here is the overview of Windows(30 pts), Linux(30 pts) and Firewall setup that you will need to perform:
- +
-There are two paths you can take for this. Linux based or Windows... both are about equal workthis should give you s chance ​to gain more depth in what you are interested. Choose on for the project. YOU DO NOT NEED TO DO BOTH.+
  
  
 ### Windows (Active Directory) ### Windows (Active Directory)
  
-* pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment +* 1 Windows client (10 ONLY
-* 1 Windows client (10 or 7+
 * Windows Server (2016 or 2019), this will be your Domain Controller * Windows Server (2016 or 2019), this will be your Domain Controller
-  * follow the Windows homework, ​setup the same stuff (users, groups, GPO) +  * follow the Windows homework, ​set up the same stuff (users, groups, GPO) 
 +* Creds: Username - Admin/​Administrator,​ Password: - Change.me!
  
 ### Linux (LAMP Stack) ### Linux (LAMP Stack)
  
-pfSense ​as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment +Set up MediaWiki using the same workflow ​as the Services homework. 
-setup Wordpressjust like we did in the Services assignment +Hosts (3all on the DMZ): 
-remote database and a webserver (one of these should be GUI so you can check your website) +  Linux Desktop Client with GUI (so you can check your website) 
-  * database should have MySQL or MongoDB +  * CentOS Database supporting MariaDB hosting data for MediaWiki 
-  * webserver should have Apache, PHP and Wordpress+  * Linux (Web) Webserver: ​Apache, PHP, MediaWiki 
 +* Credentials:​ Reflect all machine UIDs AND the resulting MediaWiki site. 
 +  * Username - sysadmin, Password: - changeme 
 +* Evaluation: A SecDev grader will use the above credentials to create their own page on your device.  
 +  * If your installation is successful, the grader'​s created page will persist on your MediaWiki. ​
  
 +### pfSense vs Palo Alto
 +pfSense as router OR Palo Alto, if you choose Palo Alto you get 20 pts of extra credit on the assignment. Please let @aibek know if you would like Palo Alto. By default, you will get pfSense
  
  
Line 51: Line 55:
  
 Examples of technical controls to implement [Controls - Evidence]: Examples of technical controls to implement [Controls - Evidence]:
-  * **Hardware Inventory list** - Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof)+  * **Hardware Inventory list** - You can just submit your **topology** for this. Normally this is done with a Table (Columns for the table: Asset Name, Asset Category, IP-Address, MAC Address, Operating System) (Also include NMAP output as proof)
   * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome)   * **Software Inventory List** - Table (Columns for the table: Software Name, Software Category, Main Use, List of assets where software was implemented) - Just list any software that you installed on the system. Just list anything that is not a default app. (Example: do not list internet explorer, but list Google Chrome)
   * **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. ​   * **Controlled use of Admin Privileges**- Screenshot what admins are on a particular system. ​
   * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations,​ and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts)   * **Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations,​ and Servers** - provide proof that you hardened a certain aspect of your system (example: SSH config file set to reject logins after X failed attempts)
   * **Maintenance,​ Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files)   * **Maintenance,​ Monitoring, and Analysis of Audit Logs** - Provide a screenshot of 3 log files (Actually open the files)
-  * Etc... Reach out to Alex/Jay if you are unsure about anything! +  * etc... Reach out to Jay if you are unsure about anything!
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
  
  
Line 81: Line 74:
 - the static IP on all VMs - the static IP on all VMs
 - LAN/WAN and DMZ configuration in pfSense or Palo Alto - LAN/WAN and DMZ configuration in pfSense or Palo Alto
-- service working and running, like you did in the previous assignment, each route will be about 10 screenshots in total for all of this+- service working and running ​as you did in the previous assignment, each route will be about 10 screenshots in total for all of this 
 +- <color #​ed1c24>​**ENSURE TO ADD ALL CREDENTIALS INTO THE SUBMISSIONS,​ SO THAT SECDEV IS ABLE TO CHECK YOUR WORK**</​color>​
  
 As usual, if you have any questions please ask in the `System Security` channel! As usual, if you have any questions please ask in the `System Security` channel!
  • syssec/final_project.1556842255.txt.gz
  • Last modified: 2019/05/03 00:10
  • by abitar