syssec:furwalls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
syssec:furwalls [2019/04/02 21:27]
ohadkatz [Windows] 		syssec:furwalls [2019/04/04 18:01]
vnbruno
Line 1: Line 1:
 # Firewalls # Firewalls
  
- +{{ :​firewalls_assignment_logo.png |}}
-{{:​firewalls_assignment_logo.png?400|}} +
 In this homework, you will be applying a variety of Firewall rules on 3 different platforms. In this homework, you will be applying a variety of Firewall rules on 3 different platforms.
  
Line 28: Line 26:
  
  
-{{:​packmet_furwall.png?400|}}+{{ :​packmet_furwall.png |}}
  
  
 ### pfSense ### pfSense
 +{{:​guides:​pfsense_logo.png?​200 |}}
 pfSense is the heart of your network. pfSense is typically your first line of defense in securing your network. pfSense, unlike Windows and Linux, is a network based Firewall, allowing you to both block and allow incoming and outgoing connections unilaterally. pfSense is the heart of your network. pfSense is typically your first line of defense in securing your network. pfSense, unlike Windows and Linux, is a network based Firewall, allowing you to both block and allow incoming and outgoing connections unilaterally.
  
Line 74: Line 72:
  
 ### Linux ### Linux
 +{{:​guides:​1200px-tux.svg.png?​200 |}}
 As we discussed in class, Linux provides us with iptables and ufw, which are very useful and powerful firewall tools. In this portion, you will set up some firewall rules using these commands. As we discussed in class, Linux provides us with iptables and ufw, which are very useful and powerful firewall tools. In this portion, you will set up some firewall rules using these commands.
  
Line 88: Line 86:
  
 ### Windows ### Windows
 +{{::​u54m_ybj_400x400.jpg?​200 |}}
 For Windows machines, you are able to either use the Windows Defender tool For Windows machines, you are able to either use the Windows Defender tool
 supplied with Windows (arguably easier), or use netsh to set up these firewall supplied with Windows (arguably easier), or use netsh to set up these firewall
 rules. rules.
   * Using either Windows Firewall or your command line, block all inbound connections from your Linux Machines ip addresses (on your LAN)   * Using either Windows Firewall or your command line, block all inbound connections from your Linux Machines ip addresses (on your LAN)
 +    * <color #ed1c24> Screenshot showing that your Linux machines can’t ping your Windows client. </​color>​
 +    * Give a brief description as to why you think it could be important to block inbound connections between your LAN clients.
   * Allow outbound traffic to your pfSense router’s ip address.   * Allow outbound traffic to your pfSense router’s ip address.
 +    * <color #ed1c24> Screenshot your windows defender inbound and outbound rules showing that your custom rules are there (Name them something...unique). </​color>​
 +  * <color #ed1c24> Block a program of your choice from accessing the internet. </​color>​
 +    * You can either choose to block Microsoft edge(You may want it back afterwards),​ or install a program that accesses the internet and show that it is not able to do so after writing the firewall rule(Chrome,​ Firefox, Email, etc.).
 +    * While you are at it, block Cortana from communicating out, we don’t really like her anyways.
 +
 +
 +# EXTRA CREDIT!
 +
 +This is not a required part of the homework, but could help you during a defense competition (hint hint). ​
 +
 +In pfSense, you are able to install packages and modules to make your life a little simpler. These can help you seek out unwanted traffic or malicious activity on your network. If you decide to do so, you will be installing a couple of these modules on your pfSense box, namely ntopng and snort.
 +If you would like more information on either of these, you can click on the bolded words to proceed to documentation,​ or ask your preferred sec dev member. ​
 +For this extra credit, please follow these steps
 +
 +Step 1: INSTALLATION
 +* Install both ntopng and snort packages onto your pfSense router.
 +You may have to update and upgrade packages on pfsense using the following command:
 + * pkg update -f
 + * pkg upgrade -f
 +* Please screenshot and show that both of these modules are available on your pfSense router.
 +
 +
 +Step 2: NTOPNG
 +* Using ntopng:
 + *Find the top local host in your domain, screenshot and report on your top host, why does this make sense?
 + * Find all operating systems that are connected to your firewall, screenshot the results from ntop.
 + * Find one interesting information on your network using ntop and write a summary of what you found.
 +
 +
 +Step 3: SNORT
 +* Using snort:
 + * Setup snort (Yes you must get the oinkmaster code by signing up), and attach snort to your LAN and DMZ interface ​
 + * Once Setup, configure rules to detect malicious traffic. For the purposes of this assignment, you can setup port scanning alert rules.
 +  * To test this you can try port scanning one of your machines and seeing if it pops up as an alert.
 + * Write a brief description as to how you could use Snort in a real world scenario, and why products like it are vital for an infrastructure.
 +
 +
 +Step 4: CURIOSITY
 +* Find another package to install on pfSense that you think is especially interesting or useful. ​
 + * Make sure to show the steps you took to install this package, including screenshots with descriptions
 + * Please explain why this particular package is of interest to you, and how you could use it in a real world scenario!
 +
 +
 +
 +
 +
 +
 +
  
  
  
 ### Fin ### Fin
 +{{ :​sleepy_firewall_cat.png |}}
  
-{{:​sleepy_firewall_cat.png?​600|}} 
  
  
  • syssec/furwalls.txt
  • Last modified: 2019/04/04 20:16
  • by vnbruno