Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
syssec:furwalls [2019/04/02 21:31] ohadkatz [Linux] |
syssec:furwalls [2019/04/04 18:01] vnbruno |
||
---|---|---|---|
Line 1: | Line 1: | ||
# Firewalls | # Firewalls | ||
- | + | {{ :firewalls_assignment_logo.png |}} | |
- | {{:firewalls_assignment_logo.png?400|}} | + | |
In this homework, you will be applying a variety of Firewall rules on 3 different platforms. | In this homework, you will be applying a variety of Firewall rules on 3 different platforms. | ||
Line 28: | Line 26: | ||
- | {{:packmet_furwall.png?400|}} | + | {{ :packmet_furwall.png |}} |
### pfSense | ### pfSense | ||
+ | {{:guides:pfsense_logo.png?200 |}} | ||
pfSense is the heart of your network. pfSense is typically your first line of defense in securing your network. pfSense, unlike Windows and Linux, is a network based Firewall, allowing you to both block and allow incoming and outgoing connections unilaterally. | pfSense is the heart of your network. pfSense is typically your first line of defense in securing your network. pfSense, unlike Windows and Linux, is a network based Firewall, allowing you to both block and allow incoming and outgoing connections unilaterally. | ||
Line 88: | Line 86: | ||
### Windows | ### Windows | ||
+ | {{::u54m_ybj_400x400.jpg?200 |}} | ||
For Windows machines, you are able to either use the Windows Defender tool | For Windows machines, you are able to either use the Windows Defender tool | ||
supplied with Windows (arguably easier), or use netsh to set up these firewall | supplied with Windows (arguably easier), or use netsh to set up these firewall | ||
Line 99: | Line 98: | ||
* You can either choose to block Microsoft edge(You may want it back afterwards), or install a program that accesses the internet and show that it is not able to do so after writing the firewall rule(Chrome, Firefox, Email, etc.). | * You can either choose to block Microsoft edge(You may want it back afterwards), or install a program that accesses the internet and show that it is not able to do so after writing the firewall rule(Chrome, Firefox, Email, etc.). | ||
* While you are at it, block Cortana from communicating out, we don’t really like her anyways. | * While you are at it, block Cortana from communicating out, we don’t really like her anyways. | ||
+ | |||
+ | |||
+ | # EXTRA CREDIT! | ||
+ | |||
+ | This is not a required part of the homework, but could help you during a defense competition (hint hint). | ||
+ | |||
+ | In pfSense, you are able to install packages and modules to make your life a little simpler. These can help you seek out unwanted traffic or malicious activity on your network. If you decide to do so, you will be installing a couple of these modules on your pfSense box, namely ntopng and snort. | ||
+ | If you would like more information on either of these, you can click on the bolded words to proceed to documentation, or ask your preferred sec dev member. | ||
+ | For this extra credit, please follow these steps | ||
+ | |||
+ | Step 1: INSTALLATION | ||
+ | * Install both ntopng and snort packages onto your pfSense router. | ||
+ | You may have to update and upgrade packages on pfsense using the following command: | ||
+ | * pkg update -f | ||
+ | * pkg upgrade -f | ||
+ | * Please screenshot and show that both of these modules are available on your pfSense router. | ||
+ | |||
+ | |||
+ | Step 2: NTOPNG | ||
+ | * Using ntopng: | ||
+ | *Find the top local host in your domain, screenshot and report on your top host, why does this make sense? | ||
+ | * Find all operating systems that are connected to your firewall, screenshot the results from ntop. | ||
+ | * Find one interesting information on your network using ntop and write a summary of what you found. | ||
+ | |||
+ | |||
+ | Step 3: SNORT | ||
+ | * Using snort: | ||
+ | * Setup snort (Yes you must get the oinkmaster code by signing up), and attach snort to your LAN and DMZ interface | ||
+ | * Once Setup, configure rules to detect malicious traffic. For the purposes of this assignment, you can setup port scanning alert rules. | ||
+ | * To test this you can try port scanning one of your machines and seeing if it pops up as an alert. | ||
+ | * Write a brief description as to how you could use Snort in a real world scenario, and why products like it are vital for an infrastructure. | ||
+ | |||
+ | |||
+ | Step 4: CURIOSITY | ||
+ | * Find another package to install on pfSense that you think is especially interesting or useful. | ||
+ | * Make sure to show the steps you took to install this package, including screenshots with descriptions | ||
+ | * Please explain why this particular package is of interest to you, and how you could use it in a real world scenario! | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
### Fin | ### Fin | ||
+ | {{ :sleepy_firewall_cat.png |}} | ||
- | {{:sleepy_firewall_cat.png?600|}} | ||