syssec:furwalls

Firewalls

In this homework, you will be applying a variety of Firewall rules on 3 different platforms.

  • pfSense
  • Linux
  • Windows

This homework covers a lot of topics, both broad and specific. If you feel stuck at any point, please reach out to SecDev and we will be there to help.

Anything highlighted in Red should be shown via screenshot in the report. This is for ease of grading purposes.

The report for this should be written cleanly and like you have all been doing for the previous assignments. However, aim to have good notes and structures of the commands. Don't get to caught up in every detail. This assignment is more geared towards being a note list dealing with simple Firewalls.

Possible structure for your assignment could be like this…

  • Intro
  • Prerequisites
  • pfSense Firewall
  • Linux [IP Tables]
  • Windows
  • Resources

pfSense is the heart of your network. pfSense is typically your first line of defense in securing your network. pfSense, unlike Windows and Linux, is a network based Firewall, allowing you to both block and allow incoming and outgoing connections unilaterally.

For this part, you could try and use the command line given in pfSense, but us SecDev members would not recommend it. Instead, we will be using the GUI, by simply following these steps:

  • Navigate to any one of your clients with a internet connection (hopefully all of them have this by now)
  • Type in your pfSense IP ( 10.42.X.1 ), where X is your Team Number
  • You should be presented with the login for pfSense, the default credentials are:
    • Username: admin
    • Password: pfsense
  • If you need to, go through the setup for pfSense (since you have setup pfSense through the CLI, most of this should be clicking ‘Next’).

Once logged in to pfSense, please screenshot the welcome menu. We will now set up some network based firewall rules:

Block All Ping Traffic to One of Your Windows Clients.

  • Show the rule you made to do this
  • Briefly explain why you might want to block ping responses on an infrastructure.

Block All SSH Traffic Coming into Your LAN Machines

  • Attempt to SSH into your Linux machines from one of your DMZ machines (ssh user@ip , where user = client username, ip = client ip)
    • Document how you blocked SSH and show that you are not able to access your LAN from your DMZ (an error message will suffice).
  • Assume we turned on logging for SSH.
    • Give a brief summary as to how you could use logging to your advantage in a real world scenario.
    • Is there someway to make logs… nicer, or cleaner?(Hint: look at common SIEMs). Why are these useful?

Set up a 1:1 NAT (Network Address Translation) for your Web Server

  • Along with screenshots, please give a brief description as to why each step is necessary.
    • If you would like, have another System Security student access your servers through that Public IP! [If you want some extra points do this with another SysSec student, just show each of you connecting etc]

As we discussed in class, Linux provides us with iptables and ufw, which are very useful and powerful firewall tools. In this portion, you will set up some firewall rules using these commands.

Log on to either one of your Linux Machines.

  • Block all incoming SSH connections from your Linux server(the server that is on your LAN).
    • Show the refused ssh connection from the server.
  • Using iptables, now block all incoming traffic from your Windows machines ip’s.
    • Please take a screenshot of these rules and show that you are not able to ping from your Windows Client to your Linux client.
  • Save these rules to a text file, or save them to your iptables configuration file.
  • Explain the importance of blocking incoming and outgoing traffic. What possible cases would require you to block either?
  • syssec/furwalls.1554236727.txt.gz
  • Last modified: 2019/04/02 20:25
  • by vnbruno