Infosec Lab Report-Configuring Access Control Lists on a Linux Based Firewalls

Description

Complete the Infosec lab:  Configuring Access Control Lists on a Linux Based Firewalls and write a thorough lab report with at least three screenshots.
Note- 3 screenshots is fine.Configuring Access Control Lists on a
Linux Based Firewalls
Introduction
Objective
CompTIA Security+ (SY601) Domain
Domain 3.0: Implementation
CompTIA Security+ (SY601) Objectives
Objecting 3.8: Given a scenario, implement authentication and authorization protocols
Overview
This lab is part of a series of lab exercises intended to support courseware for Ethical Hacker
training. The development of this document is funded by the Department of Labor (DOL)
Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No.
TC-22525-11-60-A-48.
In this lab, students will set up the sniffer, enable services and configure firewall rules, and
test those rules.
OUTCOMES:
In this lab, you will learn to:
1
Set up the network
2
Enable services and configure firewall rules
3
Test the firewall
You should be aware of the common terms that are relevant within the “Configuring Access
Control Lists on a Linux-Based Firewalls” lab to successfully complete it.
Key
Term
Description
Iptables
a command line tool that allows you to create firewall rules.
route
add
This command allows you to add a default gateway on a Linux system.
netstat
This command will allow you to view active TCP and UDP connections.
NAT
Network Address Translation will allow internal hosts to reach the external
network through a single IP address. Most firewalls can be configured to
perform NAT.
nmap
The command will allow you to check for open TCP and UDP ports.
Reading Assignment
Introduction
In this lab, students will set up a sniffer, enable services, and configure Linux Firewall rules
and test those rules.
In this lab, you will learn to:
Set up the network.
Enable services and configuring firewall rules from the terminal in Linux.
Test the firewall using an external attacker machine.
Figure 1 shows the lab topology for this lab.
Review of Network Security
Network security is a specialized field in IT that includes securing a network infrastructure
from threats. A threat can be an attacker that threatens the network from the inside and
outside. Threats can be hackers, viruses, malware, ransomware, etc. A threat is anything that
threatens the safety of the data and communication on a network. Securing a network
infrastructure is usually done in layers using a technique called defense in depth. Firewalls are
used as the first line of defense against attackers from the external network.
In Figure 1, you see a basic network topology that consists of network devices, clients, and
servers. All networks today consist of a series of network devices such as a switch, a router,
and a firewall that facilitates communication on a network. Client and servers communicate
over the network via the network devices. A firewall is a network-level “wall” to inhibit or
allow the flow of network traffic. Firewalls have rules configured to prevent or allow various
types of traffic in and out of the network.
Defense-in-Depth Strategy
In cybersecurity, defense in depth is a cyber defense strategy in which multiple layers of
security controls are put into place on an organization’s network. Multiple layers are used in
case a layer is exploited by a hacker because of a vulnerability. Network administrators need
to understand how their networks and systems are protected. There is a daily battle in
making sure you are safe from intruders. System administrators are at the front line of
defense of an organization’s network and often are the first responders in case of a network
intrusion.
An analogy of a medieval castle’s layers of defense illustrates the concept of defense in
depth. First, the castle has the perimeter defense of the different levels of walls which is
analogous to the local host and network firewall. The castle is also protected by the moat to
give it another layer of protection. You have towers for guards to watch over the castle for
intrusions like an intrusion detection system would over a network. You have a single-entry
point of the inner and outer gates for physical protection such as how you would protect
your data center of servers physically. The protection of the castle is done in a layered fashion
to protect again intruders similar to the layers of controls system administrators put in place
for an organization’s systems. Figure 2 shows the parts of the castle and its layers of
protections.
Figure 3 shows the layers of defense in an organization’s network. The highest level of
protection are the policies and procedures in place to explain what you can and cannot do
on the network and how you will handle a security breach. The awareness is critically
important because the user is the weakest link. The user has to continuously be educated and
made aware of behaviors that put the organization at risk. You also have the physical
protections in place for your systems. Then, you have the perimeter controls which is a
network firewall that prevents unauthorized network traffic. An intrusion detection and
prevention system scans the network for potential issues and notifies the system
administrator of potential issues with alerts. At the network level, you will have access control
lists (ACLs) on your routers to allow and deny certain traffic. At the host level, you need to
harden the hosts and servers. Hardening is a process that system administrator uses to lower
the risk of the system from hacking. Part of the hardening process is to install a local firewall
to limit the exposure of the systems on the network. In this lab, you will be closing
unnecessary ports and configuring a firewall on a Windows Server and testing the incoming
ports on the server using Kali Linux. You will also use antivirus software to protect your
systems from malware and viruses. At the application level, you will set up a log in process
into the application to allow only authorized users. At the data level, you will secure the data
and any databases through log in processes and encryption.
Hardening a Network with Firewalls
In protecting networks from attackers, the firewall is the first line of defense for a network. A
firewall (Figure 4) has a list of rules that it follows to allow traffic in or to reject traffic that
does meet its criteria. If you recall the Transmission Control Protocol/Internet Protocol
(TCP/IP) stack, you have the application, transport, network, and data access layers. The
Windows Server firewall can protect network traffic at multiple layers of the TCP/IP protocol
suite. A host-based firewall on Windows and Linux can help protect the network traffic on
the client/server it is running on.
So, if you want to prevent unencrypted data from transmitting on the network, then you need
to configure the firewall to block the ports using insecure traffic and allow only ports using
secure traffic access to the network. You would set up access control lists to configure your
firewall. A part of a system administrator’s job is to make sure that you close (block)
unnecessary ports from accessing your network. If you leave unnecessary ports open, you are
at a far greater risk for allowing attackers to compromise your network.
The firewall can set up rules at different levels. A firewall can block IP addresses from
accessing the network. Recall, the transport layer has two types of communication:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP guarantees
transmission and delivery of packets, whereas UDP is unreliable and does not. You can set up
rules for TCP and UDP services based on the port number associated with the services.
Firewalls can be very powerful tools in your security toolbox but of course do not provide
100% protection. This is because attackers can make nefarious network traffic look legitimate
which is why you need to have a defense-in-depth mindset when designing a layered
network security approach for an organization.
Network Address Translation
Usually, you have an internal network which connects to a router/firewall which connects you
to the outside world. IP addresses were getting scarce so a technique was created to hide
the internal network IP addresses from the outside world. However, you needed a way for the
internal network to connect to the public network. So, Network Address Translation (NAT)
was born. NAT can be used to allow internal IP addresses access to the WAN.
When a client connects to a server through a router, it uses a source port in its ephemeral
port range between 49152 and 65535. The NAT router stores the randomly assigned port
and the destination address in a NAT translation table. So, when a packet returns from the
server, it looks up the port and gets the destination IP address from the table. Typically, the
outside world only sees one IP address for an organization. NAT’s job is to keep track of the
destination IP addresses in a NAT table. In your home network, you likely have several
devices, including phones, tablets, smart TVs, and computers connected to your internal
network. Your internal network likely uses one of the following reserved IP addresses:
192.168.X.X
172.16.X.X -172.31.X.X
10.X.X.X
The public IP that all of those internal devices are using to access the public Internet comes
from your Internet Service Provider (ISP) which might be Comcast, Verizon, or another
company.
Kali Linux/Metasploit
Kali Linux is a Linux distribution created for digital forensics and penetration testing.
Metasploit is a penetration testing framework which comes preloaded with Kali Linux. Kali
Linux along with Metasploit provides tools for penetration testers to improve security
assessments and awareness. You will use Kali in this lab to test our services using Nmap and
also test SSH, FTP, and HTTP services.
Nmap
Nmap is an open-source network scanner used to discover hosts and open ports/services.
Ping
Ping is a network administration tool to test connectivity of a host on a network. Ping uses
the ICMP echo request packets. It reports packet loss and round trip times (min, max, and
average). The network administrator uses this command to assist in the troubleshooting
process.
ifconfig
The ifconfig command is a network administration tool on Linux that allows you configure
network interfaces in Linux.
FTP
The File Transfer Protocol (FTP) is used to upload and download files in clear text. It is an
unsecure way to transfer files between systems.
netstat
Netstat is a command line tool that provides network connection information including
routing tables, network interfaces, and network protocol statistics.
SSH
Secure Shell (SSH) is a tool that enables secure remote administration of hosts.
Putty
Putty is an open-source terminal emulator, serial communication, and file transfers over
networks. You will use putty to test connectivity with remote systems.
fgdump
Fgdump is a tool that extracts Windows password hashes.
Introduction to iptables (Host-Based Firewall)
The iptables service in Linux is kernel-level firewall on Linux systems. It is important to know
that iptables recognizes packets received and filters the traffic based on a set of rules
defined.
The basic unit of traffic on a network is a packet. Iptables filters packets based on the
following rules:
Tables are files that join actions called chains. Chains are a string of rules contain within a
table. Any iptables received network traffic finds the right table and run all the chains in
the table until it matches the traffic. Rules are statements that tell the system what to do
with the packet. Rules block traffic and forward packets to a target.
There are five tables most used in iptables:
1
filter
2
NAT
3
Mangle
4
raw
5
security
Filter has the following chains: input which controls packets received, output which
controls packets outbound, and forward which controls a set of rules on packets. NAT
has the following chains: prerouting, a chain that assigns packets as they are received;
output, which controls packets outbound; and postrouting, rules for changing the
packets on the outbound. The raw table exempt traffic with two chains: prerouting and
output. Security table manages special rules that limit access includes chains such as
input, output, and forward. Figure 5 summarizes the tables.
Targets are decisions of what to do with a packet. A target is fired when a packet matches a
rule criteria. Nonterminating packet target keeps matching packets against the rules even if
rules in a chain are matches. A terminating target is when a packet is evaluated and not
matches against other chains. The terminating targets use accept rule to accept packet
through the firewall, drop rule drops a packet but does not notify the sender, return, rule
sends a packet back to the original chain so it can match other rules, and reject, rule that
rejects a packets and send an error to the sender. In this lab, you will explore different
configurations of iptables.
CONCLUSION:
In this lab, you will be setting up and testing external services before you implement Linux
iptables firewall rules. Next, you will be testing external services on the Linux-based firewall
from the external network.
Setting Up the Sniffer
In this section, we will reconfigure the Kali machine on the internal network to communicate
with the sniffer machine, running Linux. The Sniffer will be reconfigured into a Linux-based
firewall. In order to set up this network, we will set the IP addresses for both of the sniffer
machines (Linux OS) interfaces as well as the Internal Kali.
Logging on to the Sniffer
The Linux distribution Kali is installed on the sniffer machine. Kali is a distribution used by
security professionals for pentration testing and forensics.
Log on to the sniffer
1
Click on the external Sniffer icon on the topology.
2
Type root for the Username. Press Enter.
3
For the Password, type toor (root spelled backwards) and click the Sign In button.
Note: The password of toor will not be displayed when you type it for security
purposes.
4
Click the black and white icon (2nd from the top) to launch the Linux terminal.
5
Type the following command to view active interfaces. Press Enter.
root@kali2:~# ifconfig
Only the loopback address, 127.0.0.1, is displayed.
6
Type the following command to set the internal IP address of the Sniffer. Press Enter.
root@kali2:~# ifconfig eth0 172.16.1.1 netmask 255.255.255.0
7
Type the following command to set the IP address of the Sniffer server. Press Enter.
root@kali2:~# ifconfig eth1 216.80.80.80 netmask 255.0.0.0
8
In order to configure and set up the services required for compliance, click on the
Internal Kali 2 Linux machine from the topology and perform the following steps.
Note: If the screen is displaying only the time, press Enter.
9
Type root for the Username and click Next.
10
For the Password, type toor (root spelled backwards) and click the Sign In button.
Note: The password of toor will not be displayed when you type it for security
purposes.
11
Click the black and white icon (2nd from the top) to launch the Linux terminal.
12
Type the following command to view active interfaces. Press Enter.
root@kali2:~# ifconfig
Both the internal IP of 192.168.1.50 and the loopback address of 127.0.0.1 are
displayed. Every machine with TCP/IP will have a loopback address of 127.0.0.1.
13
To set a static address on the Internal Kali machine, type the following command.
Press Enter.
root@kali2:~# ifconfig eth0 172.16.1.50 netmask 255.255.255.0
14
Type the following command to set the Gateway of the Internal Kali machine. Press
Enter.
root@kali2:~# route add default gw 172.16.1.1
15
Type the following command to view the gateway of the Internal Kali machine. Press
Enter.
root@kali2:~# netstat -r
16
Type the following command to ping the gateway four times. Press Enter.
root@kali2:~# ping 172.16.1.1 –c 4
17
Click on the Windows Attack Machine from the topology.
18
Log on to Windows 7 Attack Machine as student with the password of password.
Press Enter.
Note: The password of password will not be displayed when you type it for security
purposes.
19
Double-click the cmd-Shortcut on the Desktop.
20
Right-click on the blue bar at the top of command prompt and go to Properties.
21
Click the Colors tab. Select Blue (2nd from the left) and click OK.
22
Type the following command to ping the external IP address of the sniffer. Press
Enter.
C:>ping 216.80.80.80
CHALLENGE
CONCLUSION:
IP addresses can be configured on the Linux operating system using the ifconfig command.
Gateways can be configured by using the route add command. The netstat –r command will
allow you to view the IP address of the router on a Linux box. A router itself will typically not
have a gateway on the internal interface. The ping command can be used to test for
connectivity between all of the IP addresses as long as ICMP is not blocked.
Enabling Services and Configuring Firewall Rules
In earlier labs, we had a chance to look at the Microsoft Firewall and the Endian Firewall
which were configured through Graphical User Interface (GUI). Firewall rules can also be
configured through the command line on a Cisco router or on a Linux operating system using
iptables. We will configure NAT and allow incoming traffic using iptables.
Enabling NAT and Firewall Rules
1
Go back to the Internal Kali by clicking the Internal Kali icon on the topology.
2
Traffic is currently not being routed through the Linux sniffer machine. Verify that
Internal Kali cannot ping the External Windows 7 Attack Machine by typing the
following. Press Enter.
root@kali:~# ping 216.1.1.200 –c 1
Note: We will need to type three commands in the terminal to enable NAT on the
Sniffer machine.
3
Switch to the Sniffer machine running Kali Linux by clicking the icon on the
topology.
4
Type the following command to set up NAT on the Linux with iptables. Press Enter.
root@kali2:~# iptables –table nat –append POSTROUTING –out-interface eth1
–j MASQUERADE
5
Type the following command to set up NAT on the Linux with iptables. Press Enter.
root@kali2:~# iptables –append FORWARD –in-interface eth0 -j ACCEPT
6
Next, type the following to enable IP forwarding on the system. Press Enter.
root@kali2:~# echo 1 > /proc/sys/net/ipv4/ip_forward
7
Go back to the Internal Kali Machine by clicking on the topology.
8
Verify that the Internal Kali can ping external Windows 7 by typing the following.
Press Enter.
root@kali2:~# ping 216.1.1.200 –c 4
9
To start the FTP service type the following command and press Enter.
root@kali2:~# service vsftpd start
10
To view the current running services on the Internal Kali, type the following. Press
Enter.
root@kali2:~# netstat -tan
Currently, the Kali system is listening on port 21 because VSFTPD has already been
configured and installed on this system. Apache and SSHD also need to be running.
The netstat command is pretty much universal and works across multiple platforms such as
Linux, Microsoft Windows, UNIX, and Mac OS X. Nmap also works across multiple platforms,
but it is a third party utility and needs to be installed.
11
To view the current running services on the Internal Kali, type the following
command. Press Enter.
root@kali2:~# nmap 127.0.0.1
12
Go back to the Sniffer Machine by clicking the icon on the topology.
13
We will need to type four commands in the terminal to allow incoming traffic that will
be redirected from the Public IP of 216.80.80.80 to the internal IP of 172.16.1.50. Type
the following command on the Sniffer to redirect incoming requests from the Internet
to the Internal Kali machine running FTP Server. Press Enter.
root@kali2:~# iptables -t nat -A PREROUTING -p tcp -d 216.80.80.80 –dport
21 -j DNAT –to-destination 172.16.1.50:21
14
Go back to the Windows 7 Attack Machine by clicking the icon on the topology.
15
Perform an nmap scan of the Linux Public IP address. Press Enter.
C:>nmap 216.80.80.80
16
Go back to the Internal Kali Machine by clicking the icon on the topology.
17
To start Apache, type the following command. Press Enter.
root@kali2:~# apache2ctl start
18
To view the current running services, type the following command. Press Enter.
root@kali2:~# netstat -tan
After starting Apache, the Kali system is now also listening on port 80.
19
To view the current running services, type the following command. Press Enter.
root@kali2:~# nmap 127.0.0.1
Note: After starting Apache, the Kali system is now also listening on port 80.
20
Go back to the Sniffer Machine by clicking the icon on the topology.
21
Type the following command on the sniffer to redirect incoming requests from the
Internet to the internal Kali machine running HTTP Server. Press Enter.
root@kali:~# iptables -t nat -A PREROUTING -p tcp -d 216.80.80.80 –dport 80
-j DNAT –to-destination 172.16.1.50:80
22
Go back to the Windows 7 Attack Machine by clicking the icon on the topology.
23
Perform an nmap scan of the Linux Public IP address.
C:>nmap 216.80.80.80
Note: When an Internet IP address is scanned, the MAC address will not be
displayed. The address appears because this is a simulated environment, not the
real Internet.
Before starting ssh, the ssh keys must be generated on the Internal Kali system.
CHALLENGE
24
Go back to the Internal Kali Machine by clicking the icon on the topology.
25
Type the following command to generate the keys for SSH on Internal Kali. Then
press Enter. When asked for responses, simply press Enter 3 times.
root@kali2:~# ssh-keygen
26
Type the following command to generate the ssh keys. Press Enter.
root@kali2:~# service sshd start
27
Go back to the Sniffer by clicking on the icon on the topology.
28
Type the following command on the sniffer to redirect incoming requests from the
Internet to the internal Kali machine running SSH. Press Enter.
root@kali2:~# iptables -t nat -A PREROUTING -p tcp -d 216.80.80.80 –dport
22 -j DNAT –to-destination 172.16.1.50:22
29
Go back to the Windows 7 Attack Machine by clicking the icon on the topology.
30
Perform an nmap scan of the Linux Public IP address.
C:>nmap 216.80.80.80
31
Go back to the Internal Kali by clicking the icon on the topology.
32
Type the following command to verify that TFTP is listening on UDP port 69. Press
Enter.
root@kali2:~# netstat -uan
33
Type the following command to verify that TFTP is listening on UDP port 69. Press
Enter.
root@kali2:~# nmap –sU 127.0.0.1 | grep 69
34
Copy fgdump to the webroot of Kali by typing the following command. Press Enter.
root@kali2:~# cp /usr/share/windows-binaries/fgdump/fgdump.exe /srv/tftp
35
Verify that the malicious file is present in the tftpboot directory by typing the
following. Press Enter.
root@kali2:~# ls /srv/tftp
36
Return to the Sniffer machine by clicking on the icon on the topology.
37
Type the following command on the sniffer to redirect incoming requests from the
Internet to the internal Kali machine running TFTP Server. Press Enter.
root@kali2:~# iptables -t nat -A PREROUTING -p udp -d 216.80.80.80 –dport
69 -j DNAT –to-destination 172.16.1.50:69
38
Type the following command and press Enter to view the iptables rules that were
created.
root@kali2:~# iptables -t nat –L
39
Go back to the Windows 7 Attack Machine by clicking the icon on the topology.
40
Perform an nmap scan of the Linux Public IP address by typing the following
command.
C:>nmap –sU 216.80.80.80 –p 69
CHALLENGE
CONCLUSION:
In order for external users on the WAN (Internet) to use services on a machine on the internal
network, the firewall must be configured to allow requests to be redirected to an internal
machine. Commands such as nmap and netstat can be utilized by the network administrator
in order to determine if services are listening and ports are open.
Using Internal Services from an External Machine
Even though we have used nmap to verify that the correct ports are open, a good network
administrator will also test each of the services to verify that they are working correctly. In
this scenario, we will test the FTP, SSH, HTTP and TFTP services of the firewall.
Testing the iptables Firewall
1
Go Back to the Internal Kali by clicking the icon in the topology.
2
Type the following command to copy picture files to the FTP root. Press Enter.
root@kali2:~# cp /usr/share/wallpapers/kali/contents/images/* /home/hax0r/
3
Type the following command to list the files within FTP root. Press Enter.
root@kali2:~# ls /home/hax0r/
4
Type the following command to copy picture files to the HTTP root. Press Enter.
root@kali2:~# cp /usr/share/wallpapers/kali/contents/images/* /var/www/html/
5
Type the following command to list the files within FTP root. Press Enter.
root@kali2:~# ls /var/www/html
6
Go back to the Windows 7 machine Attack Machine by clicking on the icon in the
topology.
7
Double-click the putty.exe icon on the Desktop.
8
Type 216.80.80.80 in the Host Name box and click Open.
9
Click Yes to add the host key to cache.
10
Log in as root with the password of toor. Close the SSH session by clicking the X in
the top right corner.
Note: The password of toor will not be displayed when you type it for security
purposes.
11
When asked Are you sure you want to close this session?, click OK.
12
From Windows 7 command prompt, type the following command to connect to the
VSFTPD server. Press Enter.
C:>ftp 216.80.80.80
Note: The username hax0r uses a zero, not the letter O.
13
For the username, type hax0r.
14
Type hacker for the Password. Press Enter. You should receive the Login successful
message.
Note: The FTP password will not be displayed when you type it for security
purposes.
15
Type the following to list the files on the VSFTPD server. Press Enter.
ftp>ls
16
Type the following command to switch to binary mode. Press Enter.
ftp>bin
17
Type the following to download the PNG file from the FTP site. Press Enter. (After
typing the command, you should receive the message transfer complete).
ftp>get 1024×768.png
18
Type the following to leave the FTP session. Press Enter.
ftp>bye
19
Type the following to view the downloaded PNG file. Press Enter.
C:>mspaint 1024×768.png
20
View the downloaded 1024×768.png file.
21
Double-click the shortcut on the Desktop to go to Firefox.
22
In the URL bar, type 216.80.80.80/1280×1024.png to access the public website.
Press Enter.
CHALLENGE
23
From the Windows 7 Command Prompt, type the following to download the
fgdump.exe file. Press Enter.
C:>tftp -i 216.80.80.80 get fgdump.exe
24
Type the following comand and press Enter. Hit Control + C if the program takes
longer than a few minutes.
C:>fgdump.exe
25
Type the following command to dump the password hashes. Press Enter
C:>type 127.0.0.1.pwdump
Note: Press the STOP button to complete the lab.
CONCLUSION:
While using nmap is an effective way to verify ports are open, it will not be as effective as
testing each service. In this section of the lab, we tested the SSH, FTP and HTTP services. The
successful logins and file transfers proved that the services were operating properly. These
quality assurance checks are essential for production environments.
© 2022 – Infosec Learning INC. All Rights Reserved.

Purchase answer to see full
attachment

We offer the bestcustom writing paper services. We have done this question before, we can also do it for you.

Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.