CIS212_Week2_Labs
docx
keyboard_arrow_up
School
ECPI University, Greensboro *
*We aren’t endorsed by this school
Course
212
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
12
Uploaded by corada5995
Task Summary Required Actions X Configure Snortrules Show Details X Configure Sourcefire OpenApplID Detectors ~ Show Details X Configure the Rules Update Settings ~ Show Details X Configure General Settings ~ Show Details X Configure the Snort Interface settings for the WAN interface Show Details Explanation Complete this lab as follows: 1. Sign into the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@sswOrd (zero). c. Select SIGN IN or press Enter. 2. Access the Snort Global Settings. a. From the pfSense menu bar, select Services > Snort. b. Under the Services breadcrumb, select Global Settings. 3. Configure the required rules to be downloaded. a. Select Enable Snort VRT. b. In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario. c. Select Enable Snort GPLv2. d. Select Enable ET Open. 4. Configure the Sourcefire OpenApplID Detectors to be downloaded. a. Under Sourcefire OpenApplID Detectors, select Enable OpenAppID. b. Select Enable RULES OpenAppID. 5. Configure when and how often the rules will be updated. a. Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day. b. For Update Start Time, change to 01:00. c. Select Hide Deprecated Rules Categories. 6. Configure Snort General Settings. a. Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR. b. Select Startup/Shutdown Logging. c. Select Save. 7. Configure the Snort Interface settings for the WAN interface. a. Under the Services breadcrumb, select Snort Interfaces and then select Add. b. Under General Settings, make sure Enable interface is selected. c. For Interface, use the drop-down menu to select WAN (PFSense port 1). d. For Description, use WANSnort. e. Under Alert Settings, select Send Alerts to System Log. f. Select Block Offenders. g. Scroll to the bottom and select Save. 8. Start Snort on the WAN interface. a. Under the Snort Status column, select the arrow. b. Wait for a checkmark to appear, indicating that Snort was started successfully.
Task Summary Required Actions X Remediate the Administrator account X Disable the Guest account X Remediate the Mary account Show Details X Remediate the Susan account Show Details X Turn on the Windows Firewall feature for all profiles X Remove the C:\\MyMusic folder share Explanation Complete this lab as follows. 1. Run a Security Evaluator report. a. From the taskbar, open Security Evaluator. b. Next to Target Local Machine, select the Target icon to select a new target. c. Select Workstation. d. From the Workstation drop-down list, select Office2 as the target. e. Select OK. f. Next to Status, select the Run/Rerun Security Evaluation icon. g. Review the results to determine which issues you need to resolve on Office2. 2. Access local users using Office2's Computer Management console. a. From the top navigation tabs, select Floor 1. b. Under Office 2, select Office2. c. From Office2, right-click Start and select Computer Management. d. Expand and select Local Users and Groups > Users. ~ 3.Rename a user account. a. Right-click Administrator and select Rename. b. Enter a new name of your choice and press Enter. 4. Disable the Guest account. a. Right-click Guest and select Properties. b. Select Account is disabled and then select OK. 5. Set a new password for Mary. a. Right-click Mary and select Set Password. b. Select Proceed. c. Enter a new password of your choice (12 characters or more). d. Confirm the new password and then select OK. e. Select OK. fi" Ideally, you should have created a policy that requires passwords with 12 characters or more. 6. Configure Mary's password to expire and to change at next logon. a. Right-click Mary and select Properties. b. Clear Password never expires. c. Select User must change password at next logon and then select OK. 7. Unlock Susan's account and remove her from the Administrators group. a. Right-click Susan and select Properties. b. Clear Account is locked out and then select Apply. c. Select the Member of tab. d. Select Administrators. e. Select Remove. f. Select OK. g. Close Computer Management.
8. Enable Windows Firewall for all profiles. a. Right-click Start and then select Settings. b. Select Network & Internet. c. From the right pane, scroll down and select Windows Firewall. d. Under Domain network, select Turn on. e. Under Private network, select Turn on. f. Under Public network, select Turn on. g. Close all open Windows. 9. Remove a file share. a. From the taskbar, select File Explorer. b. From the left pane, select This PC. c. From the right pane, double-click Local Disk (C:). d. Right-click MyMusic and select Properties. e. Select the Sharing tab. f. Select Advanced Sharing. g. Clear Share this folder. h. Select OK. i. Select OK. 10. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved. a. From the top navigation tabs, select Floor 1. b. Under IT Administration, select ITAdmin. c. From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation. d. If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues. Task Summary Required Actions & Questions X Run a Security Evaluator report for 192.168.0.45 v Q7: For the Linux computer with the 192.168.0.45 address, which security vulnerability passed? Your answer: root - Password Does Not Expire Correct answer: root - Password Does Not Expire X Run a Security Evaluator report for the IP address range of 192.168.0.60 through 192.168.0.69 X Q2: Which IP addresses in the 192.168.0.60 through 192.168.0.69 range had issues that needed to be resolved? Your answer: 192.168.0.65, 192.168.0.66 Correct answer: 192.168.0.65, 192.168.0.68 X Q3: For the Linux computer with the 192.168.0.65 address, what is the name of the vulnerability that only has a warning? Your answer: TCP/IP Timestamp Support Detected Correct answer: backup - Password Does Not Expire
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Explanation Complete this lab as follows: 1. Run a Security Evaluator report for 192.168.0.45. a. From the taskbar, open Security Evaluator. . Next to Target: Local Machine, select the Target icon. . Select IPv4 Address. . Enter 192.168.0.45 . Select OK. f. Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon. g. Review the results. h. In the top right, select Answer Questions. i. Answer Question 1. 2. Run a Security Evaluator report for the IP address range of 192.168.0.60 through 192.168.0.69. a. From Security Evaluator, select the Target icon to select a new target. b. Select IPv4 Range. c. In the left field, type 192.168.0.60 d. In the right field, type 192.168.0.69 e. Select OK. f. Select the Status Run/Rerun Security Evaluation icon. g. Review the results. h. Answer Questions 2 and 3. i. Select Score Lab. ™ Q n T Task Summary Required Actions X Reset account lockout counter after 60 minutes Use a minimum password length of 14 characters Use a minimum password age of one day Enforce password history for 24 passwords Event log retention set not to overwrite events ~ Show Details DCOM Server Process Launcher service disabled X X X X X X Task Scheduler service disabled Explanation While completing this lab, use the following information: Area Policy Setting Enforce password history 24 Passwords Password Policy Minimum password age 1 Day Minimum password length 14 Characters Account Lockout Reset account lockout . . 60 Minutes Policy counter after Retention method for Do not overwrite events (clear application log log manually) Retention method for Do not overwrite events (clear Event Log security log log manually)
DCOM Server Process Launcher Disabled System Services Task Scheduler Disabled Complete this lab as follows: 1. Run a Security Evaluator report. a. From the taskbar, open Security Evaluator. b. Next to Target: Local Machine, select the Target icon to select a target. c. Select Domain Controller. d. Using the Domain Controller drop-down list, select CorpDC as the target. e. Select OK. f. Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon. g. Review the results to determine which issues you need to resolve on CorpDC. 2. Access the CorpDC server. a. From the top navigation tabs, select Floor 1. b. Under Networking Closet, select CorpDC. (i\: If you need to return to the ITAdmin computer to review the Security Evaluator results: 1. From the top navigation tabs, select Floor 1. 2. Under IT Administration, select ITAdmin. 3. Access and edit the CorpNet.local Default Domain Policy. a. From Server Manager, select Tools > Group Policy Management. b. Maximize the window for easier viewing. c. Expand Forest: CorpNet.local > Domains >CorpNet.local. d. Right-click Default Domain Policy and then select Edit. e. Maximize the window for easier viewing. 4. Remediate the password policy issues in Account Policies. a. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies. b. From the left pane, select Password Policy. c. From the right pane, double-click the policy. d. Select Define this policy setting. e. Enter the password setting and then select OK. f. Repeat steps 4c-4e for each additional password policy. 5. Remediate the reset account lockout counter issue in Account Policies. a. From the left pane, select Account Lockout Policy. b. From the right pane, double-click Reset account lockout counter after. c. Select Define this policy setting. d. Enter 60 minutes and then select OK. 6. Remediate the Event Log issues. a. From the left pane, select Event Log. b. From the right pane, double-click the policy. c. Select Define this policy setting. d. Select Do not overwrite events (clear log manually) and then select OK. e. Repeat steps 6b-6d for each additional Event Log policy. 7. Remediate System Services issues. a. From the left pane, select System Services. b. From the right pane, double-click the policy. c. Select Define this policy setting. d. Make sure Disabled is selected and then select OK. e. Repeat steps 7b-7d for the remaining System Services policy. 8. Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer. a. From the top navigation tabs, select Floor 1. b. Under IT Administration, select ITAdmin. c. From Security Evaluator, select the Status Run/Rerun Security Evaluation icon to rerun the security evaluation. d. If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any
Task Summary Required Actions & Questions X Scan 192.168.0.54 X Q7: What is the name of the |oT device with the IP address of 192.168.0.54? Your answer: booger Correct answer: Wireless Thermostat X Q2: How many issues exist for the device with the IP address of 192.168.0.54? Your answer: 1 Correct answer: 3 X Search for issues using IP range X Q3: Inthe IP address range of 192.168.0.60 through 192.168.0.69, which IP addresses had issues? Your answer: 192.168.0.63 Correct answer: 192.168.0.66 Explanation Complete this lab as follows: 1. Run a Security Evaluator report for 192.168.0.54. a. From the taskbar, open Security Evaluator. b. Next to Target Local Machine, select the Target icon. c. Select IPv4 Address. d. Enter 192.168.0.54 as the IP address. e. Select OK. f. Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation. g. In the top right, select Answer Questions. h. Answer Questions 1 and 2. 2. Run a Security Evaluator report for an IP range of 192.168.0.60 through 192.168.0.69. a. From the Security Evaluator, select the Target icon to select a new target. b. Select IPv4 Range. c. In the left field, type 192.168.0.60 as the beginning IP address. d. In the right field, type 192.168.0.69 as the ending IP address. e. Select OK. f. Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation. g. Answer Question 3. h. Select Score Lab.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Task Summary Required Actions X Change the default admin username and password X Enable intrusion detection Explanation Complete this lab as follows: 1. Run a Security Evaluator report. a. From the taskbar, select Security Evaluator. b. Next to Target: Local Machine, select the Target icon to select a new target. c. Select IPv4 Address. d. Enter 192.168.0.6 for the wireless access controller. e. Select OK. f. Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation. g. Review the results to determine which issues you need to resolve on the wireless access controller. 2. Use Google Chrome to go into the Ruckus wireless access controller. a. From the taskbar, open Google Chrome. b. Maximize Google Chrome for easier viewing. c. In the address bar, type 192.168.0.6 and press Enter. d. For Admin name, enter admin (case-sensitive). e. For Password, enter password. f. Select Login. 3. Change the admin username and password for the Ruckus wireless access controller. a. Select the Administer tab. b. Make sure Authenticate using the admin name and password is selected. c. In the Admin Name field, replace admin with a username of your choice. d. In the Current Password field, enter password. e. In the New Password field, enter a password of you choice. f. In the Confirm New Password field, enter the new password. g. On the right, select Apply. 4. Enable intrusion detection and prevention. a. Select the Configure tab. b. On the left, select WIPS. c. Under Intrusion Detection and Prevention, select Enable report rogue devices. d. On the right, select Apply. 5. Verify that all the issues were resolved using the Security Evaluator. a. From the taskbar, select Security Evaluator. b. Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re- run the security evaluation. c. Remediate any remaining issues.
Task Summary Lab Questions X Q7: What is the MAC address of the first responding device? Your answer: sdfsdf Correct answer: 00:00:1B:11:22:33 X Q2: What was the MAC address of the duplicate responding device? Your answer: sdfsdf Correct answer: 00:00:1B:33:22:11 Explanation Complete this lab as follows: 1. Use Wireshark to capture packets on enp2s0. a. From the Favorites bar, select Wireshark. b. Maximize the window for easier viewing. c. Under Capture, select enp2s0. From the menu bar, select the blue fin to begin a Wireshark capture. d. After capturing packets for five seconds, select the red box to stop the Wireshark capture. 2. Filter for only ARP packets. a. In the Apply a display filter field, type arp and press Enter to only show ARP packets. b. In the Info column, look for the lines containing the 192.168.0.2 IP address. 3. Answer the questions. a. In the top right, select Answer Questions. b. Answer the questions. c. Select Score Lab.
Task Summary Required Actions X Scan for hosts in Ettercap X Set Exec as the target machine and initate DNS spoofing X Confirm the redirection to Exec Explanation Complete this lab as follows: 1. From the Support computer, use Ettercap to begin sniffing and scanning for hosts. a. From the Favorites bar, select Ettercap. b. Select Sniff > Unified sniffing. c. From the Network Interface drop-down menu, select enp2s0. d. Select OK. e. Select Hosts >Scan for hosts. 2. Configure the Exec computer (192.168.0.30) as the target 1 machine. a. Select Hosts > Host list. b. Under IP Address, select 192.168.0.30. c. Select Add to Target 1 to assign it as the target. 3. Initiate DNS spoofing. a. Select Plugins > Manage the plugins. b. Select the Plugins tab. c. Double-click dns_spoof to activate it. d. Select Mitm > ARP poisoning. e. Select Sniff remote connections and then select OK. 4. From the Exec computer, access rmksupplies.com. a. From the top navigation tabs, select Floor 1 Overview. b. Under Executive Office, select Exec. c. From the taskbar, select Google Chrome. d. In the URL field, type rmksupplies.com and then press Enter. Notice that the page was redirected to RUS Office Supplies despite the web address staying the same.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Task Summary Lab Questions X Filter for SYN and ACK packets v Q7: What indicates that this is a distributed denial-of-service (DDoS) attack? Your answer: There are multiple source addresses for the SYN packets with the destination address 128.28.1.1. Correct answer: There are multiple source addresses for the SYN packets with the destination address 128.28.1.1. Explanation Complete this lab as follows: 1. Using Wireshark, only capture packets containing both the SYN flag and ACK flags. a. From the Favorites bar, select Wireshark. b. Under Capture, select enp2s0. c. From the menu, select the blue fin to begin the capture. d. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter Wireshark to display only those packets with both the SYN flag and ACK flag. You may have to wait up to a minute before any SYN-ACK packets are captured and displayed. e. Select the red square to stop the capture. 2. Change the filter to only display packets with the SYN flag. a. In the Apply a display filter field, change the tcp.flags.ack ending from the number 1 to the number 0 and press Enter. Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that are not being acknowledged. b. In the top right, select Answer Questions. . Answer the question. d. Select Score Lab. fa)
Task Summary Required Actions & Questions X Create rainbow tables Show Details X Sort the rainbow tables using rtsort X Crack the hash using rcrack . -l or rcrack . -h X Q7: What is the password for hash 202cb962ac59075b964b07152d234b70? Your answer: sdfds Correct answer: 123 X Q2: What is the password for hash 400238780e6c41f8f790161e6ed4df3b? Your answer: sdfsdf Correct answer: MaryHad_A_Sm@I|_Lamb X Q3: What is the password for hash 89BF04763BF91C9EE2DDBE23D7B5C730BDD41FF2? Your answer: sdfsdf Correct answer: DisneyL@nd3 X Q4: How many of the passwords found meet the companies password requirements? Your answer: 2 Correct answer: 1 Explanation Complete this lab as follows: 1. Create and sort an md5 and sha1 rainbow crack table. a. From the Favorites bar, select Terminal. b. At the prompt, type rtgen md>5 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a md5 rainbow crack table. c. Type rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a shal rainbow crack table. d. Type rtsort . and press Enter to sort the rainbow table. 2. Crack the password hashes using -l or -h. a. To crack the password contained in a hash file, type rcrack . - /root/captured_hashes.txt and press Enter. This command lists the hashes continued in the hash file and shows the passwords. b. To crack the password contained in a hash, type rcrack . -h hash_value and press Enter. This command only shows the password for the specified hash. c. Repeat step 2b for the remaining hashes. 3. Answer the questions. a. In the top right, select Answer Questions. b. Answer the questions. c.Select Score Lab.
Task Summary Required Actions & Questions X Crack the password to the Linux computer X Q7: What is the password for the Linux computer? Your answer: Iksdfs Correct answer: Tworm4b8 X Crack the password to the zip file X Q2: What is the password for the rotected.zip file? Your answer: sdlfkl Correct answer: p@sswOrd Explanation Complete this lab as follows: 1. View the current John the Ripper password file. a. From the Favorites bar, select Terminal. b. At the prompt, type cd /usr/share/john and press Enter. c. Type Is and press Enter. d. Type cat password.Ist and press Enter to view the password list. e. Type cd and press Enter to go back to the root. 2. Crack the root password on the Support computer. a. Type john /etc/shadow and press Enter. The password is shown. Can you find it? b. Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again. Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file. c. Use alternate methods of viewing the previously cracked password. * Type john /etc/shadow --show and press Enter. = Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file. d. In the top right, select Answer Questions and then answer question 1. 3. Open a terminal on the [T-Laptop. a. From the top navigation tabs, select Floor 1 Overview. b. Under IT Administration, select IT-Laptop. c. From the Favorites bar, select Terminal. 4. Export the contents of the protected.zip file to a text file. a. At the prompt, type Is and press Enter. Notice the protected.zip file you wish to crack. b. Type zip2john protected.zip > ziphash.txt and press Enter. c. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. 5. Using the text file, crack the password of the protected.zip file. a. Type john --format=pkzip ziphash.txt and press Enter to crack the password. The password is shown. Can you find it? b. Type john ziphash.txt --show and press Enter to show the previously cracked password. c. In the top right, select Answer Questions. d. In the top right, select Answer Questions and then answer Question 2. e. Select Score Lab.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help