Professional blog

IT 643 Course Lab Guidelines

Overview Each lab will give you valuable, real-world experience using cybersecurity tools to evaluate the security posture of an organization. You will use these various tools to identify risks and vulnerabilities within an organization’s network. Your analysis will be instrumental for you in identifying remediation strategies to mitigate the vulnerabilities identified. These labs contain valuable information and experience that will assist you with your final project.

What to Expect in the L ab Environment The lab exercises and tasks typically take approximately 30 to 60 minutes to complete; however, each student is different and some may take longer or shorter.

Extremely Important! Infosec includes instructions within the platform to complete the assigned lab. You will be given a time limit for each session of the lab. Ensure that you complete and capture any information you need during your session before time expires. Once time expires, the lab environment will be reset and all information on the lab virtual systems will be lost.

Students can take multiple attempts at the lab. While Challenge Flag completion will be preserved across multiple attempts, as noted

above, the virtual servers are reset so no changes to those systems will persist.

Lab Title Required Screenshots Total Possible InfoSec Points

Module O ne

Lab 1-2: TCP/IP Protocols – The Core Pr otocols

1. USE NETWORK UTILITIES AND PROTOCOLS FROM THE TCP/IP SUITE – Step 6 – Output from “ipconfig /all”

2. EXAMINING THE ARP PROTOCOL USING WIRESHARK – Step 5 – Wireshark Capture of ARP Packets

3. CAPTURE AND ANALYZE A UDP DATAGRAM – Step 7 – UDP Wireshark Capture with UDP Details

15

Lab Title Required Screenshots Total Possible InfoSec Points

Module O ne

Lab 1-3: Capturing and Analyzing Network Traffic Using a Sniffer

1. Analyzing The Traffic – Step 2 – Wireshark Showing FTP Password 2. Analyzing The Traffic – Step 3 – Wireshark Showing POP Password 3. Analyzing The Traffic – Step 6 – Wireshark Showing E-Mail TCP Stream 4. Analyzing The Traffic – Step 10 – Wireshark Showing Telnet “creeper” Add

15

Module T wo

Lab 2-2: Examining Wireless Networks

1. Viewing Wireless Networks And Connected Devices – Step 10 – Wireshark Display of Router Using “SSID of OPENWIFI”

2. Viewing Wireless Traffic Above Layer 2 – Step 10 – Wireshark Display of Adding Group and User

3. Parsing Object From Traffic – Step 18 – Show Flags 2–6 as Completed (Green Check)

15

Module T wo

Lab 2-3: Deep Dive in Packet Analysis Using Wireshark and Network Miner

1. Viewing Protocols with Wireshark – Step 18 – Telnet Login 2. Viewing Protocols with Wireshark – Step 24 – Echo 3. Parsing Objects with Wireshark – Step 12 – Challenge 2, 3, and 4 Complete 4. Using Network Miner – Step 6 – Usernames and Passwords 5. Using Network Miner – Step 12 – Challenge 5 and 6 Complete

15

Module T hree

Lab 3-2: Network Security – Firewalls

1. View Windows Firewall Features – Step 8 – Challenge 2 Complete 2. View Windows Firewall Features – Step 10 – Challenge 3 Complete 3. Configure An Exception In Windows Firewall – Step 21 – Challenge 4 Complete 4. View And Configure Windows Fire wall With Advanced Security (WFAS) – Step 12 –

Successful “Ping” of 192.168.12.11 5. Create A Firewall Rule (Iptables) Within Linux – Step 7 – Challenge 6 Complete

15

Lab Title Required Screenshots Total Possible InfoSec Points

Module T hree

Lab 3-3: Configuring a Windows Firewall to Allow Incoming Traffic

1. Configuring And Testing The Windows-Based Firewall – Step 21 – NMAP Output Showing the 3 Open Services

2. Configuring And Testing The Windows-Based Firewall – Step 35 Wireshark TCP Stream of HTTP Session

3. Using Internal Services From An External Machine – Step 18 – Display of PNG File in Browser

15

Module Fo ur

Lab 4-2: Configuring a Windows Firewall to Allow Incoming Traffic

1. Configuring And Testing The Linux-Based Firewall- Step 22 – Checking Outbound FTP 2. Configuring And Testing The Linux-Based Firewall – Step 33- Display of Current Rules 3. Configuring And Testing The Linux-Based Firewall- Step 34 – Results of NMAP

showing the 5 ports are Open 4. Using Internal Services From An External Machine – Step 15- Five Green Checks for

Testing Account Settings

15

Module Fo ur

Lab 4-3: Securing the p fSense Firewall

1. Testing The Firewall From The External Network – Step 6 – Output from Zenmap 2. Closing Unnecessary Ports On The Pfsense Firewall – Step 6 – Challenge #3 Complete 3. Closing Unnecessary Ports On The Pfsense Firewall – Step 8 – Challenge #4 Complete 4. Adding A Secure Service To The Pfsense Firewall – Step 22 – Challenge #5 Complete 5. Adding A Secure Service To The Pfsense Firewall – Step 23 – Challenge #6 Complete

15

Module F ive

Lab 5-2: Intrusion Detection Using Snort

1. Setting Up The Sniffer – Step 27 – Wireshark showing TCPDump Capture 2. Detecting Unwanted Incoming Attacks – Step 14 – Output from Alert.IDS 3. Detecting Unwanted Outgoing Traffic – Step 32 – Wireshark TCP Stream of Traffic

Between Victim and Target

15

Module F ive

Lab 5-3: Writing Custom Rules

1. The Hacker Enters The Network – Step 36 – Telnet Alerts from Alert.ids file 2. Writing Custom Rules – Step 5 – Third Custom Rule Change 3. The Hacker Triggers Alerts – Step 13 – Hash Dump 4. The Hacker Triggers Alerts – Step 17 – Output From alert.ids Showing fgdump Alert

15

Lab Title Required Screenshots Total Possible InfoSec Points

Module Six

Lab 6-2: Vulnerability Scanning of a Linux Server

1. Scanning The Network For Vulnerable Systems – Using NMAP – Step 11 – NMAP Output

2. Scanning The Network For Vulnerable Systems – Using NMAP – Step 18 – NMAP Output

3. Scanning The Network For Vulnerable Systems – Using NMAP – Step 23 – NMAP Output

4. Scanning With OpenVAS – Analyzing the Scan Report – Step 5 – Scan Report

15

Module Six

Lab 6-3: Perform Reconnaissance f rom the W AN

1. Banner Grabbing – Step 19 – Challenge #2 Complete 2. Banner Grabbing – Step 20 – Challenge #3 Complete 3. Advanced Scanning With Nmap – Step 9 NMAP Output 4. Advanced Scanning With Nmap – Step 23 NMAP Output 5. Analysis And Exploitation – Step 4 – Challenge #4, #5, and #6 Complete 6. Analysis And Exploitation – Step 12 – Output From John Showing Password

15

Module Se ven

Lab 7-2: Signature De tection and Alerting an Admin

1. Verifying It Works – Step 8 – Alert Log Output 2. Alerting An Admin – Step 8 – Alert E-Mail 3. Alerting An Admin – Step 11 – Alert Log Output

15

Module Se ven

Lab 7-3: Scanning the Netw ork on the L AN

1. Scanning – Step 9 – Challenge #2 and #3 Complete 2. Scanning – Step 11 – Challenge #4 Complete 3. Scanning With Metasploit And Armitage – Step 23 – Armitage Scan Complete 4. Exploitation – Step 7 – /etc/shadow Output 5. Exploitation – Step 25 – Showing All 4 Systems Compromised

15

Lab Title Required Screenshots Total Possible InfoSec Points

Module E ight

Lab 8-2: Log Analysis of Linux Systems with GREP and GAWK

1. Nmap Analysis Using Grep – Parsing Nmap Reports With CLI – Step 10 – grep with Open Ports

2. Nmap Analysis Using Grep – Parsing Nmap Reports With Scripts – Step 7- Parsing Report

3. Log Analysis Using Grep – Step 9 – Access Log File and Curl 4. Log Analysis Using Gawk – Using gawk With Logs – Step 6 – Names of New Users 5. FTP Log Analysis – FTP Access Analysis – Step 5 – Log Output of Failed Attempts

15

Module E ight

Lab 8-3: IPS, Syslog, and NTP

1. Disabling Default Ruleset – Step 4 – Output 2. Enabling IPS – Step 9 – Configuration Verification 3. Configuring the Syslog Server – Step 13 – Verify Log Creation 4. Synchronized Logging – Step 9 – Verify Time Source

15