Category: SEC602

SEC602 – The Final Lab 16: Backup and Recovery

In today’s lab we will be looking at:

  • Installing Windows Server Backup
  • Backup and Restore using Windows Server Backup

Blog Questions

Summarise the backup and restore functions of Windows Server Backup you used in the lab

In the lab, we were able to schedule backups at a specific time and the frequency of backups such as daily. We backed up and restored what they call a system state which is kind of like a snapshot of how the system was at that point. We can then recover to that point where everything was fine and working if things were to go haywire.

Since the backup is on a schedule this ensures that the backup will not be out of date and prevent loss of data as it is regularly kept up to date.

Discuss the protection Windows Server Backup provides

Windows Server Backup protects us from massive data loss and helps us to recover if our servers crash as we are able to go back to the point of where we had things working. This would allow us to continue working without much delay and with little to no data loss.

CT&A

Potential uses/advantages/pitfalls for this in securing a business

Businesses should ensure that they are using this system as it would allow them to manage data loss and for them to continue their work without much delay or hassle. Without it, it could cost the company lots of time and money and could be very detrimental to the business.

SEC602 – Lab 15: Data Encryption

In today’s lab we will be looking at:

  • Full Disk Encryption using Bitlocker
  • Configure Security for Removable Media
  • Using Cryptography Tools

Blog Questions

Summarise the functions of BitLocker you used in the lab (Just focus on BitLocker not GPO)

In the lab, we used BitLocker to encrypt and lock our hard drive and gave it a password to grant access to it. We also used the recovery key save to file option which allows us to save the recovery key in a file just in case if we forget the super simple password we set.

Discuss the protection BitLocker provides the user

Bitlocker provides a full encryption lock on hard drives so it will keep the entire hard drive from being accessed this is useful if you have a hard drive full of sensitive information that you don’t want anyone knowing about. It works well if you’re just a regular consumer and if your computer got stolen or messed around with then Bitlocker will do just fine.

Suggest how the Recovery Key should be stored securely

The recovery key should be realisticly not stored on the pc itself. It should be located onto an external device such as a hard drive or USB and even be locked away or kept somewhere only you would know. However, you can store it on the PC you should take care to hide it somewhere that no one would find it by randomly browsing your computer files.

CT&A

Potential uses/advantages/pitfalls for this in securing a business

Bitlocker could potentially be beneficial for businesses looking to encrypt hard drives so employees don’t have access to certain drives if they don’t need access. It is simple but very effective which is what businesses need. If it is planned and implemented correctly Bitlocker could save a lot of time which equals more time for money-making.

SEC602 – Lab 14: Implementing DNSSEC

In today’s lab we will be looking at:

  • Preparing DNS setup for DNSSEC
  • Configuring DNSSEC
  • Customizing DNSSEC

Blog Questions

DNSSEC function configured in the lab

In the first part of the lab, we looked at signing the zone using the default settings provided to us by the installation wizard through the DNS manager. Below are some of the steps taken:

  • To sign the zone we right-click on the secure.practicelabs.com under Foward Lookup Zones
  • Hover over DNSSEC and go to ‘Sign the Zone’
  • A wizard is displayed to walk you through the process
  • We run through the default settings and let the wizard do its thing

After the installation, we can then see a padlock icon attached to the zone folder. We can also see that there a more records and we can see that they have been signed by DNSSEC.

 

CT&A

Potential uses/advantages/pitfalls for this in securing a business

DNSSEC is a simple and effective security step for businesses to help protect their websites and customers.

DNSSEC helps protect against cyberattacks, specifically website spoofing, which can impact your SEO and business credibility making it difficult for businesses to operate at an optimal level of productivity.

Websites for businesses are like virtual offices and we don’t want unwanted guests just randomly invading our workspace so what would we do to prevent this? We would use DNSSEC to help us prevent these unwanted guests.

SEC602 – Lab 13: Implementing a Network Policy Server

In today’s lab we will be looking at:

  • Installing a Network Policy Server
  • Configuring a VPN Server and Client
  • Viewing NPS Logs

Blog Questions

For your blog and complete the lab and discuss the three the security features implemented

The authentication method used 

RADIUS stands for “Remote Authentication Dial-In User Service.” and was used in the lab as authentication to communicate with the Network Policy Server (NPS)

RADIUS is an industry-standard that has to do with centralized management of connection. Some people refer to it as the “Tripple A connection” because it has Authentication, Authorization, and Accounting.

The security policy that was created 

In the lab, we created a simple network policy for a security group and name it “IT_NetworkPolicy.” We then added a group and it called “globalit” and gave it access. We do this so we can group together the people so we can apply policies to them.

The accounting method used (i.e Logs)

We used a third-party NPS log reader that will interpret the log file we previously opened. It was called “IAS Log Viewer” We use this program so we can understand the log

Accounting enables us to know who is who and what users have been given access. Also to keep track of when users access the network and for how long. We do this so we can monitor peoples activities and make sure nothing suspicious is happening.

Potential uses/advantages/pitfalls for this in securing a business

NPS enables you to create and enforce organization-wide network access policies for clientele, connection request authentication and connection request authorization. This is very handy because we need to know who and how people are using the systems within the business to ensure nothing that shouldn’t happen happens.

SEC602 – Lab 12: WiFi Access Point Security

In today’s lab we looked at:

Reviewing “The Ministry of Education’s School Wireless LAN Guidelines – Building and Maintaining a Wireless Network.”  This document provides guidelines for schools and other organisations, which participates in the design, supply, and implementation of information technology infrastructures for New Zealand schools.

Blog Questions

In your post review section 3 Security and Access Management and discuss a suitable wireless security configuration from Figure 3 that can provide authentication, authorisation and encryption for the Wireless LAN in a large school

Reading through the document I have come to the conclusion that 802.1X protocol would be best suited for a large school. Large schools tend to have lots of students which means lots more devices. Schools should allow internet access to those devices as the internet is a vital tool for any and all students. and 802.1X has security and restrictions that would be necessary for students.

WPA2 should also be used for authentication and authorisation via the 802.1X/EAP protocol as it will help with the security, this is good for the network in the long run but in the beginning, can be quite hard to set up but it is recommended for large schools.

“802.1X is a port-based access control standard that restricts access to network resources until user authorisation has been completed.”

In your post discuss common Wireless LAN security practices and issues for a large school. See, for example, section 6.1-6.3 Common Security Issues and Management

  • Devices using old standards can make the network slow and vulnerable
  • Management tends to have passwords that are easily guessed or hacked
  • All wireless devices have the ability to see wireless networks and this could prompt people to attempt breaking into them
  • Wireless may overextend the school allowing people outside to see or even use the network
  • Wireless may need to have a shutdown time as wifi wouldn’t be required after school hours as no one should be there to use it
  • Anyone can abuse the BYOD if rules are not set in place
  • Always risks of students trying to hack the system man
  • Students may ‘stumble’ across inappropriate content or may even be cyberbullied by other students
  • Wifi may present health risks for students

As with all problems, there is almost always a solution to them. In most of these cases, a simple rule or toggle of settings can set most of these straight.

CT&A

Potential uses/advantages/pitfalls for this in securing a business

Schools should be aware and not push wireless networks on the back burner as it is a huge part of students everyday school life. They must ensure that the safety of their network and students match their standards and goals as a school. Making sure everything is configured correctly and that students won’t stumble across anything they’re not meant to and have plans when inevitably some students do stumble across something like that.

SEC602 – Lab 11: Firewall Rule Based Management

In today’s lab we will be looking at:

  • Configuring Firewall Rules using Windows Firewall
  • Configuring Firewall Rules using Windows Firewall with Advanced Security
  • Configuring Firewall Rules using Remote Desktop
  • Configuring Firewall Rules using the Command Line Interface

We are to complete the lab to get an overview of the Windows Firewall configuration options. We are to configure the firewall for a small web hosting operation.

Blog Questions

  • Discuss the configuration required on a firewall for a web server providing
    • HTTP and HTTPS

HTTP should have a rule set so that inbound traffic can travel through port 80 which is the standard port for HTTP.

HTTPS should have a rule set so that inbound traffic can travel through port 443 which is the standard port for HTTPS.

  • FTP over TLS/SSL 

FTP over TLS (FTPS) uses port 990 so this would need to be allowed

  • SMTP for sending emails from the websites

SMTP can use many ports such as port 25, 465, 587 and 2525 but the most commonly used is port 25 and should be allowed on the firewall

  • Remote Administration

The default port number is 5985 for WinRM to communicate with a remote computer and so should be allowed through the firewall to be able to do so

  • Discuss the configuration required on a firewall for a database server providing
    • MariaDB 

MariaDB is 3306 this should be allowed through the firewall to make sure everything runs correctly

  • MSSQL 

TCP port 1433 is the default port for SQL Server it is also considered to be safe and the default option so should be allowed through the firewall to be able to work

  • Remote Administration

Port 1434 is the default and should be allowed through the firewall

Overall configuration should be kept at defaults as default should always work. However, if you know what you’re doing and know the other optional ports then you are able to use them as well. Businesses should take care and only use defaults if it suits their needs but should consult their IT department if they need.

SEC602 – Lab 10: Implementing NAT and OpenSSH

In today’s lab we will be looking at:

  • Installing a NAT Firewall
  • Installing OpenSSH

Blog Questions

Discuss the use and function of the NAT Firewall

NAT firewall allows many devices on a private network to share a single gateway to the internet. They all have their own unique private IP addresses but all share the same public IP address.

Discuss at least two uses of OpenSSH on either Windows or Linux

OpenSSH can be used for remote access conveniently connecting to remote machines is handy if you need to gain access to a computer not within your vicinity. It can also be used for file transfer without the use of any other external software.

CT&A

How you could have done the lab better

The lab was fairly straight forward and on the short side. I don’t think it could have been done better.

How the lab could be improved

The lab was nice and simple it’s good as is.

Potential uses/advantages/pitfalls for this in securing a business

Both these technologies are useful for a business as they make things easier. being able to remote access and remote file transfer could be very beneficial for a business as they will be able to conduct work when they are away from the workplace.

SEC602 – Lab 9: Managing Certificates

In today’s lab we will be looking at:

  • Managing Certificate Templates
  • Configuring Certificate Auto-Enrollment
  • Implementing Key Archival
  • Enrolling for User Certificate
  • Managing Key Recovery

Blog Questions

What is the role or function of AD Certificate Services and CA Web Enrollment

ADCS allows users to issue and manage PKI certificates. Allows for security and can provide authentication for computers, user and/or any other devices existing on the network.

Web Enrollment displays web pages that can be used with the Certification Authority role service. It enables the user to perform tasks, such as:

  • Requesting certificates from the CA
  • Requesting the CA’s certificate
  • Submitting a certificate request by using a PKCS #10 file
  • Retrieving the CA’s certificate revocation list (CRL)

 

What is the role or function of Key Archival and Key Recovery Agent

Key Archival stores private keys of a certificate so that it can be recovered at a later date if needed.

Key Recovery Agent allows users or admins to recover keys that have been lost. This is also helpful for data recovery. It should be entrusted to someone trustworthy as it is a powerful tool to have on a network.

Explain at least two uses of the User Certificate

They provide identification of the user much like a drivers license. This, in turn, leads them to have certain permissions to be able to access or have control over different areas of the network. There are many different types of certificates that can be issued out such as:

  • Administrator
  • Authenticated Session
  • Basic EFS
  • Code Signing
  • EFS Recovery Agent
  • Enrollment Agent
  • Exchange Enrollment Agent
  • Exchange Signature
  • Exchange User
  • Smartcard Logon
  • Smartcard User
  • Trust List Signing
  • User
  • User Signature Only

The certificates enable the user’s permissions, for example, the Administrator certificate enables the user to become certified admins. it’s an easy way to give someone permissions and identification.

CT&A

How you could have done the lab better

The lab was quite long and I may have gone through it a bit fast so I could have slowed down a bit to get a greater understanding of the concepts.

How the lab could be improved

The lab was quite long but necessary I don’t think the lab could be improved upon.

Potential uses/advantages/pitfalls for this in securing a business

Certificates are essential to business as they make things easier and allows the business to be able to self manage themselves which in turn is much more cost-effective and saves time.

SEC602 – Lab 8: Understanding PKI Concepts

In today’s lab we will be looking at:

  • Installing and Configure Active Directory Certificate Services
  • Configure Certificate Revocation Lists (CRLs)

Blog Questions

What is the role of the Root CA and Subordinate CA in PKI?

Root CA – The root CA is at the top of the certification hierarchy and is the one that everyone trusts. To be trusted you must earn the trust of the root CA as the root CA is within the OS, browsers and devices, whatever is validating the certificate. Root CAs have high security and are stored offline.

Subordinate CA – The subordinate CA preside in between the root and the end-entity certificates. The main role they play is to figure out and allow different types of certificates that can be requested from the root CA. An example of this would be needing to separate Subordinates for different locations.

Outline the steps involved in creating the Subordinate CA private key and certificate

  1. We have to add roles and services
  2. Active Directory Certificate Services
  3. Online Responder must be checked
  4. Configure Subordinate CA
  5. Follow through the installer
  6. ???
  7. Profit

Can the certificate be used on a public website? Justify your answer

Yes, the Subordinate CAs are commonly used in HTTPS.

Discuss the use of Certificate Revocation Lists

Certification Revocation Lists are useful for storing expired or compromised certificates. This helps to keep things organised and makes it easy to be able to renew expired ones as they are categorized.

Explain why an organisation use Active Directory Certificate Services

Organisations use ADCS so they don’t have to go to a third party, they can do it themselves on their own servers. This would allow them to customize and keep a watchful eye on their own stuff giving greater control to them. Some benefits of using ADCS would be:

  • Pulling from the active directory – Can use existing AD to register certificates this will help to avoid re-registering.
  • Leverage existing group policy –  You can set which machines and users get what type of certificates through AD Group Policies.
  • Automate Certification – Certificates can be set to auto-renew so there’s no need to worry about expiration.
  • Silent Installation – Like above installation is automatic so no need to worry about the user to do it.

CT&A

How you could have done the lab better

The lab was straight forward and quite interesting to work through. Easy to follow along so I don’t think I could have done it any better than I did.

How the lab could be improved

The lab was fine as it is, nothing could be improved upon in my opinion.

Potential uses/advantages/pitfalls for this in securing a business

Have discussed above 🙂

SEC602 – Lab 7: Password Cracking Tools

In today’s lab we will be looking at:

  • Cain & Abel
  • PWDump
  • LMHash
  • Detecting Rootkits

Blog Questions

Discuss how to use Cain & Abel to initiate a brute force attack

First, you should make sure you have Cain & Abel installed. The steps are as followed during the lab:

  1. When Cain & Abel is running, on the left pane click on LM & NTLM Hashes
  2. Add to list
  3. A wizard will pop up just click next for default settings which import hashes from the local system
  4. A list of user accounts are then displayed
  5. Right-click on the Administrator account
  6. Select Brute Force Attack
  7. Select NTLM Hashes
  8. Brute Force Attack window is then displayed and from here we can change settings such as different types of characters and the length of the password
  9. Click Start
  10. Wait for 300 or so days (Dependent on password complexity settings)
  11. You are now a hacker congratulations

It’s pretty straightforward but brute-forcing is the most basic way of cracking passwords that it can take a very long time to get the password cracked. As the name suggets, it’s very primitive.

Discuss the problems with using the brute force attack and compare and contrast with another password attack

A brute force attack is simple in nature but is very hardware intensive as it tries every possible outcome of the password. This, in turn, leads to long wait times. Another password attack is called a dictionary attack where it uses words to try and guess the password. Since so many people actually use words for their passwords then the dictionary attack could be a good choice. In this way, it is similar to the brute force attack but is a little bit more thought out in its execution and in most cases is better. Dictionary will be a bit faster than a brute force attack but can be a bit limited.

In relation to your findings in the lab define and justify the minimum requirements for a secure password policy

No one likes to change their passwords or be forced to make secure passwords. People like simple easy to remember passwords… Unfortunately, that is a big no-no and we must have password policies to protect ourselves from ourselves. I suggest the following:

  • Password history – Prevents people from using the same passwords a minimum of 10 old passwords.
  • Password Age –  Making sure the user can’t change their passwords until a number of days are up maybe 3 – 7 days after just changing the password cannot be changed immediately. Also making users change their passwords after a set amount of time such as 90 – 180 days to keep passwords fresh and reduce the risk of hacks
  • Password Length –  This one always comes up and is the most common. A min of 8 characters but recommended min characters should be above 14 characters. The longer the password the better.
  • Password Complexity – This is another one people are forced to do for their own good. It is a good idea to not allow them to have their username in their passwords and to have a combination of uppercase, lowercase, numbers and maybe even a symbol to really get them to mix it up.
  • 2Auth –  This one is a good one to have as even if they still get their passwords compromised then they are still safe since 2FactorAuthentication saves them. Even if someone has the password they still need to provide a code to complete login and the code is usually sent to either an authentication app on their personal phone or email address so unless the hacker has their email or phone then there’s not much they can do.

CT&A

How you could have done the lab better

The lab was simple but fun so I don’t think there was much room for improvement.

How the lab could be improved

This lab was actually pretty cool being able to use Cain & Abel and seeing how many days it took to crack a password was very cool. I don’t think it could’ve been any better.

Potential uses/advantages/pitfalls for this in securing a business

Businesses should take care of their password policies and keep them strong despite moaning from employees. There’s nothing worse than one of your people getting hacked as it good be detrimental to the business depending on who got hacked and what the hacker’s intentions are. Make sure the employees know about the password policy and enforce it.