Certified Cybersecurity Technician - Module 07 - Network Security Controls - Technical Controls - Labs (EC-Council) (Z-Library)

📄 File Format: PDF

💾 File Size: 12.3 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

Copyrights @ 2021 EC-Council International Ltd. 1Certified Cybersecurity Technician Module 07 NETWORK SECURITY CONTROLS - TECHNICAL CONTROLS CERTIFIED CYBERSECURITY TECHNICIAN Copyrights @ 2021 E -Council International Ltd.

📄 Page 2

Copyrights @ 2021 EC-Council International Ltd. 2Certified Cybersecurity Technician INDEX Module 07: Network Security Controls - Technical Controls Exercise 1: Implement Host-based Firewall Protection with iptables Exercise 3: Implement Network-Based Firewall Functionality: Block Unwanted Website Access using pfSense Firewall Exercise 5: Implement Host-based IDS Functionality using Wazuh HIDS Exercise 2: Implement Host-based Firewall Functionality using Windows Firewall Exercise 4: Implement Network-Based Firewall Functionality: Block Insecure Ports using pfSense Firewall 06 53 115 16 76

📄 Page 3

Copyrights @ 2021 EC-Council International Ltd. 3Certified Cybersecurity Technician Exercise 6: Implement Network-based IDS Functionality using Suricata IDS Exercise 7: Detect Malicious Network Traffic using HoneyBOT Exercise 8: Establish Virtual Private Network Connection using SoftEther VPN Exercise 9: Scan System for Viruses using Kaspersky Internet Security 143 206 220 251

📄 Page 4

Copyrights @ 2021 EC-Council International Ltd. 4Certified Cybersecurity Technician LAB SCENARIO The most important aspect of security controls is the protection of organizational assets such as people, property, and data. By establishing security controls, an organization can either reduce or completely mitigate risks to their assets. The labs in this module will provide you with a real-time experience in using various methods and techniques used to implement technical controls in the network, thereby, preventing the network from unauthorized access to critical assets and resources. LAB OBJECTIVE The objective of this lab is to provide expert knowledge in implementing technical controls. This knowledge is gained through the following tasks: • Implementation of Host-based firewall protection and Host-based firewall functionality • Blocking access to unwanted website and insecure ports using pfSense firewall • Implementation of Host-based IDS functionality and Network-based IDS functionality • Detecting malicious traffic in the network using HoneyBOT • Configuring VPN connection using tools such as SoftEther VPN • Scanning the System for Viruses using Kaspersky Internet Security OVERVIEW OF TECHNICAL CONTROL Technical control is referred to as logical controls. It makes use of technology to control access to the physical assets or the facility of the organization. It is generally incorporated in the computer hardware, software, operations, or applications to control access to sensitive areas.

📄 Page 5

Copyrights @ 2021 EC-Council International Ltd. 5Certified Cybersecurity Technician LAB TASKS A cyber security professional or a security professional use numerous tools and techniques to implement technical controls in the network. Recommended labs that will assist you in learning various aspects of technical controls include the following: Note: Turn on PfSense Firewall virtual machine and keep it running throughout the lab exercises. Implement Host-based Firewall Protection with iptables Implement Host-based Firewall Functionality using Windows Firewall Implement Network-Based Firewall Functionality: Block Unwanted Website Access using pfSense Firewall Implement Network-Based Firewall Functionality: Block Insecure Ports using pfSense Firewall Implement Host-based IDS Functionality using Wazuh HIDS Implement Network-based IDS Functionality using Suricata IDS Detect Malicious Network Traffic using HoneyBOT Establish Virtual Private Network Connection using SoftEther VPN Scan System for Viruses using Kaspersky Internet Security 01 02 03 04 05 06 07 08 09

📄 Page 6

Copyrights @ 2021 EC-Council International Ltd. 6Certified Cybersecurity Technician EXERCISE 1: IMPLEMENT HOST-BASED FIREWALL PROTECTION WITH IPTABLES iptables is a command-line firewall utility that uses policy chains to allow or block traffic. LAB SCENARIO A security professional must know how to configure an iptables host-based firewall to allow or block traffic to or from a Linux system. iptables allows us to enter firewall rules into the existing tables using the command line. LAB OBJECTIVE This lab will demonstrate how to configure an iptables host-based firewall in an Ubuntu machine. OVERVIEW OF IPTABLES iptables is a standard firewall included in most Linux distributions. With the default chain policies configured, you can start adding rules to iptables, so that it knows what to do when it encounters a connection from or to a particular IP address or port. LAB TASKS Note: Ensure that PfSense Firewall virtual machine is running.

📄 Page 7

Copyrights @ 2021 EC-Council International Ltd. 7Certified Cybersecurity Technician 1. Turn on the Attacker Machine-1 virtual machine. 2. Select User Bob and type password user@123 press the Enter button. 3. Open the Firefox web browser, type www.google.com in the URL, and press Enter. Note: If a notification appears at the top section of a browser window, click Okay, Got it and in Before you continue to Google Search wizard, click I agree button. Note: If a Software Updater pop-up appears, click on Remind Me Later. 4. Bob is able to access the website, which implies that Bob has internet access. A security professional can block internet access on the user machine using iptables. 5. Press ALT + CTL + T to open the terminal, type the sudo su command for the root user, and press Enter.

📄 Page 8

Copyrights @ 2021 EC-Council International Ltd. 8Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 6. When prompted for the password, type the password for the root user (here the root user password is user@123), and press Enter. Note: The password that you type will not be visible.

📄 Page 9

Copyrights @ 2021 EC-Council International Ltd. 9Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 7. Next, to identify the user ID for Bob, type id bob in the terminal and press the Enter button. The user id displays as shown in the screenshot

📄 Page 10

Copyrights @ 2021 EC-Council International Ltd. 10Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 8. Note down the user id (uid) for Bob (here 1000). 9. Further, we use the iptables command for network management activity. 10. Type iptables -L and press Enter to check the existing rules for users.

📄 Page 11

Copyrights @ 2021 EC-Council International Ltd. 11Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 11. No rules exist currently. Next, we will create a new rule with the following command for the user Bob. 12. Type iptables -A OUTPUT – o eth0 -m owner --uid-owner 1000 -j DROP as shown in the screenshot below, and press Enter.

📄 Page 12

Copyrights @ 2021 EC-Council International Ltd. 12Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 13. The rule will be applicable only for the user Bob who has 1000 as the UID, as we have already noted. 14. Test the Internet connection to check whether or not the iptables rule is applied. 15. Open the browser, type www.google.com, and press the Enter button. 16. As the screenshot below shows, the website is not accessible to the user.

📄 Page 13

Copyrights @ 2021 EC-Council International Ltd. 13Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 17. Now switch back to the terminal window, type iptables -t filter --delete OUTPUT 1 in the terminal window and press Enter.

📄 Page 14

Copyrights @ 2021 EC-Council International Ltd. 14Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 18. This will delete the rule that was created in step 12 and to enable Internet connection to user Bob, to check the rule type iptables -L and press Enter.

📄 Page 15

Copyrights @ 2021 EC-Council International Ltd. 15Certified Cybersecurity Technician E X E R C IS E 1 : IM P LE M E N T H O ST -B A SE D FI R E W A LL P R O TE C TI O N W IT H IP TA B LE S 19. No rules exist currently, we have successfully deleted the rule, now we will check for connectivity. 20. Open the browser, type www.google.com, and press the Enter button.

📄 Page 16

Copyrights @ 2021 EC-Council International Ltd. 16Certified Cybersecurity Technician EXERCISE 2: IMPLEMENT HOST-BASED FIREWALL FUNCTIONALITY USING WINDOWS FIREWALL A host-based firewall protects the system from various threats. LAB SCENARIO A security professional must have the required knowledge to implement various security layers in the organization; a single breach in security can allow the attacker to leave malicious code or transfer the malicious file over the network. Host-based firewall implementation is another security layer where the administrator can allow or restrict specific individual endpoints. In this lab, you will learn how to configure a host-based firewall to protect the individual system connected to the network. LAB OBJECTIVE This lab will demonstrate how to secure an individual endpoint within the network. In this lab, you will learn how to do the following: • Hardening the host within the network • Applying rules in a host-based firewall OVERVIEW OF A HOST-BASED FIREWALL A host-based firewall is a software that makes the system or device secure. Configuring a host-based firewall will help achieve real security implementation and defense in depth within an organization. The normal strategy of a host-based firewall is to provide defense-in-depth and use a combination of layers of protection within the organization. An example is the Windows firewall, which is inbuilt in the Windows platform. The Windows firewall developed by Microsoft Windows is an application that filters the incoming and outgoing Internet traffic and blocks the malicious program communicating to the individual endpoint. The Windows firewall (host-based) protects the individual endpoint over the network from various threats, viruses, and malware. LAB TASKS Note: Ensure that PfSense Firewall virtual machine is running.

📄 Page 17

Copyrights @ 2021 EC-Council International Ltd. 17Certified Cybersecurity Technician 1. Turn on Admin Machine-1 and Web Server virtual machines. 2. In the Admin Machine-1 virtual machine, log in with the credentials Admin and admin@123. Note: If the network screen appears, click Yes. 3. Navigate to the Windows Start menu, type Remote Desktop Connection, and press Enter. E X E R C IS E 2 : IM P LE M E N T H O ST -B A SE D FI R E W A LL F U N C TI O N A LI TY U SI N G W IN D O W S FI R E W A LL

📄 Page 18

Copyrights @ 2021 EC-Council International Ltd. 18Certified Cybersecurity Technician E X E R C IS E 2 : IM P LE M E N T H O ST -B A SE D FI R E W A LL F U N C TI O N A LI TY U SI N G W IN D O W S FI R E W A LL 4. The Remote Desktop Connection window will appear as shown in the screenshot below. Type the 10.10.1.16 IP address of the Web Server machine and click Connect.

📄 Page 19

Copyrights @ 2021 EC-Council International Ltd. 19Certified Cybersecurity Technician E X E R C IS E 2 : IM P LE M E N T H O ST -B A SE D FI R E W A LL F U N C TI O N A LI TY U SI N G W IN D O W S FI R E W A LL 5. The Windows Security pop-up window will appear. Type the username Administrator and password admin@123, and click OK

📄 Page 20

Copyrights @ 2021 EC-Council International Ltd. 20Certified Cybersecurity Technician E X E R C IS E 2 : IM P LE M E N T H O ST -B A SE D FI R E W A LL F U N C TI O N A LI TY U SI N G W IN D O W S FI R E W A LL 6. The Security Certificate pop-up will appear as shown in the screenshot below. Click Yes.