Lab 7 Configuring The Pfsense Firewall Las Positas College-Books Pdf

Lab 7 Configuring the pfSense Firewall Las Positas College
28 Sep 2020 | 2 views | 0 downloads | 39 Pages | 1.95 MB

Share Pdf : Lab 7 Configuring The Pfsense Firewall Las Positas College

Download and Preview : Lab 7 Configuring The Pfsense Firewall Las Positas College

Report CopyRight/DMCA Form For : Lab 7 Configuring The Pfsense Firewall Las Positas College



Transcription

Lab 7 Configuring the pfSense Firewall, Introduction 3. Objectives Explain the security function and purpose of network devices and. technologies 3, Pod Topology 4, Lab Settings 5, 1 Configuring ICMP on the Firewall 8. 1 1 Configuring ICMP on pfSense 8, 1 2 Conclusion 17. 1 3 Discussion Questions 17, 2 Redirecting Traffic to Internal Hosts on the Network 18. 2 1 Configuring a Firewall to Allow a Port and Re directing Requests 18. 2 2 Conclusion 21, 2 3 Discussion Questions 21, 3 Setting up a Virtual Private Network 22.
3 1 Configure the pfSense Firewall to allow Virtual Private Network Traffic 23. 3 2 Conclusion 38, 3 3 Discussion Questions 38, References 39. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 2 of 39, Lab 7 Configuring the pfSense Firewall. Introduction, This lab is part of a series of lab exercises designed through a grant initiative by the. Center for Systems Security and Information Assurance CSSIA and the Network. Development Group NDG funded by the National Science Foundation s NSF. Advanced Technological Education ATE program Department of Undergraduate. Education DUE Award No 0702872 and 1002746 This work has been adapted by The. Department of Labor DOL Trade Adjustment Assistance Community College and Career. Training TAACCCT Grant No TC 22525 11 60 A 48 This series of lab exercises is. intended to support courseware for CompTIA Security certification. By the end of this lab students will be able to configure a pfSense software firewall. This lab includes the following tasks, 1 Configuring ICMP on the Firewall. 2 Redirecting Traffic to Internal Hosts on the Network. 3 Setting up a Virtual Private Network, Objectives Explain the security function and purpose of network devices.
and technologies, Companies need to protect their internal resources This is often done by using a. hardware or software firewall Certain types of traffic can be blocked or allowed. through the firewall Understanding how a firewall operates and its relationship to the. internal and external networks is critical to having an understanding of network. ICMP The Internet Control Message Protocol or ICMP is used by ping tracert and. traceroute Network utilities like ping and tracert can be used to test for connectivity If. ICMP is blocked by the firewall testing for connectivity becomes more difficult. Firewall In Networking a firewall is a software or hardware device that regulates. traffic Certain types of traffic can be blocked or allowed through the firewall. Redirection Most firewalls can be configured to allow incoming traffic on their. external interfaces to be redirected to internal hosts. NAT Network Address Translation will allow internal hosts to reach the external. network through a single IP address Most firewalls can be configured to perform NAT. Port Scanning A Port Scan can be used to determine which ports are open and closed. on the firewall Tools like Nmap can be used to perform port scanning. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 3 of 39, Lab 7 Configuring the pfSense Firewall. Pod Topology, Figure 1 Topology, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 4 of 39. Lab 7 Configuring the pfSense Firewall, Lab Settings. The information in the table below will be needed in order to complete the lab The. task sections below provide details on the use of this information. Required Virtual Machines and Applications, Log in to the following virtual machines before starting the tasks in this lab.
BackTrack 5 Internal Attack Machine 192 168 100 3, BackTrack 5 root password password. Windows 2k3 Server Internal Victim Machine 192 168 100 201. Windows 2k3 Server administrator password password. Red Hat Enterprise Linux Internal Victim Machine 192 168 100 147. Red Hat Enterprise Linux root password password, 10 10 19 1. pfSense Firewall, 192 168 100 1, pfSense password admin pfsense. BackTrack 4 External Attack Machine 10 10 19 148, BackTrack 4 External root password password. Windows 2k3 Server External Victim Machine 10 10 19 202. Windows 2k3 Server administrator password password. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 5 of 39, Lab 7 Configuring the pfSense Firewall.
BackTrack 5 Internal Attack Login, 1 Click on the BackTrack 5 Internal Attack icon on the topology. 2 Type root at the bt login username prompt and press enter. 3 At the password prompt type password and press enter. Figure 2 BackTrack 5 login, For security purposes the password will not be displayed. 4 To start the GUI type startx at the root bt prompt and press enter. Figure 3 BackTrack 5 GUI start up, Windows 2003 Server Login internal and external victim machines. 1 Click on the Windows2k3 Server Internal Victim icon on the topology. 2 Use the PC menu in the NETLAB Remote PC Viewer to send a Ctrl Alt Del. version 2 viewer or click the Send Ctrl Alt Del link in the bottom right corner of. the viewer window version 1 viewer, 3 Enter the User name Administrator verify the username with your instructor. 4 Type in the password password and click the OK button verify the password. with your instructor, 5 Repeat these steps to log into the Windows 2k3 Server External Victim.
Figure 4 Windows 2k3 login, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 6 of 39. Lab 7 Configuring the pfSense Firewall, Red Hat Enterprise Linux Login. 1 Click on the Red Hat Linux Internal Victim icon on the topology. 2 Type root at the rhel login prompt and press Enter. 3 Type password at the Password prompt and press Enter. For security purposes the password will not be displayed. 4 To start the GUI type startx at the root rhe prompt and press Enter. Figure 5 RHEL login, BackTrack 4 External Attack Login. 1 Click on the BackTrack 4 External Attack icon on the topology. 2 Type root at the bt login username prompt and press enter. 3 At the password prompt type toor and press enter. For security purposes the password will not be displayed. 4 To start the GUI type startx at the stroot bt prompt and press enter. Figure 6 BackTrack 4 login, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 7 of 39. Lab 7 Configuring the pfSense Firewall, 1 Configuring ICMP on the Firewall.
There are many firewall solutions that companies can use PfSense is an open source. FreeBSD based operating system which requires minimal disk space You can download. the pfSense Live CD or Virtual Machine It can be downloaded from the following link. http www pfsense org index php option com content task view id 58 Itemid 4. Keep in mind that Linux commands are case sensitive The commands below must be. entered exactly as shown, 1 1 Configuring ICMP on pfSense. 1 Open a terminal on the BackTrack 4 External Attack Machine by clicking on the. image to the left of Firefox in the task bar in the bottom of the screen. Figure 7 The BackTrack Terminal, 2 Type the following to display the IP address for the Backtrack 4 External Attack. root bt ifconfig, Figure 8 IP address of External BackTrack. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 8 of 39, Lab 7 Configuring the pfSense Firewall. 3 Log on to the Windows 2k3 Server Internal Victim Machine Use the PC menu in. the NETLAB Remote PC Viewer to send a Ctrl Alt Del version 2 viewer or click. the Send Ctrl Alt Del link in the bottom right corner of the viewer window. version 1 viewer Log on with the username of Administrator and the. password of password, If you have already logged into the machine as described in the Lab Settings section.
you may skip this step, Figure 9 Send Ctrl Alt Del to the Windows 2003 Server. 4 Double click the shortcut to the command prompt icon on the Windows 2003. Figure 10 Windows 2003 Command Prompt, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 9 of 39. Lab 7 Configuring the pfSense Firewall, 5 Type the following command to view your IP address. C ipconfig, Figure 11 The IP address information, 6 From the Windows 2k3 Server Internal Victim Machine ping the internal. pfSense IP address by typing, C ping 192 168 100 1.
Figure 12 Pinging the Internal Address of the Firewall. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 10 of 39. Lab 7 Configuring the pfSense Firewall, 7 From the Windows 2k3 Server Internal Victim Machine ping the external. BackTrack IP address by typing, C ping 10 10 19 148. Figure 13 Pinging the External IP address, Internet Control Message Protocol or ICMP is allowed from any of the four Internal. clients to the two machines on the External Network While ICMP is commonly allowed. out within most organizations I have worked in several places where you cannot ping. Figure 14 ICMP is Allowed OUT, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 11 of 39. Lab 7 Configuring the pfSense Firewall, Now that we have determined ICMP is allowed out it is also a good idea to determine.
which TCP ports on the pfSense firewall are accessible to clients on the internal. network Although the pfSense firewall is fairly locked down some ports are accessible. internally, 8 To determine what ports are accessible on the internal network login to the. BackTrack 5 Internal Attack Machine with the username root and the password. of password, Skip to the next step if you have already logged into the machine. 9 Open a terminal window and type, root bt nmap 192 168 100 1. Figure 15 Two TCP ports are Accessible Internally, An internal scan reveals that only 2 TCP ports are accessible from the Internal Network. Protocol Port Number, Domain Name System 53, Hyper Text Transfer Protocol 80.
The default settings of pfSense keep the external settings fairly locked down By. default external machines will not be able to ping the external IP of the firewall. 8 2 2013 Copyright 2013 CSSIA NISGTC Page 12 of 39. Lab 7 Configuring the pfSense Firewall, 10 From the Windows 2k3 Server External Victim Machine attempt to ping. pfSense by typing, C ping 10 10 19 1, Figure 16 The Pings Fail. 11 On the BackTrack 4 External Attack Machine Determine if the pfSense firewall. is allowing any incoming ports by typing, root bt nmap 192 168 100 1. Figure 17 No Ports are Open, We will now configure the pfSense Firewall to allow ICMP from external hosts. 12 On the Red Hat Enterprise Linux Internal Victim Machine open Firefox by. clicking Applications in the top left menu selecting Internet then selecting. Firefox Web Browser, Figure 18 Opening Firefox, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 13 of 39.
Lab 7 Configuring the pfSense Firewall, 13 Type the following URL in the browser http 192 168 100 1. Figure 19 Opening pfSense, 14 For the username type admin For the password type pfsense Click Login. Figure 20 Logging in to pfSense, 15 From the Interfaces Tab of pfSense select Wide Area Network WAN. Figure 21 The WAN Interface, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 14 of 39. Lab 7 Configuring the pfSense Firewall, 16 Scroll down to Private Networks Uncheck the option to Block Private Networks.
and click Save, Figure 22 Unchecking Block Private Networks. 17 In order for the new configuration to take effect click the Apply changes button. Figure 23 Applying the New Configuration, 18 Create a rule to allow incoming ICMP traffic by selecting Firewall then Rules. Figure 24 Configuring Firewall Rules, 8 2 2013 Copyright 2013 CSSIA NISGTC Page 15 of 39. Lab 7 Configuring the pfSense Firewall CompTIA Security Domain 1 Objective 1 1 Explain the security function and purpose of network devices and technologies Objective 1 2 Apply and implement secure network administration principles Document Version 2013 08 02 Organization Moraine Valley Community College Author Jesse Varsalone

Related Books

O 360 A4M Series Illustrated Parts Catalog lycoming com

O 360 A4M Series Illustrated Parts Catalog lycoming com

O 360 A4M Series Illustrated Parts Catalog INTRODUCTION DO NOT USE THIS CATALOG AS AN ASSEMBLY OR INSTALLATION DOCUMENT THIS CATALOG MUST ONLY BE USED TO IDENTIFY PARTS IN CONJUNCTION WITH THE APPLICABLEOVERHAUL MANUAL Purpose of this Catalog This Illustrated Parts Catalog IPC contains a complete list of spare parts for the Lycoming O 360 A4M wide cylinder flange model engines How to

IO 540 AB1A5 Illustrated Parts Catalog Lycoming Engines

IO 540 AB1A5 Illustrated Parts Catalog Lycoming Engines

Standards the following chapters apply to the IO 540 AB1A5 Illustrated Parts Catalog 24 Electrical Power 72 Reciprocating Engine 73 Engine and Fuel Control 74 Ignition and 80 Starting EXAMPLE 74 20 Chapter Section Ignition Distribution NOTE See the IPC Table of Contents for the sub systems listed in each section

IO 540 AE1A5 Series Illustrated Parts Catalog lycoming com

IO 540 AE1A5 Series Illustrated Parts Catalog lycoming com

IO 540 AE1A5 Series Illustrated Parts Catalog Effectivity IO OR INSTALLATION DOCUMENT THIS CATALOG MUST ONLY BE USED TO IDENTIFY PARTS IN CONJUNCTION WITH THE APPLICABLEOVERHAUL MANUAL Purpose of this Catalog This Illustrated Parts Catalog IPC contains a complete list of spare parts for the Lycoming IO 540 AE1A5 wide cylinder flange model engine How to Use this Catalog This catalog

TERMS OF REFERENCE TOR FOR THE nlcsa org za

TERMS OF REFERENCE TOR FOR THE nlcsa org za

During his lifetime he has written several books which include amongst others Indaba my children 1960 Song of the Stars The Lore of a Zulu Shaman 1996 Zulu Shaman Dreams Prophecies and Mysteries 2003 and Woman of Four Paths The Strange Story of a Black Woman in South Africa 2007 This library and museum will definitely contribute and assist in

The African Superhighway of Wisdom

The African Superhighway of Wisdom

The African Superhighway of Wisdom by Asar Imhotep July 27 2009 Much has been accomplished in the field of historical linguistics to demonstrate relatedness between African languages The systematic methods of morphology phonology and typology have been the tools par excellence in bringing to light similarities in African languages The principle and most well established tool of the trade

Une rare tonnante conversation Credo Mutwa

Une rare tonnante conversation Credo Mutwa

Indaba My Children originally published 1964 Zulu Shaman Dreams Prophesies Mysteries 2003 Songs of the Stars Lore of a Zulu Shaman 5 Credo Mutwa est un chaman zoulou senusi sud africain David Icke nous le d crit comme l homme le plus exeptionnel qu il ait rencontr Credo Mutwa raconte l histoire de l Afrique pas la fausse version crite par les colonialistes blancs

JEDNOLITY RZECZOWY WYKAZ AKT MINISTERSTWA INFRASTRUKTURY

JEDNOLITY RZECZOWY WYKAZ AKT MINISTERSTWA INFRASTRUKTURY

A W tym Instrukcja kancelaryjna jednolity rzeczowy wykaz akt instrukcja w sprawie organizacji i zakresu dzia ania archiwum zak adowego korespondencja w sprawie wyja nienia interpretacje opinie 0161 rodki ewidencji i kontroli obiegu dokumentacji B5 W tym rejestry przesy ek korespondencja w tych sprawach 0162 Ewidencja piecz ci i piecz tek oraz ich wzory odciskowe A Przy czym

SP ZOZ MIEJSKI SZPITAL ZESPOLONY

SP ZOZ MIEJSKI SZPITAL ZESPOLONY

Instrukcja Kancelaryjna SP ZOZ Miejski Szpital Zespolony w Cz stochowie Data opracowania Ostatnie uaktualnienie Zatwierdzi Cz stochowa 2017 r 2 Postanowienia wst pne 1 Podstawa prawna opracowania niniejszej instrukcji 1 Rozporz dzenie Prezesa Rady Ministr w z dnia 18 stycznia 2011 r w sprawie instrukcji kancelaryjnej jednolitych rzeczowych wykaz w akt oraz instrukcji w

ZARZ DZENIE NR 2 2013 Kierownika rodowiskowego Domu

ZARZ DZENIE NR 2 2013 Kierownika rodowiskowego Domu

Instrukcja kancelaryjna zwana dalej Instrukcj okre la zasady i tryb wykonywania czynno ci kancelaryjnych w rodowiskowym Domu Samopomocy w Osieku w odniesieniu do kt rego w dalszej cz ci instrukcji stosuje si r wnie okre lenia plac wka i DS 2 Okre lone w Instrukcji zasady wykonywania czynno ci kancelaryjnych zapewniaj jednolity spos b tworzenia ewidencjonowania

instrukcja kancelaryjna pwsz ns edu pl

instrukcja kancelaryjna pwsz ns edu pl

Instrukcja kancelaryjna Pa stwowej Wy szej Szko y Zawodowej w Nowym S czu 5 28 Uczelnia Pa stwow Wy sz Szko Zawodow w Nowym S czu 29 wykaz akt jednolity rzeczowy wykaz akt czyli wykaz hase rzeczowych oznaczonych symbolami klasyfikacyjnymi i kwalifikacj archiwaln 30 za cznik ka de pismo lub inny przedmiot odnosz cy si do tre ci lub tworz

Instrukcja Kancelaryjna Narodowego Funduszu Zdrowia

Instrukcja Kancelaryjna Narodowego Funduszu Zdrowia

Instrukcja kancelaryjna NFZ lipiec 2006 7 3 8 Obieg korespondencji w Funduszu jest nast puj cy a Kancelaria Og lna przyjmuje korespondencj dostarczon do Funduszu otwiera j opatruje piecz ci wp ywu ewidencjonuje w kontrolce wp yw w a nast pnie dokonuje rozdzia u mi dzy poszczeg lne sekretariaty b sekretariaty przedk adaj korespondencj do wgl du prze o onym