Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lab 05 Firewalls.

Published byJonah Sanders Modified over 6 years ago

Similar presentations

Presentation on theme: "Lab 05 Firewalls."— Presentation transcript:

1 Lab 05 Firewalls

2 Note from grader Label your screenshots, text files and tables!
Make things easy to find Makes them easy to grade!

3 Final Group Project Next Lab Explain project Assign teams
Initial project work Deliverables (individual and team) Team Name by end of lab (10 pts) Including guess of project Project Name by start of next lab (10 pts) “Detailed” project proposal

4 Firewall Linux Tricks Firewall Groups
Insert a Linksys home “router” between: VM Service (lab servers) Configure firewall Check working normal Block http Block ssh

5 Groups Linux Tricks

6 Groups One of the permission sets
Controls the access to the file by a similar group of users

7 Key Files/Directories
/etc/passwd As before: the users /etc/shadow Encrypted sensitive data /etc/group Contains the group info /etc/gshadow Used by the groups for sensitive data Similar to shadow

8 By GUI Debian: Users and Groups
Use the Users and Groups panel In Applications  System tools  Administration Note: Gnome 3 no longer includes Users and Groups as part of the default installation Use Synaptic to install gnome-system-tools Look for the area to manage groups Varies in some Debian versions Group will have an option to add a group That will have an option to add members to the group Will also have a facility to update May be called “Properties” Will need to know root PW for your VM to use

9 By CLI Need to have privileged account Open appropriate terminal
e.g. root authority Open appropriate terminal Many ways to create users and groups: E.g. for pre-existing users Create the group addgroup newgroupname add existing users to the group usermod –a –G groupname userID E.g. to create users in an existing group add the new user to an existing group useradd –G existingGroup newID Set the password for the new user passwd newID Use man to find more options for the above commands

10 Group File Content Where,
cdrom:x:24:vivek,student13,raj _____ _ _ _____ | | | | | | | | Where, 1 - group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field. 2 - Password: Generally password is not used, hence it is empty/blank It can store encrypted password This is useful to implement privileged groups X  use gshadow 3 - Group ID (GID): Each user must be assigned a group ID Same as the number in the /etc/passwd file 4 - Group List: List of user names of users who are members of the group User names are separated by commas

11 /etc/group Example #cat group root:x:0: daemon:x:1: bin:x:2: sys:x:3:
adm:x:4:lbcat kmem:x:15: dialout:x:20:tkombol,lbcat fax:x:21:lbcat audio:x:29:tkombol,lbcat dip:x:30:lbcat www-data:x:33: backup:x:34: operator:x:37: utmp:x:43:telnetd video:x:44:tkombol,lbcat sasl:x:45: plugdev:x:46:tkombol,lbcat webadmin:x:1002: web:x:1003:webadmin,tkombol libuuid:x:117: sambashare:x:118: #

12 Gshadow File Content general:!!:shelley:juan,bob Where: Group name
Name of the group Encrypted password !: no user is allowed to access the group using the newgrp command !!: same as ! It also indicates that a password has never been set before If the value is null, only group members can log into the group. Group administrators Comma delimited list Can add or remove group members using the gpasswd command Group members Regular, non-administrative members of the group Should be the same as in group

13 Report Note what was added (if anything) to the following files and directories as you added and assigned groups /home /etc/passwd /etc/shadow /etc/group /etc/gshadow

14 Firewall

15 Step 1: Set up HW IP address assigned by: - WAN side DHCP
- User Via Web interface Port 1 switch WAN or Internet Linksys Router Default IP: VM on PC n (DHCP assigned by Linksys) Hades Server Wall Connection x (DHCP assigned by hades.lab)

16 Equipment restrictions
Should have enough Linksys “routers” available for this lab If not enough power bricks Inform instructor

17 Equipment etiquette Return equipment to original state
Linksys Routers back to cabinet Power bricks to drawers Cables back to storage Hook the PC back to lab network Log off

18 Linksys Web Link Sample Web

19 Lab Overview Reset a Linksys router to factory defaults
Connect router between PC and lab server Lab side to WAN or Internet Workstation to one of the switch ports Familiarize with router Check router WAN side IP address Check IP addresses assigned to VM(s) and workstation

20 Lab Overview Ensure it works Try restrictions Try HTTP Try ssh
Browse the denoted URLs and IP addresses Try ssh Enter command to log on Do not need to log on Try restrictions Restrict HTTP Restrict ssh

21 “Gotchas” When you connect through the router you are no longer directly connected in the lab network No direct access to the hades server Access via the router Should have no impact to your VM for this lab Might impact how you do screen prints, etc. Investigate: can you access the NFS server? Why or why not?

22 Interesting Notes When you connect the Linksys Router to the lab network The WAN (Internet) side gets an IP address from the DHCP server in hades.lab Linksys has its own DHCP server Enabled by default It grants addresses to elements connected to the LAN side Use those facts to your advantage!

23 Notes: Note: browsers and other devices can cache old results
May need to force refresh

24 Other notes: Firewall can be Can block/pass
A piece of hardware inserted between pc and world Some software Both Can block/pass MAC addresses IP addresses Specific hours Specific services (protocols) By ranges… AND MORE! Capability varies by device

Download ppt "Lab 05 Firewalls."

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
hotEx RADIUS Manager Installation

hotEx RADIUS Manager Installation
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Advanced Networking for DVRs

Advanced Networking for DVRs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Test Review. What is the main advantage to using shadow copies?

Test Review. What is the main advantage to using shadow copies?
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.
Lab How to Use WANem Last Update 2011.08.01 1.1.0 Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.

CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett 6.03.09 Revised for Firmware Update.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.
Cisco Routers Objectives –How to log into a Cisco router and determine basic settings. Contents –Differences in available methods of access. –Different.

Cisco Routers Objectives –How to log into a Cisco router and determine basic settings. Contents –Differences in available methods of access. –Different.
Hands-On Microsoft Windows Server 20081 Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Similar presentations

Ads by Google