Transcript SIS - Security Lab Introductory Session

SIS - Security Lab
Introductory Session
University of Pittsburgh
2006
Agenda
 Description of lab infrastructure
 Equipment configuration basics


Text based connection / configuration
Graphical configuration environment
 Cabling description
 Useful commands


Cisco IOS
Windows / Linux
 Recommendations
Lab Infrastructure
Equipment configuration
Equipment configuration (2)
Equipment configuration (3)
Access modes
 The PIX firewalls (and other CISCO equipment) have
four administrative access modes:




Unprivileged mode: Available at first access. Provides a
restricted, limited view of system settings. (Prompt = ‘>’)
Privileged mode: Allows you to change system settings.
(Prompt = ‘#’)
Configuration mode: Enables you to change system
configurations. (Prompt = ‘(config)#’
Monitor mode: Special mode that allows you to update
system configuration image over the network (using a
TFTP server)
Access modes (2)
 To access privilege mode
enable
 To access configuration mode
configure terminal
 Use the exit command to exit from one mode
to the previous one
Firewalls
 System or group of systems that manage
access between two networks
DMZ
Internet
Router
Outside
Network
Firewall
Inside
Network
PIX Firewalls
 Proprietary operating system
 Stateful inspection
 Protocol and application inspection
 User-based authentication
 Virtual private networking
 Web-based management
 Stateful failover capabilities
Graphical configuration environment
(PIX 501 Firewall)
 Important: To access the GUI configuration
environment on the PIX 501 use a PC
connected to the PIX and a browser with the
MICROSOFT JAVA VM enabled !!
 Activate GUI environment via browser
https://192.168.1.1/pdm.html
Viewing / Saving configurations
 There are two configuration memories, running



configuration and startup-configuration
show running-config displays the current
configuration in the RAM memory of the equipment. Any
configuration changes are written to the runningconfiguration
write memory saves the current running-configuration
to the flash memory startup-configuration
show configure shows the configuration that is in flash
memory
show history displays previously entered commands
Cabling description
 Networking ports for each computer are numbered
 Correspondence (see picture)
 Move the patch cords to where you need them if they
are not properly set.
Basic CISCO IOS commands
 ip address if_name ip_address [netmask]
ip address ethernet2 172.16.0.1 255.255.255.0
 show ip address

Displays the IP adresses assigned to all
interfaces
 show interface

allows you to view the network interface
information and status
 ping ip_address

To determine reachability of a system
Basic Windows/Linux networking
commands
 ipconfig (windows) / ifconfig (linux)

To obtain ip configuration information of a PC
 ping
 netstat –r

To obtain routing configuration and statistics
 netstat

Gives you information on active ports and
established connections on a system
Lab procedures
 Lab assignments will be given a couple of days in




advance to the start of the lab working period
Lab working periods = 1 or 2 weeks
Lab groups should be composed of two persons (no
more, no less)
Use sign-up sheet to schedule the time in which you
will be using lab equipment
Lab reports can be written in any format but should
include answers to the questions presented in the
assignment and equipment configuration files
Important recommendations
 Never change a password (you’ll be held
accountable) unless its for your own user
account
 Discharge often – get rid of static electricity
build up before touching equipment
 For questions:


Check CISCO web site http://www.cisco.com
Ask GSA:

E-mail: [email protected]
Questions ??