Transcript Document

Chapter 4: Network
Administration for Windows,
Linux, and VMware
Lecture Materials for the John Wiley & Sons book:
Cyber Security: Managing Networks, Conducting
Tests, and Investigating Intrusions
July 21, 2015 DRAFT
1
System Administration Skills
This chapter provides a introduction to the most commonly needed skills.
These skills are the foundation you need to become a hands-on professional.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Administrator and Root Accounts
Hardware Installation
Re-Imaging Operating Systems
System Protection / Anti-Malware
Networking Setup
Application Installation and Archiving
System Management Controls / Settings
Remote Login / Management
User Administration
Services Management e.g. DNS
Disk Mounting
Moving Data Between Systems on Networks
Advanced File Formatting
Disk Backup and Reformatting
Firewall Configuration
Virtual Machine Conversion and Migration
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
2
System Admin Interfaces
• On Windows
– Using menus
• Start>Control Panel
• Start>Run then type mmc
• Start>Control Panel>View by: Small Icons
(pulldown)>Administrative Tools
– Or use the Windows Command Line Interface
(CLI):
Start>Run>All Programs>Accessories>Command Prompt
• CLI denoted in this book with prompt: C:\>
• On Linux
– Use a command line shell, e.g. Bash
• Bash denoted in this book with prompt: #
– Use menus to access settings screens on desktop,
e.g. KDE, Gnome
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
3
Administrator and Root
Accounts
• All users should normally use unprivileged
accounts, e.g. for Internet surfing
• Administrative operations should be effectively
separated from other user activities
• If a privileged account is attacked, the entire
network could be compromised
• Internet-based malware can use cross-site
attacks to access administrative tabs in the same
browser, e.g. controlling network devices,
electrical power systems,…
– See the antipattern Webify Everything
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
4
Hardware Installation
Steps for installing a pedestal computer system for
end user computing
1. Gather the hardware components
2. Guide the cabling between (floor) pedestal and
desktop
3. Connect network, monitor, mouse, and keyboard
cables
4. For a new Uninterruptable Power Source (UPS) open
the device cabinet and connect the battery cable
5. Connect the electrical pigtail to the pedestal, then to
the UPS
6. Verify your work, check all connections.
In any situation when systems are not working,
always check the physical connections first!
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
5
Re-Imaging Operating Systems
• Installation Sequence for Windows/Linux
1. Obtain installation disks and install hardware
2. Disconnect the system from the network
3. Power on the machine and open CD/DVD drive, insert the
installation disk
4. Follow on-screen instructions for installation
5. Insert the DVD containing device drivers (or download
drivers from Internet). Install drivers for all devices, e.g.
monitor, keyboard, mouse…
6. Reboot system and follow the next steps/slides
• Windows Activation
–
Microsoft requires that a new installation be activated. This
can be done on the Internet. Failing that, you can activate
with a phone call to an interactive voice response (IVR)
system.
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
6
System Protection / Anti-Malware
Host-Based Security Protections can include:
• Antivirus
• Anti-spyware
• Firewall
• Intrusion detection
• Intrusion prevention
• Blacklisting
• Real-time integrity checking
• Periodic policy scanning
• Rootkit detection
• Patch management
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
7
Networking Setup
• On Windows, network setup uses Graphical
User Interfaces (GUI) accessed from the Control
Panel
• On Linux
– If Dynamic Host Configuration Protocol (DHCP) is
running, setup networking with command: ifup eth0
– Manual networking setup steps include:
• Setup Domain Name Server (DNS):
– # echo “nameserver 10.10.100.100” >> /etc/resolv.conf
• Configure interface: # ifconfig eth0 10.10.100.10/24
• Add a gateway: # route add default gw 10.10.100.1
• Command syntax may vary with your Linux distribution
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
8
Application Installation
• On Windows, simply run the installer
program and follow onscreen instructions
• On Linux, installation commands vary by
distribution, for example:
– Debian: # dpkg application.deb
– Red Hat: # rpm application.rpm
• Or use the Yum Extender app
– Ubuntu use apt-get command
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
9
Remote Login / Management
• Connecting to a Windows machine
– Connect to other Windows machines:
• Start>All Programs>Accessories>Remote Desktop
Connection
– From Linux, connect to Windows with
command: rdesktop
• Connecting to a Linux machine
– On the remote machine, start SSH from KDE:
K>Services>SSH>Setup SSHD then Start SSHD
– Connect: # ssh [email protected]
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
10
User Administration
• On Windows
– Windows Client: select User Accounts in the
Control Panel
– Windows Server: use the MMC>Local Users
– Alternatively, use the CLI command: net user
• On Linux
– Create accounts with command:
• # useradd –d /home/MyAccount MyAccount
– Modify accounts with command:
• usermod –G admin –a MyAccount
– Other commands: userdel, groups, and view
or modify the file /etc/passwd
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
11
Services Management
• On Windows
– Start>Run then type services.msc
• The services management GUI will open
– Also the CLI commands netsh and sc
• On Ubuntu, for example, configure CUPS
– # apt-get install cups
– Add to /etc/cups/cupsd.conf
<Location /admin>
Allow from 127.0.0.1
</Location>
– # /etc/init.d/cups start
• On Red Hat, use the service command
– # service iptables stop
– #service iptables start
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
12
Disk Mounting
• On Windows
– Disk will automount after you attach USB
– Unmount by detaching USB
• On Linux
– Mount
• # fdisk –l
• # mkdir /mnt/sda1
• # mount /dev/sda1 /mnt/sda1
– Unmount
• #umount /mnt/sda1
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
13
Moving Data Between
Systems on Networks
• Moving data is very important skill for
cybersecurity testers, i.e. moving test data
• Between Windows
– Use file sharing, right click on a folder,
Properties>Sharing tab
• Between Linux and Windows use CIFS
– # mkdir /mnt/MyShare
– # mount –t cifs //10.10.100.10/MyShare
/mnt/MyShare –o user=MyUser
• Between Linux – use command: sftp
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
14
Converting Text Files
• This skill is closely related to moving data
• Converting text files between Linux and
Windows and MacOS formats
– # dos2unix file.txt
– # unix2dos file.txt
– # mac2unix file.txt … etc
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
15
Disk Formatting
• On Windows
– Control Panel>Administrative Tools>Computer Management
• Use the GUIs under Disk Management
• On Linux
– A typical formatting procedure:
# fdisk –l
# fdisk /dev/sda
– locate new disk /dev/sda
– enter commands to create disk table
fdisk: m
– display help
fdisk: o
– create new partition table in RAM
fdisk: n
– new partition creation
fdisk: p
– partition choice
fdisk: 1
– choose first partition (sda1)
fdisk: <Enter>
– default: 1st cylinder is 1
fdisk: <Enter>
– default: Last cylinder
fdisk: p
– print partition table
fdisk: w
– write table to disk and exit
# mkfs –V /dev/sda1
– format the data partition
# mkdir /mnt/sda1
– create mount directory
# mount /dev/sda1 /mnt/sda1 – mount disk to test it
Cyber Security:
Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
16
Firewall Configuration
A typical command sequence for a CISCO ASA 5000 series:
$ enable
Password:
# show run
# config t
(config)# interface vlan 2
(config-if)# nameif inside
(config-if)# security –level 100
(config-if)# ip address 10.10.100.1
255.255.255.0
(config-if)# no shut
(config-if)# exit
(config)#
(config)# interface vlan 3
(config-if)# nameif outside
(config-if)# security –level 0
(config-if)# ip address 192.168.10.2
255.255.255.0
(config-if)# no shut
(config-if)# exit
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
(config)# route outside 0.0.0.0 0.0.0.0
192.168.10.1
(config)# int e0/1
(config-if)# switchport access vlan 2
(config-if)# speed 100
(config-if)# duplex full
(config-if)# no shut
(config-if)# exit
(config)# int e0/2
(config-if)# switchport access vlan 3
(config-if)# speed 100
(config-if)# duplex full
(config-if)# no shut
(config-if)# exit
(config)# wr mem
(config)# exit
# show run
# exit
7/21/2015 DRAFT
17
Virtual Machine Conversion
and Migration
• VM conversions/migrations are frequent activities in
security test labs
• Example: Convert a running VMware image on ESXi to
a VMware Player image
– On Windows, the VMware Converter Server and Converter Agent are Windows services,
created when Converter was installed. Verify that they are started.
1.
Start VMware Standalone Converter application.
2.
Click the Convert Machine button.
3.
From the pull-down menu select Powered-On Machine and
then select the A Remote Machine radio button.
4.
Enter a target IP address and login credentials.
5.
Select the OS family.
6.
Set up and run the SSH service on the target machine.
7.
Select VMware Infrastructure and Virtual Machine as the
destination.
8.
Enter the VM name and then click Finish.
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
18
Additional Network
Administration Knowledge
• As a hands-on cybersecurity professional,
especially in security test labs, you will constantly
research new commands, new procedures, and
new technologies
• This chapter provides a basic grounding in
these skills, but continued mastery of sys admin
skills is a lifelong learning endeavor
• Remember this… Keep detailed notes!
– Search for the answers and you will find them!
– Google is your friend!
– You are NOT Magellan!
• Keep learning every day
– Tackle these challenges TOGETHER with your
colleagues and friends! That’s the most fun way!
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
7/21/2015 DRAFT
19
Cyber Security: Managing Networks,
Conducting Tests, and Investigating Intrusions
REVIEW CHAPTER SUMMARY
7/21/2015 DRAFT
20