In this short introductory lab, you will be forming your teams and preparing your machines for the rest of the upcoming labs. You will be required to understand and acknowledge the lab rules and you will get your first taste of the Network Security Lab layout.
1. Understanding the Rules
The labs are a fun way to explore security legally. However, it is easy to accidently attack the wrong computer and get everyone into major trouble. You MUST follow these rules, otherwise you will fail the class, face disciplinary action, or worse.
You DO NOT have permission to attack any machine outside of the NetSec network (that is your Virtual Machines and class infrastructure). There is no flexibility here. If you do attack a machine that is not part of our class lab, you are committing a crime. You could be suspended, expelled, or even arrested. Please do not do this!
You do have permission to attack machines within the NetSec network, but only when you are doing a lab and only when the lab requires it. Each lab will spell out which machines are fair game. If you ignore these instructions, your grades will be penalized brutally.
Attacks should be completely contained within the NetSec network. They should only start from your VMs and constrainted by the VPN to only interact with the class infrastructure.
Your attacks should never leave the NetSec network. If you are attacking any address besides those in 10.0.0.0/8, you could potentially break the previous rules and you will definitely upset the Lab TA. Brutal grade penalties will follow.
If any of these rules are not clear, please consult with the Lab TA or Professor Noubir.
2. Building a Team
Since you will be completing all of the labs as part of a team, the first thing you need to do is create one. Professor Noubir will let you know how many students he expects per team. You are responsible for choosing your teammates, so consider your choice carefully. Successful teams are made up of individuals who:
Complement each other well in the areas of Unix Systems Administration, Windows Systems Administration, Java programming, and Cryptography.
Get along well with one another under stressful situations and can stay organized in a task-oriented environment.
Once you have chosen your teammates, send an email to the Lab TA (with a CC to Professor Noubir) with the following information:
Team member names
Team member CCIS account names
Team member email addresses
The labs are to be done over a hybrid infrastructure: two virtual machines per team (one linux and one Microsoft Windows Server). The linux VM will connect through a VPN to the course lab network running on the CCIS/NEU infrastructure. In addition the linux machine will act as a NAT-gateway for your Windows server.
Download and install VirtualBox.
Download the generic linux virtual machine and a Microsoft Windows Server virtual machine. The credentials to first connect to the VMs will be sent by email (in response to your team creation email). Make sure to change the passwords as soon as you can.
Once you email Professor Noubir and the Lab TA, you will be contacted with your team number and credentials to remotely access your machines. At this point, you may begin the next section.
3. Creating Accounts
Each teammate will have their own account on the team machines so that they can work on the labs. Once you have received the credentials for your machines, you create the accounts with these steps:
Each team member should read the man page on
sudo(8), to understand how they may execute privileged commands with their own less-privileged account. Review the current
/etc/sudoersfile to understand the currently granted privileges.
Have one team member log into your Linux machine, and create one user account for each team member using the
useradd(8)command. Read the man page first for usage information. When creating the accounts, use the account names you provided the Lab TA. Also, use the
-Goption to add them to the
sudogroup as well as the default initial group. Also make sure every user runs the Bash shell (/bin/bash), and to create their home directory. If you forget to do this when creating an account, see the man page for
group(5),passwd(5),chsh(1)and to set the account options manually.
By default, each newly created account is disabled. To enable the new accounts, have a team member login as the initial admin user given to you by the TA, and set a new, temporary password using the
passwd(8)command. Each team member should then login immediately to The router and change their password. Do not use weak passwords, temporary or otherwise.
Have one team member log into your Windows server using the
Administratoraccount credentials provided. Create one account for each user in your team, using the same usernames for each user that were used on your Linux system. The passwords for each account need not be the same between the two systems.
Add each of the newly created user accounts to the
Change the initial admin user password on your Linux router and the
Administratorpassword on your Windows server if you have not already done so.
NOTE: Be sure to use strong passwords for the accounts. All systems will be partially exposed to the Internet and password brute-force attacks have become common-place.
4. Setting up your VPN Connection
Your linux VM will act as a NAT-gateway to the class' infrastructure through a VPN. We are using OpenVPN and it has already been installed and partially setup for you. You need to:
- Copy your
team-x.crtcredential files provided to the
/etc/openvpn/directory in your linux VM. You can transfer files to your linux machine from the host running VirtualBox by connecting
scpor WinSCP to localhost port 3322. LAter you can copy the keys to the approprite directory using sudo:
you@my-computer$ scp -P 3322 team-x.crt team-x.key team@localhost:/home/team team@linux-vm$ sudo cp team-x.* /etc/openvpn/
Update the configuration file located at
/etc/openvpn/openvpn.confto refer to the keys you copied in the previous step.
- Manually run openvpn with the appropriate configuration file parameter. Make sure that no error messages show up in your output and save it for your report. Note that in future boots the openvpn service will be started automatically.
Test that your VPN connection is working by obtaining the IP address of
strawman.nslabmachine and pinging it. Save this information for your report.
5. Reviewing the Network Settings
In order to perform any kind of attack, you will need to understand the network layout. To review your network settings, follow these steps, saving all the information for your report:
On your Linux router, determine network interfaces on the machine and their configuration using the
Determine the routing table using the
On your Windows server, determine its IP address, subnet mask, default gateway, and DNS servers by checking the properties on the
Local Area Connection.
For this lab, your team must submit a report with the following information:
Why were the Linux accounts you created added to the
What is the purpose of the
sudo(8)command? What advantages does it have over the
What are the network settings for you Linux router and Windows server?
Provide the output of your manual run of openvpn, the IP address of strawman.nslab, and the ping output.
Your grade for this lab will be composed of:
20% - Sent the team information to the Lab TA.
80% - Answers from the lab report.