In this short introductory lab, you will be forming your teams and preparing your machines for the rest of the upcoming labs. You will be required to understand and acknowledge the lab rules and you will get your first taste of the Network Security Lab layout.
1. Understanding the Rules
The labs are a fun way to explore security legally. However, it is easy to accidently attack the wrong computer and get everyone into major trouble. You MUST follow these rules, otherwise you will fail the class, face disciplinary action, or worse.
You DO NOT have permission to attack any machine outside of the NetSec network (that is your Virtual Machines and class infrastructure). There is no flexibility here. If you do attack a machine that is not part of our class lab, you are committing a crime. You could be suspended, expelled, or even arrested. Please do not do this!
You do have permission to attack machines within the NetSec network, but only when you are doing a lab and only when the lab requires it. Each lab will spell out which machines are fair game. If you ignore these instructions, your grades will be penalized brutally.
Attacks should be completely contained within the NetSec network. They should only start from your VMs and constrainted by the VPN to only interact with the class infrastructure.
Your attacks should never leave the NetSec network. If you are attacking any address besides those in 10.0.0.0/8, you could potentially break the previous rules and you will definitely upset the Lab TA. Brutal grade penalties will follow.
If any of these rules are not clear, please consult with the Lab TA or Professor Noubir.
2. Building a Team
Since you will be completing all of the labs as part of a team, the first thing you need to do is create one. Professor Noubir will let you know how many students he expects per team. You are responsible for choosing your teammates, so consider your choice carefully. Successful teams are made up of individuals who:
Complement each other well in the areas of Unix Systems Administration, Windows Systems Administration, Java programming, and Cryptography.
Get along well with one another under stressful situations and can stay organized in a task-oriented environment.
Once you have chosen your teammates, send an email to the Lab TA (with a CC to Professor Noubir) with the following information:
Team member names
Team member CCIS account names
Team member email addresses
The labs are to be done over a hybrid infrastructure: two virtual machines per team (one linux and one Microsoft Windows Server). The linux VM will connect through a VPN to the course lab network running on the CCIS/NEU infrastructure. In addition the linux machine will act as a NAT-gateway for your Windows server.
Download and install VirtualBox.
Download the generic linux virtual machine and a Microsoft Windows Server virtual machine. The credentials to first connect to the VMs can be found here. Make sure to change the passwords as soon as you can.
3. Creating Accounts
Each teammate will have their own account on the team machines so that they can work on the labs. Once you have received the credentials for your machines, you create the accounts with these steps:
Each team member should read the man page on
sudo(8), to understand how they may execute privileged commands with their own less-privileged account. Review the current
/etc/sudoersfile to understand the currently granted privileges.
Log into your Linux machine, and create one user account using the
useradd(8)command. Read the man page first for usage information. Use the
-Goption to add the account to the
sudogroup as well as the default initial group. If you forget to do this when creating an account, see the man page for
group(5)and add it manually with a text editor.
By default, each newly created account is disabled. To enable the new account, login as the initial admin user given to you by the TA, and set a new password. Do not use weak passwords, temporary or otherwise.
Log into your Windows server using the
Administratoraccount credentials provided. Create an account,, using the same username that was used on your Linux system. The passwords for the account need not be the same between the two systems.
Add the newly created user account to the
Change the initial admin user password on your Linux router and the
Administratorpassword on your Windows server if you have not already done so.
NOTE: Be sure to use strong passwords for the accounts. All systems will be partially exposed to the Internet and password brute-force attacks have become common-place.
4. Setting up your VPN Connection
Your linux VM will act as a NAT-gateway to the class' infrastructure through a VPN. We are using OpenVPN and it has already been installed and partially setup for you. You need to:
- Copy your
email@example.com files provided to the
/etc/openvpn/directory in your linux VM. You can transfer files to your linux machine from the host running VirtualBox by connecting
scpor WinSCP to localhost port 3322. LAter you can copy the keys to the approprite directory using sudo:
you@my-computer$ scp -P 3322 firstname.lastname@example.org email@example.com team@localhost:/home/team team@linux-vm$ sudo cp firstname.lastname@example.org.* /etc/openvpn/
Update the configuration file located at
/etc/openvpn/openvpn.confto refer to the keys provided to you as part of your credentials.
- Manually run openvpn with the appropriate configuration file parameter. Make sure that no error messages show up in your output and save it for your report. Note that in future boots the openvpn service will be started automatically.
Test that your VPN connection is working by obtaining the IP address of
strawman.nslabmachine and pinging it. Save this information for your report.
5. Reviewing the Network Settings
In order to perform any kind of attack, you will need to understand the network layout. To review your network settings, follow these steps, saving all the information for your report:
On your Linux router, determine network interfaces on the machine and their configuration using the
Determine the routing table using the
On your Windows server, determine its IP address, subnet mask, default gateway, and DNS servers by checking the properties on the
Local Area Connection.
For this lab, your team must submit a report with the following information:
Why were the Linux accounts you created added to the
What is the purpose of the
sudo(8)command? What advantages does it have over the
What are the network settings for you Linux router and Windows server?
Provide the output of your manual run of openvpn, the IP address of strawman.nslab, and the ping output.
Your grade for this lab will be composed of:
20% - Sent the team information to the Lab TA.
80% - Answers from the lab report.