Network Essentials Labs

This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

The student will act as attacker and defender in this scenario. They will receive experience using a popular DoS tool, the Low Orbit Ion Cannon (LOIC), and then will switch over to the defensive side. On defence they will need to detect the activity, design firewall rules to block the DoS, implement the rules and then check their effectiveness.

In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).

Students will log into an organization's firewall, document existing firewall rules, analyze these rules and making recommendations based on this analysis. Students will then make make the necessary changes.

Network and host based Intrusion Detection Systems (IDS) analyze traffic and provide log and alert data for detected events and activity. Security Onion provides multiple IDS options including Host IDS and Network IDS. In this lab you will setup Security Onion to function as a network based IDS and Snorby, the GUI web interface for Snort.

In this lab we will replicate potentially malicious scans from the Internet against a corporate asset. Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE - LAN which will be the internal Local Area Network. ZONE – DMZ which will be the demilitarized zone. ZONE - WAN - which will be the Wide area network. We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ to WAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackers who if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We'll also show trainees how a contractor would likely VPN into a retail network and how to appropriately restrict their access.

The Open Source Collection lab is designed to familiarize students with the advanced functionality of Google, default webpages used for web-servers, and the specifics of Google Hacking database. This allows the students to understand how open source information can be used for exploitation purposes.

Students will utilize Nmap, a network discovery and mapping tool, to identify the systems on a network of responsibility. Using the tool, students will identify other devices on the laboratory network, to include computers and network infrastructure devices, such as routers.

Students will leverage Scalnline, a windows network discovery and mapping tool, to identify the systems on a network of responsibility. Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).

Students will configure a pfSense Firewall to create/isolate various network segments.

Students will leverage Hping3 to assess ports of various devices on the assigned network. Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).

A number of technologies exist that work together to protect systems and networks. The real value of your networks and systems rests in the data that networks carry and reside in systems. In this lab you will focus on some ways you can safeguard the data that resides on systems and when data is sent across the network. Securing an operating system, also known as hardening, strives to reduce vulnerabilities in order to protect a system against threats and attacks.

This lab exercise is designed to allow the trainee become familiar with the basic command arguments and usage of TCPDump.

In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.