Reference no: EM132401621

INFA 620 - Network and Internet Security - University of Maryland Global Campus

Laboratory: Configuring a Firewall a front-end to controlling Iptables.

Iptables is a flexible firewall utility built for Linux operating systems.

It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall "zones" to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.

For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).

NIXENT01 (Enterprise) is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.

NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark.(Wireshark is available as part of Kali distribution.)

Allocating the Lab Machines
Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page.

1. Look for "INFA 620" and select "Nodes."
2. Select "Allocate Lab" *this should take no more than 1 minute.*
*Please Note*Allocated lab resources expire in 7 days. If a lab expires, work done within the lab machine.
Connecting to the Lab Machines
1. Within the Lab Broker interface, view the current allocated nodes for INFA 620
2. Use the "Connect" button to initiate a connection to each of the two machines:
3. When prompted, enter the course credentials:
a. Username: StudentFirst
b. Password: Cyb3rl@b
4. Proceed with the connection. You will need to re-enter the above credentials.

Network Traffic Simulation Script

The Network traffic Simulation script allows users to test pathways to lab resource machines by using the terminal to initiate test packets. The script takes 2 input variables (IP address and service) and uses this information to initiate a test. The script is implemented using bash shell. The script accepts a target IP (-t) and any service name (-s) available in /etc/services. The script can be run on either machine to generate traffic for the other machine,

To run the script:
1. Open a Terminal window.
2. Enter command "sudo /usr/local/sbin/traffic_test -t(target IP)-s (service)"
a. Target IP and Service are taken from the Enterprise and External Tables above
b. Http example: "sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http" (This will be run on External since we are generating traffic to reach192.168.10.20 )
3. Input the Password for the StudentFirst User: Cyb3rl@b
4. The script will then run a 5 packet test and display the results.

The firewall is initially is set up to Deny by Default. So, no traffic will be admitted in either direction until we explicitly change the firewall rules.

Attachment:- Configuring a Firewall.rar