- 1 - ECE4112 Internetwork Security Lab 1: OS Installation and Introduction to security tools Date Assigned: January 12, 2009 Date Due: January 19, 2009 Last Edited: October 31, 2007 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the provided Answer Sheet and be sure you turn in to the TAs ALL materials listed in the Turn-in Checklist on or before the Date Due. Goal: This lab is designed to help you setup your hard drive with the OS’s and programs you will be using throughout the semester. Summary: This lab consists of two parts. In the first part, you will install RedHat Workstation 4.0 on your hard disk and create virtual machines with different operating systems. In the second part, you will install and use various security tools. Background: o Read “Hacking Exposed” Chapters 1, 2, 3 o Try running “nslookup” in a windows command prompt followed by the site whose IP you’d like to know (while you are on a machine connected to the Internet outside our isolated lab) (for example nslookup www.google.com) o Read about the tool “Dig” at http://www.kloth.net/services/dig.php o Read about Bridged Networks for VMware at: http://www.vmware.com/support/ws4/doc/network_bridged_ws.html#1061788 1. If you are not familiar with Linux, please look at the Appendix “General Linux Tips” and also please go to the following website to learn some basic commands. The best way to learn is to experiment on your machine. http://www.reallylinux.com/docs/basic.shtml Section 1 Prelab Glance at the Appendices now so that you know what information is at the back of this lab. Read the Georgia Tech Computer and Network Usage Policy http://www.oit.gatech.edu/inside_oit/policies_and_plans/policies/CNUSP.pdf- 2 - Section 2 Prelab: Turn in this pre-lab part to the TAs with your completed answer sheet at the completion of the lab. At home or on a school computer which is connected to the Internet (our security lab machines are not connected to the Internet): Use the whois databases ( for example www.internic.net/whois.html); a registery whois lookup (for example http://www.networksolutions.com/en_US/whois/index.jhtml); and the American Registery for Internet Numbers (ARIN) (for example http://ww2.arin.net/whois/) to find out everything you can about the company Internet Security Systems (www.iss.net). Attach a printout or hand written SUMMARY (not every single IP address required!) of that information to your lab answer sheet turn in. Prelab Q 2.1. How do you defend your own network against this type of information gathering? Lab Scenario: You will set up a RedHat Workstation 4.0 host machine with a base IP address, VMware, a RedHat 7.2 virtual machine, and an XP virtual machine. You will have three computers in one box all connected together in a bridged network which can communicate through one single network interface card. This one card will connect your multiple virtual computers to any network the host machine’s physical interface card is connected to. Introduction and General Information Working in groups of two, follow the attached lab and install Linux on your removable hard drive. During TA hours, you will need to obtain from the TA a removable hard drive, a key for the hard drive, Red Hat Workstation 4.0 installation CDs, and a floppy with the Ethernet card driver software on it. You are to keep the hard drive and the key; however, all the CDs have to be returned before you leave the lab. You will need to get the TA to enter a VMware license number. So, make sure you are working when a TA can assist you in those steps. You may work in the lab anytime by using your buzzcard to enter, however, TA support hours are much more limited. Check off on labs must be done during the TA's lab hours. CDs must be returned to the TAs before the TA hours end for that period. Do not drop or roughly handle the hard drives. If you break it you will be asked to replace it and you will find they cost about $65. If you loose a hard drive frame key, it costs $25 because you have to buy an entire removable hard disk frame kit just to get the key. To insert your hard drive into the machine:- 3 - Slide your drive into the docking bay. Push with your thumb to make sure the contacts are connected, push down the locking handle. Use your key to lock the drive into the bay. If the drive is not locked into the bay, you will not get power to your hard drive. General Warning for the entire quarter: Warnings on: 1) removing your hard disk from the machine while it is running Linux or 2) turning the power off while the machine is running Linux: do not do it! Do not try to remove your hard drive from the Linux machine while Linux is running. Here is the procedure to shut down In a graphical X window: Click on the actions icon in the upper left of the screen. Select logout and then shutdown, yes. ( or if not in a graphical X window): In a text terminal: shutdown -h now after the machine halts use your key to remove the hard drive. DO NOT FORCE THE HANDLE UP WHEN REMOVING THE HARD DRIVE. IF YOU HAVE NOT UNLOCKED THE DRIVE AND YOU PULL HARD YOU CAN BREAK THE PLASTIC RELEASE HANDLE. Unix stores some file states in memory and this stuff needs to be written to the disk before the disk is removed otherwise you may corrupt your disk and have to reinstall LINUX. Be sure to shutdown before your remove the hard drive or before your power off the computer. Do not use cntl alt del to reboot the machine unless you have no choice. There is a chance you will corrupt your hard drive if you do it this way. What to do if you ever have a corrupted operating system: In the event you try to boot and get the message that you have a corrupt file system you may try to recover by using the command fsck /dev/hda1 and repeat this for each had# your machine uses (this will be hda1, hda2, and hda3 . fsck attempts to find and repair corrupted file systems. Answer yes to all repairs. This may or may not work. SECTION 1 Turn in the answer sheet with your answers. You should not turn in the lab instructions, only the answer sheet section. The first part will take approximately 2.5 hrs to complete. The second part should take approximately another 1.5 hours. 1.1 Installing RedHat Linux Enterprise Work Station 4.0 The main focus of this section is