ECE4112 Internetwork SecurityLab X: Active Directory Installation and Introduction to Network Security2.2 Web Server AttackECE4112 Internetwork SecurityLab X: Active Directory Installation and Introduction to Network SecurityGroup Number: _________ECE4112 Internetwork Security Lab X: Active Directory Installation and Introduction to Network Security Group Number: _________ Member Names: __________________________________________ Date Assigned: MM/DD/YYYY Date Due: MM/DD/YYYY Last Edited: Lab Authored By: Drew Conner and Rachel Moorehead Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the provided Answer Sheet and be sure you turn in to the TAs ALL materials listed in the Turn-in Checklist on or before the Date Due. Goal: This lab is designed to help you setup a Microsoft Active Directory network and to learn how to defend against common setup security errors and common exploits. Summary: This lab consists of three parts. In the first part, you will create a corporate network consisting of a MS Active Directory and MS SQL Server on Microsoft Server 2003 virtual machines. In the second part, you will learn how to hack into that network and compromise your AD and how to harden it against attack. Equipment Needed: In this lab you will need 3 virtual machines and your host machine. You will be creating two Microsoft Server 2003 virtual machines, one for your Active Directory and one for your SQL Server. You will be using your Windows XP machine as your attacker machine. You will be setting up your host machine as a router. Please see the diagram below for a more detailed description.Background and Theory: - Read about some basic AD security practices at: http://www.microsoft.com/technet/technetmag/issues/2006/05/SmartTips/ - Read the article that inspired this lab: http://www.informit.com/articles/article.asp?p=397660&rl=1 - Read an article about why you should protect your network: http://www.informit.com/articles/article.asp?p=397659&seqNum=1&rl=1 - Read about routing for Vmware at this address or refer back to older labs: - http://www.vmware.com/support/ws5/doc/ws_net_advanced_2hostonly_routing.html General Information: The actual space for answering questions is provided at the end of the lab in the Answer sheet. You may detach it and write the answers as you go along. You may also use the original word document on the class web site to obtain an electronic copy of the answer sheet. SECTION 1 - Corporate Network Setup1.1 Setting up your Linux host as a router To allow your host to forward or route IP packets, you need to type the following on your host machine: $ echo 1 > /proc/sys/net/ipv4/ip_forward <ENTER> Note: There should be a space before and after the greater-than sign. This places a 1 in the file /proc/sys/net/ipv4/ip_forward. Check to make sure this command was successful by typing: $ cat /proc/sys/net/ipv4/ip_forward <ENTER> (1 should be printed on your screen). When Linux receives a packet, it looks at this file, and forwards if it sees a 1. This configuration is reset each time your physical machine is rebooted, so you must retype this command every time you reboot! Remember this throughout future labs. Next we need to setup our different subnets. - From your WS4 host machine, run the vmware-config.pl:$ /usr/bin/vmware-config.pl- Use the following answers:- Accept the default directories for the first two questions.- Accept the default “yes” for the question about building a vmon module for your system.- Again accept the default directory for the location of the C header files.- “Would you like to skip networking setup and keep you old settings as they are?” No- Do you want networking for your virtual machines? Yes- Would you prefer to modify your existing network configuration using the wizard or the editor? Editor- Do you wish to make any changes to the current virtual networks settings? Yes- Which Virtual network do you wish to configure? (0-99) 1- The network vmnet1 has been reserved for a host-only network. You may change it, but it is 2highly recommended that you use it as a host-only network. Are you sure you want to modify it?(yes/no) [no] Yes- What type of virtual network do you wish to set vmnet1? (bridged,hostonly,nat,none) [none] Hostonly- Configuring a host-only network for vmnet1.- Do you want this program to probe for an unused private subnet? (yes/no/help) [yes] No- What will be the IP address of your host on the private network? 57.35.9.1 - What will be the netmask of your private network? 255.255.255.0- The following virtual networks have been defined:vmnet0 is bridged to eth0vmnet1 is a host-only network on private subnet 57.35.9.0- Do you wish to make additional changes to the current virtual networks settings? (yes/no) [yes]Yes- Which Virtual network do you wish to configure? (0-99) 2- What type of virtual network do you wish to set vmnet2? (bridged,hostonly,nat,none) [none] Hostonly- Configuring a host-only network for vmnet2.- Do you want this program to probe for an unused private subnet? (yes/no/help) [yes] No- What will be the IP address of your host on the private network? 57.35.8.1 - What will be the netmask of your private network? 255.255.255.0- The following virtual networks have been defined:vmnet0 is bridged to eth0vmnet1 is a host-only network on private subnet 57.35.9.0vmnet2 is a host-only network on private subnet 57.35.8.0.- Do you wish to make additional changes to the current virtual networks setting?(yes/no) [yes]NoStarting VMware services:Virtual machine monitor [ OK ]Virtual ethernet [ OK ]Bridged networking on /dev/vmnet0 [ OK ]Host-only networking on /dev/vmnet1 (background) [ OK ]Host-only networking on /dev/vmnet2 (background) [ OK ]What this has done is set up two virtual Host-Only Networks on /dev/vmnet1 and /dev/vmnet2. We are using the host-only networks to act like two independent subnetworks. Each virtual machine will act as if we are connecting it to an extra network card in the host.1.2 Installing WinServer2K3 Domain Controller and WinServer2K3 Web Server virtual machines Note: In this section you may need to hit control and alt keys at the same time to release your mouse from Vmware.