+1(978)310-4246 credencewriters@gmail.com
  

Description

5-1 Lab 8: Securing the pfSense Firewall

ListenReadSpeaker webReader: Listen

Focus

Hide Assignment InformationTurnitin®

This assignment will be submitted to Turnitin®.Instructions

The pfSense firewall is an open-source, BSD-based security appliance that is very widely used.

In this lab, you will secure the pfSense firewall by removing insecure and unneeded protocols.

Review this

Visual Aid PDF

and your lab guidelines and rubric document to walk through tips for how to engage with your lab as well as the guidelines for how you will be scored on your lab activities.

IMPORTANT: Each lab has a time limit and must be completed in one sitting. Labs cannot be paused or saved and later resumed. The time limit is displayed at the top of the lab screen. Once time expires, your lab environment will be reset and all information within the lab will be lost.

To take a screenshot with Windows, use the

Snipping Tool

. To take a screenshot on a Mac, use Command + Shift + 4.

Log in to

InfoSec

and complete Lab 8: Securing the pfSense Firewall. The directions for each lab are included in the lab environment. For each lab, you will be completing a lab worksheet on which you will answer questions about your experience in the lab and submit screenshots of the laboratory results as evidence of your findings. Each lab begins with a broad overview of the topic being covered in the lab, and then you will progress through each section of the lab. Within each section, you will be asked to submit a screenshot of your results. The specific step that requires a screenshot is noted in the individual rubric for each lab. When you reach the step indicated in the rubric, take a screenshot of it and paste it into the appropriate section of your lab worksheet. There may be multiple screenshots required. Carefully read and follow the prompt provided in the rubric for each lab.

To complete this assignment, review the following documents:

Lab 8 Guidelines and Rubric PDF

Lab Worksheet Template Word Document

Securing the pfSense Firewall
OBJECTIVE:
CompTIA Security+ Domain:
Domain 1: Network Security
CompTIA Security+ Objective Mapping:
Objective 1.1: Implement security configuration parameters on network devices and other technologies.
Objective 1.2: Given a scenario, use secure network administration principles.
OVERVIEW:
In this lab, you will secure the pfSense Firewall by removing insecure and unneeded protocols. pfSense is
an open source, BSD based, firewall that is a very popular and widely used security appliance.
OUTCOMES:
In this lab, you will learn to:
1. Use nmap to scan for open ports on a pfSense firewall.
2. Close unnecessary ports on a pfSense firewall.
3. Add a secure service to a pfSense firewall.
Key TermDescription
A firewall can block traffic or redirect traffic to hosts on the internal network. pfSense is an open
firewall
source firewall that uses a BSD-based firewall.
SSH
Secure shell uses port 22 and encrypts traffic, which typically provides a terminal interface.
nmap
an open source and free scanner that allows you to determine open ports on a remote host
zenmap a GUI port scanner that is a front end for the free and open source Nmap scanner
ping
an operating system utility that allows you to test for TCP/IP connectivity between hosts
Reading Assignment
Prerequisites
To review networking fundamentals, review videos 1–6 here.
Introduction
In this lab, you will implement security configuration parameters on network devices and other
technologies. Also, given a scenario, will use secure network administration principles.
FIGURE 1 – LAB TOPOLOGY FOR SECURING THE PFSENSE FIREWALL
Review of Network Security
Network security also known as cybersecurity is a specialized field in IT that includes securing a network
infrastructure from threats. A threat is an attacker that threatens the network from the inside and outside.
Threats can be hackers, viruses, malware, etc. A threat is anything that threatens the safety of
communication on a network. Securing a network infrastructure is usually done in layers using a technique
called defense in depth. Firewalls are used as the first line of defense against network attackers.
In Figure 1, you see a basic network topology that consists of network devices, clients, and servers. All
networks today consist of a series of network devices such as a switch, router, and firewall that facilitate
communication on a network. Client and servers communicate over the network via the network devices. A
firewall is a network level “wall” to inhibit or allow the flow of network traffic. Firewalls have rules set up
that tell it what network traffic to prevent or allow onto the network.
Introduction to the CIA Triad
The CIA triad, confidentiality, integrity, and availability, is a model that is used to guide cybersecurity
policies and procedures within an organization. Figure 2 shows the CIA triad.
FIGURE 2 – CIA TRIAD
Confidentiality is related to privacy with the goal of preventing sensitive information from unauthorized
use as well as allowing sensitive information to be accessed by authorized users. Integrity is making sure
information is not altered during transit or at rest by attackers. Hash values, such as MD5 (Message Digest
5) and SHA-1 (Secure Hashing Algorithm), can be used to make sure data has integrity. Availability is
making sure that the network, network devices, clients, and servers are always available to the user with
little to no downtime.
Introduction the pfSense Firewall
pfSense is an open-source firewall/router. It is very versatile and offers a number of modules such as snort.
pfSense supports not only firewall and routing functionality and virtual private network functionality but
also intrusion prevention system functionality. In this lab, we are only going to explore some of the firewall
functionality of pfSense.
Hardening a Network
In protecting networks from attackers, the firewall is the first line of defense for a network. The firewall
(Figure 3) typically sits on the Internet with a public IP address from an ISP (Internet Service Provider) and
has a list of rules that it follows to allow traffic in or to reject traffic that does meet its criteria. If you recall
the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack, you have the application,
transport, network, and data access layers. The pfSense firewall can protect network traffic at multiple
layers of the TCP/IP protocol suite. Applications, also known as services, such as file transfer protocol (FTP),
TELNET, hypertext transport protocol (HTTP), and others, use unique port numbers assigned to them by
the IANA. FTP has a port number of 21 for data, HTTP has a port number of 80, and TELNET uses the port
number of 23. These port numbers are how TCP/IP knows how to communicate from the transport layer to
the application layer. TCP/IP was not designed with security in mind, so all these applications send traffic
over the Internet in plaintext. So, if you use a Wireshark, a protocol analyzer and packet capture utility,
you can view the traffic in real time. So, to protect the actual transmission of data over TCP/IP, you want to
encrypt the data as it transmits. The secure versions of the aforementioned applications are secure copy
(SCP) on port 22, secure shell (SSH) on port 22, and secure hypertext transport protocol (HTTPS) on port
443. These applications send data over TCP/IP in ciphertext which is encrypted. Encryption is converting
data into a cipher text so attackers cannot access it. The secure applications encode the data and then
decode the data into plaintext (from ciphertext) when it reaches the destination once TCP/IP hands off the
communication to the application.
So, if you want to prevent unencrypted data from transmitting on the network, then you need to configure
the firewall to block these unsecured ports and only allow the secured ports access to the network. You
would set up firewall rules to configure your firewall. A part of a system administrator’s job is to make sure
that you close (block) unnecessary ports from accessing your network. If you leave these open, you are
opening your network up to the possibility that attackers could compromise your network.
FIGURE 3 – FIREWALL
The firewall can set up rules at different levels. A firewall can block IP addresses from accessing the
network. Recall, the transport layer has two types of communication: Transmission Control Protocol (TCP)
and User Datagram Protocol (UDP). TCP guarantees transmission and delivery of packets, whereas UDP
does not. You can set up rules for TCP and UDP services based on port number associated with those
services. Firewalls can be very powerful tools in your security toolbox, but of course, it does not provide
100% protection because attackers can make network traffic look valid which is why you need to have a
defense-in-depth mindset when designing a layered network security approach for an organization.
Common Network Security Tools
In this lab, you will use the following tools besides the firewall to assist you in your work. SSH is one such
tool that allows you to log in to network devices securely on port 22 using asymmetrical encryption. It
provides you with a secure terminal to administer remote devices. It will be the most widely used tool in
your tool chest. Ping is another tool that you will use a lot. Ping allows you to test connectivity of your
network devices on the network if ping is allowed. Nmap is a command line tool that allows you to scan
network(s) to determine open and closed ports. Zenmap is a GUI front end for nmap, which is a portscanning utility.
Introduction to NAT
Network Address Translation (NAT) is a method of mapping one IP address space into another IP address
space. Recall, the Internet Protocol (IP) address represents the logical address of a network device such as
a router, server, and/or clients. The common method of using NAT today is to map one external public IP
address that represents an organization to internal private IP addresses. Typically, the outside world only
sees one IP address for an organization. NAT’s job is to keep track of the destination IP addresses in a NAT
translation table. In your home network, you likely have several devices, including phones, tablets, smart
TVs, and computers connected to your internal network. Your internal network likely uses one of the
following reserved IP addresses:
192.168.X.X
172.16.X.X -172.31.X.X
10.X.X.X
The public IP address that all of those internal devices are using to access the public Internet comes from
your Internet Service Provider (ISP), which might be Comcast, Verizon, or another company. All IP packets
transmit at the network layer of the TCP/IP model and consists of a source IP address and a destination IP
address. NAT will modify the source IP address to the public IP address but maintain the actual source IP
address during network communication. It uses a NAT translation table to keep track of these source IP
addresses and do the translation during network transmission.
CONCLUSION:
In this chapter, you explored the world of network security at an introductory level. The CIA triad is a
model that is used to assist a network administrator in determining security policies and processes for an
organization. You explored the concept of defense in depth (layered approach to security) to protect your
network. The firewall is the first line of defense in protecting a network. Encrypting data in transmit is the
next line of protection on a network. You reviewed a few services such as SSH, SCP, and HTTPS.
Also, you explored the role of the pfSense firewall in network security and explored common network
administrator tools such as SSH, nmap, ping, and zenmap. You are now ready to do the lab—securing the
pfSense firewall.
Testing the Firewall From the External Network
1. Click on the external Windows 8.1 icon on the topology. Then double-click on the desktop cmdShortcut.
WINDOWS 8.1 ATTACK MACHINE
CMD SHORTCUT
2. Type the following command and press Enter, to view the IP Address of the Windows 8.1 machine.
C:>ipconfig
If you get a response saying “Destination host unreachable” wait 30 seconds and try the ping
again.
THE IPCONFIG COMMAND
3. Type the following command and press Enter, to test connectivity to campus.edu’s WAN IP
Address.
C:>ping 203.0.113.100
TESTING TCP/IP CONNECTIVITY
4. Type the following command and press Enter, to determine what ports are open on the firewall.
C:>nmap 203.0.113.100
PORT SCAN
Notice the flag of 999818. Click on the Challenge icon and type the flag number into the answer box.
This is just to show you how to capture Challenge Flags you will see throughout this lab.
Challenge Sample #
5. Type the following command and press Enter, to open Zenmap. After Zenmap opens, type
203.0.113.100 in the target box and then click the Scan button to launch an intense scan.
C:>zenmap
ZENMAP COMMAND
ZENMAP
This scan can take up to 4 minutes to complete. You will see the words “Nmap done” at the
bottom of the Zenmap window on the “Nmap Output” tab.
6. After the scan is complete, click the Ports / Hosts tab to view the open ports and if corresponding
banner messages are displayed. Some of the banners are coming from the internal Metasploitable
Linux machine and some from the internal Windows Server.
REDIRECTION
View the diagram. When a connection is made to the WAN IP Address (203.0.113.100), then the firewall
redirects that traffic to the Windows Server for port 21, 25, 80, 110, 443, and 3389 based traffic and to the
Linux server (Metasploitable) for ports 23, 1099, 3306, 5432, and 8180.
REDIRECTION
7. Select Scan from the menu bar and then select Quit to close Zenmap. Click Close Anyway.
QUIT ZENMAP
UNSAVED CHANGES
8. Type exit and press Enter, to leave your command prompt session.
C:>exit
APPLY CHANGES
DISCUSSION QUESTIONS:
1. What is ifconfig?
2. What is ping?
3. What is nmap?
4. What is Zenmap?
Closing Unnecessary Ports on the pfSense
Firewall
1. Click on the Windows Server icon on the topology. After the server is loaded, press the Send
Ctrl+Alt+Delete button in the upper right corner.
WINDOWS SERVER
CTRL+ALT+DELETE BUTTON
2. Log on as administrator with the password of P@ssw0rd, then click the arrow.
LOG ON TO WINDOWS SERVER
3. Double-click on the Mozilla Firefox icon on the desktop to launch Firefox.
SHORTCUT TO FIREFOX
4. Type 192.168.1.254 in the URL bar and press Enter to connect to the pfSense Firewall.
PFSENSE LOGIN
5. For the username, type admin, and for the password, type pfsense. Click Login.
PFSENSE LOGIN
6. Click on Firewall and then click on Rules.
FIREWALL RULES MENU ITEM
Challenge #
Challenge #
7. Click on the LAN icon on the desktop to launch the Firewall: Rules for LAN.
SHORTCUT TO LAN FIREWALL RULES
6. Get the information for below Challenge Flag by using the same techniques from the previous steps.
Challenge #
6. Go to Firewall in the pfSense menu bar and then select NAT from the menu bar.
NAT
7. Check all protocols except TCP 443(HTTPS) and 3389 (MS RDP). Then click the upper righthand X to
remove.
PORT FORWARD RULES
8. Click OK when you are asked if you really want to delete the selected rules.
CLICK OK
9. Click Apply changes so that all of the ports will be removed other than the two listed.
APPLY CHANGES
10. Click System from the pfSense menu bar and then select Logout. Then click the X in the upper
right corner to close Mozilla Firefox.
LOGOUT
CLOSE FIREFOX
11. Click on the external Windows 8.1 icon on the topology. Double-Click the cmd-Shortcut link.
WINDOWS 8.1 MACHINE
CMD SHORTCUT
12. Type the following command and press Enter, to determine what ports are open on the firewall.
C:>nmap 203.0.113.100
This scan may take up to 30 seconds to complete.
PORT SCAN
13. Type the following command and press Enter, to open Zenmap. After Zenmap opens, type
203.0.113.100 in the Target box and then click the Scan button to launch an intense scan.
C:>zenmap
ZENMAP COMMAND
ZENMAP SCAN
This scan may take up to 4 minutes to complete. When it’s complete you will see “Nmap done” at
the bottom of the Zenmap box.
14. After the scan is complete, click the Ports / Hosts tab to view the open ports and corresponding
banner messages from the internal Windows Server.
REDIRECTION
15. Select Scan from the menu bar and then select Quit to close Zenmap.
QUIT ZENMAP
16. Click Close anyway to exit the Unsaved changes dialogue box.
UNSAVED CHANGES
17. Type exit to leave your command prompt session.
C:>exit
THE EXIT COMMAND
DISCUSSION QUESTIONS:
1. What is pfSense?
2. What port does HTTPS run on?
3. What is NAT?
Adding a Secure Service to the pfSense Firewall
1. Click on the Window Server icon on the topology. Double-click on the Mozilla Firefox icon on the
Windows Server desktop to launch Firefox.
WINDOWS SERVER
SHORTCUT TO FIREFOX
2. Type http://192.168.1.254 in the URL bar and press Enter, to connect to the pfSense
Firewall.
PFSENSE FIREWALL
3. For the username, type admin, and for the password, type pfsense. Click Login.
PFSENSE LOGIN
4. Go to Firewall in the pfSense menu bar and then select NAT from the menu bar.
NAT
5. Click the + button to add a NAT port forwarding rule.
PORT FORWARD RULES
6. Under Destination port range, click the dropdown box and select SSH (for to and from). In the
Redirect target IP, type 192.168.1.30. In the Redirect target port box, type 22. Click the Save
button.
REDIRECT IP
7. Click Apply changes so that SSH will be added to the list of allowed ports.
APPLY CHANGES
8. Click System from the pfSense menu bar and then select Logout. Then click the X in the upper
right corner to close Mozilla Firefox.
LOGOUT
CLOSE FIREFOX
9. Click on the external Windows 8.1 icon on the topology. Double-Click the cmd-Shortcut link.
WINDOWS 8.1 MACHINE
CMD-SHORTCUT
10. Type the following command and press Enter, to determine what ports are open on the firewall.
C:>nmap 203.0.113.100
PORT SCAN
11. Type the following command and press Enter, to open Zenmap. After Zenmap opens, type
203.0.113.100 in the Target box and then click the Scan button to launch an intense scan.
C:>zenmap
ZENMAP COMMAND
ZENMAP SCAN
12. After the scan is complete, click the Ports / Hosts tab to view the open ports and corresponding
banner messages from the internal Windows Server.
REDIRECTION
13. Select Scan from the menu bar and then select Quit to close Zenmap.
QUIT ZENMAP
14. Click Close anyway to exit the Unsaved changes dialogue box.
CLOSE ANYWAY
15. Type exit and press Enter, to leave your command prompt session.
C:>exit
THE EXIT COMMAND
16. Double-click the link to PuTTY.exe on your desktop.
PUTTY
17. Type 203.0.113.100 in the Host Name (or IP address) and click Open.
PUTTY IP ADDRESS
18. If you see the PuTTY Security Alert, click Yes. If not, move to the next step.
PUTTY
20. For the username, type root, and press Enter. For the password, type msfadmin and press
Enter.
Note: For security reasons, as you type the password, it will not be displayed.
PUTTY
21. Type the following command and press Enter, to display the IP Address of the internal Linux
Metasploitable machine where you are redirected by the pfSense Firewall.
root@metasploitable:~# ifconfig
THE IFCONFIG COMMAND
22. Type the following command and press Enter to view information about the root account. Notice
that the root user has a UID of 0.
root@metasploitable:~# id root
ID COMMAND
22. Type the following command and press Enter to view information about the flag5 account.
root@metasploitable:~# id flag5
ID COMMAND
Challenge #
23. Type the following command and press Enter to view information about the flag6 account.
root@metasploitable:~# id flag6
ID COMMAND
Challenge #
24. Type the following command and press Enter, to close the SSH terminal session.
root@metasploitable:~# exit
THE EXIT COMMAND
23. Double-click on the WinSCP shortcut on your desktop.
WINSCP
24. In the File protocol dropdown box, change the protocol to SCP. In the Host name box, type
203.0.113.100. For the username, type root, and for the password, type msfadmin. Click
Login.
LOGIN
25. Click Yes when you are asked to continue connecting to an unknown server and add its host key to
a cache.
YES
26. Drag img7.jpg from the left pane to the Desktop folder on the right pane.
DRAG THE FILE
Note: Img7.jpg will now be in both locations.
27. Click the X in the upper right hand corner of the WinSCP application to close the program.
CLOSE WINSCP
28. Click OK to terminate the session root@203.0.113.100.
TERMINATE THE CONNECTION
Note: Press the STOP button to complete the lab.
DISCUSSION QUESTIONS:
1. What is SSH?
2. What protocol was SSH meant to replace and why?
3. What port does SSH run on?
© Infosec Learning, LLC. All rights reserved.

Purchase answer to see full
attachment

  
error: Content is protected !!