cis 193a – lesson10 protecting your network. cis 193a – lesson10 focus question what information...
TRANSCRIPT
![Page 1: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/1.jpg)
CIS 193A – Lesson10
Protecting Your Network
![Page 2: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/2.jpg)
CIS 193A – Lesson10
Focus Question
What information contained in packets can be used as matching criteria for a firewall or network service?
![Page 3: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/3.jpg)
CIS 193A – Lesson10
Setting the VMnet1Network Address
• Run as admin the VmwareManage Virtual Networks
• The admin password isfunny Cabrillo
• Select the tab labeled:Host Virtual Network Mapping
• Click the arrow on the right and choose subnet
• Replace the third octet with your station number.
• Click Apply and OK
![Page 4: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/4.jpg)
CIS 193A – Lesson10
Verify the Change with ipconfig
![Page 5: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/5.jpg)
CIS 193A – Lesson10
DNS and Client VMs
• Copy the dns and client virtual Machines from Sybil to your Virtual Machines folder. \\172.30.1.22\vmware
• These machines are preconfigured to be on VMnet1, but they don’t have the correct IP addresses to match your network.
• You must change their hostnames and their IP addresses
![Page 6: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/6.jpg)
CIS 193A – Lesson10
Booting the VMs
• Bring up the router vm first:– Set eth1 IP address to 192.168.XX.2
• Bring up the webserver vm second:– Change IP address to 192.168.XX.3– Add an index.html file to /var/www/html
that shows your computer’s name and IP– Update the ServerName variable in
/etc/httpd/conf/hhtpd.conf line 266
• Ping your router to check for connectivity
![Page 7: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/7.jpg)
CIS 193A – Lesson10
Booting the DNS VM
• Bring up the dns vm:– Change the hostname by substituting your
station number for the XX.– Change the IP address to 192.168.XX.4– Set the nameserver address to the above IP
address in the file, /etc/resolv.conf– Change the “XX” to your station # in files:
• /etc/named.conf• /var/named/db.localdomain• /var/named/db.XX.168.192
![Page 8: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/8.jpg)
CIS 193A – Lesson10
Booting the Client VM
• Bring up the client vm last:– Change the hostname in /etc/hosts and
/etc/sysconfig/network replacing the XX with your station number.
– Add a GATEWAY= variable to the abovenetwork file.
– Edit /etc/resolv.conf and specify your dnsXX server as the nameserver.
• Test connectivity and name resolution.
![Page 9: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/9.jpg)
CIS 193A – Lesson10
Installing a Firewall
• Download the iptables shell script from Opus:scp [email protected]:../bin/iptables.sh .
• Modify the shell script.• Run the shell script as root.• Test the firewall• Save the firewall settings usingiptables-save > /etc/sysconfig/iptables
![Page 10: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/10.jpg)
CIS 193A – Lesson10
Review
![Page 11: CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria](https://reader036.vdocument.in/reader036/viewer/2022082710/56649dcf5503460f94ac3da9/html5/thumbnails/11.jpg)
CIS 193A – Lesson10
Focus QuestionWhat information contained in packets can be used as matching
criteria for a firewall or network service?
Mostly information from Network and Transport layers are used for access controls, but MAC addresses from layer 2 and User information from the application layer may also be used.
The most common fields are src and dst IP address, src and dst port numbers, protocol, and TCP state flags such as SYN RST ACK