CIS 193A – Lesson10

Protecting Your Network

CIS 193A – Lesson10

Focus Question

What information contained in packets can be used as matching criteria for a firewall or network service?

CIS 193A – Lesson10

Setting the VMnet1Network Address

• Run as admin the VmwareManage Virtual Networks

• The admin password isfunny Cabrillo

• Select the tab labeled:Host Virtual Network Mapping

• Click the arrow on the right and choose subnet

• Replace the third octet with your station number.

• Click Apply and OK

CIS 193A – Lesson10

Verify the Change with ipconfig

CIS 193A – Lesson10

DNS and Client VMs

• Copy the dns and client virtual Machines from Sybil to your Virtual Machines folder. \\172.30.1.22\vmware

• These machines are preconfigured to be on VMnet1, but they don’t have the correct IP addresses to match your network.

• You must change their hostnames and their IP addresses

CIS 193A – Lesson10

Booting the VMs

• Bring up the router vm first:– Set eth1 IP address to 192.168.XX.2

• Bring up the webserver vm second:– Change IP address to 192.168.XX.3– Add an index.html file to /var/www/html

that shows your computer’s name and IP– Update the ServerName variable in

/etc/httpd/conf/hhtpd.conf line 266

• Ping your router to check for connectivity

CIS 193A – Lesson10

Booting the DNS VM

• Bring up the dns vm:– Change the hostname by substituting your

station number for the XX.– Change the IP address to 192.168.XX.4– Set the nameserver address to the above IP

address in the file, /etc/resolv.conf– Change the “XX” to your station # in files:

• /etc/named.conf• /var/named/db.localdomain• /var/named/db.XX.168.192

CIS 193A – Lesson10

Booting the Client VM

• Bring up the client vm last:– Change the hostname in /etc/hosts and

/etc/sysconfig/network replacing the XX with your station number.

– Add a GATEWAY= variable to the abovenetwork file.

– Edit /etc/resolv.conf and specify your dnsXX server as the nameserver.

• Test connectivity and name resolution.

CIS 193A – Lesson10

Installing a Firewall

• Download the iptables shell script from Opus:scp logname@opus.cabrillo.edu:../bin/iptables.sh .

• Modify the shell script.• Run the shell script as root.• Test the firewall• Save the firewall settings usingiptables-save > /etc/sysconfig/iptables

CIS 193A – Lesson10

Review

CIS 193A – Lesson10

Focus QuestionWhat information contained in packets can be used as matching

criteria for a firewall or network service?

Mostly information from Network and Transport layers are used for access controls, but MAC addresses from layer 2 and User information from the application layer may also be used.

The most common fields are src and dst IP address, src and dst port numbers, protocol, and TCP state flags such as SYN RST ACK