Chapter 7 - Labs

You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller (192.168.0.6) using Security Evaluator on the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller. - New Admin name: your choice - New password: your choice Enable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved.

- You Know How to Do This One - Steps: 1. Open Security Evaluator - Input IPv4 192.168.0.6 2. Go to Chrome and go to 192.168.0.6 - Enter admin user/password - Login - Select Administrator Tab - Click Authenticate using the admin name/password - Enter new username /password - Click Apply 3. Enable Intrusion Prevention - Select Configure - Select WIPS - Select Enable Report Rogue Devices - Apply 4. Verify

7.4.8 Scan for Vulnerabilities on a Security Appliance You are the IT security administrator for a small corporate network. You perform regular vulnerability scans on your network. Recently, you added a new network security appliance (NSA) to the network. You used the ITAdmin workstation when you configured the NSA. In this lab, your task is to: Run a vulnerability scan for the network security appliance (NSA) (198.28.56.18) using Security Evaluator on the taskbar. Remediate the vulnerabilities found in the vulnerability report on the NSA. Rename the cisco user account using the following parameters:Set a username of your choice.Set a password of your choice. Set the idle timeout to 15 minutes or less. Set LAN access only for your user (no WAN access). Allow access to your user only from the ITAdmin workstation (192.168.0.31). Re-run a vulnerability scan to make sure all of the issues are resolved.

- You Know How to Do This One - Steps: 1. Run Security Evaluator - Select Target and IPv4 Address - Input 198.28.56.18 - Run Scan and view Results 2. Open Chrome - type http://198.28.56.18 and press Enter 5. Input username/password cisco/cisco 6. Rename Account - Select Change Default Admin Password and Add Users - Select Edit for Cisco username - In username input a username - Select Check to Edit Password - Enter current password and then input a new password - Enter idle timeout and then click apply 7. Edit user policies - Under Edit User Policies select Login to configure - Select Deny Login from WAN interface & click Apply 8. Define Network Access - Under Edit User Policies select By IP - Under Defined Address, select Add - In the Source Address Type field, make sure IP Address is selected - In the Network Address/IP address field 192.168.0.31 - Click Apply - Select Allow Login only from Defined Addresses - Apply 9. Verify

7.4.7 Scan for Vulnerabilities on a Domain Controller You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.

1. Run Security Evaluator - Select Target and choose Domain Controller - Choose CorpDC - Click OK - Select Status Run/Rerun Security Evaluation - View Results 2. Select Floor 1 3. Under Networking Closet select CorpDC 4. Remediate password issues in Account Policies - From Server Manager select Tools > Group Policy Management - Expand Forest: CorpNet.local - Expand Domains - Expand CorpNet.local - Right click Default Domain Policy and select Edit - Under Computer Config, expand Policies - Expand Windows Set, Security Set, Account Policies - Select Account Lockout Policies - In right pane, right click policy and select Properties - Select Define this policy setting - Enter 60 minutes then click OK - In left pane select Password Policy - In right pane right click policy and select Properties - Select Define this Policy Setting - Enter the password setting and click OK - repeat steps for each Password policy 5. Remediate Event Log issues: - In left pane, select Event Log. - In right pane, right-click policy and select Properties. - Select Define this policy setting. - Enter the password setting and click OK. - Repeat steps for each Event Log policy. 6. Remediate System Services issues - In left pane, select System Services. In right pane, right-click policy and select Properties. - Select Define this policy setting. - Make sure Disabled is selected and click OK. - Repeat steps for additional System Services policy. 7. Verify that all the issues were resolved using the Security Evaluator: - Select Floor 1. - Select ITAdmin. - In Security Evaluator, select Status Run/Rerun Security Evaluation icon - If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.

7.4.5 Scan for Vulnerabilities on a Windows Workstation You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator on the taskbar. Remediate the vulnerabilities found in the vulnerability report on Office2 as follows: Rename the Administrator account. Disable the Guest account. Set the password for the Mary account to expire. Require a strong password for the Mary account. Unlock the Susan account. Remove the Susan account from the Administrators group. Turn on Windows Firewall for all profiles. Remove the file share on the MyMusic folder. Re-run a vulnerability scan to make sure all of the issues are resolved.

Steps: 1. Open Security Evaluator - Select Target Icon - Select Workstation - From list choose Office2 - Click OK - Select Status Run/Rerun Security Evaluation icon to run evaluation - Review results 2. Select Floor 1 3. Under Office 2 select Office2 4. On Office2, right click start and select Computer Management 5. Expand Local Users and Groups 6. Select Users 7. Rename a user account as follow - right click Administrator and select Rename - enter a new name and press enter 8. Disable the guest as follow - right click Guest and select Properties - Select Account is disabled click OK 9. Set a new password as follows - Right click Mary and select Set password - Select proceed - Enter a new password (12 char) - Confirm new password click OK 2x 10. Set a password to expire - Right click Mary and select Properties - Deselect Password never expires - Select user must change password at next logon - Click OK 11. Unlock a user account and remove the user from a group - Right click Susan and select Properties - Deselect Account is locked out click Apply - Select Members of tab - Select Administrators - Select Remove - Click OK - Close Computer Management 12. Enable Windows Firewall for all profiles as: - in search field type Control Panel - Select System and Security - Select Windows Firewall - Select Turn Windows Firewall on or off - Under Domain network settings, select Turn on Windows Firewall - Under Private network settings, select Turn on Windows Firewall - Under Public network settings, select Turn on Windows Firewall - Click OK - Close Windows Firewall 13. Remove a file share - From the taskbar, open File Explorer - Browse to C:\\MyMusic - Right click MyMusic and select Properties - Select Sharing tab - Select Advanced Sharing - Deselect Share this Folder - Click OK 2x 14. Use the Security Evaluator feature to verify all of the issues on the ITAdmin computer were resolved - Select Floor 1 - Select ITAdmin - In Security Evaluator, select Status Refresh to rerun evaluation

7.4.6 Scan for Vulnerabilities on a Linux Server You are the IT security administrator for a small corporate network. You need to use a vulnerability scanner to check for security issues on your Linux computers. In this lab, your task is to: Use the Security Evaluator to check the security:On the Linux computer with the 192.168.0.45 IP address. On the Linux computers in the IP address range of 192.168.0.60 through 192.168.0.69 Answer the questions.

Steps: 1. Run Security Evaluator - open Security Evaluator - Select Target - Select IPv4 Address - Enter 192.168.0.45 and click OK - Select Status Run/Rerun Security Evaluation icon - View results - Answer Question 2. Run a Security Evaluator report for the IP address range of 192.168.0.60-69 - Select Target - Select IPv4 Range - Input 192.168.0.60-69 - Click OK - Select Status Run/Rerun Security Evaluation - View Results - Answer questions Questions: 1. For the Linux computer with the 192.168.0.45 address, which security vulnerability passed? root- Password Does Not Expire 2. Which IP address in the 192.168.0.60-69 range has issues that need to be resolved? Select all that apply 192.168.0.65, 192.168.0.68 3. For the Linux computer with the 192.168.0.65 IP address, what is the name of the vulnerability that only had a warning? backup - Password Does Not Expire