Scribd Logo
Carica

Benvenuto in Scribd!

  • 31 APS Lab1

    Caricato da

    Abdias Vazquez Martinez
    59 visualizzazioni6 pagine
    arbor

    Titolo originale

    31_APS_Lab1

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    arbor

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    59 visualizzazioni6 pagine

    31 APS Lab1

    Caricato da

    Abdias Vazquez Martinez
    arbor

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

     

    Lab 1
    Scenario: Customer is under attack

    Overview

    Description
    This lab introduces you to the Pravail APS installation, initial
    configuration and upgrade processes. You will learn about essential steps
    performed. This lab is divided into the following parts:
    • Installation of Pravail APS in monitor mode
    • Initial CLI configuration using wizard

    • Upgrade process
    • Attack monitoring

    Setup

    DCN
    mgt0 mgt1

    Victim
    ext0 int0

    Internet
    2 Mbps
    last mile

    Infrastructure that does


    not need protection

    Student 31 L1-1
    Pravail APS Installation, Initial configuration and Upgrade
    Lab 1

    In this lab Pravail APS will be setup in monitor mode. Interfaces are
    connected in the following way:

    • ext0 is receiving copies of packets coming from the internet


    • int0 is receiving copies of packets coming from the data center
    • mgt0 is connected to out of band management network
    • mgt1 is connected to the data center. It is used for Pravail APS to
    access the internet

    Objectives
    After completing this lab, you will be able to do the following:
    • Perform installation and initial configuration of Pravail APS in monitor mode;

    • Perform upgrade of Pravail APS.

    Equipment/Tools
    The following equipment is required to complete this lab:
    • web browser (Chrome or Firefox)
    When accessing training labs, you will be prompted for Training Portal
    Authentication. Use following credentials:

    • Login: student31
    • Password: 76obQMem21

    Estimated Completion Time


    • The estimated completion time for this lab is 1 hour.

    Connectivity verification

    1. Verify that you can access the victim web server at

    https://victim-pod31.training.arbor.net/

    2. Ask instructor to start AIF low attack

    3. Verify that victim is no longer available

    L1-2 Student 31 Pravail APS 5.6


    Lab 1 Pravail APS Installation, Initial configuration and Upgrade

    Pravail APS Installation

    Serial console access


    In this section you will use web SSH client to connect to the console server,
    managing serial console port of your Pravail APS lab appliance.
    Console server address: https://cli.training.arbor.net/ssh/
    Host/IP: 10.2.25.129
    Port: 22
    User: student31
    Password: 76obQMem21

    1. To access Pravail APS serial console press 1

    2. After you have successfully completed step above, ask instructor to


    start your Pravail APS instance

    Installation process
    In this section we will perform initial installation steps. These steps are
    typically performed on new Pravail APS appliance after power on.
    1. Wait while Pravail APS installation process prepares hard drive and
    copies necessary software packages.
    2. Set system hostname to APS-LAB31
    3. Set IP address of mgt0 interface to 10.2.25.161
    4. Set Network mask of interface mgt0 to 255.255.255.128
    5. Skip media setting for interface mgt0 (press Enter)
    6. Set IP address of mgt1 interface to 192.168.131.3
    7. Set Network mask of interface mgt1 to 255.255.255.240
    8. Skip media setting for interface mgt1 (press Enter)
    9. Set default gateway to 192.168.131.14
    10. Permit HTTPS access from any network – type 0.0.0.0/0 as the first entry
    and confirm that there are no more entries by pressing enter for [done]
    11. Permit ICMP Ping access from any network – type 0.0.0.0/0 as the first
    entry and confirm that there are no more entries by pressing enter for [done]
    12. Skip cloud signal protocol ACL configuration (press Enter)

    Student 31 L1-3
    Pravail APS Installation, Initial configuration and Upgrade
    Lab 1

    13. Permit SSH access from any network – type 0.0.0.0/0 as the first entry and
    confirm that there are no more entries by pressing enter for [done]
    14. Check that current date/time matches actual clock in UTC time zone.
    Format of the string is MMDDhhmm[[CC]YY][.ss]

    Initial CLI configuration


    In this section, you will learn how to perform initial system configuration
    via CLI. This includes changing admin user password, configuring DNS
    service, entering license key and starting Pravail APS service.
    1. Log into the CLI using default login credentials of admin/arbor
    2. Use services aaa local password admin interactive command to
    change admin user password. Change admin password to 76obQMem21
    3. Configure a static route to the rest of DCN network using ip route add
    10.0.0.0/8 10.2.25.254 command
    4. Configure 8.8.8.8 as your dns server using services dns server add
    8.8.8.8 command
    5. Set license key using following command (license key is typically
    provided by ATAC)
    / system license set Pravail "PRA-APS-2104 expires: 1451679629"

    MF1VC-R1VTX-165M9-WZ49G-9PAWR-006M9-10HP9-ZWDS8-E3ZC4
    6. Configure Pravail APS to run in monitor mode
    services aps mode set monitor
    7. Start Pravail APS service (services aps start)
    8. Save configuration (config write)
    Initial start of Pravail APS service may take few minutes.

    Initial GUI configuration


    1. Log into https://pod31.training.arbor.net/
    using credentials you have configured. Note that you will be presented
    with proxy authentication first, use your student login: student31
    2. Change system time zone to local on Administration->General page.
    Also make sure that date format and hour format are set conveniently
    to you.
    3. Configure 10.2.25.129 as SMTP server.
    This will clear up alert you are getting after initial installation. You
    can review this alert in Administration->System Alerts.

    L1-4 Student 31 Pravail APS 5.6


    Lab 1 Pravail APS Installation, Initial configuration and Upgrade

    4. Network administrator mandated all software and signature auto-


    updates to be perform through corporate proxy 10.2.25.4:8888. In order
    to conform to that requirement, navigate to Administration->ATLAS
    Intelligence Feed and make necessary configuration. Verify that AIF
    update via proxy is successful.

    Pravail APS upgrade


    As a part of this training, we will perform system upgrade. Typically
    upgrade files are uploaded through GUI (Administration->Files), but for
    sake of simplicity we will use direct transfer from remote file server.
    1. Upgrade files are located on local anonymous FTP server 10.2.25.129.
    To copy files to your Pravail APS appliance, use following commands:
    system file copy ftp://10.2.25.129/arbos-5.3-EJTJ-i686-vlab disk:
    system file copy ftp://10.2.25.129/Pravail-APS-5.6-EJTJ-vlab disk:
    2. Stop Pravail APS service using services aps stop
    3. Pravail APS version 5.6 and newer requires AIF license key for AIF
    operation. It is a good idea to set one prior to upgrade. Configure it
    using the following command (license key is typically provided by
    ATAC)
    / system license set ASERT "PRA-APS-AIF-ADVANCED expires: 1451673310"

    4AGX3-DPEQV-C0XWG-2PJSE-TFJEZ-PVAKB-WE6V4-P9V87-WG9WC
    4. Save configuration (config write)
    5. Uninstall old Pravail APS package using system files uninstall
    command. You can find exact names of installed packages in system
    file show list.
    6. Install new Arbos package using
    system file install disk:arbos-5.3-EJTJ-i686-vlab
    7. After installation of new Arbos package immediately reboot appliance
    with reload command. WARNING: do not save system configuration
    after installation of new Arbos package until you reboot the device. Due
    to lab architecture limitations, you will be presented with shutdown
    messages during reload process, however reload will actually happen.
    8. Install new Pravail APS package using
    system file install disk:Pravail-APS-5.6-EJTJ-vlab
    9. Start Pravail APS service (services aps start)
    10. Save configuration (config write)
    11. Log back into Pravail APS and perform full page reload to clear web
    browser local cache (Shift-Reload for most web browsers)

    Student 31 L1-5
    Pravail APS Installation, Initial configuration and Upgrade
    Lab 1

    Basic attack monitoring


    1. Check ATLAS Botnet Prevention widget of summary page, note
    matching traffic
    2. Note “Blocked traffic” and “Blocked hosts” on overview widget of
    summary page
    This completes the lab exercise.

    L1-6 Student 31 Pravail APS 5.6

    Potrebbero piacerti anche