Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
This document is provides the steps for setting up virtual machines for use with the Principles of Computer Security CompTIA Security+ and Beyond. There are a number of virtual platforms such as VMWare, Virtual PC, Xen, Parallels, and Virtual Box. The instructions for setting up the environment do not address steps specific to any single platform. The lab technician who prepares the machines for the lab exercises will need to be familiar with the particular brand of virtualization in their environment and configure it as appropriate. The lab exercises are written for both a Windows and Linux environment. There are several lab exercises in which both environments are required so it is recommended that you set up all 4 virtual machines. The lab environment required for each lab exercise is designated by the letter w, l, m or i in the title. The letter w is for a Windows environment, l is for the Linux environment, m is for a mixed environment, and i is for the host computer or any other computer that has internet access. So for example, Lab 3w would require the Windows environment and Lab 3l would require the Linux environment.
1 of 18
2 of 18
There are a number of different ways to deploy virtual machines. The following requirements are for a single host running software such as VMware Workstation, VMware Player, or Virtual PC. Minimum Requirements CPU 1.3 GHz or faster (Pentium Core or better recommended) RAM 2 Gig (4 Gig Recommended) HD -- 20 Gig of free space
Setup the Virtual Machine
The virtual machine for the XP installation will need the following: 1. Use at least a 10 GB partition for the C Drive. 2. Create a second hard drive at least 100MB. (The file name suspect_image will go in this drive.) 3. The RAM should be set for at least 512 MB. 4. You will need to set up the networking for host only so that no traffic from the virtual environment can make it to the actual network. 5. You may also want to disable any file sharing or copying and pasting of files to and from the virtual machine. Some of the software on the virtual machines is considered malicious code and should not leave those machines. If you are unsure of how to do this, please refer to the support provided by the vender of your virtualization product. NOTE: You need XP SP1 for this install. XP SP1 has several vulnerabilities that are used to demonstrate the need for proper patching and updating. If you use a later distribution, some labs may not work.
3 of 18
4) On the next screen, select Format the Partition Using the NTFS File System and press Enter. When the computer is done formatting, it will reboot and go into the GUI portion of the installation 5) On the Regional and Language Options screen, click Next. 6) On the Personalize Your Software screen, type Security Student in the Name box. 7) In the Organization box, type Computer Security and click Next. 8) On the Your Product Key screen, type your product key and click Next. 9) View the Computer Name and Administrative Password screen: a) In the Computer Name: box, type winxppro. a) In the Password box type, password. b) In the Confirm Password box type, password. c) Click Next. 10) On the Date and Time Settings screen, set the correct date and time and select the appropriate time zone. Click Next. 11) On the Network Settings screen, select Custom Settings and click Next. 12) On the Networking Components screen, select Internet Protocol (TCP/IP) and click Properties. 13) On the Internet Protocol (TCP/IP) Properties screen, select Use the Following IP Address. 14) In the IP Address box, type 192.168.100.101 15) In the Subnet Mask box, type 255.255.255.0 16) In the Default Gateway box, leave blank 17) In the Preferred DNS Server box, type 192.168.100.102 18) Click Ok. 19) Click Next. 20) On the Workgroup or Domain screen, click Next.
4 of 18
a) The installation will complete and the computer will reboot. 21) On the Welcome to Microsoft Windows screen, click Next. 22) On the How Will This Computer Connect to the Internet? Screen, click Skip. 23) On the Ready to Activate Windows? screen select No, remind me every few days, and click Next. 24) View the Who Will Use This Computer? screen a) In the Your Name: box, type Admin b) In the 2nd User: box, type labuser c) In the 3rd User: box, type labuser2 d) Click Next. 25) On the Thank You screen, click Finish. 26) On the Log in screen, click Admin. Set Internet Explorers page to blank. 1) 2) 3) 4) 5) Click Start > Internet Explorer. On the menu bar click Tools > Internet Options On the General tab, under Home page, click the Use Blank Button. Click OK. Close Internet Explorer.
5 of 18
Nmap Zenmap 1. In the Software Installation folder, double click nmap-5.21-setup. 2. Click I Agree and click Next. (Notice it will include WinPcap 4.1.1 which is needed for other programs as well.) 3. Continue to click Next until the end of the installation. Default settings are fine for this setup. Wireshark 1. 2. 3. 4. In the Software Installation folder, double click wireshark-win32-1.2.8. Click Next and click I Agree to the Terms of service. Verify that all of the boxes are ticked and click Next. Uncheck the Quick Launch Icon checkbox and check the Desktop Icon checkbox, then click Next. 5. Continue to click Next until the window shows to install WinPcap. Make sure the checkbox is not checked and click Install. (This was installed with Nmap) 6. When the setup is complete, click Next and then click Finish. 7 Zip 1. In the Software Installation folder, double click 7z465. 2. Click Install and after the setup copies files, click Finish. Create a Tools Folder on the desktop and put the following installer files in it: File Winpcap3.0.exe Snort 2_8_6_1 Camouflage WinPT Putty WinSCP Service Pack 3 URL www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ http://support.microsoft.com/?kbid=936929 Required for Lab Exercise 9.2 9.2 6.3 8.1 8.2 8.3 7.1
Suspect_image file You should have created a second hard drive of at least 100 MB. Format the drive and put the file called suspect_image on the drive. Take a snap shot.
6 of 18
When you are done configuring the virtual machine, make sure to take a snapshot of the base image. You should do this for all of the virtual machines when they are deployed so that if a student makes a change, it will be easy to revert back to the original state which all the labs depend upon.
7 of 18
There are a number of different ways to deploy virtual machines. The following requirements are for a single host running software such as VMware Workstation, VMware Player, or Virtual PC. Minimum Requirements CPU 1.3 GHz or faster (Pentium Core or better recommended) RAM 2 Gig (4 Gig Recommended) HD 20 Gig of free space
Setting Up the Virtual Machine
1. Use at least a 10 GB partition for the C Drive. 2. The RAM should be set for at least 512 MB but 1 GB is recommended 3. You will need to set up the networking for host only so that no traffic from the virtual environment can make it to the actual network. 8 of 18
4. You may also want to disable any file sharing or copying and pasting of files to and from the virtual machine. Some of the software on the virtual machines is considered malicious code and should not leave the machines. If you are unsure of how to do this, please refer to the support provided by the vender of your virtualization product. 5. You will need to mount the SecondaryHarddrive image as the D drive. (This file is used only for lab 10.1 and 10.2) Mount the Windows Server 2003 Standard CD and begin the install. 1) On the Welcome to Setup screen, press Enter to continue 2) On the Windows Licensing Agreement, press F8 to continue 3) On the Windows Server 2003 Setup Screen, press C to create a new partition 4) On the next screen, press Enter to accept the default. 5) On the next screen, make sure Format Partition Using the NTFS file System is selected. Press Enter to continue. Windows 2003 will begin to install partition and format the drive. It will then begin to copy the files needed for the rest of the install. The next portion of the install will take a bit of time depending on your processor speed. 6) On the Regional and Language Options Screen click Next 7) On the Personalize Your Software screen a) Name Computer Security Student b) Organization Computer Security c) Click Next. 8) On the Product Key Screen, enter in your product key and click Next 9) On the Licensing Modes Screen accept the default (per server 5) and click Next. NOTE: You will have to activate the installation later. This process will vary depending on your licensing agreement. Contact your network administrator if you are unsure of this process. 10) On the Computer Name and Administrative Password Screen a) Computer Name WIN2K3SERV
9 of 18
b) Administrative password adminpass (This is an extremely weak password but is being used only for educational purposes and will be changed later in the labs) c) Confirm password - adminpass d) Click Next e) When prompted Are you sure you want to continue with the current password? click Yes. 11) On the Date and Time screen, enter the correct date and time as well as your time zone and click Next 12) On the Networking Settings screen select Custom Settings and click Next 13) On the Networking Components screen Select Internet Protocol and then click on Properties 14) On the Internet Protocol screen select Use the Following IP Address a) IP address 192.168.100.102 b) Subnet Mask 255.255.255.0 c) Default Gateway blank d) DNS 192.168.100.202 e) Click OK f) Click Next. 15) On the Workgroup or Computer Domain Screen, click Next 16) The Completing the Windows 2003 Setup Wizard will show when the installation is complete 17) Click on Finish 18) The Windows 2003 Login Screen will appear. a) Press the Right Alt + Del key (not Ctrl +Alt + Del) b) Username Administrator c) Password adminpass d) Click OK 19) When the Server has completed booting up you will get Manage Your Server Screen. a) Check the box next to Dont Display This Page at Logon and close the screen.
10 of 18
NOTE: You may need to install the virtualization tools for your particular platform. These tools enhance the interaction with the virtual machine (improved display and mouse performance). Refer to your virtualization software documentation.
11 of 18
10) Click OK. 11) Close Internet Information Services Manager. Currently the only accounts available on this virtual machine are the administrator account and the guest account, which is disabled. Lets now create a user account. 1) Click Start, right click My Computer and click on Manage. 2) In the Tree pane of Computer Management window click on Local Users and Groups 3) Right click Users folder and select New User 4) In the New User window a) In the User Name: box type labuser b) In the Full Name: box type Lab user c) In the Description: box type User account for lab exercises d) In the Password: box type password e) In the Confirm Password: box type password f) Select User cannot change password g) Select Password never expirers h) Click Create i) Click Close 5) Close computer management
12 of 18
Additional Software
Download and place the files in the location indicated. File Winpcap3.0.exe Snort 2_8_6_1 McAfee_Antispyware_Trial McAfee_VirusScan_Trial Camouflage WinPT fakedel Keylog5 Nbserv-2.5 URL www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ Littlesister.de http://packetstormsecurity.org/files/view/15727/nbpro21 0.exe Lab 9.2 9.2 7.2 7.2 6.3 8.1 5.3 10.1 location Tools Tools Tools Tools Tools Tools Wwwroot, renamed as update.exe D drive
13 of 18
(2)Steps at a Glance
14 of 18
5)
Setup the network configuration. Edit the file: /etc/network/interfaces remove: iface eth0 inet dhcp Add:
iface eth0 inet static address 192.168.100.202 netmask 255.255.255.0 network 192.168.100.0
If you are using VMware and want to access this from your base machine, you would manually setup your vmnet address (of the base machine) to 192.168.100.1 The nice feature of this is that you can then ssh into the virtual machine from a terminal and will be able to copy and paste this easily. ex: on a mac running vmfusion
vmnet8: flags=8863 mtu 1500 inet 192.168.237.1 netmask 0xffffff00 broadcast 192.168.237.255 vmnet1: flags=8863 mtu 1500 inet 192.168.88.1 netmask 0xffffff00 broadcast 192.168.88.255 root# ifconfig vmnet1 192.168.100.1 vmnet1: flags=8863 mtu 1500 inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
3. Setup the network configuration. Edit the file: /etc/network/interfaces remove: iface eth0 inet dhcp Add: iface eth0 inet static address 192.168.100.201 netmask 255.255.255.0 network 192.168.100.0 Comment out the interface lines for (eth1 eth2 ath0 wlan0) by placing a # as the first character.
15 of 18
Create UserAaccounts
The labs depend upon having the accounts labuser and labuser2. Run the following commands on both the metasploitable machine (linuxserv) and the backtrack machine. 1. 2. 3. 4. 5. 6. useradd -m -s /bin/bash labuser passwd labuser Create the password of password useradd -m -s /bin/bash labuser2 passwd labuser2 Create the password of password
Setup DNS
At this point we need to create the dns for the virtual machines. 1. The dns configuration is in the directory /etc/bind Edit the file named.conf.local Synopsis: You will comment out the global items and add the security.local lines: So you will comment out: (add // to the beginning of the line)
//prime the server with knowledge of the root servers //zone "." { // type hint; // file "/etc/bind/db.root"; //};
You can cp
db.local db.security.local
; ; BIND data file for domain security.local ; $TTL 604800 @ IN SOA security.local. root.securitylocal. (
16 of 18
2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS linuxserv.security.local. @ IN A 127.0.0.1 @ IN AAAA ::1 winxppro IN A 192.168.100.101 win2kserv IN A 192.168.100.102 linuxcl IN A 192.168.100.201 linuxserv IN A 192.168.100.202
3. The file /etc/bind/db.100.168.192 should be created. You can cp db.255 db.100.168.192 and then edit the file to be as below) db.100.168.192
; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 101 IN PTR winxppro.security.local. 102 IN PTR win2k3serv.security.local. 201 IN PTR linuxcl.security.local. 202 IN PTR linuxserv.security.local.
Setup Email
Edit /etc/postfix/main.cf
set mydestination = localhost, linuxserv, linuxserv.security.local, security.local
17 of 18
This completes the setup. Be sure to take snapshots of the virtual machines once you have completed the install. Please send questions to support@securitylabmanual.com. Check www.securitylabmanual.com for updates, new lab exercises, errata and other resources to support the security curriculum.
18 of 18