Applied Security Lab 2: Personal Firewall Network Security Tools and Technology: Host-Based Firewall/IDS Using Sysgate

Applied Security Lab 2: Personal Firewall Network Security Tools and Technology: Host-based Firewall/IDS using Sysgate

Name: ______

Due Date: Wednesday (March 3, 2010) by 8:00 a.m.

Instructions:

• The Lab 2 Write-up (template for answering lab questions - .doc) can be found on the course website under the Assignment’s folder. • Lab submissions must be typed using the Lab 2 Write-up template! • Lab Write-up’s must be uploaded to Blackboard in the Assignment’s folder where the laboratory assignment description is located. ALL resources used to complete this assignment must be referenced and sited, this includes, books, articles, websites, etc.)

Goals: In this lab you will learn how to: 1. Use a host-based firewall/IDS to detect system-level attacks. 2. Learn about the capabilities of firewalls by working with a popular personal firewall – Sygate.

Background: A simple definition of firewall is a method and/or software or hardware that regulates the level of trust between two networks using hardware, software, or both in combination. Normally, one of these networks is a trusted network such as a corporate LAN, while the other is considered to be untrusted, such as the Internet. There are four primary categories that firewalls fall into:

1. Packet filtering – A packet-filtering firewall examines the header of each packet and decides whether to let the packet continue or not based upon a defined set of rules such as source/destination IP address, source/destination port, protocol involved, and so on. 2. Stateful packet inspection – A stateful packet firewall takes packet filtering up a notch. SPI firewalls keep a running log of the actions particular packets bring about, where they go, and so on. This allows the current status quo to be monitored for abnormalities, whether it involves a sequence of events or possibly Application-layer data that performs some forbidden action. 3. Application-level proxies – A application-level proxy actually serves as a buffer of sorts between incoming data and the system it is trying to access. These firewalls run a portion of the Application-layer code that is coming in and determine whether its behavior is acceptable before letting it pass. However, this type of firewall does incorporate some additional overhead. 4. Circuit-level proxies – A circuit-level proxy performs most of the functions of SPI firewalls and application-level proxies, making them the most versatile of the firewall technologies being created today.

In this Lab you will use Sygate Personal Firewall:

Sygate Personal Firewall is much more than a user-friendly and advanced personal firewall; it is a bi-directional intrusion defense system. It ensures your personal computer is completely protected from malicious hackers and other intruders while preventing unauthorized access from your computer to a network. In essence, it is designed to make your protected machines invisible to the outside world. That makes it a must-have security measure for any PC that connects to a private network or the public Internet. Once you`ve been compromised, every other network you connect to is at risk; including your home, business and online bank accounts.

Procedure:

This lab assignment will walk through some common configuration and attack detection and blocking with the trial version of Sygate Personal Firewall.

BEFORE STARTING ACTIVITY 1:

1. Start and Log into the VMware Vsphere Client.

2. Make sure BOTH virtual machines are Powered On (cchatmon-baseline AND seagate master).

3. Open the Seagate Master Console.

4. After the Operating System has loaded, Press CTL + Shift + Enter to maximize the window.

Activity 1:

1. Click the executable on the desktop entitled: sygate562808.exe.

2. Click Next on the Welcome to the Seagate Personal Firewall Installation Wizard page.

3. Choose I Accept the License Agreement and click Next.

4. Click Next on the destination folder page to accept the default folder.

5. Click Next to begin Installation.

6. Click the Finish button to exit Installation.

7. Click Yes to restart the machine.

8. Once the machine has restarted, click Start -> All Programs -> Sygate Firewall -> Sygate Firewall.

9. Click the Register Later Button. **Sygate Personal Firewall allows users to see the actual traffic moving through your network. It also allows you to see a graph which displays Attack History. An example is shown in Figure 1.**

Figure 1: Sygate Alert Window

Activity 2:

1. Name three applications currently running on the machine.

Test the Settings of the Sygate Firewall by:

2. Clicking Start -> Run -> Type cmd into the drop down box -> Click OK to open the Command Prompt Window.

3. Type -> ping 192.168.10.2 -> Press Enter

4. Did an error message display on the screen? If yes, Click on Details.

 What is the connection origin?

 What is the Protocol?

 What is the Local Address?

 What is the ICMP Type?

 What is the Remote Address?

5. Click No to close the dialog box. (If the dialog box appears again click No).

6. Click Security located on the Menu Bar and Select Allow All.

Test this setting by:

7. Clicking Start -> Run -> Type cmd into the drop down box -> Click OK to open the Command Prompt Window.

8. Type -> ping 192.168.10.2 -> Press Enter

9. Did you receive a Reply in the Command Prompt window?

 From What IP Address?

 How Many Packets?

10. Close the Command Prompt Window and Return to the Sygate Personal Firewall.

11. Click Security located on the Menu Bar and Select Block All.

12. Select Yes to continue.

Test this setting by:

13. Clicking Start -> Run -> Type cmd into the drop down box -> Click OK to open the Command Prompt Window.

14. Type -> ping 192.168.10.2 -> Press Enter.

 What message did you receive in the Command Prompt Window? Outside Research Questions (Answer the following questions IN YOUR OWN WORDS by conducting research using the internet, books, etc.)

1. What is a ping request/message?

2. How does a firewall work?

3. What is the main difference between host and network based firewalls?

4. What is the name of the standard firewall loaded on Windows operating systems?

5. Is it possible to run more than one personal firewall on your computer? If not, why?

6. Does a firewall remove viruses from your computer?

7. What is the command that you should type at the command prompt to find your IP address?

8. What is IP spoofing?