You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dthomsen116 edited this page Feb 27, 2023
·
19 revisions
Assessment Description: For the assessment, you will be given a 3 zone network to configure that consists of:
Network Diagram:
traveler: A WAN based road warrior user running Windows 10. (this replaces the linux rw01)
edge01: A vyOS Firewall with three interfaces (WAN, DMZ, LAN). You will need to add an interface using vCenter. (this replaces fw01)
nginx01: A DMZ based nginx web server running Ubuntu (this replaces web01 and apache)
dhcp01: A LAN based dhcp server running Ubuntu
Requirements
All systems should have an accurate hostname.
All Linux systems should have a named sudo or administrator user.
The two new ubuntu systems do not have a firewall enabled, this is ok (for now)
wks1, mgmt01 should be able to surf the internet.
wks1, mgmt1 should be able to navigate to nginx01
mgmt01 should be able to ssh to nginx01
nginx01 should be able to ping log01
nginx01 and dhcp01 should have wazuh agents installed
nginx01 should have a custom web page (practice this on jump)
traveler should be able to get to nginx01's custom test page by navigating to edge01's WAN IP address.
traveler should be able to perform ssh key- based authentication with jump. Traveler is a Windows box, but ssh on powershell is nearly exactly the same as linux to include key generation. You will need to add a new public key to authorized_keys.
dhcp01 should serve a pool of dhcp addresses to the LAN from .100 to .150.
WKS1 should use dhcp addressing
Hints
You do not need to work serially through this assessment, it is the end result that matters. If you are waiting for a reboot on traveler, then start configuring your other servers.
Get all communications working BEFORE creating zones and locking down the firewalls. It's terribly difficult to debug both services and network firewalls at the same time.
Make sure to link your firewalls to the appropriate From and To zones.
Make sure you have the correct netmask on all Linux systems.
--permanent flag on centos firewall configurations, reload after change.
Restart any service if you touch a configuration file (network, nginx, rsyslog, etc…).
Make sure you include the appropriate vsphere label on all deliverables where your name is not obvious in the console.
Check every VM's network settings to make sure they are on the correct segment.
Don't forget to look at /var/log/messages to debug firewall issues.
Do not try to use the default gateway address 10.0.17.2 as your WAN interface IP address as this will cause problems for other students and might be embarrassing.
