|
Size: 860
Comment:
|
Size: 3971
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Labs = | = Network Security Labs = |
| Line 3: | Line 3: |
| '''SSL and code signing lab''': | <<TableOfContents>> First of all, you don't need to be here. All the necessary information on this page is linked from the Moodle2 website. That being said, this will contain all the necessary information to complete the labs as assigned in CPTR 427. == Topics == * [[attachment:Lab 01 Virtual Machine Setup.docx]] * [[attachment:Lab 02 Symmetric Encryption Tools.docx]] * [[attachment:Lab 03 NMAP.docx]] * [[attachment:Lab 04 Vulnerability Scanners.docx]] * [[attachment:Lab 05 Netstat and TCPDump.docx]] * [[attachment:Lab 06 Identity and Email Security.docx]] * [[attachment:Lab 07 Kerberos.docx]] * [[attachment:Lab 08 Certificate Server - Code Signing and SSL.docx]] * [[attachment:Lab 09 Forensics Survey - Wireless Security - War Drive.docx]] * [[attachment:Lab 10 IPSec and VPN.docx]] * [[attachment:Lab 11 Intrusion Detection.docx]] * [[attachment:Lab 12 Firewall.docx]] * [[attachment:Lab 13 Windows Group Policies.docx]] * [[attachment:Lab 14 Proxy Spam Filter and Smart Host.docx]] = Labs Hints = == Lab 01: Getting started with your virtual machines == For your '''Windows''' machines you will need to perform the following steps once you have received the virtual machine. 1. Change the password on owner. 1. Rename your machine (they all come out of the factory with the same name) 1. Your factory machine has not been activated. You will need a key from MSDNAA to activate your machine. 1. NOW that you have a key, activate your machine. For Ubuntu machines... 1. Change the password on owner. 2. Rename your machine to your own liking. == Lab 08: SSL and code signing lab == |
| Line 7: | Line 44: |
| 1. When installing your certificate authority, you should install an enterprise CA. 1. Click on the server name in IIS Manager, then double click on Server Certificates 1. Create a certificate request (right hand pannel) 1. Make sure to fill in your data correctly. |
|
| Line 8: | Line 49: |
| '''Windows NTFS/Share Permissions Lab''' | Before you submit the request you need to change the permissions on the Web Server template. 1. Open Certificate Authority from Administrative Tools 1. Click the + symbol to expand your CA 1. Right Click on Certificate Templates and click Manage. 1. Double Click on "Web Server" 1. Click the Security Tab and add the "Enroll" permission to Authenticated Users. 1. Click OK. 1. Close the Certificate Template Console Window 1. Restart the certificate service (right click on the CA, All tasks, stop... then start). Submitting your request to the Enterprise Certificate Authority through the gui will give you an error: {{{ The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the Certificate Template request attribute. }}} From [[http://pdconsec.net/blogs/davidr/archive/2008/08/13/No_2D00_Certificate_2D00_Template_2D00_In_2D00_Request.aspx|this site]] we found that there is a command line way to specify the certificate: {{{ certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt }}} == Lab 13: Windows NTFS/Share Permissions Lab == |
Network Security Labs
Contents
First of all, you don't need to be here. All the necessary information on this page is linked from the Moodle2 website. That being said, this will contain all the necessary information to complete the labs as assigned in CPTR 427.
Topics
Labs Hints
Lab 01: Getting started with your virtual machines
For your Windows machines you will need to perform the following steps once you have received the virtual machine.
- Change the password on owner.
- Rename your machine (they all come out of the factory with the same name)
- Your factory machine has not been activated. You will need a key from MSDNAA to activate your machine.
- NOW that you have a key, activate your machine.
For Ubuntu machines...
- Change the password on owner.
- Rename your machine to your own liking.
Lab 08: SSL and code signing lab
Hints: To get a code signing template to show up on the web page, you need to add it to the templates. Just go into the CA and right click templates and select new.... DO NOT ADD your site to the trusted sites list in windows. This will cause you problems. If at first you don't succeed, close it all and restart IE.
- When installing your certificate authority, you should install an enterprise CA.
- Click on the server name in IIS Manager, then double click on Server Certificates
- Create a certificate request (right hand pannel)
- Make sure to fill in your data correctly.
Before you submit the request you need to change the permissions on the Web Server template.
- Open Certificate Authority from Administrative Tools
- Click the + symbol to expand your CA
- Right Click on Certificate Templates and click Manage.
- Double Click on "Web Server"
- Click the Security Tab and add the "Enroll" permission to Authenticated Users.
- Click OK.
- Close the Certificate Template Console Window
- Restart the certificate service (right click on the CA, All tasks, stop... then start).
Submitting your request to the Enterprise Certificate Authority through the gui will give you an error:
The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the Certificate Template request attribute.
From this site we found that there is a command line way to specify the certificate:
certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt
Lab 13: Windows NTFS/Share Permissions Lab
RSAT (Remote Server Administration Tools) has replaced (somewhat) the Support Tools. At any rate you can get them here:
xcacls has been replaced by Icacls in Vista and Windows 2008.