Network Security Labs

First of all, you don't need to be here. All the necessary information on this page is linked from the Moodle2 website. That being said, this will contain all the necessary information to complete the labs as assigned in CPTR 427.


Labs Hints

Lab 01: Getting started with your virtual machines

For your Windows machines you will need to perform the following steps once you have received the virtual machine.

  1. Change the password on owner.
  2. Rename your machine (they all come out of the factory with the same name)
  3. Your factory machine has not been activated. You will need a key from MSDNAA to activate your machine.
  4. NOW that you have a key, activate your machine.

For Ubuntu machines...

  1. Change the password on owner.
  2. Rename your machine to your own liking.

Lab 08: SSL and code signing lab

Hints: To get a code signing template to show up on the web page, you need to add it to the templates. Just go into the CA and right click templates and select new.... DO NOT ADD your site to the trusted sites list in windows. This will cause you problems. If at first you don't succeed, close it all and restart IE.

  1. When installing your certificate authority, you should install an enterprise CA.
  2. Click on the server name in IIS Manager, then double click on Server Certificates
  3. Create a certificate request (right hand pannel)
  4. Make sure to fill in your data correctly.

Before you submit the request you need to change the permissions on the Web Server template.

  1. Open Certificate Authority from Administrative Tools
  2. Click the + symbol to expand your CA
  3. Right Click on Certificate Templates and click Manage.
  4. Double Click on "Web Server"
  5. Click the Security Tab and add the "Enroll" permission to Authenticated Users.
  6. Click OK.
  7. Close the Certificate Template Console Window
  8. Restart the certificate service (right click on the CA, All tasks, stop... then start).

Submitting your request to the Enterprise Certificate Authority through the gui will give you an error:

The request contains no certificate template information. 0x80094801 (-2146875391)

Denied by Policy Module 0x80094801, The request does not contain a certificate template 
extension or the Certificate Template request attribute.

From this site we found that there is a command line way to specify the certificate:

certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt

Lab 13: Windows NTFS/Share Permissions Lab

RSAT (Remote Server Administration Tools) has replaced (somewhat) the Support Tools. At any rate you can get them here:

xcacls has been replaced by Icacls in Vista and Windows 2008.