SIS - Security Lab Introductory Session

University of Pittsburgh

2008

Agenda

Description of lab infrastructure Equipment configuration basics

Text based connection / configuration Graphical configuration environment

Cabling description Useful commands

Cisco IOS Windows / Linux

Recommendations

Equipment configuration

Equipment configuration (2)

Access modes

The PIX firewalls (and other CISCO equipment) have four administrative access modes: Unprivileged mode: Available at first access. Provides a

restricted, limited view of system settings. (Prompt = ‘>’) Privileged mode: Allows you to change system settings.

(Prompt = ‘#’) Configuration mode: Enables you to change system

configurations. (Prompt = ‘(config)#’ Monitor mode: Special mode that allows you to update

system configuration image over the network (using a TFTP server)

Access modes (2)

To access privileged mode

enable To access configuration mode

configure terminal Use the exit command to exit from one mode

to the previous one

Firewalls

System or group of systems that manage access between two networks

Internet

Router Firewall

DMZ

Inside Network

Outside Network

PIX Firewalls

Proprietary operating system Stateful inspection Protocol and application inspection User-based authentication Virtual private networking Web-based management Stateful failover capabilities

Viewing / Saving configurations

There are two configuration memories, running-configuration and startup-configuration

show running-config displays the current configuration in the RAM memory of the equipment. Any configuration changes are written to the running-configuration

write memory saves the current running-configuration to the flash memory startup-configuration

show configure shows the configuration that is in flash memory

show history displays previously entered commands

Basic CISCO IOS commands

ip address if_name ip_address [netmask]ip address ethernet2 172.16.0.1 255.255.255.0

show ip address Displays the IP adresses assigned to all

interfaces show interface

allows you to view the network interface information and status

ping ip_address To determine reachability of a system

Basic Windows/Linux networking commands ipconfig (windows) / ifconfig (linux)

To obtain ip configuration information of a PC ping netstat –r

To obtain routing configuration and statistics netstat

Gives you information on active ports and established connections on a system

Packet Sniffer - WireShark

Lab procedures

Lab assignments will be given a couple of days in advance to the start of the lab working period

Lab working periods = 1 or 2 weeks Lab groups should be composed of two persons (no

more, no less) Use sign-up sheet to schedule the time in which you

will be using lab equipment Lab reports can be written in any format but should

include answers to the questions presented in the assignment and equipment configuration files

Important recommendations

Never change a password (you’ll be held accountable) unless its for your own user account

Get rid of static electricity build up before touching equipment

For questions: Check CISCO web site http://www.cisco.com Ask GSA:

E-mail: cec15@pitt.edu

Questions ??

ReferencesFirewall Lab references

Title: Cisco security specialist's guide to PIX Firewall [electronic resource] / Vitaly Osipov.

Author: Osipov, Vitaly.

Published: Rockland, Mass. : Syngress Pub., c2002.

Read: Chapters 2 and 3 (4 is optional) , (9 if you plan to use graphical GUI)

Title: CCSP Cisco Secure PIX firewall advanced exam certification guide [electronic

resource] : CCSP self-study / [Greg Bastien and Christian Degu].

Author: Bastien, Greg.

Published: Indianapolis, IN : Cisco Press, c2003.

Read: Chapters 5 and 6

Title: Managing Cisco network security [electronic resource] / Eric Knipp ... [et al.] ;

technical editor, Edgar Danielyan.

Edition: 2nd ed.

Published: Rockland, Mass. : Syngress Media, c2002.

Read: Chapters 3 – 5