NETWORK SECURITY LAB Lab 8. Firewall and VPN

Coverage – Introduction to Firewall – Hands on at configuring Firewall – Introduction to VPN – Hands on at Configure VPN

Firewall - Introduction – Firewall is a network security mechanism that monitors and control incoming and outgoing network traffic based on pre-configured and customizable security rules ~Wikipedia

Types of Firewall – Hardware Firewalls – Software Firewalls – Hybrid Firewalls (Combination of HW and SW) • Software Firewalls – Protect a single computer – Norton Internet Security – McAfee Internet Security – Outpost – ISA Server • Hardware Firewalls – Protect a network – Cisco PIX – NetScreen – WatchGuard – Checkpoint

How Firewalls Work

Hands on – Configuring Firewall – Configuring webserver on Windows using IIS (Internet and Information Services) – Download 2 instances of Windows 7 with IE or MSEdge from here. Alternatively your instructor should provide you with the downloaded version of the virtual images. – Import the windows images in the Oracle virtual box

Hands on – 2 – Configuring webserver on Windows using IIS (Internet and Information Services) – Download 2 instances of Windows 7 with IE or MSEdge from here. Alternatively your instructor should provide you with the downloaded version of the virtual images. – Import the windows images in the Oracle virtual box

Hands on – 3 – Adding NAT Network to Oracle VirtualBox – In the Oracle Virtual Box main console click on: • Files -> Preferences

Hands on – 4 – Change the MAC address of one of the virtual images through the following steps – In the Virtual Box main console – Select a windows image and go to settings

Hands on – 4.1 – Add both the virtual images to NAT network and ensure that they are getting IP addresses

– Configure IIS and a demo website Hands on – 5 – Configure IIS and a demo website • Turn on both the virtual images and on one of the images configure IIS: • Login in to the virtual machine and go to control panel. • Set the view of the control panel by ‘Small Icons’ • Click on ‘Programs and Features’

Hands on – 6 – Click on ‘Turn Windows Features On or Off’ – And check the Internet Information & Services check box

Hands on – 7 – Configuring and hosting website in IIS – Click on Start and type ‘IIS’ and click on Internet Information Services. – Right Click on ‘Sites’ under ‘Connections Panel’ and click on ‘Add Website’

Hands on – 8 – On the following screen give the site name as Intranet and under Content Directory click on the button with 3 dots to set its path – Set the port number as ‘4444’

Hands on – 9 – Select the ‘wwwroot’ folder under C:\inetpub for the demo site and click on Ok

Hands on – 10 – click Ok on the main screen and the website is hosted and ready to be accessed: – Verify the hosted website through the browser by access the following url from the MSEdge browser in the virtual image • url: http://localhost:4444

Hands on – 11 – Access the hosted website from the another image connected to the same NAT Network. – Access virtual image 2 and in the browser access the demo website using the IP address of the virtual image 1 • Example: http://192.168.1.4:4444 – The reason the demo site is inaccessible is because the firewall on the hosted IIS server image is filtering the connection to the site.

Hands on – 12 – Configuring the firewall to allow access to the demo website. – Click on Start and type ‘Firewall’, from the listed options select Windows ‘Firewall with Advanced Security’ – In the console of the Firewall click on ‘Action’ menu and ‘New Rule’

Hands on – 13 – Click on Port radio button and click on Next – Type 4444 under specific local ports and click on Next

Hands on – 14 – Ensure Allow the connection is selected and click on next – Select all level from which this site can be accessed and click on Next

Hands on – 15 – Give the rule a name AllowIntranet and click on – Finish – Access the 192.168.1.5:4444 from the image 2 and check if it works

VPN- Introduction – A VPN (Virtual Private Network) is a secure communication tunnel between devices. – VPNs are used to protect private web traffic from uncalled for eavesdropping and interferences.

Technologies in VPN – PPTP VPN – L2TP VPN – Open VPN • Point to Point Tunneling Protocol • Obsolete due to security flaws – L2TP VPN • Layer 2 Tunneling Protocol • Security extension of PPTP • Uses L2TP Access Controller (LAC) and L2TP Network Server (LNS) – Open VPN • Set of configuration tools used to access hosted vpn services across the globe.

Hands on Configuring VPN – Using the same images of windows 7 • Using the image 192.168.1.4, hosting VPN Server: • Access the windows 7 image 2 and click on Start • Type \\192.168.1.5 and press enter key • It returns with windows showing only shared folders by the computer with IP address being accessed

Hands on - 2 – Access the Win7 image 1 • Click on Start -> Control Panel and click on Network and Sharing Center • In the following window Click on Change Adapter Settings • In the next screen, hit the ‘Alt + F’ keys on the keyboard to access the File Menu and click on New Incoming Connection

Hands on - 3 • Click on the IEUser check box and click on Next • On the next screen select the check box ‘Through the Internet’ and click on Next • In the next screen leave defaults and click on Allow access • On the next screen click on ‘close’

Hands on - 4 – Connecting from client Machine • On the vpn client virtual machine go to network settings : – Start -> control panel -> Network and Sharing Center • Click on ‘Set up a new connection or network’ • On the next screen click on ‘Connect to a work place’

Hands on - 5 – Connecting from client Machine • Click on ‘Use my internet connection’ on the next screen. • On the next screen enter the IP address of the image 1 on which VPN service was configured • On the last screen enter the username and password IEUser and Passw0rd! And click on connect

End