27/09/2018

Where am I in my Milestone 2 for this Software course?

Currently I am stuck at Milestone 1, I have been struggling to implement the requirements for Milestone 2, I can’t seem to get anything working.

This week our tutor has completely redesigned his code for the game and is teaching us how to implement mySQLlite into our game. This allows us to store the games players, scenes, etc in a database and has completely changed how the code functions.

Tomorrow we have a mid-term break of 2 weeks, I have completed all the other 3 courses assignments that are due, so my focus over the break will be to rebuild my game almost from scratch using the tutors new code.

28/09/2018

Finally I am finished with Milestone 2 website design, I have implemented a competition form and a database connection into my project website.

I discussion with the tutor I decided to change the mechanism for retrieving information back from the database to display on the Thank You view.

There is a small risk using MaxID or LastID that the incorrect details will be returned to a user, potentially exposing users private data to someone else.

To avoid this I will query the database using the users email address instead of the UserID, the email address is stored in the super global variable $_REQUEST, so is available to be passed to the database as a parameter in the DisplayDetails method. The database will be adjusted to ensure the email address is always a unique value.

The last part of Milestone 3 is updating the paperwork to include the new changes in the Information Architecture. That is the task for this afternoon.

21/09/2018

I have just realised that last friday (21/09) I missed a project blog.

We were working on our projects in class with the tutor moving around offering assistance to those who needed it.

I am continuing to work on how to move data from my webpage (view) form to the database.

The data from the form is stored by the webpage in a super global variable $_REQUEST and is available to any php method. I am starting to figure how to pass the data from the view, via the controller, via the model and into the database using a helper class called DBConnection.

Finally a breakthrough, its 16h00 on friday afternoon, 3 hours of coding after class and the form is sending the input data and storing this in a database.

I am also able to retrieve data from the database using mySQLi and some simple SQL queries.

A huge step towards completing Milestone 2, now just tidying things and implementing SQL escape into the submission, I don’t want anyone manipulating my database and website by sending in SQL or HTML code.

26/09/2018

Today I dis a lot of work on my projects Milestone 2.

I now have learnt how to add data to a database from a form submitted by a web page. Using the MVC model, the data starts as input entered into a form on the view (the webpage), this data is then stored in a super global variable called $_Request by a Post method.

This means that the data is available to any file/method in the website.

The data is the passed along like a rugby ball from the view to the controller, from the controller to the model, from the model to its helper class, the DBConnection. The DBConnection then uses mySQLi to add the data to my database.

Similarly I have figured out how to extract this data from the DB and display it back to the user in another view.

Checking my database I soon realised I have a minor problem, my data is being submitted twice to the DB, so duplicating the record.

After a little debugging, I realised the controller was instantiating twice and each instance was responsible for submitting data, so a duplication. Turned out the problem was in retrieving the data back from the database. I was retrieving the data using the controller and then the model, so retrieving the data was creating a new controller instance and that was submitting the duplicate data.

Sorted, I now retrieve data for the view just using the model and DBConnection, so no new controllers are made and only a single record is submitted.

Milestone 2 is now complete, except for updating the paperwork.

I have now learned to connect to a database from a website and retrieve and add data to this database.

24/09/2018

So today we turn completely upside down with our project, we have some example code which I need to implement into my project.

We will be learning more about connecting to a database and using the database to log in to the game, very interesting list of methods and if statements to query the database and login and register a player.

I am going through the code line by line and commenting to explain to myself how it works so that I can implement as part of my game.

20/09/2018

My progress so far in the project.

Monday was a great start to combining SQLlite into our project and I was able to successfully run the example code from GIT hub.

Today we worked in class to design the database we will need for our game, I have decided at this stage to implement 2 tables for storing game data, a Scenes table and an Items table.

The Scene table will be a self referencing table with FK constraints for the North, South, East and West scenes that belong to a particular scene, the directionID will point to a SceneID primary key in the same table.

I have attempted to implement this initially with just one table, replacing the data in the example with the data from my game.

Interesting result, the Unity engine throws a DLL not found exception fro SQLlite.

I will go back to the original example and see if this throws the same error.

Lab 16 Implementing a VPN

A VPN is a Virtual Private Network.

Its a way of allowing a remote user to access a network over an untrusted public connection, i.e. the internet. An employee can work from home or any other location and still access their data and app from the network.

The importance of the VPN is to provide a secure connection, such that the data cannot be intercepted or modified. So the VPN must provide for encryption.

We also need a secure encrypted authentication method to allow authorised users to get in.

1 – Configure a RADIUS Server and Client

Remote Authentication Dial-In User Service (RADIUS) is an authentication and access protocol developed to allow centralised access to a network. A simple example would be a user entering a network via a router, the router acts as a RADIUS server and will authenticate with the AD.

In Server2016 the equivalent is a Network Policy Server.

The pfSense firewall will also function as a router and a RADIUS server.

I realised here that copy and paste will not work on the VM, so I choose a shorter memorable manual shared secret, not best-practice but at least I will not need to type the auto generated secret shown above and no doubt have numerous typos.

The network policy wizard the sets the policies for VPN access, here we can configure settings such as time of day access.

The firewall is now a RADIUS server, note my smaller manual shared secret.

2 – Configuring the VPN concentrator

IKEv2 – refers to Internet Key Exchange

VPN concentrator is a router that allows multiple secure connections into a network.

First a Certificate Authority on the firewall.

And next created a certificate.

IPSEC tunnels was set firstly to share a key and secondly to negotiate the encryption protocols to be used by the connection, the data through the “tunnel” will be encrypted and the client machine needs to know which encryption to use.

3- The Client Configuration

In this exercise a GPO is used to configure the clients, this can then be applied to all the computers in the domain, no need to individually set the clients.

First we trust the certificate we issued from pfSense.

Then we set a GPO for network options which connects via our firewall ip address and requires an authentication protocol for security.

Before configuring the options for the clients IPv4 connection properties, I had to do a gpupdate /force on the Win10 machine, it hadn’t received the GPO which created the Classroom VPN adapter.

4 – Connecting to the VPN

It will be interesting to see if this works!

2 hours of work later, and no luck. I am going to have to redo the lab and check my configurations!

But first, can I ping the 10.1.0.0 network, I created a firewall rule to allow ICMP requests through the firewall, and one ping storm later and I can ping all the way from the 192.168.0.0 network to the DC, so the connection to the network is functional.

Update: I had a conversation with a colleague in my class, he’s a bright guy and we have kept up with each others progress through the Labs, so we are likely the only 2 working on this Lab. He has exactly the same problem and same error as me. This is highly suggestive of a problem with the Lab rather than a PEBKAC (problem exists between chair and keyboard).

We’ll keep an eye on the forum for the course and see if anyone fixes this bug.

Update 09/10 ex 2: I had my tutor look at my Lab and have discovered an error in the ex 2 where a tab in the firewall wasn’t available to set a rule to allow IPSec requests through the firewall, after re-doing the Lab this option is now available, so lets see if this is a fix.

The firewall should now allow IPSec requests through.

So I redid all the Lab and also used the fixes suggested by colleagues, but I am unable to authenticate a user in the Pfsense, despite applying all the fixes as suggested by them. So still no connection through the VPN.

So one fix sorted but still not connecting.

An extreme exercise in patience and managing frustration, despite multiple attempts at this Lab and following all the fixes supplied by colleagues, I still can’t get a VPN connection on the network.

Critical Thinking

These Labs were an interesting learning experience, they offer a great look into the world of Network security and allowed us to experience many tools that are available both to protect and monitor networks.

Interestingly, the same tools are used by the very people we are protecting our network from. We can use the same tools to either attack or defend a network.

The most valuable experience came from the actual doing of the Labs, we used a different virtual environment (VSphere VMs) from the environment the Lab was built to run on (VMWare) and this through in many technical challenges to get the Labs to work.

Some were smooth and painless, but others especially Lab 12 was a massive challenge to set up the initial network just to get a “ping” request to travel across from one network to another.

The majority of the class have benefited from the tutors input here, a select few of us completed this Lab by building the network and ironing out the bugs which we have posted in forum posts to benefit the others. The tutor also fixed a lot of the settings to make the Lab setup a lot simpler. No worries, I learnt a huge amount from this Lab in particular about my abilities to problem solve an issue.

A second issue I have learned is about testing. These Labs were designed and written by people and not surprisingly there are errors in the Lab, some are just simple typos in the document. But I think for the price we paid for this course that the sellers of the e-book should have tested the course in a real virtual environment, this could have avoided a lot of the simple errors we had to problem solve. Reminder to myself, test everything, ideally by someone not involved in the design and build of a system.

Since we bought the e-textbook for this course, things have changed and the price of the textbook has doubled. Feedback from our tutor who has not used this version of the course before, suggests that the next version of this course will drop these Labs as just too expensive now for the average student.

 

 

 

 

 

19/09/2018

Learning how to make a form in php was an easy task, the tutorials supplied were a great method and I now have 3 forms.

The forms will allow the user to Login, enter a competition and submit comments.

All the forms will take the entered information and send it to a mySQL database on a server.

The next stage is to create the Controller for the form. The form is the View part of the MVC architecture and this submits information to a controller, the controller will submitt the data to the Model and will then go to the database.

So now for my project I am learning how to construct the controller in php with a little help from my tutor I will build the controller.

I have already built my database and will be learning how to run SQL queries from within php.

 

Lab 14 Secure Network Addressing

1 – Setting up a pharming site

Pharming is the redirection of traffic to a website to a fake site, exploiting a DNS server so that a websites URL is redirected to a different IP address belonging to the attacker.

We setup a pharming site on the Kali VM that looks like the landing page for our classroom website, except it contains a link to an executable file supposedly for installing the 7-zip app.

This is the real page, no downloads available

2 -Setting up the pharming attack

using DNSCHEF, a DNS proxy tool which is able to redirect DNS to a different IP address. Any request for the site updates.classroom.local will be redirected to this Kali VM (the fake site) instead of to the networks server hosting the Real site.

We will also be using Metasploit which is a penetration tool designed to find, exploit and test a system for vulnerabilities.

Metasploit is configured to give out IP addresses and become the DNS.

3 – Running the Pharming attack

To simulate this attack we have to first delete all the DCs IP address leases and then use a tool DHCPig.py to take all the available IPs from the real DHCP server, this means that devices connecting to the network will now have to use the Kali VM fake DHCP to get IP addresses as well DNS server and host server addresses –they get a real IP address but the fake DNS and web server addresses.

Now to start the DHCP server role on the Kali machine and renew the IP on a client. The Win10 machine now has an IP (.201) from the rogue DHCP server and will get DNS info from the Kali machine. (10.1.0.192)

And now the Win10 machine will use Kali as a web server and get the “poisoned” fake website with a link to an executable, which I doubt is a real 7-zip, more definitely it will be some malware.

The machines on the network are unsuccessfully trying to use DNSchef to get their normal services.

4 – Configure DNSSEC

DNSSEC is a protocol for preventing a DNS attack like pharming, it uses digital signatures to provide trust between the DNS servers and resolver and clients.

We trust the signature and so know we are at the correct IP address for the URL name.

Using the DNSSEC wizard sets up signature records for our domain.

Next step is to use a GPO so that all domain joined computers will use DNSSEC.

Validation through DNSSEC is now required for the domain and a signed record points to the true website server (10.1.0.2)

Now to restart the Kali DHCP service,etc and the Win10 machine now again has an IP address from Kali.

And the ‘Rogue” page cannot load because there is no digital signature and DNSSEC recognized on the “rogue” DNS server.

So using DNSSEC and digital signature technology we have protected our domain and ensure that all clients only get DNS resolution from a trusted, signed server and not from a rogue DNS server who attaches to our network and attempts to give rogue fake, pharmed websites.

5 – Configuring Switch Security

This exercise requires configurations on the switch which we can’t change in our Lab configuration. The switch settings would block the DHCP rogue server and prevent the issuing of IP Addresses from a rogue DHCP server on the network. DHCP Guard on the switch contacts the AD of the DC and gets a list of Authorized DHCP servers and blocks any replies from an unauthorized server.

Update 11/10/2018: To emulate the switch configuration changes for this exercise, I swapped the VMs to a switch which was set to:

Promiscuous mode: reject
MAC address changes: reject
Forged transmits: reject

Then used pig.py again to take up all the IP Address leases in the DC and started up the rogue DHCP server.

Interesting result, despite using a switch which is supposedly set to block rogue DHCP servers, after releasing and renewing the IP address on both the WIN7 and WIN10 VMs, they still received a .200 and .201 IP from the Kali Rogue DHCP. I suspect these switches we are using are not blocking DHCP, as would happen if we were to able to enable DHCP Guard on the switch as per the Lab.

And it failed to block the pharming attack, sending me to the fake site.

Critical thinking

First introduction to a Pharming attack with a malicious user serving up a Fake website to get info from us or try to get us to do something like download a piece of malware disguised as a well known app.

The moral of this story, downloading any executable, even from a recognized site can potentially be harmful.

Nice exercise to have a relatively straight forward lab. The interesting aspect of this Lab is that to implement a pharming attack requires a hacker to have a physical connection within the network, a rogue machine connected to the network which is configured to hand out IP addresses as a DHCP server.

In everyday life, on joining a network a device sends out a broadcast on the network asking for anyone to supply an IP address and it will respond to the first reply it receives, it doesn’t confirm that the server is a real and trusted DHCP server, so a rogue machine can give out IP addresses as well as a fake DNS server address.

We  discussed in class that we could potentially detect a rogue DHCP server by a small device continually requesting IP addresses and comparing a received IP with those that tour DHCP server has in its scope, any address outside the scope would be from a rogue machine which we would then have to track down.

I also learnt that DNSSEC is becoming more prevalent and should be the gold standard for domains to validate themselves with a digital signature, but another expense to consider when creating a network and a new domain.

Another side effect of using a different virtual setup for the Lab, I couldn’t configure a switch to block the DHCP and Pharming attacks.

 

Lab 13 Using an Intrusion Detection System

Lucky number 13 strikes again.

This Lab uses Security Onion, a linux virtual machine which is used for Network monitoring and security. It enables us to connect to our network and monitor the traffic on the network.

This allows us to set sensors and monitor events on the network.

Unfortunately the Lab doesn’t work in our current configuration.

• the ISP switch is not promiscuous, so we can’t see the traffic through the ports of the switch.
• the login details supplied for SGUIL are incorrect, so we can’t launch the monitoring tool required fro the lab.

Watch this space, I have contacted our tutor.

I now have the corrected login details, our lab is set up a little differently from the description in the textbook, and I will experiment with the promiscuous switch we already have and reconfigure the network slightly to use this. It doesn’t look as if the Kali VM needs a promiscuous switch for this Lab to work.

1 -Configuring the Sensor

First step I did was to swap the switches around so the promiscuous switch is now on the 172.16.0.0 network and the Seconion VM is also connected to that switch.

Slightly different from the Lab instructions, SGUIL (a network security monitoring tool) has no seconion-eth0 interface listed to listen on. IFCONFIG in the terminal showed a docker0 interface to the 172.17.0.0 network and a ens160 to the 10.20.0.0 network.

So I experimented and selected the 2 interfaces individually to compare the results.

The ens160 interface captured the packets sent from the Kali VM, and gave similar results as the Lab with a SID of 2100366.

And monitoring the second interface didn’t capture anything.

Navigating around SGUIL is not as easy and intuitive as many Apps are, right clicking and holding down the button is an unusual method of showing menus.

But here’s a list of the “ping” packets captured crossing the networks switch.

And obviously SECONION is monitoring the switch so a ping from the router into its own network doesn’t go via another networks switch, so no captures with the last part of the exercise.

2 – Tuning the rule-set

SGUIL can be configured to automatically manage events we no longer want to inspect manually, auto-categorize, remove the rule, and add thresholds and triggers to a rule.

We manually modify a configuration file to disable an alert based on its SID as noted above.

Another typo in the Lab, ruleupdate doesn’t work but rule-update does.

But something doesn’t work here and the conf file doesn’t update the rules and the pings are still being monitored. Tried searching and eventually found a new command to try,

sudo pulledpork.pl -c /etc/nsm/pulledpork/disablesid.conf

No luck, that threw a can’t find the file error.

And the last part 6 of this exercise to use Firefox on the Kali machine will never connect to updates.classroom.local because there is no DNS server on that network.

So this Lab ain’t working as expected in the Lab, another good problem solving exercise.

update 10/10: I have re-run the exercise and now the rules have updated and now the Seconion VM does not log the ping requests across the switch.

3 – Examining Intrusion Incidents

Zenmap launched a NMAP scan against the Win-MS ans was able to pick up a lot of information about the server, but SQUIL did its job and identified the NMAP scan and the fact that lots of ports on the server were being scanned.

SQUIL didn’t specifically detect a DoS attack from the Kali VM, but has picked up and blocked requests from some “bad” IP addresses which have been added to a rule list in Spamhaus don’t route. Considering Kali sent over 2 million requests from random IPs, not that many were blocked.

Critical Thinking

Once again we had to problem solve a few issues with this Lab, and in one case I still didn’t achieve the same results as the Lab and could.t find a fix. Maybe someone else will figure the rule not updating in ex 2.

But realistically getting the exact same result doesn’t effect the basic outcome of the exercise which was to learn how a rule can be disabled in the SQUIL app on a Seconion VM the end result is the same, I have learnt about a new tool for monitoring a network, a tool which I could now use in a future situation where I am responsible for monitoring a real live network.