Segmentation (SEC 350) - Chromosom3/TechNotes GitHub Wiki
This page is still a WIP. I export my notes from another program and I need to transfer the images and add some more content.
Segmentation
New User
lusrmgr.msc
net user dylan PASSWORD /add
net localgroup administrators dylan /add
Admin User
Change hostname
Network but with powershell
Get-NetIPInterface
New-NetIPAddress -InterfaceIndex $INDEX -IPAddress $IPADDRESS -PrefixLength $LENGTH -DefaultGateway $GATEWAY | Set-DnsClientServerAddress -ServerAddress $DNS
New-NetIPAddress -InterfaceIndex 6 -IPAddress 172.16.150.50 -PrefixLength 24 -DefaultGateway 172.16.150.2 | Set-DnsClientServerAddress -ServerAddress 172.16.150.2
Since we didn’t get the network discovery prompt when setting up the box we will do it manually.
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh firewall set service type=fileandprint mode=enable profile=all
**New-NetFirewallRule -DisplayName "Allow inbound ICMPv4" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -Action Allow**
configure
set nat source rule 20 description "NAT from LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade
commit
save
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24
set service dns forwarding system #Might not be needed
commit
save
configure
set system host-name fw-mgmt-dylan
delete interfaces ethernet eth0 address dhcp
delete interfaces ethernet eth1 address dhcp
set interfaces ethernet eth0 description DYLAN-LAN
set interfaces ethernet eth1 description DYLAN-MGMT
set interfaces ethernet eth0 address *172.16.150.3*/24
set interfaces ethernet eth1 address *172.16.200.2*/28
set protocols static route 0.0.0.0/0 next-hop *172.16.150*.2
set system name-server *172.16.150.*2
set service dns forwarding listen-address 172.16.200.2
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding system
set nat source rule 10 description "NAT from MGMT to LAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.200.0/28
set nat source rule 10 translation address masquerade
set system login user dylan full-name "Dylan Navarro"
set system login user dylan authentication plaintext-password examplepassword
set system login user dylan authentication public-keys "rw01" key "<key>"
set system login user dylan authentication public-keys "rw01" type ssh-rsa
set system syslog host 172.16.200.10 facility authpriv level info
commit
save
sudo systemctl restart network
sudo vim /etc/graylog/server/server.conf
sudo systemctl restart graylog-server
Need to add a static route real quick
configure
set protocols static route 172.16.200.0/28 next-hop 172.16.150.3
commit
save
show protocols static route
configure
delete system syslog host 172.16.50.5 facility authpriv level info
set system syslog host 172.16.200.10 facility authpriv level info
commit
savesudo vi /etc/rsyslog.d/sec350.conf
sudo systemctl restart rsyslog
logger -t test TestingNewServerIP
net user dylan PASSWORD /add
# (Alt + F7 to Clear History)
net localgroup administrators dylan /add
Get-NetIPInterface
New-NetIPAddress -InterfaceIndex 5 -IPAddress 172.16.200.11 -PrefixLength 28 -DefaultGateway 172.16.200.2 | Set-DnsClientServerAddress -ServerAddress 172.16.200.2
Rename-Computer -NewName "mgmt01-dylan"
**netsh advfirewall firewall set rule group="network discovery" new enable=Yes
netsh firewall set service type=fileandprint mode=enable profile=all
New-NetFirewallRule -DisplayName "Allow inbound ICMPv4" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -Action Allow**
Restart-Computer -Forcessh-keygen -b 4096
