Milestone7:Review - echadbourne/SYS-350 GitHub Wiki

Two new networks

Create two new switches and two new port groups for the new networks - DMZ and MGMT

{C33AA8E6-702E-4526-BE5C-5710FF1CFFD2}

{ED2F8760-7D6A-4AE3-8039-151E86040D1E}

I also had to add two new network adapters to my firewall

{14379C0C-63F9-4054-858C-AB08043CB8C0}

MGMT Network

  • 10.0.18.0/24
Host IP Address
fw1 10.0.18.1
Monitor01 10.0.18.10
Backup01 10.0.18.20

DMZ Network

  • 10.0.19.0/24
Host IP Address
fw1 10.0.19.1
Web01 10.0.19.10
Web02 10.0.19.20

I then configured the new network adapters to use the addresses shown above for their respective interfaces, here are some screenshots for how I configured MGMT:

{0766F60C-C4D8-4BCD-8196-9E7B377D05E8}

{320F8795-0401-45A4-BE06-C847F580464C}

Web Servers

I cloned my kali template to two new vms, naming them web01-name and web02-name respectively

I checked the options to power on the vm once it was created, and to alter the hardware configuration while I was setting it up. Then I connected the network card to the DMZ network so it would be connected to the proper network when it was turned on

Once the vms were created, I went into each and assigned their IP addresses manually

I could have set up DHCP but there were only gonna be two hosts in each new network, plus some of them are web servers that should have static IPs anyway, so it felt like an unnecessary step. Also, I realized that the DNS server was on a different network, so I left that blank for now since I don't yet know how that is supposed to work.

Apache

Apache2 is already installed on kali (you can check with sudo apt install apache2)

  • Run it with sudo service apache2 start
  • Check it's status with sudo service apache2 status

The location that html files are read from is /var/www/html so I created a new file, "hello.html," It looks like this:

{179F9DFD-D6CA-4325-8FED-5FFF20D6A3D2}

Here is the web01 webpage displayed on web02

{52CC6C06-CED6-4CBC-93C0-4A675948C44F}

MGMT

Next was the management network, which involved cloning two vms from my ubuntu template. I did the same configurations as the kali servers, only changing the network adapter to the MGMT network

{444E53E8-8737-4283-884D-4C7803BE3FB4}

I then set each ubuntu server up according to this configuration

Firewall Configuration

Next I had to set up the firewall rules. First I had to allow MGMT and DMZ access to the internet, which I did like so:

{731EFE28-0588-4ABB-8C15-15D14206E059}

Here's what the firewall rules look like for MGMT and DMZ

{D9759F60-877C-4E70-908E-F380A6FE64CE}

{CC8B5874-7619-421E-B8EF-581BBAEB2B7B}

I had some trouble with these allowing mgmt and dmz to interact with the internet, basically I just needed to edit one of my rules to say DMZ/MGMT to anywhere got a pass