Timeline of SEC-350

Week 1

• The purpose of week 1 was to set up our environment and create our network. We configured our VYOS router to hold three networks, the WAN, the LAN, and the DMZ. Once this was done, we worked on configuring our first machines such as log01, web01, and rw01. All of these steps are to set up more advanced logging, firewalls, and networking in the future.

Week 2

• In this week, our primary focus was to organize the logs that our log server was getting, as well as point more logs towards the way of log01.

• Our first objective was to set up secure SSH between rw01 and the VYOS router, which is detailed in the 'SSH Key Based Authentication' document, under the SEC-350 page.

• Next up, we configured Dynamic File naming using a drop-in config file. This file was placed on log01, and enabled dynamic naming of files based on timestamps and the machine where the log originated from, providing for easy organization.

• Next, we configured the sending of Authpriv messages from our VYOS router and web01 to our log server. This allowed our log server to view log in failures and successes.

• We also had to set up Graylog. This is detailed more heavily in the technical article here SEC-350. Once graylog was set up, this established a proper way of logging on our network and we had an organized and well equipped place to store logs. Also, log01 is configured to send logs to graylog so we can manage everything there.

Week 3

• Week 3 involves diving deeper into the segmentation of our network. Our first lab, however, involved improving the timestamping of our machines in the logging process. This is document in the tehcnical entries section of SEC-350. After this was done, our next lab involved breaking the network up onto two routers.

• The second router would be named fwmgmt and we place the MGMT network and a section of the LAN network on this router. We also add the machines wks01, a windows 10 workstation, and mgmt01, a windows server machine to our network. We also move log01 over to the fwmgmt router, and make it a part of the mgmt network.

Week 4

• This week focused all on setting up RIP routing and creating our first firewalls. We configured rip on both of our routers and removed static routes, and now the network communicates using RIP. More can be found out about rip here Configuring RIP. The second lab of this week pertains to creating firewalls. We created firewalls and firewall rules on both routers, and improved the security of the network in doing so. We worked on setting rules to allow TCP and icmp connections between machines. More can be found about firewalls and firewall rules here Creating Firewalls and Zones/Debugging Firewalls and here Creating and editing Firewall Rules

Week 5

• In the first Lab of Week 5, we focused on allowing SSH through the firewall to and from multiple machines. More info on allowing SSH through the firewall can be found here Working with SSH on VYOS. We also added a firewall rule that allowed NTP packets (123/UDP) to our web server for time accurate timestamps. In lab 2 of week 5, we worked specifically on logging with Windows. A myriad of tech entries, including creating a domain/installing dns from powershell, syncing time on Windows, and configuring a sidecar with winlogbeat, can be found in Week 5 here: SEC-350

Week 6

• Week 6 is the last week before the assessment, and we are focusing on creating a jump box and enabling port forwarding for our network. In the lab this week, lab 6-1, we focus on creating port forwarding for our WAN interface in place of a static route. More can be found about port forwarding here: Configuring Port Forwarding on VYOS. Next, we worked on using netplan to establish connectivity of our new jump box system. Working with netplan can be found here: Using Netplan. Our final task in the lab was to establish passwordless SSH between our DMZ and our jump box. We also needed to enable logging for the jump box, per graylog. More can be found about these tasks here: Using rsyslog & Creating SSH Key Based Authentication