Lab 3.1 Segmentation - lizzy9596/my-tech-journal GitHub Wiki

Segmentation

Parts

  1. Configure WKS01
  2. Update Firewall
  3. Configure fw-mgmt
  4. Configure mgmt02
  5. Rip On Fw1 and Fw-mgmt
  6. Configure wazuh
  7. Client logging Configuration
  8. Firewall Configuration

Overview

In this lab i worked on segmenting my network and adding a new firewall. Below is a diagram from the lab.

{32AE7704-65A8-425F-B273-5D0A953BC1EB}

Configure WKS01

To start I connected wks01 to the LAN. I then changed the hostname in properties to to wks01-elizabeth. Next, I adjusted the network settings to the below:

IP Address: 172.16.150.50

Netmask: 255.255.255.0

Gateway: 172.16.150.2

DNS: 172.16.150.2

Finally I created a new named user in my local admin account by using lusrmgr.

Update Firewall

Now I needed to create a NAT rule on fw01 between MGMT and the WAN Network. To do this I ran: {B7A4C3FA-ECC8-4726-B976-1DB3AAA9A0F7}

I added save at the end

Configure fw-mgmt

I began by cabling fw-mgmt with Network Adapter 1 as the LAN and Network Adapter 2 as MGMT.

I then started the VM and ran the following commands to configure: image

Next I needed to configure the DNS forwarding: image

I then decided to change the user using set system login user elizabeth authentication plaintext-password [password]

Configure mgmt02

To start I connected mgmt02 to the network. I then followed the same configuration as wks01 but the network settings were:

IP Address: 172.16.200.11

Netmask: 255.255.255.240 (this is /28)

Gateway: 172.16.200.2

DNS: 172.16.200.2

RIP on FW1 and FW-MGMT

FW1 Configuration

On fw01, I needed to enable RIP on eth2 and advertise to the DMZ network. I used these commands:

set protocols rip interface eth2

set protocols rip network 172.16.50.0/29

FW-mgmt Configuration

On fw-mgmt, I needed to enable RIP on eth0 and advertise to the mgmt network. I used these commands:

set protocols rip interface eth0

set protocols rip network 172.16.200.0/28

After I confirmed that management was connected to the network.

image

Configure server wazuh

Now I was able to shut down log01 and configure wazuh for all my logging.

For the network settings I needed to use netplan. To start I opened the netplan configuration file using /etc/netplan/00-installer-config.yaml. Following the configuration from a classmate I found in the gmail chat. I changed the file as shown:

image

After I applied the changes using sudo netplan apply.

Next I set the hostname using sudo hostnamectl set-hostname wazuh-elizabeth. I made my sudo user Elizabeth with sudo add user elizabeth and sudo add Elizabeth sudo. After I was able to successfully connect to the internet and curl my webserver.

image

Update client logging configurations

On web01, I needed to remove rsyslog dropin configuration from /etc/rsyslog.d . I did this by navigating to the rsylog directory cd /etc/ryslog.d, then I removed with rm sec250.conf and sudo systemctl restart rsyslog.

On fw01 I needed to delete the syslog host 172.16.50.5. I did this by running 'delete system syslog host 172.16.50.5'

Firewall config

I am showing my firewall configurations for both firewalls using: show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack"

Fw01

image

fw-mgmt