Full Name: ____Eliezer Andujar_____________________________ Date/Time Started: __________ CSEC-378/418 - Minilab 4 Deliverable and Instructions: This minilab makes use of the Windows Server 1 VM and...

see attached file for instructions



Full Name: ____Eliezer Andujar_____________________________ Date/Time Started: __________ CSEC-378/418 - Minilab 4 Deliverable and Instructions: This minilab makes use of the Windows Server 1 VM and Windows 10 VM available through the Netlab environment. For instructions on how to get connected to the Netlab environment, please consult the Lab Connectivity Guide on D2L. The submission file for this assignment will be a pdf version of this document, with your answers and screenshots added. Each correctly answered question will count for 1 point. Each screenshot will also count for 1 point and will be evaluated on whether it fully meets the requirements of the screenshot prompt. Your score will be determined by the percentage of total questions and screenshot prompts answered correctly. Answer the questions below the prompts indicated in blue. If a question is multi-part, you must answer all parts correctly to receive the point for that question. No partial credit will be given. Add screenshots below the prompts indicated in blue. When adding screenshots to the document, include any command itself (when applicable), as well as the output or requested information. Ensure that each screenshot is readable in-line in the submission document. If I am unable to read the contents of your screenshot in-line in the document because it is too large, it will not count for credit. Do not include screenshots of your whole desktop or whole application window when the screenshot prompt is asking about one single part of the output. Link to the lab: https://netlab.cdm.depaul.edu/home.cgi User: CSEC378_Student23 Password: Fossil2021! Minilab 4 – Windows Firewall Step 1: Use the Netlab environment to access your Windows Server 1 VM. Login with the Administrator account using the password CSEC378418! Step 2: Determine the IP address of your Windows Server 1 VM by opening a command prompt and running the ipconfig command. Take a screenshot of the IP address of your Windows Server 1 VM and include it below. Step 3: From the start menu on your Server 1 search for and open Windows Defender Firewall with Advanced Security. Familiarize yourself with the layout of the application. Look through the inbound and outbound rules in the left pane. Step 4: Under the Inbound Rules tab scroll down until you see some rules with names starting with “Remote Desktop”. These rules are currently disabled, as indicated in the Enabled column. The firewall as a whole is disabled currently, so even enabled rules are not in effect. Leave these rules and the firewall disabled for right now. Take a screenshot of these rules showing that they are not currently enabled. Question 1: Scroll through the columns for these rules. Which two of these rules control access to TCP and UDP port 3389? Step 5: Use the Netlab environment to access your Windows 10 VM. Login with the Administrator account using the password CSEC378418! Step 6: From the start menu on your Windows 10 machine search for and open Remote Desktop Connection. Enter the IP address of your Windows Server 1 into the window you are prompted with and click connect. This will not be successful. Question 2: The error message you will see indicates a few reasons why this may have failed. Some of these obviously don’t apply here. Which one is likely the reason you cannot connect to Server 1 via Remote Desktop? Step 7: Use Netlab to navigate back over to Server 1. Using the start menu search for “remote connections” and choose the option Allow remote connections to this computer. You will be prompted with a settings window. Under Remote Desktop click the show settings option to change settings for remote connections. Step 8: Change the setting and enable “Allow remote connections to this computer”. Then click Apply and close out of this window. Step 9: Go back to the Windows firewall application. Take a look at your Inbound Rules again and you will notice that the Remote desktop rules are now enabled. Bear in mind though that even though these rules are enabled the firewall is still disabled and not actually filtering traffic at this point. When you enable the firewall, these allow rules will become active. Take a screenshot of these rules showing that they are enabled. Step 10: Use Netlab to navigate back to Windows 10 and attempt to remote desktop to Server 1 again. This time you should get prompted for credentials. Login with the username Administrator and password CSEC378418! You will be prompted with a certificate warning. Check the box indicating not to ask you again for connections to this computer and click Yes. Question 3: Why do you get a certificate warning when connecting to this machine for the first time? Step 11: Once connected to Server 1 via RDP right click on the network settings icon in the bottom right corner of the desktop. Select “Open network and sharing center”. From the settings window select Ethernet from the left pane. Then click on the connected ethernet adapter. Ensure that the network profile for this interface is set to Private. Step 12: Go to Windows Firewall and click on the Windows Defender Firewall option at the top of the left pane (above the Inbound Rules) to return to the main administration dashboard. Under the Overview section of this window, you will see that Windows Firewall is currently disabled. There are several profiles that you can use to control Windows Firewall’s behavior if your Windows machine connects to different types of networks. Under the Overview section click the Windows Defender Firewall Properties option. Step 13: Select the Private Profile tab from the top of the settings window that you just opened. This is the profile that applies to private networks, and since you just ensured that your ethernet adapter was set to the private network profile this is the profile that will impact your communication on this network. Look through the configuration options here to see what can be done. Question 4: What is the default path to the windows firewall log file? Question 5: Will the firewall log on dropped packets by default? What about successful connections? Step 14: Change the firewall state to On. Leave the defaults for everything else and click Apply. Take a screenshot of the Overview section in the main Windows Firewall dashboard showing that your Firewall is now enabled on the private profile. Step 15: Notice that the default policy for inbound traffic and outbound traffic are different. Edit the properties of the Private profile again to block outbound connections if they do not match a rule. Question 6: When would you need to enable the firewall on the Domain Profile or Public Profile? What are these used for? Why are they not necessary here? Step 16: Navigate to the Inbound Rules section of the Windows firewall configuration. From the right pane select the New Rule... option. Step 16a: Under the Rule Type menu select the Port type. Step 16b: Under the Protocols and Ports menu select TCP and specify 3389 as the specific local port. Step 16c: Under the Action menu specify that you want to Block the connection Step 16d: Under the Profile menu, leave the default applied to all profiles. Step 16e: Under the Name menu name this rule “Block RDP (TCP)” and click Finish Step 17: Oops, you just locked yourself out. The good news is that you still have direct access to Server 1 through Netlab, so you’re not completely locked out only over RDP. Take a screenshot of the reconnecting message you get after locking yourself out. Step 18: Use Netlab to access Server 1. Within the Inbound Rules section of Windows Firewall, right click on the new Block RDP rule you just created and disable it. Then return to Windows 10 and verify that you can reconnect to Server 1 using Remote Desktop. Step 19: Your new Block RDP rule took effect over the existing Allow RDP rule that you verified was enabled. Windows Firewall rules are not processed from the top down like many other host firewalls. Instead, Windows Firewall uses the concept of rule precedence to determine which rule is applied in the event of a conflict. To better understand this, look over this Windows documentation regarding this concept https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring Question 7: Based on what you gathered from that documentation, why did the Block RDP rule take precedence over the Allow RDP rule? Step 20: While connected via RDP to Server 1, disable the three existing remote desktop allow rules. You will lose connectivity again. Question 8: Your Block RDP rule that you created is disabled. Why did disabling the Allow RDP rules force your connection to drop if that rule is not in effect. Step 21: Use Netlab to access Server 1 directly again. Go to the Inbound Rules section of Windows Firewall and select the option to create a New rule... again. Step 21a: Under the Rule Type menu select the Custom type. Step 21b: Under the Program menu leave the default all programs and click Next. Step 21c: Under the Protocols and Ports menu set the Protocol Type to TCP. Set the Local port to a Specific port and specify 3389 as the port number. Step 21d: Under the Scope menu specify the remote IP address you would like to filter as the IP address of your Windows 10 machine (10.10.X.110). Step 21e: Under the Action menu specify that you want to Allow the connection. Step 21f: Under the Profile menu leave the default applied to all profiles. Step 21g: Under the Name menu name this rule “Allow Win10 RDP” and click Finish Step 21: Use Netlab to access Windows 10 and attempt to RDP to Server 1 again. It should be successful. Take a screenshot of your Windows Firewall Inbound Rules showing your allow rule enabled. Be sure to include in your screenshot the Netlab tab showing you are connected through Windows 10. Step 22: Re-enable your Block RDP rule that you disabled previously. You will lose connectivity again. Question 9: Why doesn’t your new allow rule take precedence over your block rule? Date/Time Finished: __________ Estimated time it took you to complete this assignment: __________ 1 v1 NetLab Instructions: *** Labs time is Chicago time I have reserve space in the lab for you: Link to the lab: https://netlab.cdm.depaul.edu/home.cgi User: CSEC378_Student23 Password: Fossil2021! **** Labs must be finished at one