LAB CHALLENGE QUESTIONS
1. In the PacketCapture.pcapng file you reviewed in Section 1, there is a lot of traffic for TLSv1. What is the purpose of this traffic?
2. Apply a filter to the WiFiPacketCapture.pcapng file that will display only the packets related to Address Resolution Protocol (ARP). Identify the device used and make a screen capture showing the results of the filtered data
3. Using NetWitness Investigator, identify the file transferred in the HotSpotCapture.pcap file. Make a screen capture showing the details that led you to that discovery.
3. In Section 2 of the lab, you created a rule allowing RDP (Remote Desktop Protocol) traffic to pass to TargetWindows02 and opened a remote connection to that machine. For this challenge, use that RDP connection to open the IIS web page for the vWorkstation ) in a browser window and make a screen capture showing that web page.
Use screen captures to document any changes you make to the firewall. Recall, you will need to add a route to direct traffic back into the vWorkstation. If you have not already done so, you should complete Section 2 before working on this challenge exercise.
2. Use the Server drop-down list in the virtual lab menu to select TargetWindows02 and run a Nessus Basic Scan on TargetWindows01. Use
a. Administrator/P@ssw0rd! as credentials to access Nessus (from the Windows Start menu, select Tenable Network Security>Nessus Web Client). Make a screen shot of your scan configuration and your scan results.
b. Then, do the reverse: scan the TargetWindows02 machine from TargetWindows01.
3.In the lab, the route you added to communicate with the 10.20.1.0 network is a temporary route and will be replaced each time the operating system reboots. In the Command Prompt window, delete the current route and add it again as a persistent route. Use the Internet to find the correct commands for this challenge. Use screen captures to document your work.
2. In Section 2 of this lab, you used Zenmap to scan the 10.20.1.0/24 subnet for open ports. Zenmap is a widely used penetration testing tool and can be customized to suit your needs. From the TargetWindows02 Start menu, open Zenmap (Nmap > Nmap – Zenmap GUI) and edit the Quick Scan Profile to add the ICMP Ping (-PE) option to the Profile and save the changes as Quick Scan yourname, replacing yourname with your own name.
Then run the new Quick Scan yourname Profile on the 10.20.1.2 machine. Use screen captures to document your changes and the scan results
3. In the pfSense firewall, create new inbound rules to specifically deny traffic from the TCP ports identified in the critical vulnerability. Add a description to each rule that briefly describes what the rule is blocking. Make a screen capture of the final Rules table.
2. In the pfSense firewall, change the pre-shared key for the IPsec VPN to VPNp@ssw0d. Document your changes.
3. In Section 2, you created a CA for OpenVPN. Use the pfSense firewall to export the CA to the vWorkstation desktop. Open a remote Windows connection to TargetWindows02 and copy the certificate to that machine. On TargetWindows02, right-click the yourname_CA icon and select Install Certificate.
Follow the prompts in the Certificate Import Wizard to store the certificate in the Trusted Root Certificate Authorities store on the Local Machine and finish the installation process. Make a screen capture showing the successful import confirmation and the certificate on the TargetWindows02 desktop
3. On the vWorkstation, create a new text file named yourname_quote.txt, replacing yourname with your own name. Edit the contents of the file to display your favorite quotation. Then, using Section 2, Part 2, Steps 1-11 as an example, upload the file to the VPN server. Make a screen capture showing the contents of the file in the Wireshark Hex Data pane and submit the yourname_quote.txt file with your deliverables.
2. Using your Wireshark capture, identify the following:
• IP address of the server
• Name of the VPN client
Last Updated on