{"product_id":"new-full-course-guide-sec370-computer-incident-response-wilmington-university_id-nfubwzkt5y7","title":"(New Full Course Guide) SEC370 Computer Incident Response Wilmington University","description":"\u003ch1\u003e\u003cb\u003e\u003cspan\u003eSEC370 Entire Course Solution Download\u003c\/span\u003e\u003c\/b\u003e\u003c\/h1\u003e\n\u003cp\u003eSEC370 Lab 2 Create Firewall Rules\u003c\/p\u003e\n\u003cp\u003eSEC370 Lab 3 You Decide Activity\u003c\/p\u003e\n\u003cp\u003eSEC370 Lab 4 Disabling Unnecessary Services\u003c\/p\u003e\n\u003cp\u003eSEC370 Lab 5 Policy Paper\u003c\/p\u003e\n\u003cp\u003eSEC370 Lab 6 Authentication Methods\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this exercise, you will see two different authentication methods in action by forcing the user to log on to access a web server. Please refer to your course material or use your preferred search engine to research this topic in more detail.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Configure Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Ensure you have powered on the required devices defined in the introduction connect to SERVER device. Click Start go to Administrative Tools and select InternetInformation Services (IIS) Manager.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Expand SERVER \u0026gt; Sites \u0026gt; Default Web Site. In details pane, go to IIS section and double-click the Authenticationicon.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 Select Anonymous Authentication and in the Actions pane, clickDisable. Select Basic Authentication and in the Actions pane, click Enable.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Ensure you have powered on the required devices defined in the introduction connect to CLIENT device. Start WireShark from desktop.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Click Capture menu and choose Options.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 In WireShark: Capture Options dialogue box, change the network interface, so that the IP address indicates 192.168.0.2 Click in Capture Filter and type port 80 then click Start.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Open Internet Explorer and browse to http:\/\/server At the authentication prompt insert the following credentials: User name: classroom\\administrator Password: Pa$$w0rd Press Enter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 The default IIS page should be displayed.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 Close the browser. Switch to WireShark and click Capture menu and choose Stop.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Click in the Filter box and type http Click Apply. Look for the HTTP packets described as “GET \/ HTTP\/1.1?.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 With this packet selected, expand the Hypertext Transfer Protocolanalysis in the middle pane. Look for the Authorization line. Expand the Authorization option and you will see the credentials you supplied are shown in clear text.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 The string after “Basic Y2xh…” is the encoded version. Unlike a cryptographic code, this requires no special key or passphrase to decode however.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 13 Connect back to SERVER device and open the default web site’sAuthentication property sheet in IIS Manager again. Select Basic Authentication and in the Actions pane, click Disable.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 14 Select Windows Authentication and in the Actions pane, clickEnable.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 15 Right-click on Windows Authentication and choose Providers…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 16 In Providers dialogue box, select NTLM and choose Move up. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 17 Switch to the CLIENT device. Go to Wireshark and click Capturechoose Start.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 18 Select Continue without saving.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 19 Open Internet Explorer and browse to http:\/\/server The default IIS page should be displayed.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 20 Switch to Wireshark and go to Capture then select Stop. Close the browser.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 21 Look for GET \/ HTTP\/1.1, NTLMSSP_NEGOTIATE packet in Wireshark. Also look for additional GET\/HTTP\/1.1 packets which can provide additional information about authentication. Expand the Hypertext Transfer Protocol and locate theAuthorization field. You will notice that the user credentials are no longer displayed in clear text but a long security identifier string.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 22 Right-click any HTTP packet and select Follow TCP Stream. Note that the contents of the web page delivered are easily readable. Also note the information about the browser (user-agent) used.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 23 The TCP stream content is displayed in the console so that you can track what has network traffic has taken place during the session. Take note of the Authorization section. Click Close. Exit from WireShark. Choose Quit without Saving when asked.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 24 Switch back to SERVER device and open the default web site’sAuthentication property sheet in IIS Manager again. Select Windows Authentication and in the Actions pane, clickDisable.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 25 Select Anonymous Authentication and in the Actions pane, clickEnable. Leave all devices powered on in their current state and proceed to the next exercise.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eExercise 2 – Encryption\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eMost operating systems have built-in encryption tools for protecting user data on corporate computers. In this exercise, you will use encrypting file system (EFS) to protect data stored on a computer. Please refer to your course material or use your preferred search engine to research this topic in more detail.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Use Data Encryption Recovery Agent\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch to SERVER and go to Start \u0026gt; Administrative Tools \u0026gt; ActiveDirectory Users and Computers.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Go to Users container and click New User button.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 From New Object – User, use the following values: First name: John Last name: Smith User logon name: john.smith Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Type Passw0rd In each text and clear User must change password at next logon Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Click Finish.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Right-click on John Smith and choose Add to a group…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 From Select Groups box, type Domain admins Click Check Names and then OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 Click OK. Close Active Directory Users and Computers.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 Click Start, go to Administrative Tools \u0026gt; Group Policy Management.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Right-click on Default Domain Policy and choose Edit…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 In Group Policy Management Editor, go to Computer Configuration\u0026gt; Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; Public KeyPolicies and click Encrypting File System. Right-click Administrator and choose All Tasks \u0026gt; Export…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 Click Next in Welcome to the Certificate Export Wizard page.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 13 In Export Private Key page, select Yes, export the private key. Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 14 From Export file format, select Include all certificates in thecertification path if possible. Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 15 In Password page, type Pa$$w0rd Pa$$w0rd In each text box and then click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 16 In File to Export, type C:\\administrator Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 17 Click Finish to close Completing the Certificate Export Wizard page.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 18 Click OK. Close Group Policy Management Editor and Group Policy Management console.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 2: Test Data Encryption\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch to Practice Labs web application. Select PLABDC01 and clickDisable\/Enable Auto login. Verify that x icon is displayed.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Connect to CLIENT device and use the following credential: John.smith Passw0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 Click Agree if presented with the BGInfo license agreement page. Right-click on Start and choose Explore…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Create a folder in Local disk C and name it JohnSmith\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Create a text document in c:\\JohnSmith folder and call it Confidential.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Right-click on JohnSmith folder and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 In JohnSmith Properties, click Advanced…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 In Advanced Attributes, select Encrypt contents to secure data. Click OK twice.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 From Confirm Attribute Changes, verify that Apply to changes to thisfolder, subfolders and files is selected. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Right-click on Confidential text document and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 From Confidential Properties, click Advanced…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 From Advanced Attributes, click Details.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 13 From Encryption Details dialogue, notice that the recovery agent is the Administrator account. Click OK thrice.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 14 Log off John Smith from CLIENT device.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 3: Export Data Recovery Certificate\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Connect to CLIENT. Log on using the following credential Administrator Pa$$w0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Open Windows Explorer and go to c:\\JohnSmith folder. Double-click Confidential text document.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 The administrator gets an Access is denied message. Click OK. Close Notepad and minimize Windows Explorer.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Click Start and go to Run box, then type Mmc Press Enter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 From Console1, go to File \u0026gt; Add\/Remove Snap-in…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 From Add\/Remove Snap-in, click Add…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 From Add Standalone Snap-in, click on Certificates. Choose Add.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 In Certificates snap-in, click My user account. Click Finish.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 Click Close then OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Right-click on Personal and choose All Tasks \u0026gt; Import…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 Click Next in Welcome to the Certificate Import Wizard. Summary In this module, you learnt how to configure the different authentication methods in Internet Information Services. You tested their security by capturing a network trace using WireShark. A way to protect user data in a workstation is by using Encrypting File System (EFS). It is important that a recovery agent certificate must be in place to recover encrypted data from a computer.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 In File to Import, type \\\\server\\c$\\administrator.pfx Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 13 In Password page, type Pa$$w0rd Click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 14 In Certificate Store page, click Next.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 15 Click Finish to close Completing the Certificate Import Wizard.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 16 Click OK then close Console1 without saving changes. Open Windows Explorer and go to c:\\JohnSmith folder. OpenConfidential text document.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 17 Confidential text document opens without errors. Close Notepad and log off Administrator from CLIENT device. Shut down all virtual machines used in this exercise using Practice Labs power button function to revert these devices to their default settings. Alternatively, you may sign out of the lab portal to power down all devices.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 1 You Decide SEC370 Lab 2 Create Firewall Rules SEC370 Lab 3 You Decide Activity SEC370 Lab 4 Disabling Unnecessary Services SEC370 Lab 5 Policy Paper\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 5 Policy Paper\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eReview the Network Attacks tutorial in the lecture.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eSubmit a three- to five-page (800–1,200-word) security policy write-up for the antivirus, spyware, and adware policies for a medium-sized organization. Be sure to suggest security tools, and set up a schedule for maintaining a company that is free of infestations of malware.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 1 You Decide SEC370 Lab 2 Create Firewall Rules SEC370 Lab 3 You Decide Activity SEC370 Lab 4 Disabling Unnecessary Services SEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 4 Disabling Unnecessary Services\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eExercise 1 – Disabling Unnecessary Services\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this exercise, you will disable unnecessary services for laptops that are taken by users outside of the corporate network. It is essential that unneeded network services are turned off to minimize the number of ports that are open when these mobile computers are connected to the public network such as the Internet. Please refer to your course material or use your favourite search engine to research for more information about this topic.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Create a Policy to turn off non-essential services\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this step, you will use group policy to disable non-essential network services on user computers.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Ensure you have powered on the required devices and connect to PLABC01. In Server Manager, go to Tools \u0026gt; Active Directory Users andComputers.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Expand PRACTICELABS.COM and click Create a new organisationalunit in the current container icon.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 In New Object-Organizational Unit, type Mobile Computers Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Go to Computers container, select PLABWIN701, PLABWIN801 andPLABWIN810 devices. Right-click on the selection and choose Move…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 In the Move box, select Mobile Computers and click OK. Close Active Directory Users and Computers.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Go back to Server Manager, go to Tools \u0026gt; Group PolicyManagement.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Right-click on Mobile Computers and choose Create a GPO in thisdomain and link it here…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 In New GPO box, type Mobile Computers Restrictions, then click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 Right-click on Mobile Computers Restriction and choose Edit…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 In Group Policy Management, go to Computer Configuration \u0026gt;Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; SystemServices. In the right-details pane, right-click on Themes and chooseProperties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 On Themes Properties, select Define this policy setting box and choose Disabled. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 In Group Policy Management, go to Computer Configuration \u0026gt;Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; SystemServices. In the right-details pane, right-click on Server and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 13 On Server Properties, select Define this policy setting box and choose Disabled. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 14 In Group Policy Management, go to Computer Configuration \u0026gt;Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; Local Policies \u0026gt;Security Options Right-click on Accounts: Rename administrator account and chooseProperties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 15 In the Accounts: Rename administrator account… click Define thispolicy setting and type Localpcadmin Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 16 In Group Policy Management, go to Computer Configuration \u0026gt;Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; Local Policies \u0026gt;Security Options Right-click on Interactive logon: Message text for users attemptingto log on and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 17 In the Interactive logon: Message text for users… click Define thispolicy setting in the template and type This workstation is for authorised users only. Log on to this system is monitored for compliance to security policies. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 18 Right-click on Interactive logon: Message title for users attemptingto log on and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 19 In the Interactive logon: Message title for users… click Define thispolicy setting in the template and type Notice Click OK. Close Group Policy Management Editor and Group Policy Management console.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 2: Verify Computer Policy Restriction\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch to Practice Labs web application, click Disable\/Enable autologin button. Verify that x is displayed. Select PLABWIN701 and click on Reboot this device button.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Connect to the PLABWIN701 device after about 1 minute. Then login with the following credentials: John.smith Passw0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 Click Agree if you see the BGInfo license agreement page. Click Start, in Search programs and files box, type Services.msc Press enter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Verify that Themes is Disabled. Right-click on it and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Notice that the controls to start and change the Start-up type of this service are not available. Click OK and close Services.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Click Start and in Search for programs and files box, type Gpupdate \/force Press Enter. Log off John Smith.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Reconnect to PLABWIN701. Verify that the log on message screen is displayed. Click OK. Note: If the log on message did not appear, restart PLABWIN701.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 Sign on as practicelabs\\administrator password is Passw0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 Click Start, right-click Computer and choose Manage…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Go to Local Users and Groups node, click Users and verify thatLocalpcadmin is present. This is the renamed Administrator built-in account. The account was renamed because of group policy object. Close Computer Management and log off Administrator. Leave all devices powered on in their current state and proceed to the next exercise.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eExercise 2 – Protecting Management Interfaces and Applications\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this exercise, you will use group policy objects to protect certain programs from being run by regular users. You will prevent some users to run applications that are not allowed by system administrators. Please refer to your course material or use your preferred search engine to research this topic in more detail.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Disallow users to run some Windows applications\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch to PLABDC01. Go back to Server Manager, go to Tools \u0026gt;Group Policy Management.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Right-click on EMEA and choose Create a GPO in this domain andlink it here…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 In New GPO box, type Prohibit Access to Control Panel Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Right-click on Prohibit access to Control Panel and choose Edit…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 In Group Policy Management Editor, go to User Configuration \u0026gt;Policies \u0026gt; Administrative Templates \u0026gt; Control Panel. Right-click on Prohibit access to Control Panel and PC settings, choose Edit.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 In Prohibit access to Control Panel and PC settings, choose Enabled. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Back in Group Policy Management Editor, go to User Configuration \u0026gt;Policies \u0026gt; Windows Settings \u0026gt; Security Settings. Right-click on Software Restriction Policies and select NewSoftware Restriction Policies.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 Two sets of folders will appear. Right-click on Additional Rules and choose New Path Rule…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 From New Path Rule, use the following settings: Path: C:\\Windows\\system32\\cmd.exe Security level: Disallowed Click OK. Close Group Policy Management Editor window.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 2: Set a Network Password Policy\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 In Group Policy Management console, right-click on Default DomainPolicy and choose Edit…\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 In Group Policy Management Editor, go to Computer Configuration\u0026gt; Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; AccountPolicies and click on Account Lockout Policy. Right-click on Account lockout threshold and choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 In Account Lockout threshold, change the value to 3 Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 If the suggested value change appears, click OK to accept the changes. Close Group Policy Management Editor window. Keep Group Policy Management console running.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 3: Verify the network restrictions\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch to PLABWIN701 and sign on as jan.regus password isPassw0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Click Agree if you see the BGInfo License Agreement page. Click Start and in Search programs box, type Cmd Press Enter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 A message box appears indicating that command prompt is blocked by group policy. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Click again on Start and in Search box, type Control Press Enter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 A message box appears, indicating control panel is not allowed to be used by the user currently signed on. Click OK. Log off Jan Regus from PLABWIN701. Leave all devices powered on in their current state and proceed to the next exercise.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eExercise 3 – Renaming Unnecessary Accounts for Security\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this exercise, you will rename the Guest account which is common to all Windows devices. This account although disabled is provided with the system for convenience purposes-mostly useful for part time users of a network. Please refer to your course material or use your preferred search engine to research this topic in more detail.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Create Policy for Guest Account\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Switch back to PLABDC01 and reopen Group Policy Management Console. Expand Forest: PRACTICELABS.COM \u0026gt; Domains \u0026gt;PRACTICELABS.COM. Right-click on Default Domain Policy and choose Edit.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 In Group Policy Management Editor, go to Computer Configuration\u0026gt; Policies \u0026gt; Windows Settings \u0026gt; Security Settings \u0026gt; Local Policiesand click on Security Options. Right-click on Accounts: Rename guest account and chooseProperties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 In Accounts: Rename guest account… select Define this policysetting box. Type: Visitor Click OK. Close Group Policy Management Editor and Group Policy Management console.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 Go to Practice Labs web application, select PLABWIN701 and chooseReboot this device button.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 When PLABWIN701 is done rebooting (green light is on) connect to it and sign on as practicelabs\\administrator password is Passw0rd\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Click Start and right-click Computer choose Manage.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Go to Local Users and Groups, go to Users container and verify thatVisitor user account is available. Shut down all virtual machines used in this exercise using Practice Labs power button function to revert these devices to their default settings. Alternatively, you may sign out of the lab portal to power down all devices.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eSummary\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this module you learnt how to secure a network by doing the following tasks: How to disable unnecessary services to minimize the attack surface of a computer How to protect certain programs from being accessed by regular users using group policy. How to rename non-essential built in user accounts to prevent those accounts from being used by unauthorised users.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 1 You Decide SEC370 Lab 2 Create Firewall Rules SEC370 Lab 3 You Decide Activity SEC370 Lab 5 Policy Paper SEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 3 You Decide Activity\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eReview the Public Key Infrastructure, Hashing and Digital Signatures, Cryptography: Public Key Encryption, and Cryptology tutorials in the lecture. Go to http:\/\/nmap.online-domain-tools.com\/, and generate a report for your PC. Go to http:\/\/www.md5decrypter.co.uk, and decrypt the following.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e5f4dcc3b5aa765d61d8327deb882cf99—MD5 200ceb26807d6bf99fd6f4f0d1ca54d4—MD5 391d878fd5822858f49ddc3e891ad4b9—NTLM a2345375a47a92754e2505132aca194b—NTLM\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eThe data you will be collecting for this activity will be used to help complete your Course Project assignments for the next several weeks. Access the You Decide activity page by clicking on the item in the left-hand navigation for more details.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eSubmit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eSee the Syllabus section “Due Dates for Assignments \u0026amp; Exams” for due date information.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 1 You Decide SEC370 Lab 2 Create Firewall Rules SEC370 Lab 4 Disabling Unnecessary Services SEC370 Lab 5 Policy Paper SEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 2 Create Firewall Rules\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eIn this exercise, you will configure Inbound and Outbound Windows Firewall rules. Please refer to your course material or use your favourite search engine to research for more information about this topic.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 1: Enable Firewall and Verify Inbound Rules\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 1 Ensure you have powered on the required devices and connect toPLABWIN701 device. Go to system tray and right-click on network icon, choose OpenNetwork and Sharing Centre.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 Click Windows Firewall.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 Verify that Windows Firewall is enabled for all network profiles –Domain, Home or network and Public. Click Advanced settings.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 In Windows Firewall with Advanced Security, go to InboundRules. Right-click on File and Printer Sharing (Echo Request –ICMPv4-In) – Private, Public and choose Enable.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Verify that File and Printer Sharing (Echo Request – ICMPv4-In) – Domain is Enabled. Minimize Windows Firewall with Advanced Security.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Ensure you have powered on the required devices and connect toPLABWIN810 device. Right-click network icon and choose Open Network and SharingCenter.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 From Network and Sharing Centre, click Windows Firewall.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 Verify that Windows Firewall state is On for all network profiles – Domain, Private and Guest or private networks. Click on Advanced settings link.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 9 On Windows Firewall with Advanced Security, go to InboundRules and right-click on File and Printer Sharing (Echo Request- ICMP-v4-In) Domain and choose Enable Rule. Note that green tick, indicating that ICMPv4 packets will pass through the interface.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 10 Right-click on File and Printer Sharing (Echo Request – ICMP-v4-In) Private and choose Enable Rule. Minimize Windows Firewall with Advanced Security.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 11 Open command prompt and type ping 192.168.0.5 You should get the usual four standard replies. Minimize command prompt window.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 12 Go to PLABWIN701 and open a command prompt. Type ping 192.168.0.4 You get the four standard replies. Minimize command prompt window.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eTask 2: Configure Outbound Rules and Test Connectivity Step 1\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eGo to PLABWIN810 device and reopen Windows Firewall withAdvanced Security. Navigate to Outbound Rules and right-click on File and PrinterSharing (Echo Request – ICMPv4-Out) Domain, chooseProperties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 2 On File and Printer Sharing (Echo Request- ICMPv4-Out)Properties, select Enabled box and Block the connectionoption. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 3 Right-click on File and Printer Sharing (Echo Request -ICMPv4-Out) Private, Public choose Properties.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 4 On File and Printer Sharing (Echo Request- ICMPv4-Out)Properties, select Enabled box and Block the connectionoption. Click OK.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 5 Restore command prompt window and type ping 192.168.0.5 Notice the General failure message as the Outbound interface has blocked ICMP packet from leaving.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 6 Go back to Windows Firewall with Advanced Security and right-click the File and Printer Sharing (Echo Request-(ICMPv4-Out) Domain and choose Disable Rule.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 7 Right-click the File and Printer Sharing (Echo Request-(ICMPv4-Out) Private, Public and choose Disable Rule.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eStep 8 Reopen command prompt. Verify that ICMP packets are allowed to go through the Outbound interface. Type ping 192.168.0.5 Shut down all virtual machines used in this exercise using Practice Labs power button function to revert these devices to their default settings. Alternatively, you may sign out of the lab portal to power down all devices.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 1 You Decide SEC370 Lab 3 You Decide Activity SEC370 Lab 4 Disabling Unnecessary Services SEC370 Lab 5 Policy Paper SEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\n\u003cb\u003e\u003cspan\u003eSEC370 Lab 1 You Decide\u003c\/span\u003e\u003c\/b\u003e\u003cb\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/b\u003e\n\u003c\/h2\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003ePerform reconnaissance on a target company of your choice using Google, their website, Whois, and nslookup to find out\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003ewhere the company is; who works there; what IP addresses comprise its network; what its mailserver IP is; what its URL is; and How many other sites link to it.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eThe data you will be collecting for this activity will be used to help complete your Course Project Assignments for the next several weeks. Access the You Decide activity page by clicking on the item in the left-hand navigation for more details.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003eYou May Also Like: SEC370 Lab 2 Create Firewall Rules SEC370 Lab 3 You Decide Activity SEC370 Lab 4 Disabling Unnecessary Services SEC370 Lab 5 Policy Paper SEC370 Lab 6 Authentication Methods\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"MsoNormal\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003c\/p\u003e","brand":"Take My Online Class","offers":[{"title":"Default Title","offer_id":53405495591187,"sku":null,"price":39.99,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0966\/3794\/4083\/files\/SEC370EntireCourseCapture1.png?v=1770054268","url":"https:\/\/takemyonlineclass.store\/products\/new-full-course-guide-sec370-computer-incident-response-wilmington-university_id-nfubwzkt5y7","provider":"Take My Online Class","version":"1.0","type":"link"}