Simon Arndal, David Herreborg and Georgi Petrov
Status 3/11-2010
A presentation of the system (working for now) were performed. And what is working now is that we have the pfSense machine running as a gateway and DHCP server. It has two interfaces (wan and lan -> red and green interfaces). Externally we have an "intruder" pc and internally we have a pc running windows (containing apache and mysql server, which are going to be compromised later on).
Additionally we have a network administrator on the green interface. Both the server pc and the admin pc is hooked up to a router, which configuration has been modified to be operating as a switch internally.
Below a block diagram of the lastest working system is shown
As well the lessons today were used to start up report writing and searching for metasploits, which is what we will focus at in the upcomming lessons.
Furthermore the content of the demonstration friday were discussed and agreed.Timeline (PROGRESS)
--> 27/10-2010 <--
- Hardware requirements fullfilled (except one missing NIC)
- Software required installed (open source programs used)
- pfSense installed (Router/firewall software)
- Apache and MySQL are up and running (Webserver and Database)
- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)
- HSLAB HTTP Monitor Lite installed (Apache monitoring software)
- Set up HSLAB HTTP Monitor Lite.
- Done research about snort + snort together with pfSense.
- Presentation of work so far and basic idea. --> kl. 09:56
--> 28/10-2010 <--
- Network interface card has been inserted to the pfSense PC.
- Presentation of the progress and the setup of "Caps WebDesign" --> kl. 12:23
--> 01/11-2010 <--- Add rules to the snort IPS system (Common task)
- Find another solution for monitoring the Apache server traffic internally (Simon)
- Make the Apache and MySQL more reliable (Simon)
- Add a Network Interface Card to the pfSense machine (David)
- Install snort package for pfSense (Georgi)
- Install snort package for pfSense (Georgi)
- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.
--> 01/11-2010 <--
- Decide on whether pfSense is the right system for us to use (Common task)
- We have chosen to move on with pfSense and Snort together.
- Get snort to work probberaly-->02/11-2010--<
- Tested where the snort was placed in the setup. (before the firewall)
- Figured out how the blocked function operates (update time)
- Proved that the setup is now reliable
-->03/11-2010--<
- Presentation of the progress --> kl. 09:05
- Search of Metasploits
- Find out what rules should be added to snort for alerting and blocking apache-webserver intrusion. (Gerogi)
- Search for common server vulnerbilities (Georgi,Simon)
- Find out what is metasploit (Common task)
- Find interesting metaspoilts (Common task)
What to do (future events):
- Do penetration testing with metasploit. (Common task)
- Write on the report
Presentation(s):
Upcomming presentation: 5th of November 2010
About: Metasploit v. 0.1
I hope you it is a typo that you are doeing presentations the 6th. It is just cruel to force the teacher to show up on a saturday.
SvarSletWhy does the intruder PC have a static IP?
Hehe that's a smaller mistake.. THE 5TH please!
SvarSletIt hasn't.. we have just forgot to remove that point. The reason why it is shown in the diagram is because we assumed in the beginning we had to be on the same subnet as pfSense' wan IP address to do ping exercises.
We are sooooooooo sorry to misinform you about this, coach.