• Summaries the backup and restore functions of Windows Server Backup you used in the lab.

Backup process

I needed to connect to a virtual machine named PlabDC01 from there i went to the powershell and inputted some required commands to create a partition and that we needed to clean before being able to use it.

After the installation process had completed i repeated the steps for another virtual machine named PLABDM01

One i completed setting up the backups for both machines through the tools dropdown menu i navigated back to the first virtual machine and from the tools dropdown menu i clicked on server backup and followed the steps through the backup wizard. After i setup a scheduled i ran the backup process.

Recover process

for the recover process i navigated to back to the backup window through the tools dropdown and right clicked on the desired drive. I then selected recover. This step took a few minutes and required a restart/login

• Discuss the protection Windows Server Backup provides.

In today’s climate data has become the most valuable resource and companies need to take the appropriate steps to ensure that the data they hold is safe guarded. This is achieved through regular data backup that take place daily and automatically as to avoid any potential human error. As there are a number of disasters that are out of the control of the company such as fire and earthquakes it is advisable to have the backups stored offside and in a different country or region of the country.

This is to ensure that if the company were to suffer any natural disasters and the building suffered damages the data backups stores are kept out of harms way.

Summaries the functions of BitLocker you used in the lab (Just focus on BitLocker not GPO). Discuss the protection BitLocker provides the user. How the Recovery Key should be stored securely.

BitLocker was used to Lock a drive specified by myself. This was achieved by first creating a partisan drive which i named D:

through a gpo we enabled the option to use Bitlocker on the windows 8 machine. Once the partition drive was created all you needed to do was to right click on the drive and select BitLocker. In the setup of bitlocker we selected password protection and created a password. At the same time we also created and stored a recovery key for the drive and stored it within the documents folder.

The drive displayed a lock icon and depending if you restated the computer or not the drive got locked requiring either the password to gain access or by selecting the more options tab and selecting unlock with the recovery key. Both methods unlocked the drive for use.

To lock the drive all you needed to do was to restart or power off the computer.

For the storage of the recovery key I would not store on the same computer but instead store it on a lockable external drive or usb.

• The authentication method used  

For this lab we setup a RADIUS authentication for users for the purpose of gaining access to the server remotely from outside the network

• The security policy that was created 

we created a VPN that only accepted requests from 10.10.0.100 – 10.10.0.120

We then had to great a policy named IT_NetworkPolicy that gave access to the windows user group Globalit

• The accounting method used (i.e Logs)

The report that was created is a method of monitoring the access of a user while they are connected to the network. This is in the form of a log report that records the users activities.

We had to download a 3rd party program called IAS log viewer that provided a good platform for viewing the activities of the user by providing a easy to read GUI

Identify issues affecting Wi-Fi security and compare with what you can observe from the NMIT Wi-Fi network that is publicly available or where you have access to connect.

The NMIT provide their current students with access to their wi-fi connection so that they can have access to the Moodle website that holds all the online resources for each subject.

The library has a large number of computers that students can use to access Moodle if they do not have a digital device of their own such as a laptop.

However, to gain access to the library all that a person needs to do is walk in. as long as they look like a student they will not be stopped at the door.

Once a person has access to the computer room all they need to do is wait for a person to leave one of the computer’s unattended while being sighed in. This will allow the attacker to gain access to the network through someone else account information that could be recorded for later use on a device off site.

Based on the Documentation if a school is going to have devices publicly accessible the best step is to ensure that it uses User Authentication rather that device Authentication. This will ensure that only registered current students have access to tho wi-fi through those devices. However, to secure the Access points even further locking the computers behind a locked door accessed only by current student cards will record and restrict who has access to the computers.

1. Investigate and discuss the configuration required on a firewall for a web server providing
   1. HTTP

HTTP is a web standard to secure an encrypted link between a web server and a web client. In order to allow this connection to work correctly over a network the firewall needs to be configured to open port 80.

HTTPS

Runs on port 443 and secures sensitive information such as passwords over the network by making them hard to decrypt. You will need to make sure that the inbound rules in your firewall are set to allow port 443.

1. FTP over TLS/SSL 

Secure File transfer protocols (FTP) are send on the same port as non secure communications. There are two types of FTPS that we can have a closer look at

Explicit FTPS:

By default port 21 is used for the control channel between both the server and client. when the client connects to the server through the control channel. it will then negotiate over the SSL and TLS in order to gain access to the control or data channel.

Implicit FTPS:

this is regarded as an older form of transfer over SSL. In Implicit a SSL handshake needs to take place before communication can occur. Implicit transfer works on port 990.

1. SMTP for sending emails from the websites
   1. Remote Administration

SMTP stand for simple mail transfer protocol which is used by a websites email service to make it easier for them to send emails more reliability so that it does not get blocked or send to the spam folder for the recipient.

The administrator will need to specify which domain name is allowed through the firewalls so that the emails do not get blocked.

1. Investigate and discuss the configuration required on a firewall for a database server providing
   1. MariaDB 

Was created by the same developers of MySQL and is a popular database server that can be used to backup information from websites

In order to ensure that your firewalls are not blocking MariaDB from doing its job you will need to make sure that inbound rules on the server side allow port 3306 access.

1. Remote Administration

In order to allow access remotely to the Database server an inbound firewall rule need to allow port 1433

1. Investigate and discuss the use and function of the NAT Firewall in a security context

Network Address Translation allows devices on a network to access the internet via a shared gateway. Thanks to the NAT all devices traveling through the gateway will have the same local ip address. In regards to NAT firewalls it offers a front line defense against exposure to the internet. If any packets or connection requests come from the internet side without any approval from any device on the local network the NAT firewall discards the packets.

2.Investigate and discuss at least two uses of OpenSSH on either Windows or Linux

A)Open source of Secure shell that allows cross platform management of remote systems. On Windows OpenSSH allows for a secure approach to systems administration.

It offers a set to tools that can be used to Authenticate windows users across domains

B)sftp.exe is the service that provides the Secure File Transfer Protocol, and runs over SSH to help secure file transfer.

1. AD Certificate Services and CA Web Enrollment

Active directory service enables both users and computers to perform certificate enrollment through the HTTPS protocol. This accepts certificate requests and issue certificates as needed. This helps users that are not part of a domain to receive certificates.

1. Key Archival and Key Recovery Agent 

Is the process of saving a copy of the key to a central location for the purpose of recovery if the key is deleted or lost.

The reason for key archives is to safeguard any data loss that may occur if a user is deleted from the system and the private key is lost.

In order to backup and recover a key the user will need to run the certificates snapin fuction and export the key.

Investigate and discuss two uses of PKI in an organisation such as NMIT

As NMIt relies on Moodle for the distribution of course content for both student and lectures that access the website from their own devices both mobile and laptops NMIT will rely heavily on PKI to safeguard the content of their website and ensure that all who are connecting to the site are connected to the legitimate NMIT Moodle site via the 3 way hand shack.

As NMIT handles a large amount of their business over the web through their Moodle they rely on the PKI and CA to protect the sensitive data being exchanged over the web. NMIT has a large amount of international students that will be communicating mainly through Moodle.

1. Discuss how to use Cain & Abel to initiate a brute force attack.

from within the Cain and Abel Window select the user you wish to attack and right click and select Brute force attack. then make sure to select NTLM hashes. You will need to select the password length. You will need to decide if you are going to use the Custom or predefined tabs.

Finally click start and wait for the result.

What does NTLM hashes mean:

NT Lan Management which is a Windows Authentication protocol(Sanders, 2010)

1. Discuss the problems with using the brute force attack and compare and contrast with another password attack.

Based on the experience from the Cain and abel lab brute force attacks can take a long period to complete (days and months or even years). With the option of manipulating the password length you can extend the time taken to complete the task.

What is a Rainbow table?

Rainbow tables is a collection of passwords that have been encrypted by getting converted in a hash- which is a selection of random letters and numbers. Once a password has been hashed it cannot be converted back into plain text.

They way in which a Rainbow attack works is by preforming a cryptanalysis extremely fast. In order to try and avoid a Rainbow table attack you can add “salt”technique which is random data passed into the hash. By adding a random data both the plain text and the hash will ensure that each hash is unique making it impossible to use a predetermined Rainbow table.

Compared to a brute force attack that tries to guess each character from words in a dictionary a Rainbow table attack.(geeksforgeeks, 2018)

Bibliography

geeksforgeeks. (2018, June 10). Understanding Rainbow Table Attack. Retrieved from geeksforgeeks: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/

Sanders, C. (2010, January 20). Retrieved from techgenix: http://techgenix.com/how-cracked-windows-password-part1/