System Security q1: /2 + 2 points are awarded for the two report files. No partial marks. System Security q2: /3 + 1 point for john and ripper report summary with bad system passwords + 1 point for a good documentation on how to setup password policy on a system + 1 point for evidence that the recommendations were implemented on a system (such as, relevant files are submitted). System Security q3: /2 + 1 point for report summary with bad system passwords + 1 point for implementing a good password policy (relevant files, screenshots, etc. are submitted). System Security q4: /5 +1 point for submitting the evidence that the initial assessment was done and the initial score +1 point for submitting the evidence that the final assessment was done with the final score +2 points for the report explaining how http/smtp server functionality was enabled, and ssh access from the local network. +1 point for the todo list with additional suggestings: updating/patching software, securing boot, physical security, etc. Network q1: /5 Services and versions running on the network +3 give report +2 summary Network q2: /10 10/10 Simple firewall script satisfying all requirements 8/10 Firewall script satisfying all requirements (possibly does not make best use of iptables or missing a constraint) 6/10 Firewall script, missing some constraints 2/10 Something that looks like a firewall script Here's a sample script: (variations of this are possible, please keep it in mind) /sbin/iptables -F /sbin/iptables -t nat -F /sbin/iptables -t mangle -F # default policy for drop /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP # enable related,established connections /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # (b) # - Allow SMTP traffic to 192.168.0.100 /sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to 192.168.0.100:25 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 25 -j ACCEPT # Port 80 HTTP: # - Allow HTTP traffic to 192.168.0.100 /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.100:80 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 80 -j ACCEPT # Port 443 HTTPS: # - Allow HTTPS traffic to 192.168.0.100 /sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j DNAT --to 192.168.0.100:443 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 443 -j ACCEPT # (c) Allow Ubuntu to connect to external mail servers on port 555 # (no need to specify destination IP, but it's fine if set it to RH IP) /sbin/iptables -A FORWARD -p tcp --dport 555 -s 192.168.0.100 -j ACCEPT # (d) Allow 192.168.0.80 to ssh and ftp into the firewall. No other access into the firewall is permitted. /sbin/iptables -A INPUT -p tcp --dport 22 -s 192.168.0.80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -s 192.168.0.80 -j ACCEPT # (e) Allow 10.10.10.130,131 (outside the local network) to ftp and ssh into the web/mail # server by using ports 3344 and 3345 respectively on the external side of the firewall. /sbin/iptables -t nat -A PREROUTING -p tcp -s 10.10.10.130 --dport 3345 -i eth0 -j DNAT --to 192.168.0.100:22 /sbin/iptables -t nat -A PREROUTING -p tcp -s 10.10.10.131 --dport 3345 -i eth0 -j DNAT --to 192.168.0.100:22 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 22 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -p tcp -s 10.10.10.130 --dport 3344 -i eth0 -j DNAT --to 192.168.0.100:21 /sbin/iptables -t nat -A PREROUTING -p tcp -s 10.10.10.131 --dport 3344 -i eth0 -j DNAT --to 192.168.0.100:21 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.100 --dport 21 -j ACCEPT # (f) The CEO has a windows box inside the private network (192.168.0.70). # The CEO (with fixed IP 10.10.10.132) would like to have remote desktop access to his desktop on port 7784. /sbin/iptables -t nat -A PREROUTING -s 10.10.10.132 -p tcp --dport 7784 -i eth0 -j DNAT --to 192.168.0.23:7784 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.70 --dport 7784 -j ACCEPT # OR /sbin/iptables -t nat -A PREROUTING -s 10.10.10.132 -p tcp --dport 7784 -i eth0 -j DNAT --to 192.168.0.23:3389 /sbin/iptables -A FORWARD -p tcp -d 192.168.0.70 --dport 3389 -j ACCEPT # (h) Finally, imagine that the only routable IP is 10.10.10.10. # All internal machines should share this IP for Internet traffic. # - We only allow (http,https) to be the Internet traffic /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.10.10.10 # - Allow http /sbin/iptables -A FORWARD -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -j ACCEPT # - Allow https /sbin/iptables -A FORWARD -s 192.168.0.0/255.255.255.0 -p tcp --dport 443 -j ACCEPT Network q3: /10.5 No marks for the answer only. Full marks for the answer + explanation of how it was discovered (1 or 2 sentences is good enough). a) What is the source IP of the email sender? (0.5) 192.168.1.159 b) What is the computer ID of the email sender? (0.5) annlaptop c) Who is the sender of the email? (0.5) kgb spycover d) What username does the sender of the email use to log into the mail system? (1) sneakyg33k@aol.com e) What is the sender's email? (0.5) sneakyycio@nsa.com f) Do you find any vulnerabilities in the mail system? (1) Yes, the mail system allowed the kgb spy to send email from a different address than he used for login. g) What organization was the email sent to? (0.5) nsa h) What encoding scheme does the mail system for coding usernames/passwords use? (0.5) BASE64 i) What is the email password? (1) 558r00lz j) Who was an email sent to? (0.5) mistersecretx@nsa.com k) What is the NAME of the attachment sent? (0.5) secretrlocationn.docx l) What is the person instructed to bring with him? (0.5) Print out of the location file, fake password, bathing suit. m) What is the MD5sum of the attachment sent? (1) 9e423e11db88f01bbff81172839e1923 n) In what CITY is their meeting point? (1) Playa del Carmen (Mexico) o) What is the MD5sum of the image embedded in the document? (1) aadeace50997b1ba24b09ac2ef1940b7 Network q4: /10 The students needed to spoof the source IP (to 192.168.0.100) and destination port (to 555) of the packets sent out from backtrack on the private network. (script 1) Script 2 needed to capture (sniff) the traffic on the receiving end, filter and print out the secret message only. 10/10 for submitting the working 2 scripts along with clear explanation/documentation of how to use them. 8/10 for submitting the working 2 scripts with unclear explanation/documentation 6/10 for working scripts with no documentation 4/10 for something BONUS 1: To prevent the administrators from noticing this secret message, encrypt/decrypt the message using any encryption algorithm (2 points). BONUS 2: Extend the functionality to support sending any file (4 points).