Description
Set up server linux and windows , set up servers instructions are below . After sever set up please configure server and hardeningservice group 2 ( POP3S,IMAP.SMTPS,DNS) all service ports from group one should all be open after configuring any services other than those I just announced should be closed . Once you are done scan my partners sever fill out the services check list template I have attached below I have attached ip addresses below my username is xmorganServer website https://seclab2.kennesaw.edu/Server status check #1 assignment. You will scan and report on 1 group member’s servers using the checklist template. Do NOT wait for your member’s permission as these should be configured already with service group 1 required services and hardened. Use Team reservation in Netlab and make sure both all labs and Vuln are reserved at same time
Unformatted Attachment Preview
CYBR 4220 Server setup notes
Linux – Ubuntu 20.04 LTS
In the Netlab environment, it will have you start by going through the installations questions.
•
Students are prohibited from installing a GUI on the Linux server
•
Configure IP address manually
o The NIC is set to get an IP address via DHCP by default – YOU MUST
CHANGE THIS
o See D2L for your individual IP address
o Netmask – 192.168.5.0/24
o Gateway – 192.168.5.1
o NameServer address – 8.8.8.8
•
Leave the proxy details blank, you are not using one
•
Leave the Ubuntu archive mirror value as-is
•
For the filesystem setup, choose “Use An Entire Disk” – DO NOT CHOOSE the LVM
option
•
Servername – your netid-linux (e.g. jlesueu1-linux)
•
User name details – Use your name, use netid as your login name
•
Password – set it, DO NOT LOSE OR FORGET IT. There is no recovery option, you
will have to rebuild
•
You may choose to install openssh and postgres10 during installation or wait to manually
configure these later in the semester.
•
After install and reboot, log in.
•
Set up an account for me (jlesueu1), and give me root privileges. Set my initial password
to infosec
•
Set up a root privileged account for your scanning partner to use – username “partner”
and initial password to partner
Uncomplicated Firewall (UFW) is a tool to assist with management of your firewall, and
comes installed by default on Ubuntu. For this course, I do not want you to use UFW, so
please remove the package from the system after you complete your initial installation of the
operating system. The steps to do so are:
•
sudo apt-get remove ufw
•
sudo rm –f /etc/init.d/ufw
•
sudo rm –f /etc/default/ufw
•
sudo rm –rf /etc/ufw
Windows Server 2019 – In the Netlab environment, the OS has already been installed.
•
Ensure your system name is set to your netid, e.g. jlesueu1
•
Administrator password is cybrAdminPassword! NOTE: You may see language suggesting you change the Administrator password. It is a SUGGESTION, not a requirement, so
disregard it.
•
Set up a generic account for your scanning partner to use – username “partner” password
P@ssword!
•
Use the same network settings as listed above..
Discussion of
POP3S, IMAP, SMTPS, DNS
Group 4
Ninah Fuller, Jourdan Hull, Mike Alce, Xavier Morgan
CYBR 4220 Spring 2024 Semester
February 23, 2024
2
Table of Contents
Contents
Technical Discussion ………………………………………………………………………………………………………. 4
POP3S ……………………………………………………………………………………………………………………….. 4
SMTPS ………………………………………………………………………………………………………………………. 5
IMAP …………………………………………………………………………………………………………………………. 6
DNS …………………………………………………………………………………………………………………………… 7
Hardening Recommendations …………………………………………………………………………………………… 9
POP3S ……………………………………………………………………………………………………………………….. 9
Hardening Recommendation #1 …………………………………………………………………………………. 9
Hardening Recommendation #2 …………………………………………………………………………………. 9
Hardening Recommendation #3 …………………………………………………………………………………. 9
SMTPS …………………………………………………………………………………………………………………….. 10
Hardening Recommendation #1 ……………………………………………………………………………….. 10
Hardening Recommendation #2 ……………………………………………………………………………….. 10
Hardening Recommendation #3 ……………………………………………………………………………….. 10
Hardening Recommendation #1 ……………………………………………………………………………….. 10
Hardening Recommendation #2 ……………………………………………………………………………….. 10
Hardening Recommendation #3 ……………………………………………………………………………….. 10
IMAP ……………………………………………………………………………………………………………………….. 11
Hardening Recommendation #1 ……………………………………………………………………………….. 11
Hardening Recommendation #2 ……………………………………………………………………………….. 11
Hardening Recommendation #3 ……………………………………………………………………………….. 11
DNS …………………………………………………………………………………………………………………………. 12
DNS Flushing ………………………………………………………………………………………………………… 12
Cache locking ………………………………………………………………………………………………………… 12
DNS socket pool …………………………………………………………………………………………………….. 12
Nslookup ……………………………………………………………………………………………………………….. 12
Access Control List ………………………………………………………………………………………………… 12
Chroot BIND …………………………………………………………………………………………………………. 12
3
References ……………………………………………………………………………………………………………………. 14
4
Technical Discussion
POP3S
5
SMTPS
6
IMAP
7
DNS
DNS, also known as Domain Name System, is a protocol where the hostname for the service
translates IP addresses. This protocol is an application layer protocol that allows clients and
servers to exchange messages. It is necessary for the Internet to operate. DNS serves DNS
queries over port 53 using the User Datagram Protocol (UDP). DNS is important because it is
used to shield your data from online threats and is a crucial component of information security.
DNS corresponds a website’s domain name to a numeric IP address. Hackers have taken
advantage of systems to steal, seize data, and cause havoc for businesses and organizations. In
order to safeguard DNS, Domain Name System Security Extensions (DNSSEC) authenticate
server signatures. Because DNSSec provides an extra layer of security, accessing DNS records is
made faster by eliminating the need for strong encryption. In addition, DNS uses two servers for
security: hijacking and cache poisoning. DNS hijacking is the process by which users are
redirected to malicious and fraudulent websites due to incorrect DNS query resolution. This is
accomplished by infecting users’ computers with malware that hijacks DNS communications in
real time or takes control of routers. DNS cache poisoning is the process by which a hacker
compromises IP address entries by taking over a DNS server. The Internet service providers
receive these bogus entries after they are disseminated globally, cached, and used in open DNS
lookups. The process of DNS protocol starts when requesting a DNS request or address lookup, a
hostname is provided by a browser, application, or other device known as the DNS client. A
DNS resolver receives the request and is in charge of determining the correct IP address
associated with that hostname. The IP address for the hostname in the DNS request is held by a
DNS name server that the DNS resolver seeks out. DNS has two types of systems: Public and
Private. Private DNS is only storing internal websites and it is housed behind a corporate
firewall. The private DNS can only be accessed within the private network and is restricted to
remembering IP addresses from the internal websites and services being used. Public DNS is an
Internet service provider (ISP) that typically provides IP records. Regardless of the device being
used or the network to which it is connected, anyone can access these public records.
8
9
Hardening Recommendations
Do not include unacceptable recommendations that are similar to the following such as:
auditing, backup, changing default port number, disk encryption, logging, monitoring,
patch/update, Least privilege principle, or Zero Trust Principle. Be aware that we cover SSH
in last module so any recommendations about hardening SSH will be unacceptable until that
module.
POP3S
Linux:
Hardening Recommendation #1
Hardening Recommendation #2
Hardening Recommendation #3
10
SMTPS
Windows:
Hardening Recommendation #1
Hardening Recommendation #2
Hardening Recommendation #3
Linux:
Hardening Recommendation #1
Hardening Recommendation #2
Hardening Recommendation #3
11
IMAP
Linux:
Hardening Recommendation #1
Hardening Recommendation #2
Hardening Recommendation #3
12
DNS
Windows:
DNS Flushing
Command: ipconfig /flushdns
To get rid of every entry on your local system, regularly clear your DNS cache. This is an
important way to harden the service because it removes any hacked or invalid DNS records that
might be sending dangerous websites.
Cache locking
Command: dnscmd /Config /CacheLockingPercent
Cache locking manages data in the DNS cache that can be overwritten on Windows Servers.
Recursive DNS servers cache their answers in order to speed up their response times in the event
that they get duplicate queries for the same data.
DNS socket pool
Command: dnscmd /Config /SocketPoolSize
DNS socket pool makes Cache-tampering attacks are further complicated. In order to successful
infiltrate the system, a malicious user has to estimate both the random transaction ID and the
source port of a DNS query correctly.
Linux:
Nslookup
Command: nslookup [IP Address]
Nslookup is a tool for network administration that allows you to query the DNS to find specific
DNS records, IP address mappings, and domain names. This enables users to defend against
phishing attempts and instantly verify the legitimacy of the websites they are accessing.
Access Control List
Command: allow-notify, allow-query, allow-query-on
Access Control List allow users to more precisely manage who has access to the name server
without cluttering configuration files with extensive IP address lists. Restricting other parties’
access to the server can aid in preventing spoofing and denial-of-service (DoS) assaults against
it.
Chroot BIND
Command: /usr/local/sbin/named -u [user] -t /var/named
13
Use the chroot() method to run BIND in a chrooted environment, and make sure the named
option has the -t option set. By putting BIND in a restricted area that lessens the damage done in
the event that a server is compromised, this can help to improve system security.
14
References
Mohn, E. (2023). Domain Name System (DNS). Salem Press Encyclopedia of Science.
https://www.geeksforgeeks.org/domain-name-system-dns-in-application-layer/
https://www.ibm.com/topics/dns
https://ns1.com/resources/dnsprotocol#:~:text=What%20is%20the%20DNS%20Protocol,instead%20of%20numeric%20IP%2
0addresses.
https://www.knowledgehut.com/blog/security/dns-security
https://www.nslookup.io/learning/how-to-specify-a-dns-server-in-nslookup/
https://grok.lsu.edu/article.aspx?articleid=19328
https://bind9.readthedocs.io/en/v9.18.16/chapter7.html
Purchase answer to see full
attachment
