Likes

NIIT Lab@Home 7 ICTWC

1. A. Datum uses many outside consultants. The enterprise's management has a concern that if a consultant was on the company network, they may be able to connect to unauthorized computers. Objectives Create a connection security rule on one computer. Verify that connectivity is blocked from unauthorized computers. Create a connection security rule on a second computer. Verify the configured computers can communicate.

Task 1. Create a connection security rule on one computer.

You have decided to test using secured connections between computers on sensitive segments of your
network.
The main tasks for this exercise are as follows:
1. Create a connection security rule on LON-CL1.
2. Verify that connectivity is blocked from unauthorized computers.
3. Create a connection security rule on LON-CL2.
4. Verify the configured computers can communicate.

Task 1: Create a connection security rule on LON-CL1
1. ON LON-CL1, open Control Panel and then open Windows Firewall.
2. Create a connection security rule allowing traffic on LON-CL1 with the following settings:
   o Rule: Isolation
   o Requirements: Require authentication for inbound connections and request authentication
     for outbound connections
   o Authentication: Computer and user (Kerberos V5)
   o Name: Authenticate all inbound connections

Task 2: Verify connectivity between LON-CL2 and LON-CL1
• Change to LON-CL2, open a command prompt, and ping LON-CL1.

Task 3: Create a connection security rule on LON-CL2
1. Open Control Panel, and then open Windows Firewall.
2. Create a connection security rule allowing traffic on LON-CL2 with the following settings:
   o Rule: Isolation
   o Requirements: Require authentication for inbound connections and request authentication
     for outbound connections
   o Authentication: Computer and user (Kerberos V5)
   o Name: Authenticate all inbound connections

Task 4: Verify connectivity between LON-CL2 and LON-CL1
1. Switch to the command prompt, and ping LON-CL1.
2. In the Windows Firewall with Advanced Security window, examine the Security Associations
   monitoring.

2. You have decided that while the help desk needs to be able to ping client computers to verify that they are responsive, general users do not need the ability to ping other systems. In this lab, you are going to enable the firewall rules to allow pinging of client computers and to prevent all clients, except the helpdesk computer (LON-CL2), from generating pings. Objectives Test ping in the network. Create an inbound firewall rule. Create an outbound firewall rule. Test firewall rules.

Task 1. Test ping in the network.

You must implement a firewall rule on LON-CL1. The rule must allow inbound ICMPv4 traffic.
The main tasks for this exercise are as follows:
1. Test ping connectivity.
2. Configure an inbound rule.
3. Test the inbound rule.

Task 1: Test ping connectivity
1. Log on to LON-CL2 as Adatum\Administrator.
2. Open a command prompt, and ping LON-CL1.

Task 2: Configure an inbound rule
1. Log on to LON-CL1 as Adatum\Administrator.
2. Open Control Panel, and then open Windows Firewall.
3. Enable File and Printer Sharing (Echo Request – ICMPv4-In) for the domain profile.

Task 3: Test the inbound rule
• Change to LON-CL2, and ping LON-CL1.

 At the end of this exercise, you will have configured and tested an inbound firewall rule.

Task 2. Creating an Outbound Firewall Rule

You must implement a firewall rule on LON-CL1 that blocks outbound ICMPv4 traffic.
The main tasks for this exercise are as follows:
1. Test ping connectivity.
2. Configure an outbound rule.
3. Test the outbound rule.

Task 1: Test ping connectivity
1. Change to LON-CL1.
2. Open a command prompt, and ping LON-DC1.

Task 2: Configure an outbound rule
1. On LON-CL1, restore the Windows Firewall with Advanced Security window.
2. Enable an outbound rule that blocks ping on the Domain profile for LON-CL1.

Task 3: Test the outbound rule
• Restore the command prompt, and then ping LON-DC1.

3. You are planning to use Window Defender to check for malicious files every day. You also want to ensure that Windows Defender will quarantine any files that it considers a severe risk to your system's security. Objectives Perform a quick scan. View the allowed items.

1. Perform a quick scan.
2. View the allowed items.

You need to configure Windows Defender to perform a full scan every day at 2:00 AM. Before configuring
Windows Defender, you plan on running a quick scan. Finally, you want to configure the default actions
for Windows Defender to take and check the items that you do not want it to scan.
The main tasks for this exercise are as follows:
1. Perform a quick scan.
2. View the allowed items.

Task 1: Perform a quick scan
1. On LON-CL1, open Control Panel and then open Windows Defender.
2. On the Home page, perform a Quick scan, and then review the results.

Task 2: View the allowed items
• Click the History tab, and then view the details for the Allowed Items.

At the end of this lab, you will have configured and used Windows Defender.

+ To prepare for the next module
When you are finished the lab, revert the virtual machines to their initial state.
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20687A-LON-CL2, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20687A-LON-CL1 and 20687A-LON-DC1.

4. Lex Arm is a luxury brand based in Dubai that imports precious gems and jewelry products from various parts of world, such as India and South Africa. The company manages all the information about trade through a Windows-based network environment. This information includes highly sensitive financial records, gems quality testing procedures, and quality monitoring data. The company has an information security system in place that safeguards the data. However, the company exchanges this information with one of the suppliers over the public network through data files kept in the Labfiles folder on the Client1 machine, which is located in the corporate network. The supplier uses the Client2 machine to access this data. The management is concerned about the safety of this data exchanged over the public network. To address the security concern of management, the network team of the IT department is assigned the task to secure data over the public network. Eric, the Desktop Administrator, is a member of this team. What should Eric do to safeguard the data of the quality-testing team? Experiment To accomplish the assigned task, Eric needs to perform the following tasks: Share and access a folder. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL1 virtual machine. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL2 virtual machine. Verify the rules.

1. Share and access a folder.
2. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL1 virtual
   machine.
3. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL2 virtual
   machine.
4. Verify the rules.

Task 1. Share and Access a Folder.
To  Share and access a folder, you need to perform the following steps:

1. Ensure that the Start screen is displayed.
2. Type E:\, and then press the Enter key. the Allfiles (E:) window is displayed.
3. Right-click the Labfile folder, and then select the properties option. the Labfile proerties
   dialog box is displayed
4. Click the Sharing tab.
5. Click the Share button. the File Sharing dialog box is displayed.
6. Select the Everyone option from the drop-down list beside the Add button.
7. Click the Add button.
8. The Everyone name in displayed in list box.
9. Click the Share button. the your folder is shared og File Sharing dialog box is displayed.
10. Click the Done button. the Babfiles Properties dialog box is displayed.
11. Click the Close button.
12. Close the Allfiles(E:) window.
13. Ensure that the Start screen is displayed.
14. Double-click the Labfile folder. the Labfile window is displayed.
15. Close the Labfile window.

Task 2. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL1 virtual
        machine.
To configure an IPsec rule, you need to perform the following steps:
1. Enter that the 20687B-LON-CD1 virtual machine is running and active.
2. Press the Windows+C keys. the Charms bar is displayed.
3. Click Search. the Search charm is displayed.
4. Type mmc.exe in the Apps text box, and then press the Enter key. the Microsoft Management Console window is displayed.
5.  maxinize the Microsoft Management Console window.
6. Select the File  Add/Remove Snap-in option from the menu bar. the Add or Remove Snap-ins dialog box is displayed.
7. Select the IP security Monitor option under the Snap-in column in the Available snap-ins list box.
8. Click the Add button.
9. Select the IP security policy Management option under the snap-in colimn in the Available snap-ins list box.
10. Click the Add button. the select computer or domain dialog box is displayed.
11.Ensure that the Local computer option in selected.
12. Click the OK button. the IP Security Monitor and IP security policies on Local computer snap-ins are displayed in the selected snap-ins list box.
13.  Click the OK Button. the Microsoft Management Console windows is displayed.
14. Expand the IP Security Monitor-- LON-CL1-- Active policy nodes in the leftpane. the policynot Assigned description is displayed under the Description
    column of the policy Name Item.
15. Select the Ip security Policies on Local computer node in the left pane.
16. Right-click the IPsecurity olicies on local computer node, and then select the creta I Security policy option. the IP security Policy Wizard is displayed.
17. Click the Next button. the IP Security Policy Name page is displayed.
18. Type TCP Rule in the Name text box.
19. Click the Next button. the Requests for decure Communication page is displayed.
20. Select the Avtivate the default reaponse rule (earlier versions of Windows only) check box.
21. Click the Next button. the Default Response Rule Authentication Method page is displayed.
22. Select the Use this string to protect the key exchange (preshared key) option.
23. Type the Securework text in the text area below the selected option.
24. Click the Next button. The Completing the Ip Security Policy Wizard page is displayed.
25.Ensure that the Edit properties check box is selected.
26. Click the Finish button. the TCP Rule properties dialog box is displayed.
27. Click the Add button. The Welcome to the Create IP security rule wizard page of security rule wizard is displayed.
28. Click the Next button. the Tunnel Endpoint page is displayed.
29. Click the Next button. the Network Type page is displayed.
30. Click the Next button. the IP Filter List page is displayed.
31. Click the Add button. the IP Filter List dialog box is displayed.
32. Type the TCP filter text in the Name text box.
33. Click the Add button. the Welcome to the IP Filter Wizaerd page of IP Filter Wizard is displayed.
34. Click the Next button. the IP Filter Description and Mirrored property page is displayed.
35. Type Configuring TCP/IP Rle in the Description text area.
36. Click the Next button. the IP Treffic souce page is displayed.
37. Click the Next button. The IP Treffic Destination page is dislayed.
38. Click the Next button. the IP Protocol Type page is displayed.
39. Select the TCP option from the select a protocol type drop-down list.
40. Click the Next button. the IP Protocol Port page is displayed.
41. Click the Next button. the Completing the I Filter Wizard page is displayed.
42. Click the Finish button. the IP filter list dialog box is displayed.
43. Click the OK button. the IP Filter List page is displayed

Task 3. Configure an IPsec rule (through the IP Security Policy snap-in) in the 20687B-LON-CL2 virtual machine.
To Configure an IPsec rule,you nedd perform the following steps:
1. switch to the 20687-LON-CL2 virtual machine.
2. Press the Windows+C keys. the charms bar is displayed.
3. Click Search. the Search cherm is displayed.
4. Type mmc.exe in the Apps text box, and then press the Enter key. the Microsoft Management Console window is displayed.
5. Maximize the Microsoft Management Console window.
6. Select the File Add/ Remove snap-in option from the menu bar. the Add or Remove snap-ins dialog box is displayed.
7. Select the IP security monitor option under the snap-in column in the Available snap list box.
8. Click the Add button.
9. Select the IP security policy Management option under the snap-in column in the Available snap-ins list box.
10. Click the Add button select Computer or Domain dialog box is displayed.
11. Ensure that the Local Computer option in selected.
12. Click the Finish button. the IP security monitor and IP security policies on Local Computer snap-ins are are displayed in the selected snap-ins list box.
13. Click the OK button. the Microsoft Management Console window is displayed.
14. Expand the IP security monitor LON-CL2 Active olicy nodes in the left pane. the policy not Assigned description  is displayed under the Description column of the policy
    Name item.
15. Select the IP security policies on local computer node in the left pane.


Task 4. Verify the rules.
To Verify the rules. you need to perform the following steps:

1. Switch to the 20687B-LON-CL1 machine.
2. Ensure that the IP security policies in local computer node in the left pane is selected.
3. Select the TCP Rule otion under the Name column in the middle pane.
4. Right-click the TCP Rule option, and then select the Assign option.
5. Switch to the 20687B-NON-CL2 machine.
6. Press the Windows key. the Start screen is displayed.
7. Type\\LON-CL1, and then press the Enter key. After a few minutes, the Nerwork Error message is displayed.
8. Click the Cancel button. the Microsoft Management Console window is displayed.
9. Select the TCP Rule option under the Name columu in the middle pane.
10. Right-click the TCPRule option, and then select the assign option.
11. Press the windows key. the Start screen is dislayed.
12. Type \\LON-CL1, and then press the Enter key. After a few moments, the LON-CL1 window is displayed.
13. Close the LON-CL1 window.
14. Close the Microsoft Management console window without seving any changes.
15. Sign out and revert the 20687B-LON-CL2 virtual machine.
16. Switch to the 20687B-LON-CL1 machine.
17. Close the Microsoft Management Console window without saving any changes.
18. Sign out and revert the 20687B-LON-CL1 virtual machines.

5. HealthWorks Inc. is a healthcare company based in Zurich. The company provides health insurance services to enterprises. The company handles personal information of several clients. To safeguard and maintain the confidentiality of the client's personal information, the company follows standard security procedures. In line with these procedures, Kate, the Desktop Administrator, has been assigned a task to ensure that some machines used for hosting backup data need not be identified by the rest of machines in the network. Therefore, these machines should not respond to any query message request from unauthorized PCs. How can Kate perform the task? Experiment To accomplish the assigned task, Kate needs to perform the following tasks: Configure an outbound rule. Test the rule.

1. Configure an outdound rule.
2. Test the rule.

Task 1. Configure an Outdound Rule
2. Press the Windows+C keys. the Charms bar is displayed.
3. Click Search. The Search charm is displayed.
4. Type Command Prompt, and then press the Enter key. The Administrator: Command prompt window is displayed.
5. Type the ping Lon-DC1 command, and then press the Enter key. the successful replies from LON-DC1 and displayed.
6. Type the exit command, and then press the Enter key. Administrator: Command prompt windows is closed.
7. Press the Windows+I keys. the Setting charm is displayed.
8. Click Control Panel. The Controlpanel window is displayed.
9. Click the Network and Internet link. The Network and Internet window is displayed.
10. Click the Network and sharing center link. the Network and sharing center window is displayed.
11. Click the Windiws Firewall link from the left pane of the window. the Windows Firewall windows is displayed.
12. Click the Advanced setting link in the lift pane. the windows firewall with Advanced security window is displayed.
13. Select the Outbound Rules node in the pane. the Outbound Rules page is displayed in the middle pane.
14. Click the New rule link in the Actions pane. The Rule Type page of New Outbound Rule Wizard is displayed.
15. Select the Port option.
16. Click the Next button. the Protocol and Ports page is displayed.
17. Select the All remote ports option.
18. Click the Next button. the Action page displayed.
19. Ensure that the Block the Connection option is selected.
20. Click the Next button. The Profile page is dislayed.
21. Click the Next Button. the Name page is displayed.
22. Click Block ping in the Name text box.
23. Click the Finish button. The Block ping rule is displayed in the Outbound Rules pane and the Block ping
    pane is displayed at the bottom section of the right pane.
24. Click the Properties link in the Block ping pane. the Block ping properties dialog boxis displayed.
25. Click the protocol and Ports tab.
26. Select the ICMPv4 option from the protocol type drop-down list.
27. Click the Customize button beside the Internet Control Message Protocol.
28. Select the Specific ICMP type option.
29. Select the Echo Request check box in the specific ICMP type list box.
30. Click the OK button twice. the Windows Firewall with Advanced securuty window is displayed.
31. Close the Windows Firewall with Advanced Security window.
32. Close the Windows Firewall window.

Task 2. Testing the Rule
To test the rule, you need to perform the following steps:
1. Opne the Command prompt window.
2. Type the ping LON-DC1 command, and then press the Enter key. the General failure messages are displayed four times.
3. One the windows firewall window.
4. Click the Advanced setting link in the left pane. the Windows Firewall with Advanced Security window is displayed.
5. Select the Outbound Rules node in the left pane. the Outbound Rules page is displayed in the middle pane.
6.Select the Block ping rule. the Block ping page is Displayed at bottom section of the right pane.
7. Click the Disable Rule link.
8. Switch to the Administrator: Command Prompt window.
9. Type the ping LON-DC1 command, and then press the Enter key. the replies from Lon-DC1 are displayed.
10. Closw all the opne window.
11. Press the windows key. the Start screen is displayed.
12. Click Administrator: the Administrator menu is displayed.
13. Select the Sign out option.
14. Click the Revet button.
15. Close the connection window.
16. Close all the open windows.
17. Press the Windows key. the Start scetion is displayed.
18. Click Administrator. The Administrator menu is displayed.
19. Select the Sign out option.
20. Click the Revert button.
21. Close the connection window.

No comments: