INFA 620 Laboratory 4: Configuring a Firewall

INFA 620
Laboratory 4: Configuring a Firewall
In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall zones to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.
For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).

NIXENT01 (Enterprise) is a CentOS 7 machine. CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.
NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.)
Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows:

NIXENT01 (Enterprise)

Service

Associated IP Address

domain, telnet

192.168.10.10

http, https

192.168.10.20

ftp, imap2, imaps, pop3, pop3s, urd

192.168.10.30

Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows:

NIXEXT01 (External)

Service

Associated IP Address

domain, telnet

192.168.10.210

http, https

192.168.10.220

ftp, imap, imaps, pop3, pop3s, urd

192.168.10.230

The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content.
Allocating the Lab Machines
Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page.

1. Look for INFA 620 and select Nodes.

2. Select Allocate Lab *this should take no more than 1 minute.*

*Please Note* Allocated lab resources expire in 7 days. If a lab expires, work done within the lab machine.

Connecting to the Lab Machines
1. Within the Lab Broker interface, view the current allocated nodes for INFA 620

2. Use the Connect button to initiate a connection to each of the two machines:

3. When prompted, enter the course credentials:

a. Username: StudentFirst

b. Password: Cyb3rl@b

Our Service Charter

1. Professional & Expert Writers: I'm Homework Free only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by I'm Homework Free are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. I'm Homework Free is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At I'm Homework Free, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.