SIS Security Lab Introductory Session

1
SIS - Security Lab Introductory Session

• University of Pittsburgh
• 2006

2
Agenda

• Description of lab infrastructure
• Equipment configuration basics
• Text based connection / configuration
• Graphical configuration environment
• Cabling description
• Useful commands
• Cisco IOS
• Windows / Linux
• Recommendations

3
(No Transcript)
4
Lab Infrastructure
5
(No Transcript)
6
Equipment configuration
7
Equipment configuration (2)
8
Equipment configuration (3)
9
Access modes

• The PIX firewalls (and other CISCO equipment)
  have four administrative access modes
• Unprivileged mode Available at first access.
  Provides a restricted, limited view of system
  settings. (Prompt gt)
• Privileged mode Allows you to change system
  settings. (Prompt )
• Configuration mode Enables you to change system
  configurations. (Prompt (config)
• Monitor mode Special mode that allows you to
  update system configuration image over the
  network (using a TFTP server)

10
Access modes (2)

• To access privilege mode
• enable
• To access configuration mode
• configure terminal
• Use the exit command to exit from one mode to
  the previous one

11
Firewalls

• System or group of systems that manage access
  between two networks

DMZ
Internet
Router
Firewall
Inside Network
Outside Network
12
PIX Firewalls

• Proprietary operating system
• Stateful inspection
• Protocol and application inspection
• User-based authentication
• Virtual private networking
• Web-based management
• Stateful failover capabilities

13
Graphical configuration environment (PIX 501
Firewall)

• Important To access the GUI configuration
  environment on the PIX 501 use a PC connected to
  the PIX and a browser with the MICROSOFT JAVA VM
  enabled !!
• Activate GUI environment via browser
• https//192.168.1.1/pdm.html

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
Viewing / Saving configurations

• There are two configuration memories,
  running-configuration and startup-configuration
• show running-config displays the current
  configuration in the RAM memory of the equipment.
  Any configuration changes are written to the
  running-configuration
• write memory saves the current running-configurati
  on to the flash memory startup-configuration
• show configure shows the configuration that is in
  flash memory
• show history displays previously entered
  commands

19
Cabling description

• Networking ports for each computer are numbered
• Correspondence (see picture)
• Move the patch cords to where you need them if
  they are not properly set.

20
Basic CISCO IOS commands

• ip address if_name ip_address netmask
• ip address ethernet2 172.16.0.1 255.255.255.0
• show ip address
• Displays the IP adresses assigned to all
  interfaces
• show interface
• allows you to view the network interface
  information and status
• ping ip_address
• To determine reachability of a system

21
Basic Windows/Linux networking commands

• ipconfig (windows) / ifconfig (linux)
• To obtain ip configuration information of a PC
• ping
• netstat r
• To obtain routing configuration and statistics
• netstat
• Gives you information on active ports and
  established connections on a system

22
Lab procedures

• Lab assignments will be given a couple of days in
  advance to the start of the lab working period
• Lab working periods 1 or 2 weeks
• Lab groups should be composed of two persons (no
  more, no less)
• Use sign-up sheet to schedule the time in which
  you will be using lab equipment
• Lab reports can be written in any format but
  should include answers to the questions presented
  in the assignment and equipment configuration
  files

23
Important recommendations

• Never change a password (youll be held
  accountable) unless its for your own user account
• Discharge often get rid of static electricity
  build up before touching equipment
• For questions
• Check CISCO web site http//www.cisco.com
• Ask GSA
• E-mail cec15_at_pitt.edu

24
Questions ??