View
217
Download
0
Category
Preview:
Citation preview
Practical Assessment0523
Ning Wang
1
Practical Assessment 0523
Build the environment
1. Installing two forest domain controllers for the root domain muduri.com.
Role Name FQDN IP address OS
Primary DC SDC01 Sdc01.muduri.com 192.168.31.1/24 Windows Server 2012 R2
Secondary DC SDC02 Sdc02.muduri.com 192.168.31.2/24 Windows Server 2012 R2
2. Installing mail server for the forest.
Role Name FQDN IP address OS
Mail server EXS01 Exs01.muduri.com 192.168.31.3/24 Windows Server 2012 R2
Practical Assessment0523
Ning Wang
2
3. Installing Microsoft Exchange Server 2013 on the mail server.
▪ Setting up mailbox and groups for testing
▪ Send connector
Practical Assessment0523
Ning Wang
3
▪ Distribution groups and dynamic distribution groups
4. Allowing remote access to the exchange server.
▪ Create a new user named “remote” for remote access purpose;
▪ Grant necessary permission to the user;
▪ Enable remote access on the exchange server, and allowing the designated user
“remote”;
▪ Add port forwarding rules on the firewalls;
▪ Strick remote user behaviour through group policy.
Practical Assessment0523
Ning Wang
4
Add firewall and setting up the DMZ
1. Installing IPCOP for as the gateway for the internal network.
Role FQDN IP internal IP to DMZ OS
Gateway NING-IPCOP.muduri.com 192.168.31.254/24 192.168.30.1/24 IPCOP 1.4.20
2. Installing pfSense firewall for the
Role FQDN IP to DMZ IP public OS
Firewall ningfw.muduri.com 192.168.30.254/24 172.16.10.30/24 pfSense 2.1
Topology
Five vulnerabilities of this scenario
1. Spam mail flood to the mail server cause a lot problem.
This is a common attack, which dramatically consuming the resource of the mail servers and costly
bandwidth.
2. Attack on open ports.
Attackers can conduct port scan on the public IP. Once ports were identified, attacks will target on
these ports. Some port conventionally for some known protocols would be risky.
3. Denial of Service (DoS) attack.
Dos attack keep on requesting connection to port or services, it will exhaust the available
connections of the server. Consequently, the valid communication would be blocked.
4. Directory harvest attacks (DHAs).
Attackers sending emails to the targeted organization from spoofed mail address. The email server
will send back Non-Delivery Reports, if the address is invalid. Then the attacker would eventually
know which addresses are valid within that organization. Some attacker will conduct DHA to gather
valid email, then use this valid information for other attacks. In this case DHAs would also occupy
large amount of resources.
5. Risks caused by domain users.
Practical Assessment0523
Ning Wang
5
Some valid user could also cause problem through inappropriate behaviours. For example, if some
user send email with large attachment, the mail server will be out of storage soon. Some insecure
behaviour of domain users would also inject malware to the mail system. Namely these three we are
going to address.
▪ Simple password
▪ Removable disk carries malware
▪ Large attachment
Block the vulnerabilities
1. Add and enable Malware filter
▪ On the ECP console, go protection-malware filer, add rules.
2. Disable unnecessary ports on both server and firewalls,
▪ On the internal and perimeter firewall, block unnecessary ports.
▪ On the internal and perimeter firewall, change the Remote Desktop Protocol port into
other available ports.
In my case the port has been translated from 3389-3398-3399. I changed RDP port number through
group policy, so that we can change the port through modifying one policy.
Practical Assessment0523
Ning Wang
6
▪ Both firewalls accepted Snort published rules for internet security. The Suricata was
installed on the pfSense firewall.
3. Limiting mailbox(es)
▪ On the ECP, go to server-database, modify the limitation of mailbox database to meet
the limits.
▪ On the ECP, go to recipients-mailbox, choose a user or user group,
Practical Assessment0523
Ning Wang
7
▪ On the ECP, go to mail flow-organization transport setting, modify the limits of all
mailbox.
4. Domain user policies
▪ Blocking USB disk
Recommended