Practical Assessment0523

Ning Wang

1

Practical Assessment 0523

Build the environment

1. Installing two forest domain controllers for the root domain muduri.com.

Role Name FQDN IP address OS

Primary DC SDC01 Sdc01.muduri.com 192.168.31.1/24 Windows Server 2012 R2

Secondary DC SDC02 Sdc02.muduri.com 192.168.31.2/24 Windows Server 2012 R2

2. Installing mail server for the forest.

Role Name FQDN IP address OS

Mail server EXS01 Exs01.muduri.com 192.168.31.3/24 Windows Server 2012 R2

Practical Assessment0523

Ning Wang

2

3. Installing Microsoft Exchange Server 2013 on the mail server.

▪ Setting up mailbox and groups for testing

▪ Send connector

Practical Assessment0523

Ning Wang

3

▪ Distribution groups and dynamic distribution groups

4. Allowing remote access to the exchange server.

▪ Create a new user named “remote” for remote access purpose;

▪ Grant necessary permission to the user;

▪ Enable remote access on the exchange server, and allowing the designated user

“remote”;

▪ Add port forwarding rules on the firewalls;

▪ Strick remote user behaviour through group policy.

Practical Assessment0523

Ning Wang

4

Add firewall and setting up the DMZ

1. Installing IPCOP for as the gateway for the internal network.

Role FQDN IP internal IP to DMZ OS

Gateway NING-IPCOP.muduri.com 192.168.31.254/24 192.168.30.1/24 IPCOP 1.4.20

2. Installing pfSense firewall for the

Role FQDN IP to DMZ IP public OS

Firewall ningfw.muduri.com 192.168.30.254/24 172.16.10.30/24 pfSense 2.1

Topology

Five vulnerabilities of this scenario

1. Spam mail flood to the mail server cause a lot problem.

This is a common attack, which dramatically consuming the resource of the mail servers and costly

bandwidth.

2. Attack on open ports.

Attackers can conduct port scan on the public IP. Once ports were identified, attacks will target on

these ports. Some port conventionally for some known protocols would be risky.

3. Denial of Service (DoS) attack.

Dos attack keep on requesting connection to port or services, it will exhaust the available

connections of the server. Consequently, the valid communication would be blocked.

4. Directory harvest attacks (DHAs).

Attackers sending emails to the targeted organization from spoofed mail address. The email server

will send back Non-Delivery Reports, if the address is invalid. Then the attacker would eventually

know which addresses are valid within that organization. Some attacker will conduct DHA to gather

valid email, then use this valid information for other attacks. In this case DHAs would also occupy

large amount of resources.

5. Risks caused by domain users.

Practical Assessment0523

Ning Wang

5

Some valid user could also cause problem through inappropriate behaviours. For example, if some

user send email with large attachment, the mail server will be out of storage soon. Some insecure

behaviour of domain users would also inject malware to the mail system. Namely these three we are

going to address.

▪ Simple password

▪ Removable disk carries malware

▪ Large attachment

Block the vulnerabilities

1. Add and enable Malware filter

▪ On the ECP console, go protection-malware filer, add rules.

2. Disable unnecessary ports on both server and firewalls,

▪ On the internal and perimeter firewall, block unnecessary ports.

▪ On the internal and perimeter firewall, change the Remote Desktop Protocol port into

other available ports.

In my case the port has been translated from 3389-3398-3399. I changed RDP port number through

group policy, so that we can change the port through modifying one policy.

Practical Assessment0523

Ning Wang

6

▪ Both firewalls accepted Snort published rules for internet security. The Suricata was

installed on the pfSense firewall.

3. Limiting mailbox(es)

▪ On the ECP, go to server-database, modify the limitation of mailbox database to meet

the limits.

▪ On the ECP, go to recipients-mailbox, choose a user or user group,

Practical Assessment0523

Ning Wang

7

▪ On the ECP, go to mail flow-organization transport setting, modify the limits of all

mailbox.

4. Domain user policies

▪ Blocking USB disk

Practical Assessment0523

Ning Wang

8

▪ Password complexity

24 May 2017