If you can't read please download the document
Upload
shadaab-ahmed-umair
View
217
Download
0
Embed Size (px)
Citation preview
7/26/2019 14_Lab1
1/5
L1-1
Lab 1
Scenario: Customer is under attack
Overview
DescriptionThis lab introduces you to the Pravail APS installation, initial
configuration and upgrade processes. You will learn about essential steps
performed. This lab is divided into the following parts:
Installation of Pravail APS in monitor mode
Initial CLI configuration using wizard
Upgrade process
Attack monitoring
Setup
Internet
DCN
ext0 int0
mgt0 mgt1
2 Mbpslast mile
Victim
Infrastructure that does
not need protection
7/26/2019 14_Lab1
2/5
Pravail APS Installation, Initial configuration and Upgrade
Lab 1
L1-2 Pravail APS 3.1
In this lab Pravail APS will be setup in monitor mode. Interfaces are
connected in the following way:
ext0 is receiving copies of packets coming from the internet
int0 is receiving copies of packets coming from the data center
mgt0 is connected to out of band management network
mgt1 is connected to the data center. It is used for Pravail APS to
access the internet
Objectives
After completing this lab, you will be able to do the following:
Perform installation and initial configuration of Pravail APS in monitor mode;
Perform upgrade of Pravail APS.
Equipment/Tools
The following equipment is required to complete this lab:
SSH client
web browser
Ask you instructor for lab access instructions.
Estimated Completion Time
The estimated completion time for this lab is 1 hour.
Connectivity verification
1. Victim has IP address of
Verify that you can access the victim web server at
2. Ask instructor to start the attack
3. Verify that victim is no longer available
Pravail APS Installation
Serial console access
In this section you will use an SSH client installed on your PC to connect to
the serial console port of your Pravail APS lab appliance.
Console server IP address: 10.2.25.129
http://10.2.25.44/
192.168.114.1
7/26/2019 14_Lab1
3/5
Lab 1 Pravail APS Installation, Initial configuration and Upgrade
L1-3
Console server login:
Console server password:
4. Use SSH client to connect to console server with above credentials
5. To access Pravail APS serial console press 1
6. After you have successfully performed above steps, ask instructor to
start your Pravail APS instance
Installation process
In this section we will perform initial installation steps. These steps are
typically performed on new Pravail APS appliance after power on.
1. Wait while Pravail APS installation process prepares hard drive andcopies necessary software packages. This process may take up to half
an hour.
2. Set system hostname to
3. Set IP address of mgt0 interface to
4. Set Network mask of interface mgt0 to 255.255.255.128
5. Skip media setting for interface mgt0 (press Enter)
6. Set IP address of mgt1 interface to
7. Set Network mask of interface mgt1 to 255.255.255.240
8. Skip media setting for interface mgt1 (press Enter)
9. Set default gateway to
10.Permit HTTPS access from any network type 0.0.0.0/0as the first entry
and confirm that there are no more entries by pressing enter for [done]
11.Permit ICMP Ping access from any network type 0.0.0.0/0as the first
entry and confirm that there are no more entries by pressing enter for [done]
12.Skip cloud signal protocol ACL configuration (press Enter)
13.Permit SSH access from any network type 0.0.0.0/0
as the first entry and
confirm that there are no more entries by pressing enter for [done]
14.Check that current date/time matches actual clock in UTC time zone.
Format of the string is MMDDhhmm[[CC]YY][.ss]
student14
39nJbvYu78
192.168.114.3
10.2.25.144
192.168.114.14
APS-LAB14
7/26/2019 14_Lab1
4/5
Pravail APS Installation, Initial configuration and Upgrade
Lab 1
L1-4 Pravail APS 3.1
Initial CLI configuration
In this section, you will learn how to perform initial system configuration
via CLI. This includes changing admin user password, configuring DNS
service, entering license key and starting Pravail APS service.
1. Log into the CLI using default login credentials of admin/arbor
2. Use services aaa local password admin interactive command to
change admin user password. Change admin password to
3. Configure a static route to the rest of DCN network using ip route add
10.0.0.0/8 10.2.25.254 command
4. Configure 8.8.8.8 as your dns server using services dns server add
8.8.8.8command
5.
Set license key using following command (license key is typicallyprovided by ATAC)
6. Configure Pravail APS to run in monitor mode
services pravail mode set monitor
7. Start Pravail APS service
services pravail start
8. Save configuration (config write)
Initial start of Pravail APS service may take few minutes.
Initial GUI configuration
1. Log into
using credentials you have configured
2. Change system time zone to local on Administration->General page.
Also make sure that date format and hour format are set conveniently
to you.
3. Configure 10.2.25.129as SMTP server.
This will clear up alert you are getting after initial installation. You can
review this alert in Administration->System Alerts.
Pravail APS upgrade
As a part of this training, we will perform system upgrade. Typically
upgrade files are uploaded through GUI (Administration->Files), but for
sake of simplicity we will use direct transfer from remote file server.
39nJbvYu78
https://10.2.25.144/
8PKCG-2P125-34J85-0TK1K-4FXYD-X9VS2-53MJ6-HZ5J3-1HGYW
/ system license set Pravail "PRA-APS-2104 expires: 1384934336"
7/26/2019 14_Lab1
5/5
Lab 1 Pravail APS Installation, Initial configuration and Upgrade
L1-5
1. Upgrade files are located on local anonymous FTP server 10.2.25.129.
To copy files to your Pravail APS appliance, use following commands:
system file copy ftp://10.2.25.129/arbos-5.3-DFYD-i686-vlab disk:
system file copy ftp://10.2.25.129/Pravail-APS-3.1-DFYD-vlabdisk:
2. Stop Pravail APS service using services pravail stop
3. Save configuration (config write)
4. Uninstall old Pravail APS package using system files uninstall
command. You can find exact names of installed packages in system
file show list.
5. Install new Arbos package using
system file install disk:arbos-5.3-DFYD-i686-vlab
6. After installation of new Arbos package immediately reboot appliancewith reloadcommand.WARNING: do not save system configuration
after installation of new Arbos package until you reboot the device.
Note that due to architectural limitations of lab environment reload
command will actually power down your appliance. Ask your instructor
to power it back on.
7. Install new Pravail APS package using
system file install disk:Pravail-APS-3.1-DFYD-vlab
8. Start Pravail APS service
services aps start
9. Save configuration (config write)
Basic attack monitoring
1. Check AIF highlights widget of summary page, note matching traffic
2. Note Blocked traffic and Blocked hosts on overview widget of
summary page
This completes the lab exercise.