Thứ Ba, 26 tháng 11, 2013

Install and Test Comodo Firewall Against BackTrack (Required)



Section 0. Background Information
  1. Comodo Firewall 
    • Comodo Internet Security was designed around the concept of layered security and provides the following layers of protection: Antivirus, Firewall, Host-based intrusion prevent (Defense+), and Remote assistance (GeekBuddy). 
  2. Lab Notes - Các bạn cần thực hiện kỹ bài lab này (và bài lab zone alarm) để nắm cách test firewall của mình !
    • In this lab we will do the following:
      1. Download Comodo Firewall
      2. Test Comodo Firewall Against BackTrack (Ping)
      3. Test Comodo Firewall Against BackTrack (nmap basic scan)
      4. Test Comodo Firewall Against BackTrack (nmap half-open TCP scan)
      5. Test Comodo Firewall Against BackTrack (nmap SCTP INIT scan)
      6. Test Comodo Firewall Against BackTrack (nmap intense scan)
  3. Prerequisites
    • Instructions:
      1. Windows 7: Lesson 1: Installing Windows 7
      2. BackTrack: Lesson 1: Installing BackTrack 5 
  4.  Thực hiện 100 %

Section 1. Start your Windows 7 VM
  1. Edit Virtual Machine Settings
    • Instructions
      1. Click on Windows 7
      2. Click on Edit virtual machine
  2. Configure Network Adapter
    • Instructions
      1. Select Network Adapter
      2. Click the radio button "Bridged: Connected directly to the physical network."
      3. Click the Okay button
  3. Start Windows 7
    • Instructions
      1. Click on Windows 7
      2. Click on Play virtual machine
Section 2. Login to Windows 7
  1. Login
    • Instructions:
      1. Enter Password
      2. Click the Blue Arrow

Section 3. Verify you have a Network IP Address
  1. Bring up Command Prompt
    • Instructions:
      • Start --> Command Prompt
  2. Verify IP Address
    • Instructions:
      1. ipconfig
    • Notes:
      • In my case, my IP Address is 192.168.1.106.
      • In your case, your IP Address will probably be different.

Section 4. Install Spybot Search and Destroy
  1. Open Internet Explorer
    • Instructions:
      1. Click the Start Button
      2. Type "Internet Explorer" in the search box
      3. Click on Internet Explorer
  2. Go to the Comodo Firewall Site
    • Instructions:
      1. Paste the following website address in the URI box.
        • http://personalfirewall.comodo.com/
      2. Click the Download Button
  3. File Download
    • Instructions:
      1. Click Run
  4. Do you want to run this software?
    • Instructions:
      1. Click Run
  5. User Account Control
    • Instructions:
      1. Click Yes
  6. Select Setup Language
    • Instructions:
      1. Select the language:  English (United States) - By COMODO
      2. Click OK
  7. Optional Entry
    • Instructions:
      1. It is not necessary to supply your email.
      2. It is not necessary to check any of the check boxes.
      3. Just click on Agree and Install
  8. Installing
    • Informational:
      1. Continue to Next Step
  9. Select Network
    • Instructions:
      1. Select the appropriate network that matches yours.
      2. If you are at a school, coffee shop, airport, etc; then you will select "I am at PUBLIC PLACE"
  10. Restart Your Machine
    • Instructions:
      1. Click Fix It
  11. Select Start Menu Folder
    • Instructions:
      1. Select Next

Section 5. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

Section 6. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 7. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.107.
      • Please record your IP address.

Section 8. Test Comodo Firewall with BackTrack (Ping)
  1. Ping Windows 7
    • Notes:
      • Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2)
    • Instructions:
      1. ping -c 5 192.168.1.106
        • -c, this flag indicates the number of pings, which in this example is 5 pings.
        • 192.168.1.106 is the IP Address for my Windows 7 machine.
  2. Open Comodo Firewall
    • Instructions:
      1. Click on the Comodo Firewall Icon
  3. View Firewall Events
    • Instructions:
      1. Click on View Firewall Events
  4. Reviewing Firewall Events
    • Note:
      1. Notice that Comodo did not alert us of the BackTrack ping.

Section 9. Test Comodo Firewall with BackTrack (nmap basic scan)
  1. Conduct Basic nmap scan
    • Instructions:
      1. nmap 192.168.1.106
    • Notes:
      • Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2)
  2. Viewing Firewall Alerts
    • Notes:
      • Notice Comodo Firewall provides an Alert this time.
    • Instructions:
      1. For our testing purposes, keep clicking the allow button until the alert messages stop.
      2. Click the Refresh Button.
  3. Viewing Firewall Alerts
    • Notes:
      • You should start seeing events that were initiated from BackTrack's nmap.
    • Instructions:
      1. Continue to Next Section

Section 10. Test Comodo Firewall with BackTrack (nmap TCP half-open stealth scan)
  1. Conduct nmap TCP half-open stealth scan
    • Instructions:
      1. nmap -sS 192.168.1.106
    • Notes:
      • Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2).
      • -sS, This technique is often referred to as half-open scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and then wait for a response. It is also relatively unobtrusive and stealthy since it never completes a TCP connections.
  2. Viewing Comodo Results
    • Instructions:
      1. Click the allow button until no more alerts are displayed.
    • Notes:
      • Notice you were still alerted when nmap uses a half-open TCP scan.

Section 11. Test Comodo Firewall with BackTrack (nmap SCTP INIT scan)
  1. Conduct nmap SCTP INIT scan
    • Instructions:
      1. nmap -sY 192.168.1.106
        • Replace 192.168.1.106 with the Windows 7 IP Address obtain from (Section 3, Step 2).
    • Notes:
      • This technique is often referred to as half-open scanning, because you don't open a full SCTP association. You send an INIT chunk, as if you are going to open a real association and then wait for a response.
      • SCTP is a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. SCTP INIT scan is the SCTP equivalent of a TCP SYN scan. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. Like SYN scan, INIT scan is relatively unobtrusive and stealthy, since it never completes SCTP associations.
  2. Viewing Comodo Results
    • Notes:
      • Notice Comodo did not detect the half-open SCTP INIT scan.
    • Instructions:
      1. Continue to Next Section

Section 12. Test Comodo Firewall with BackTrack (nmap intense scan)
  1. Conduct nmap intense scan
    • Instructions:
      1. nmap -T4 -A -v 192.168.1.106
        • Replace 192.168.1.106 with the Windows 7 IP Address obtain from (Section 3, Step 2).
    • Notes:
      • -T, is a timing template with the following settings: paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The first two are for IDS evasion.
      • -A, to enable OS and version detection, script scanning, and traceroute.
      • -v, is verbose mode.
  2. Viewing Comodo Results
    • Notes:
      • Notice Comodo is now going crazy.
    • Instructions:
      1. Click Remember my answer
      2. Keep clicking on the Block button as Alerts appear.
      3. Click the Refresh button
  3. Analyzing Comodo Results
    • Notes:
      • Notice Comodo is now Blocking scans from 192.168.1.107 for ports 49157, 135, and 49156.
    • Instructions:
      1. Continue to Next Step.
  4. Analyzing nmap Results
    • Notes:
      • Notice that although you blocked the intense scan with Comodo, nmap was still able to determine the operating system and version.
    • Instructions:
      1. Continue Next Section

Không có nhận xét nào:

Đăng nhận xét