problem | Reply |
---|---|
This work belongs courses | https://edu.cnblogs.com/campus/besti/19attackdefense |
Where this requirement in the job | https://edu.cnblogs.com/campus/besti/19attackdefense/homework/10449 |
My aim in this course is | The second chapter learning materials, the use of virtual machines to build the network reactive anti-practice environment |
In particular aspects of the job which helped me achieve goals | Network-related work to build anti-environment |
1. learning summary
Introduction 1.1 Network attack and defense test environment
- Drone: Contains system and application security vulnerabilities and targeted attacks as the host. Basic environments, including Linux and Windows operating systems.
- Attack: attack install some special software for host-initiated network attacks.
- Attack detection, analysis and defense platforms: the best location is drone of a gateway, can be based on the Linux operating system to build a gateway host, and by integrating it with a variety of software network attack detection, analysis and defense capabilities.
- Fi: A drone, attack detection analysis and gateway includes a defense function to connect through the network
1.2 network attack and defense test environment configuration
I configured the network attack and defense test environment includes six different types of virtual machine images, respectively, as the drone of Linux Metasploitable and Windows 2000, as attack aircraft Kail Linux and Windows XP Attacker, as the detection and prevention platform HoneyWall, and a SEED virtual machine images.
2. The detailed process of attack and defense build environment
2.1 network topology map offense and defense practice
2.2 Network Settings
Open VMware Workstation, Edit -> Virtual Network Editor, configure the network settings for the three modes
VMnet0 bridge mode
VMnet1 host-only mode
VMnet8 NAT mode
NAT gateway settings
DHCP address assignment setting
2.3 Installation attack aircraft
2.3.1 Linux attack aircraft Kail Linux
Ios image downloaded from the official website, by the new virtual machine -> Typically, and follow the steps to install, set the network adapter after the installation is completed, select custom VMnet8
used su
for lifting weights, using the ifconfig
command to view the ip address Kail
2.3.2 Windows Windows Attacker attack aircraft
Teacher to use the resources that can be directly extracted, import vmx file, the network adapter is set to NAT mode
into the system, run cmd
, use the ipconfig
command to view the ip address
2.4 Installation drone
2.4.1 Linux drone Metasploitable2-Linux
Ibid installation, only the network adapter to the host mode set
into the system, the following operation is manually set address ip
sudo su
vim /etc/rc.local
#在exit0之前添加如下代码
ifconfig eth0 192.168.200.125 netmask 255.255.255.128
route add default gw 192.168.200.1
#保存退出重启
reboot
Enter the ifconfig
view ip address
2.4.2 Windows drone Windows 2000
Ibid installation, network adapters to master mode only
prompted to enter the system
set the network parameters
2.5 SEEDUbuntu installation
SEEDUbuntu by VM virtual machine disk image given vmdk, vmdk SEEDUbuntu by VM virtual machine disk image given, choose New Virtual Machine -> Custom Installation -> Compatible -> install the system later -> choose linux, version ubuntu-> Name location -> continuous settings hardware -> use an existing virtual disk, select seedubuntu of vmdk file -> Next, the network adapter is set to VMnet8 custom
use into the system su
privilege escalation, ifconfig
see the ip address
2.6 Honeywall Installation and Configuration
2.6.1 Honeywall installation
Honeywall step more complicated to install and set, as shown in step images
network adapter disposed below
into the system
successfully installed
2.6.2 Honeywall configuration
Use the command su -
to enter the configuration page, as shown in FIG configuration process
using windowsAttacker, browser to open https://192.168.200.8, see the following interface
required password modification, the following interface
2.7 test network connections between virtual machines
First, switch to the honeypot by su -
lifting weights, run commands tcpdump -i eth0 icmp
, monitor connectivity
Kail ping Windows 2000
Windows Attacker ping Windows 2000
Windows 2000 ping Windows Attacker
Metasploitable2-Linux ping Kail
SEEDUbuntu ping Windows 2000
bridge function properly
3. problems encountered in the study
- Question 1: For the connection mode concept vm of three networks is not very clear.
- Problem 1 Solution: Internet to collect information, in-depth understanding of the differences of these three models.
4. Learning feelings and experience
Network attack and defense build experimental environment for me is a difficult thing, but fortunately, by reading the teacher as well as a reference document given other students the blog set up successfully completed. The experiment exposed the problems of my own hands-poor, to think more about the future, more practice, to improve their capacity in this area.
Reference material
. Jianwei Zhuge Lesson 2 Handout: Building a lab environment based on network attack and defense VMNet third generation honeynet