The main purpose of this lab is to introduce us to the RLES vCloud system, begin setting up a network with a router VM and a main Redhat VM, and configure some baseline features for the continuation of our work in future labs. This included configuring DNS forwarding and NTP on the PFSense router VM, and configuring a wiki on the redhat VM alongside monitoring software such as Zabbix or Opsview.
When configuring the router, all was fairly straightforward and without any major setbacks. The web panel was very helpful in configuring the various NAT, DNS, and NTP settings. Previously I had only used Vyatta router software, so all of my experience with PFSense has been new.
During the installation of the RedHat Enterprise Linux …show more content…
Individual processes underwent through installation and configuration of the two devices is detailed in the wiki entry on RHEL web server. Various credentials are required at times to access services like my user accounts and admin credentials on the router, which are listed as follows:
Router login - admin:pfsense
RHEL login - colton:cls3234
No ACL currently configured for DokuWiki wiki, although this will likely be changed in the future to reflect a more secure and robust enterprise network. The wiki can be located at 127.0.0.1/wiki 3. Security Considerations There’s a number of considerations to think about when implementing a topology even as simple as this one. The only services we are currently implementing are DNS forwarding, NTP, NAT, a basic web server, and monitoring software across two devices. However, malicious users on the network could attempt to disrupt services or gain intelligence about the enterprise from the wiki. Due to this, security measures should be implemented such as Access Control Lists for only authenticated and authorized users to access or modify the wiki entries, as other users do not need to read or modify …show more content…
For instance, if a user could find a way to upload a php backdoor to the wiki, that could prove to be dangerous and allow the remote user access to the RHEL VM with apache user rights. It’s important to monitor for such things and consider permissions of the apache user with that in mind. If the apache user is limited to the web server directory, a remote attacker would have little to gain from exploiting such an exploit.
The PFSense router has a built in intrusion detection system, which could be used to monitor for malicious traffic attempting to break into the network and mitigate it. Using only port 80 http traffic with ACLs properly configured should provide an adequate level of security so long as more services aren’t added.
Running both the web server and the monitoring software on the same machine (the Red Hat Enterprise Linux VM) could be a risk if someone were to infiltrate the VM through one service or the other. The monitoring logs could prove useful to an attacker trying to learn more about the enterprise, so it would be wise to move the monitoring software off to another