Firewall lab

From Think Outside the Circle
Jump to navigation Jump to search

CST2: Firewall Exercise 1

Introduction

In this lab we will start our Apache Server in XAMPP, verify it is working for external systems, and setup a firewall rule to allow only 1 IP to access the Web Server.

Instruction

Allow a Single IP

When you start Apache via the XAMPP Control Panel, Windows Firewall may ask you if you want to allow connections. Say no to this.

  1. Start Windows Defender Firewall with Advanced Security (FW01.PNG NEEDS LINK )
  2. Click on Windows Defender Firewall and then Properties (under Actions on the Right) and verify that Firewall State is on and the Inbound connections is set to block as a default (FW01.PNG NEEDS LINK )), Click OK or apply.
  3. Click on the Action Menu and Restore Default Policy. .
  4. Click New Rule ... (under Actions on the right) and select Custom as the Rule Type and then click Next (FW02.PNG NEEDS LINK )
  5. Under the Program Windows select "This program path:" and point it to your Apache Server (on my system this is at C:\xampp\apache\bin\httpd.exe) (FW03.PNG NEEDS LINK )
  6. Under Protocols and ports select TCP as the protocol type, the ports used by your Apache Server under Local Ports, and All ports for Remote Port. (FW04.PNG NEEDS LINK )
  7. For Scope for Local select Any IP Address and for Remote add the IP Address you want to allow. (click the Add button) (FW05.PNG NEEDS LINK )
  8. Under action select Allow the connection (FW06.PNG NEEDS LINK )
  9. For Profile select Domain, Private and Public. (FW07.PNG NEEDS LINK )
  10. Give it a name and click Finish.
  11. Test the firewall rule by answering these questions
    1. Can the IP I added connect to the web server (hopefully yes)
    2. Can other IPs (DO NOT USE YOUR HOST, have some other maching try) connect to the web server (hopefully no)

Get Screenshots of success from your allowed target and failure from someone else. Name each screenshot as follows Scenario1AllowIP_user_blocked.png or Scenario1AllowIP_user_allowed.png.

Allow everyone except Specific IPs

We will turn the above rule on its head and allow all ip addresses except the one we allowed before.

  1. Disable the above rule
  2. Verify that no one can access your web page.
  3. Create a new rule set following the procedure above until you get to #7 Scope. Here instead of adding 1 IP address we will add two ranges of iP addresses: 0.0.0.0 to 10.24.100.OneLessThanTheBlockedIP   and 10.24.100.OneMoreThanTheBlockedIP.  FW09.PNG NEEDS LINK attached below shows a range that will block 10.24.100.27 but allow all other IPs on the Internet to connect to this system.
  4. Continue as above except provide a different name for the new rule AND  test that the target IP is blocked and others are not.

Get Screenshots of failure from your blocked target and success from someone else. Name each screenshot as follows Scenario1AllowIP_user_blocked.png or Scenario1AllowIP_user_allowed.png.

Also take a screenshot of the the two inbound rules. See FW10.PNG NEEDS LINK for an example.

Put all of your screenshots along with some annotations into a document and upload below.

Retrieved from "https://www.thinkoutsidethecircle.net/mediawiki/index.php?title=Firewall_lab&oldid=19"