In the practice labs, we utilize a DNS zone with DNSSEC in the main server which also serves as the AD. As like a real world scheme, there would be other servers which considered a non-authoritative server that will hold DNSSEC keys provided by the main server. This is where the concept of trust anchor… Continue reading Implementing DNSSEC
Category: Network
Implementing a Network Policy Server
In the lab, to establish a secure VPN connection for clients, a RADIUS server is created to authenticate users that are connecting remotely. Therefore, in Windows Server 2016, Network Policy Server has the purpose of implementing a RADIUS server. Authentication Method A RADIUS server by itself is an authentication protocol that uses a shared secret… Continue reading Implementing a Network Policy Server
Wi-Fi Access Point Security
Security Access Management Security has to be applied to all access point in any kinds of school, large or small to make sure that the school only give access to people who are authorised to access the school information. For authentication, there are 2 approaches which are through user or device authentication. Device authentication provides… Continue reading Wi-Fi Access Point Security
NAT and OpenSSH
NAT Firewall NAT stands for Network Address Translation which is a process of providing access of private network computers using a public IP to connect to the internet. The main idea of NAT is to assign private IPs in the network so that it would use the NAT for any communications to the internet. This… Continue reading NAT and OpenSSH
Managing Certificates
AD Certificate Services and CA Web Enrollment Active Directory Certificate Services equips a server with the ability to establish and manage certificate authority (CA) and certificates. Depends on what services will be installed in a server, AD certificate services also provides enrollment services to help the interaction between clients and CA regarding certificates. One of… Continue reading Managing Certificates
Scanning and Remediating Vulnerabilities with OpenVAS
Figure 1. SSL Vulnerability from OpenVAS scan SSL Vulnerability in Lab 5 On a OpenVAS Scan executed in a Windows Server system, a severity level of 5.0 (medium) is shown. This LDAP scan shows several vulnerabilities and one of the is an SSL vulnerability which is a weak SSL cipher with 5.0 severity level. It… Continue reading Scanning and Remediating Vulnerabilities with OpenVAS
Network Vulnerabilities Part 2
DoS Attack Scenario DoS stands for Denial of Service which is a method used by penterators to overload a server with high amount of traffic which causes a disruption of its service to the intended users. A DoS attack only uses one computer to target a system in a network. In the real world, DoS… Continue reading Network Vulnerabilities Part 2
Network Vulnerabilities Part 1
Summary of the Lab Network The network consists of several Windows and Linux machines that presented themself in a Star Topology. There are 5 Windows machine and 3 Linux machine From analyzing the network ports through Zenmap, it can be seen that there are several vulnerable hosts which are mostly Windows machines. Seen from the… Continue reading Network Vulnerabilities Part 1