[SOLVED] SEC370 LAB 6 AUTHENTICATION METHODS: In this exercise, you will see two different authentication methods in action by forcing the user to log on to access a web server.
Please refer to your course material or use your preferred search engine to research this topic in more detail.
Step 1
Ensure you have powered on the required devices defined in the introduction connect to SERVER device.
Click Start go to Administrative Tools and select InternetInformation Services (IIS) Manager.
Step 2
Expand SERVER > Sites > Default Web Site.
In details pane, go to IIS section and double-click the Authenticationicon.
Step 3
Select Anonymous Authentication and in the Actions pane, clickDisable.
Select Basic Authentication and in the Actions pane, click Enable.
Step 4
Ensure you have powered on the required devices defined in the introduction connect to CLIENT device.
Start WireShark from desktop.
Step 5
Click Capture menu and choose Options.
Step 6
In WireShark: Capture Options dialogue box, change the network interface, so that the IP address indicates 192.168.0.2
Click in Capture Filter and type port 80 then click Start.
Step 7
Open Internet Explorer and browse to http://server
At the authentication prompt insert the following credentials:
User name: classroom\administrator
Password: Pa$$w0rd
Press Enter.
Step 8
The default IIS page should be displayed.
Step 9
Close the browser.
Switch to WireShark and click Capture menu and choose Stop.
Step 10
Click in the Filter box and type
http
Click Apply.
Look for the HTTP packets described as “GET / HTTP/1.1″.
Step 11
With this packet selected, expand the Hypertext Transfer Protocolanalysis in the middle pane.
Look for the Authorization line.
Expand the Authorization option and you will see the credentials you supplied are shown in clear text.
Step 12
The string after “Basic Y2xh…” is the encoded version. Unlike a cryptographic code, this requires no special key or passphrase to decode however.
Step 13
Connect back to SERVER device and open the default web site’sAuthentication property sheet in IIS Manager again.
Select Basic Authentication and in the Actions pane, click Disable.
Step 14
Select Windows Authentication and in the Actions pane, clickEnable.
Step 15
Right-click on Windows Authentication and choose Providers…
Step 16
In Providers dialogue box, select NTLM and choose Move up.
Click OK.
Step 17
Switch to the CLIENT device. Go to Wireshark and click Capturechoose Start.
Step 18
Select Continue without saving.
Step 19
Open Internet Explorer and browse to http://server
The default IIS page should be displayed.
Step 20
Switch to Wireshark and go to Capture then select Stop.
Close the browser.
Step 21
Look for GET / HTTP/1.1, NTLMSSP_NEGOTIATE packet in Wireshark.
Also look for additional GET/HTTP/1.1 packets which can provide additional information about authentication.
Expand the Hypertext Transfer Protocol and locate theAuthorization field. You will notice that the user credentials are no longer displayed in clear text but a long security identifier string.
Step 22
Right-click any HTTP packet and select Follow TCP Stream.
Note that the contents of the web page delivered are easily readable. Also note the information about the browser (user-agent) used.
Step 23
The TCP stream content is displayed in the console so that you can track what has network traffic has taken place during the session.
Take note of the Authorization section. Click Close.
Exit from WireShark. Choose Quit without Saving when asked.
Step 24
Switch back to SERVER device and open the default web site’sAuthentication property sheet in IIS Manager again.
Select Windows Authentication and in the Actions pane, clickDisable.
Step 25
Select Anonymous Authentication and in the Actions pane, clickEnable.
Leave all devices powered on in their current state and proceed to the next exercise.
Most operating systems have built-in encryption tools for protecting user data on corporate computers. In this exercise, you will use encrypting file system (EFS) to protect data stored on a computer.
Please refer to your course material or use your preferred search engine to research this topic in more detail.
Step 1
Switch to SERVER and go to Start > Administrative Tools > ActiveDirectory Users and Computers.
Step 2
Go to Users container and click New User button.
Step 3
From New Object – User, use the following values:
First name: John
Last name: Smith
User logon name: john.smith
Click Next.
Step 4
Type
Passw0rd
In each text and clear User must change password at next logon
Click Next.
Step 5
Click Finish.
Step 6
Right-click on John Smith and choose Add to a group…
Step 7
From Select Groups box, type
Domain admins
Click Check Names and then OK.
Step 8
Click OK.
Close Active Directory Users and Computers.
Step 9
Click Start, go to Administrative Tools > Group Policy Management.
Step 10
Right-click on Default Domain Policy and choose Edit…
Step 11
In Group Policy Management Editor, go to Computer Configuration> Policies > Windows Settings > Security Settings > Public KeyPolicies and click Encrypting File System.
Right-click Administrator and choose All Tasks > Export…
Step 12
Click Next in Welcome to the Certificate Export Wizard page.
Step 13
In Export Private Key page, select Yes, export the private key.
Click Next.
Step 14
From Export file format, select Include all certificates in thecertification path if possible.
Click Next.
Step 15
In Password page, type
Pa$$w0rd
Pa$$w0rd
In each text box and then click Next.
Step 16
In File to Export, type
C:\administrator
Click Next.
Step 17
Click Finish to close Completing the Certificate Export Wizard page.
Step 18
Click OK.
Close Group Policy Management Editor and Group Policy Management console.
Step 1
Switch to Practice Labs web application. Select PLABDC01 and clickDisable/Enable Auto login.
Verify that x icon is displayed.
Step 2
Connect to CLIENT device and use the following credential:
John.smith
Passw0rd
Step 3
Click Agree if presented with the BGInfo license agreement page.
Right-click on Start and choose Explore…
Step 4
Create a folder in Local disk C and name it JohnSmith
Step 5
Create a text document in c:\JohnSmith folder and call it Confidential.
Step 6
Right-click on JohnSmith folder and choose Properties.
Step 7
In JohnSmith Properties, click Advanced…
Step 8
In Advanced Attributes, select Encrypt contents to secure data.
Click OK twice.
Step 9
From Confirm Attribute Changes, verify that Apply to changes to thisfolder, subfolders and files is selected.
Click OK.
Step 10
Right-click on Confidential text document and choose Properties.
Step 11
From Confidential Properties, click Advanced…
Step 12
From Advanced Attributes, click Details.
Step 13
From Encryption Details dialogue, notice that the recovery agent is the Administrator account.
Click OK thrice.
Step 14
Log off John Smith from CLIENT device.
Step 1
Connect to CLIENT. Log on using the following credential
Administrator
Pa$$w0rd
Step 2
Open Windows Explorer and go to c:\JohnSmith folder.
Double-click Confidential text document.
Step 3
The administrator gets an Access is denied message. Click OK.
Close Notepad and minimize Windows Explorer.
Step 4
Click Start and go to Run box, then type
Mmc
Press Enter.
Step 5
From Console1, go to File > Add/Remove Snap-in…
Step 6
From Add/Remove Snap-in, click Add…
Step 7
From Add Standalone Snap-in, click on Certificates. Choose Add.
Step 8
In Certificates snap-in, click My user account. Click Finish.
Step 9
Click Close then OK.
Step 10
Right-click on Personal and choose All Tasks > Import…
Step 11
Click Next in Welcome to the Certificate Import Wizard.
Summary
In this module, you learnt how to configure the different authentication methods in Internet Information Services.
You tested their security by capturing a network trace using WireShark.
A way to protect user data in a workstation is by using Encrypting File System (EFS). It is important that a recovery agent certificate must be in place to recover encrypted data from a computer.
Step 12
In File to Import, type
\\server\c$\administrator.pfx
Click Next.
Step 13
In Password page, type
Pa$$w0rd
Click Next.
Step 14
In Certificate Store page, click Next.
Step 15
Click Finish to close Completing the Certificate Import Wizard.
Step 16
Click OK then close Console1 without saving changes.
Open Windows Explorer and go to c:\JohnSmith folder. OpenConfidential text document.
Step 17
Confidential text document opens without errors.
Close Notepad and log off Administrator from CLIENT device.
Shut down all virtual machines used in this exercise using Practice Labs power button function to revert these devices to their default settings.
Alternatively, you may sign out of the lab portal to power down all devices.