Building a business environment

This is a recap of the project done within Divergence Academy. We were split up into teams of 4 over 2 weeks, with the task of working for a small MSP with our instructor being our senior engineer.

We worked together to build out network devices such as routers and switches, design an Active Directory environment and end-user workstations, Stand up various enterprise servers and applications, And configured access control lists and firewalls.

*Disclaimer* the IP addresses used are no longer in use and all environments have been erased.

The client has requested the following: 

-a secure network

-an internal Windows Domain

-an internal Microsoft IIS webserver

-an internal Windows 10 workstation

-a public webserver

-a public FTP server

-a LAN network on 10.---.-.-/24

-a DMZ network on 10.---.--.-/24

-a GUEST network on 10.---.--.-/24

Below is the final network we created.

We first made a WAN-Cloud and Wan-Switch on our topology of a secure and VPN tunneled GNS3. Then moved into building our network infrastructure.

We added new devices to the workspace, and linking them up, We then configured the LAN network on the firewall and added a Win10 workstation to the LAN network. This was achieved by Connecting to the firewall's GUI from the Win10 workstation. And Completed the network setup through the firewall GUI.

Here, you can see a picture of the graphical user interface of the firewall configuration panel. This shows our configurations and how we were able to view the status of our services going through the firewall!

Below is a picture of us configuring the firewall through an application called PUTTY as well

Next we made an active directory! By Installing the “Active Directory Domain Services” server role on the Windows 2012 Server, and creating new AD user accounts and joining our Win10 for the widgets into the local domain.

Onto the next server! An IIS web server on a win2012r2 server, and joining the server to the domain. A few simple tasks were needed to complete this. We added A Win2012r2 server Then Installed the “Internet Information Services” as the server role. And verified access over the LAN network. We were even able to configure the set up for users on this LAN. 

In the next stage, we built a LAMP web server on an Ubuntu server on a DMZ network. To do this, we Added an Ubuntu server to the workspace and linked it all up. Within this server, we installed and configured DokuWiki and within this, we Set up a public side of the web server on the firewall.

Within the DMZ we also added an FTP service on a win2012r2 server.

Lastly, we researched how to harden the environment!

We presented this information to our senior engineer about how to harden our FortiGate firewall, Windows 10, Windows server, and our Ubuntu along with the tools to find vulnerabilities and how to fix them!

We also used a very in-depth vulnerability scanning tool used in the professional environment called GreenBone.

We created a target of the WAN interface IP for the firewall. Scanned the target, and Documented the results.

In the picture below, you can see the Vulnerabilities captured from our scan. 

I greatly liked how we can download a total report in PDF format to show all our current vulnerabilities. Including how harmful attacks can be performed and how to fix and harden our network!  

These tasks may seem simple, and quick to install. Truthfully, they are. But, what takes time is implementing proper security practices. Such as configuring a firewall to have secure ports and mitigate the chance of improper sign-on from untrusted users. Or creating each Domain and user into groups, then configuring those groups with their own set rules and access controls. I could go on for a while longer :) 

Cybersecurity professionals are in the business of keeping businesses in business! It is never-ending. Keeping up to date on security vulnerabilities, updates, security flag alerts, installing new software to make a business more efficient, and soooo much more! Let's not forget the most important, keeping important information, users, and data safe!