10
PC2
Windows 10
10.20.0.201
PC2.corp.515support.com
Client PC
MS1
Windows Server 16
10.1.0.102
Updates.corp.515support.com
Web server authentication, hosts DHCP and allows HTTPs communication
DC1
Windows Server 16
10.1.103
DC1.corp.515support.com
Sends files between VLANS
Objective
The main takeaway from this lab is to display the importance of segmenting your network thus creating a secure network design. We focus on creating a Man-in-the-Middle attack with ARP spoofing and then reconfigure and segment the network through VLANS and subnets. We start off with creating a web server configuration on MS1, we do this so we can have secure communications over HTTPs. We utilize the KALI server to intercept the traffic around the VLAN and analyzing it with Wireshark. After we simulate the attack, we are then taught how to create a robust and secure network and include physical factors into play. In summary, this lab aims
to point out display weaknesses and vulnerabilities of an unsegmented network
and gives us proof of the benefits of implementing segmentation with VLANs and subnets.
Procedure
We start off by tinkering with the MS1 web server and configure the HTTPS communications and authentication. We install a module for HTTPS redirect, and we obtain a certificate for the domain. Our setup allows URL rewrite rules and allows basic authentication on that web server.
Ohio Cyber Range Institute, University of Cincinnati
