SECTION 9 Cyber Security

In this episode we review the new CIS Critical Security Controls. This is a list of 20 security controls that you can use to keep your organization safe. We will be using them to keep our Raspberry Pi data center secure. LINKS * Critical Security Controls: https://www.cisecurity.org/controls/ * Sans Cheat Sheets: https://pen-testing.sans.org/resources/downloads

In this episode we talk about IT as a process. Setting up a workstation, a printer, or a server can all be done as a process. Dorothy is trying to get the configuration of Raspbian Lite down to a process. We talk about her original change ticket for configuring Raspberry Pi 1. We compare that to her ticket for Raspberry Pi number 3. She has a growing number of things that need to be configured. She should have a process figured out by the time she gets to Raspberry Pi number 4. Which is the last one in the stack. We’re moving in the right direction.

Zabbix is installed and pulling data from hosts on the network. We’re currently monitoring our Cisco switch, our Synology DiskStation and our Gigabyte server. Alerts were generated as soon as data was collected. We talk about adding hosts to Zabbix. We also talk about how valuable the information is. We should have installed network monitoring a long time ago.

Time to start some long over due projects. We prepare to install Zabbix for network monitoring. We also talk about packet analysis with Wireshark. Both of these projects will give us valuable information about our network. Are the switches working the way they should? Do we have enough bandwidth for servers and workstations? Are protocols functioning the way they should? Is there traffic on the network that shouldn’t be there? These are important questions that we hope to answer. LINKS * Zabbix * ML340G-10 from Logic Supply – Packet Capture Box

There be network configurations for Rasbian Light. We configured a static address, ssh and the apt cacher proxy settings for one Raspberry Pi. It works! Now for the hard part. We both need to focus on data center management. How do we maintain servers and services? How do we keep everything secure? Time for polices, procedures and standards. We also have to think about the security of the organization. That includes servers, services and the network. No rest for the wicked! LINKS * SANS Security Polices

This week we managed to get the Raspberry Pi data center connected to the network. Well, sort of. Getting the data center connected required a configuration change on the data center switch. We go over our change ticket, the planning process, gathering information and implementation. There were a lot of steps in this process. CURRENT STATUS * Ports on the Data center switch, SW2, have been configured for access mode and vlan 51 * The Raspberry Pi data center is connected to SW2 * Dorothy’s workstation is also connected to SW2 * Next Step: Configuring the network settings for each Raspberry Pi * Add the IP address and subnetmask * Add the default gateway * Add the DNS server * Test  

We are getting ready to connect the Raspberry Pi data center to the network. Dorothy and I walk through the process of gathering information, planning and change management. We also define the most important step. Making sure we have a backup and rollback procedure. We need to make sure we can put things back if we break something. As long as we have that, we should be fine.

In this episode we talk about adding a Cisco switch to the network. This will become the switch for the Raspberry Pi data center. We also talk about our change management process, setting up the core switch, and connecting the new switch to the network. One step closer to deploying our Raspberry Pi data center.

In this episode we talk about spanning tree. What does it  do? How do we configuring it? To answer these questions we setup a lab with two Cisco 3560 switches. We configure trunk ports, a spanning tree root bridge, and we look at the inner workings of spanning tree. THE LAB DIAGRAMS * Phase 1 * Phase 2 * Phase 3 THE SWITCH CONFIG FILES * sw1 * sw2

In this episode we talk about switching. We cover ARP, and some security options from a comment on Reddit. This will be an ongoing theme for at least a couple of episodes. We need to figure this out for our Raspberry Pi data center. There’s a lot to learn. CORRECTIONS The explanation of ARP is wrong. ARP will send a broadcast to all hosts. The host with the correct IP address will respond. We will cover this in the next episode.

In this episode we talk about installing Rasbian Lite and logging with Splunk. Dorothy took on the task of installing Rasbian Lite, while I focused on Splunk. We both ran into issues. The good news, we have Raspbian Lite on all four of our Raspberry Pi’s. How to install Raspbian Stretch Lite – No GUI Go to the Downloads page, and select the appropriate choice. Installation page Click on Downloads Tab. Select Raspian Stretch Lite Download zip (Release 11-29-17 Version 4.9) Unzip it. Go to Linux (on the Installation page) for instructions on how to get it installed in Linux. Open a terminal window. Enter “lsblk” command to see which devices are currently connected to your workstation. Make a note of it. Insert SD Card in SD Card holder, and plug it into the USB port in your workstation. Run “lsblk” again to determine which drive your sd card is listed as. To install Raspbian Stretch Lite on SD Card Make yourself root. (sudo -s) Enter your password. Run “dd bs=4M if=2017-11-29-raspbian-stretch-lite.img of=/dev/sdX conv=fsync” (sdX is generic, the X will be replace by the actual drive letter your sd card is listed as, for example, on ours it was listed as sdc, so the C replaces the X in the command). Be sure to check your sd card holder is blinking, so you know it is being copied. To make installation same size as image If the SD card is bigger than the original image size, dd will make a copy of the whole card. We must therefore truncate the new image to the size of the original image. Make sure you replace the input file if= argument with the correct device name. diff should report that the files are identical. Run “dd bs=4M if=/dev/sdc of=from-sd-card.img” Run “truncate – -reference 2017-11-29-raspbian-stretch-lite.img from-sd-card.img” Run “diff -s from-sd-card.img 2017-11-29-raspbian-stretch-lite.img” If the files are identical, the output message should read: “Files from-sd-card.img and 2017-11-29-raspbian-stretch-lite.img are identical.” Run “sync” to ensure the cache is flushed and it is safe to unmount sd card. Run “umount (name of the mountpoint)” To test if the installation worked Insert sd card into Raspberry Pi3’s sd card slot. Plug in the power cable into the Raspberry Pi3’s power slot. Plug in the peripherals into the Raspberry Pi3’s USB slot. Login: pi Password: raspberry If the installation runs, it means it was successful.

In this episode we cover the basics of DNS. How does DNS work? We also talk about some of the config files for BIND. We have three different servers running BIND 9. Each one has BIND config files in different locations. This leads us into polices, procedures, standards and guidelines. All of this helps us move forward on our Raspberry Pi data center.

In this episode we talk about six things that should be part of every IT project. This is not a comprehensive list. These are some important things to think about when starting any IT project. We go over some examples to see how they work in real world scenarios. THE LIST OF SIX * Business Case * Technical Requirements * Business Requirements * Implementation Plan * Management Plan * Security Plan

In this episode we review our IT skills. We start of with a review of Dorothy’s Linux skills. I asked her a bunch of questions to see what she’s learned. We also talk about Windows, network engineering and security. LINUX QUESTIONS & ANSWERS LINUX COMMANDS What is the command for changing directories? cd What is the command for listing a directory? ls What is the command for listing a directory as a list with more info? ls -l What is the command for listing a directory as a list with more info? ls -a What is the command for showing the last part of a file? tail How do you edit a file? nano + name of file How do you create a new file? nano & press enter. Add test. Ctrl+X, name file, enter. Or nano + name of new file. What is the command for showing the process tree? ps axu What is the command for reading a file? less + name of file LINUX FILE SYSTEM Where are the log files located? /var/log/ Where are the config files located? /etc Where are user files located? /home What is /usr for? General software is installed here. What is /usr/local for? /usr/local is “for use by the system administrator when installing software locally”. What is /var for? This folder contains log files about the software on your computer. What is /etc/init.d for? The init.d directory contains a number of start/stop scripts for various services on your system. DHCP What is DHCP used for? A service that automatically provides network configuration. Must have a server and a client. What are the 3 different configuration options for DHCP? Dynamic (Address Pool), by Manual Allocation (MAC address) and Automatic. Which configuration option did we use? Dynamic  

We’ve decided to take a break for the holidays. We we will be back in January. This should give us […]