Beruflich Dokumente
Kultur Dokumente
Lab 2
Scenario: Simple attack mitigation
Overview
Description
This lab introduces you to the inline mode of Pravail APS and simple
attack mitigation techniques. You will learn about essential steps
performed. This lab is divided into the following parts:
• Migration of Pravail APS to inline mode
• Protection Group configuration
Initial Setup
DCN
mgt0 mgt1
Victim
ext0 int0
Internet
2 Mbps
last mile
Student 54 L2-1
Basic attack mitigation with Pravail APS
Lab 2
Objectives
After completing this lab, you will be able to do the following:
• Perform migration of Pravail APS to inline mode;
Equipment/Tools
The following equipment is required to complete this lab:
• web browser (Chrome or Firefox)
When accessing training labs, you will be prompted for Training Portal
Authentication. Use following credentials:
• Login: student54
• Password: 43xXBAJD89
Port: 22
Login: admin
Password: 43xXBAJD89
DCN
Victim
mgt0 mgt1
5. Make sure that Pravail APS deployment mode is set to inline inactive
Student 54 L2-3
Basic attack mitigation with Pravail APS
Lab 2
Now, let’s configure Server Type for protection group we will use to protect
victim server.
2. Select Web Server Type from Standard Server Types drop down
3. Victim web server should not receive any packets other then:
• ICMP echo requests, echo replies, destination unreachable
• TCP packets from high ports destined to ports 80 and 443 (for
HTTP and HTTPS service)
• TCP packets destined from ports 53, 80 or 443 to high ports
(used by server to fetch various server software updates)
• UDP packets destined from port 53 to high ports (to resolve
domain names)
For every protection level type following Filter List to match this
requirement:
drop not (proto icmp or proto tcp or proto udp)
drop proto icmp and not ((icmptype 8 and icmpcode 0) or
(icmptype 0 and icmpcode 0) or (icmptype 4 and icmpcode
3))
drop proto tcp and not ((src port 1024..65535 and (dst
port 80 or dst port 443)) or (dst port 1024..65535 and
(src port 53 or src port 80 or src port 443)))
drop proto udp and not (dst port 1024..65535 and src
port 53)
Last step is to create a new protection group for the victim server:
Generating reports
In this section, you will learn how to generate required Protection Group
reports.
1. Navigate to Protection Group list page
2. Open your Web Server protection group
3. Set timeframe of the report to 1 hour (or other reasonable timeframe to
indicate see the attack), change units to packets
4. Export as a PDF
5. Review the result.
6. Navigate to Explore->Blocked Hosts
Student 54 L2-5
Basic attack mitigation with Pravail APS
Lab 2
This completes the lab exercise. Please let instructor know that you’ve
finished the lab and the attack should be now stopped.