Chapter 8

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Part 1 – Configuring access policies

Step 1: Build the network and configure the hosts

c. IP Address Host A :

Subnet Mask Host A :

Default Gateway Host A :

IP Address Host B :

Subnet Mask Host B :

Default Gateway Host B :

IP Address External Server :

Subnet Mask External Server :

Default Gateway External Server :

Step 2: Log in to the user interface

c. LAN

d. internal IP Address : 198.168.1.1

Part 2 Configuring a DMZ on the multi-function device

Step 1: Set up a simple DMZ

c. Click Help to learn more about the DMZ. For what other reasons might you want to set up a host in the DMZ?
e. Test basic access to the DMZ server by pinging from the external server to the outside address of the multi-function device. Use the ping –a command to verify that it is actually the DMZ server responding and not the multi-function device. Are you able to ping the DMZ server?
f. Test HTTP access to the DMZ server by opening a browser on the external server and pointing to the external IP address of the multi-function device. Try the same thing from a browser on Host-A to Host-B using the internal addresses.
Are you able to access the web page?
g. Test Telnet access by opening a command prompt as described in Step 5. Telnet to the outside IP address of the multi-function device using the command telnet A.B.C.D (where A.B.C.D is the outside address of the multi-function device).
Are you able to telnet to the server?

Step 2: Set up a host with single port forwarding
d. Test HTTP access to the DMZ host by opening a browser the external server and pointing to the outside address of the multi-function device. Try the same thing from a browser on Host-A to Host-B.
Are you able to access the web page?
e. Test Telnet access by opening a command prompt as described in Step 5. Attempt to telnet to the outside IP address of the multi-function device using the command telnet A.B.C.D (where A.B.C.D is the outside IP address of the multi-function device).
Are you able to telnet to the server?

 

Lab 8.4.3 Performing a Vulnerability Analysis

Step 1: Download and install MBSA

b. What is the latest version of MBSA available?….. (MBSA 2.2 versi platform yaitu x86 dan x64)
c. What are some of the features MBSA provides?….. ( MBSA 2.2 adalah versi terbaru dari keamanan gratis Microsoft dan penilaian kerentanan scan alat untuk administrator, auditor keamanan, dan profesional TI.

MBSA 2.2 dibangun pada versi 2.1.1 sebelumnya MBSA yang mendukung Windows 7 dan Windows Server 2008 R2 dan memperbaiki masalah kecil yang dilaporkan oleh pelanggan. MBSA akan bekerja dengan didukung semua versi Windows termasuk Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 dan Windows Server 2008 R2.

MBSA juga kompatibel dengan Microsoft Update, Windows Server Update Services 2.0 dan 3.0, SMS Inventory Tool untuk Microsoft Update (ITMU), dan sccm 2007.

Untuk daftar lengkap produk yang didukung oleh MBSA berbasis Microsoft Update (MU) dan Windows Server Update Services (WSUS) teknologi, kunjungi Produk Didukung oleh halaman WSUS.

Lihat halaman MBSA untuk informasi lebih lanjut atau untuk mendownload versi terbaru.

Kecuali khusus mencatat, semua referensi MBSA 2.0 di halaman TechNet MBSA juga berlaku untuk semua versi MBSA. )
f. Click Download Files below and select the file you want to download. (The English setup file is MBSASetup-EN.msi). Click the Download button on the right of this file. How many megabytes is the file to download?….. (1.7 MB)

Step 2: Build the network and configure the hosts
c. If the host is connected to a hub or switch and a DHCP server is not available, configure it manually by assigning a static IP address.
Which IP address and subnet mask does Host-A and the server (optional) have?….. (192.168.1.101)

Step 3: Run MBSA on a host
a. Double-click the desktop icon for MBSA or run it from Start > All Programs.
When the main screen displays, which options are available?

Step 4: Select a computer to scan
b. What are the two ways to specify a computer to be scanned? dengan workgroup computer name atau langsung ke IP adressnya

Step 5: View security update scan results
a. View the security report. What are the results of the security update scan? office security update, windows security update, my SQL security update
b. If there are any red or yellow Xs, click How to correct this. Which solution is recommended? klik” how to connect this” maka jalankan recomendasinya

Step 6: View Windows scan results in the security report
a. Scroll down to view the second section of the report that shows Windows Scan Results. Were there any administrative vulnerabilities identified? tidak complete dalam meng_update, dan firewall nya tidak aktif dalam protection
b. On the Additional System Information section of the screen (below), in the Issue column for Services, click What was scanned, and click Result details under the Result column to get a description of the check that was run. What did you find? When finished, close both popup windows to return to the security report beberapa potensial keamanan tidak bisa diinstal maka untuk recommendasi coba lagi

Step 7: View Desktop Application Scan Results in the Security report
a. Scroll down to view the last section of the report that shows Desktop Applications Scan Results. Were there any administrative vulnerabilities identified?
b. How many Microsoft Office products are installed?
c. Were there any security issues with Macro Security for any of them?

Step 8: Scan a server, if available
a. If a server with various services is available, click Pick a computer to scan from the main MBSA screen and enter the IP address of the server, and then click Start Scan. Which security vulnerabilities were identified? IE Zone
b. Were there any potentially unnecessary services installed? Which port numbers were they on? ada

Step 10: Reflection
a. The MBSA tool is designed to identify vulnerabilities for Windows-based computers. Search the Internet for other tools that might exist. List some of the tools discovered.
b. Which tools might there be for non-Windows computers? Search the Internet for other tools that might exist and list some of them here.

c. Which other steps could you take to help secure a computer against Internet attacks?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: