Lab - Configure Security Features in Windows and Linux

Objectives
Part 1: Update Windows and Linux
Part 2: Windows Local Security Policy
Part 3: Configure Firewall Rules
Part 4: Install and Run Applications

Required Resources
= 1 Windows 10 PC
= This CSE-LABVM virtual machine
= Internet access

Background / Scenario
In this lab, you will update both Windows and Linux systems. You will configure local security policy and
configure firewall rules in Windows. In Linux, you will install two applications: chkrootkit and lynis.

Instructions

Part 1: Update Windows and Linux

New flaws and vulnerabilities are discovered all the time. It is a good idea to keep your PC up to date to
mitigate the exploitation of the known vulnerabilities.

Step 1: Verify connectivity between the CSE-LABVM and the Windows host computer.
In this step, you will verify connectivity to the internet so that you can download updates. Furthermore, you will
verify connectivity between CSE-LABVM and Windows PC so that you can perform tasks later in this lab.
a. Before launching the CSE-LABVM, select it and then choose Settings > Network. For Adapter 1,
change the Attached to: option to Bridged Adapter. You can then choose the adapter. Many computers
have two adapters: one for wireless networks and the other for wired networks. Choose the one your
computer is using to connect to the internet.
b. Launch the CSE-LABVM and wait for it to boot.
c. On the CSE-LABVM, open a terminal and enter ip address to determine its IP address.
d. On your Windows host computer, open a command prompt and enter ipconfig to determine its IP
address.
Question:

Record the IP address for both CSE-LABVM and Windows PC.

CSE-LABVM:
Type your answers here.
Windows PC:
Type your answers here.

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 7
 e. From the respective command prompts, ping a website of your choice to verify that the Windows host and
CSE-LABVM can reach the internet.
f. Verify that the Windows host can ping the CSE-LABVM.
g. From CSE-LABVM, attempt to ping the Windows host. The CSE-LABVM may not be able to ping the
Windows host because of the default firewall settings in Windows. You will modify the firewall rule later in
this lab to allow the pings through the Windows Firewall. Press CTRL-C to stop the pings if necessary.

Step 2: Check for Windows updates.

a. In the Windows Start Menu, search for check for updates.
b. In the Windows Update window, you can review optional updates and the update history. Explore all the
available options related to Windows Update and answer the following questions.
Questions:

When was the last time the system checked for updates?
Type your answers here.
What are your current active hours? What will Windows do outside the active hours?
Type your answers here.

Step 3: Linux update and upgrade

a. In the CSE-LABVM, enter the command apt-get to see list of available commands. The apt-get update
command should always be done before an upgrade.
b. Enter the command sudo apt-get update to resynchronize the package index files from their sources.
Enter password as the password when prompted.
cisco@labvm:~$ sudo apt-get update
[sudo] password for cisco:
c. In the terminal, enter the command sudo apt-get upgrade to retrieve and upgrade the currently installed
packages with new versions available. This command will not remove currently installed packages. If the
newer version cannot be upgraded, no changes will be made to the packages.
Enter password as the password if prompted. Reply y when asked if you want to continue. This upgrade
process can take a few minutes.
cisco@labvm:~$ sudo apt-get upgrade
[sudo] password for cisco:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
<output omitted>
Need to get 479 MB of archives.
After this operation, 53.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Part 2: Windows Local Security Policy (Optional)

The Windows Local Security Policy of a system is a set of information about the security of your computer. In
this part, you will configure the local password policy, account lockout settings, and the audit policy.
Note: Local Security Policy comes only with Windows Pro or Enterprise editions. If you have the Home
edition, you can search the internet for tutorials on "How to Enable Local Security Policy (secpol.msc)." For

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 7
 example, the majorgeeks.com website has an excellent tutorial. If you are not allowed or would prefer not to
change the Local Security Policy on you Windows host, read through this part and move on to the next part.

Step 1: Configure Local Password Policy in Windows

You have determined that the security policy for password is as follows:
= A user must use a unique password for at least 2 changes of the password.
= Passwords must be at least 8 characters.
= Passwords must be changed every 90 days.
= Can only change the password once a day.
= A password must consist of the following four elements:
o At least one lower case alpha character.
o At least one upper case alpha character.
o At least one numerical character.
o At least one symbol character.

a. Navigate to the Local Security Policy by first searching for and opening the Control Panel.
b. Click Administrative Tools > Search for Local Security Policy.
c. Open Local Security Policy.
Question:

List a few of security policy settings:

Type your answers here.
d. Expand Account Policies and click Password Policy. Six policies are displayed in the right panel with
their associated default security settings.
e. The first policy, Enforce password history, is used to set the number of unique passwords the user must
enter before being allowed to reuse a password. Double-click Enforce password history to open the
Enforce password history Properties window. Set the value to 2.
f. Fill in the values you should set in Local Security Policy for the remaining Password Policy security
settings.

Policy Security Setting

Enforce password history

Maximum password age

Minimum password age

Minimum password length

Password must meet complexity requirements

Store passwords using reversible encryption

Blank Line, No additional information
Blank Line, No additional information

Note: The Store passwords using reversible encryption security setting should always be disabled.
Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 7
 passwords. For this reason, this policy should never be enabled unless application requirements outweigh
the need to protect password information.
g. Double-click each of the policies and set the values according to your entries in the table above.

Step 2: Test the password policy security settings.

Test your password policy security settings by attempting to change the password. Try a new password that
does not meet the length or complexity requirements.
a. From the Start Menu, search for Change your password.
b. Click Password. Click Change.
c. Enter your current password. Click Next to continue.
d. Enter your new password twice and provide a password hint. Make sure your new password does not
meet the length or complexity requirements that you configured in the previous step. Click Next to
continue.
e. Click Finish. You should be presented with a message that your new password does not meet password
policy requirements. Click Close to continue.

Step 3: Configure the Account Lockout Policy security settings.

a. Navigate back to the Local Security Policy window.
b. In the expanded Account Policies and click Account Lockout Policy. Three policies are displayed in
the right panel with their associated default security settings.
c. Change the default settings to the following:
o A user must wait 10 minutes for the lookout counter to reset.
o Users are locked out of the computer after 5 attempts to enter the correct password.
Questions:

How long should the user have to wait before attempting to log back in?
Type your answers here.
How many times is a user allowed to attempt to login before the account is locked?
Type your answers here.

Step 4: Configure the Audit Policy security settings.

a. Expand the Local Policies menu, and then click Audit Policy.
b. Double-click to open the properties window for Audit account logon events.
c. In the Local Security Setting tab, notice the check boxes for Success and Failure.
d. Click the Explain tab to learn about this security setting. Click OK to close the Properties window.
e. Continue to review each security setting. Click the Explain tab for each and read what it does.

Part 3: Configure Firewall Rules

Traffic travels in and out of devices using ports. The firewall controls the flow of the traffic. Think of the firewall
as a security guard who controls the inbound and outbound traffic based on the firewall rules.
In this part, you will configure Windows Defender Firewall on a Windows.

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 7
Step 1: Investigate Windows Defender Firewall
a. From the Start Menu, Search for and open Windows Defender Firewall. The default state for the
Windows Firewall is On.
Note: If you are using a Windows PC that is administered by an organization, you may see the message,
For you security, some settings are managed by your system administrator.
Question:

What are the benefits of Windows Firewall?

Type your answers here.
b. In the left panel of the window, click Allow an app or feature through Windows Defender Firewall. In
the Allowed apps and features window, programs and services that Windows Firewall is not blocking
will be listed with a check mark.
Note: You can add applications to this list. This may be necessary if you have an application that requires
outside communications but for some reason the Windows Firewall cannot perform the configuration
automatically.
Creating too many exceptions in your Programs and Services file can have negative consequences.
Question:

Describe a negative consequence of having too many exceptions.

Type your answers here.
c. Click Cancel to exit the Allow apps window.

Step 2: Configure the Advanced Security features in Windows Firewall to allow echo requests.
Note: This step may not be allowed by your organization's security policy.
In this step, you will create an inbound rule that will allow echo request packets through the firewall.
a. In the left panel of the Windows Defender Firewall, click Advanced settings.
b. In the Windows Defender Firewall with Advanced Security on Local Computer, you can configure
Inbound Rules, Outbound Rules, or Connection Security Rules. You can also click Monitoring to view the
status of configured rules.
c. Click Inbound Rules, and then in the Actions pane, click New Rule.
d. In the New Inbound Rule Wizard, select Custom, and then click Next twice. You should now be at the
Protocol and Ports step.
e. For Protocol type, select ICMPv4, and then click Customize.
f. In the Customize ICMP Settings window, select Specific ICMP types, select Echo Request, and then
Click OK.
g. Click Next three times. You should now be at the Profile step.
h. Deselect Public so the Windows PC will not respond to an echo request in a public network location,
such as an internet cafe. Click Next to continue.
i. Provide a name for the new inbound rule that gives a good description of the rule and click Finish. You
should now see your rule at the top of the list of Inbound Rules in the Windows Defender Firewall with
Advanced Security dialog window.
j. Now the rule has created and enabled. Verify that CSE-LABVM can ping the Windows host and receive
replies.

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 7
Part 4: Install and Run Applications
In this part, you will install two new applications on CSE-LABVM: chkrootkit and lynis. The application
chkrootkit will be downloaded from a software repository. However, we will add a new repository so we can
install lynis, provided by CISOfy.

Step 1: Install and run chkrootkit

The tool chkrootkit is used to check for signs of a rootkit on a local system. Rootkit is a type of malware that
can remain hidden on your computer and can be used to cause significant damage to your device by hackers.
a. In a terminal, enter the command sudo apt install chkrootkit. Enter the password password when
prompted.
cisco@labvm:~$ sudo apt install chkrootkit
[sudo] password for cisco:
b. Enter the command sudo chkrootkit to run a rootkit check.
cisco@labvm:~$ sudo chkrootkit
c. The output can be filtered to look for interested strings, such as worm. The command chkrootkit can be
piped together with the command grep with the option –i to ignore the case distinction in the strings of
interest.
cisco@labvm:~$ sudo chkrootkit | grep -i worm
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for TC2 Worm default files and dirs... nothing found
! cisco 32822 pts/0 grep --color=auto -i worm

Step 2: Install Lynis

lynis is security tool for systems running Unix-based OS, such as Linux and macOS. lynis will be used later
in another activity to harden a Linux system. The application Lynis is maintained by CISOfy. In this step, we
will add the software repository and install Lynis.
a. Copy and paste the following command into a terminal to import the key from the CISOfy keyserver. This
key is required to verify the integrity of your download when you download lynis:
cisco@labvm:~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
013baa07180c50a7101097ef9de922f1c2fde6c4
Executing: /tmp/apt-key-gpghome.8C6X477onz/gpg.1.sh --keyserver keyserver.ubuntu.com
--recv-keys 013baa07180c50a7101097ef9de922f1c2fde6c4
gpg: key FEBB7D1812576482: public key "CISOfy software signing <[email protected]>"
imported
gpg: Total number processed: 1
gpg: imported: 1

b. Copy and paste the following command into a terminal to add the lynis repository maintained by CISOfy.
cisco@labvm:~$ echo "deb https://packages.cisofy.com/community/lynis/deb/
stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
deb https://packages.cisofy.com/community/lynis/deb/ stable main

c. Perform an update after adding a new repository. At the prompt, enter sudo apt-get update.

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 7
 d. Use the command apt install to install Lynis.
cisco@labvm:~$ sudo apt install lynis
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
lynis
0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
Need to get 0 B/262 kB of archives.
After this operation, 1,681 kB of additional disk space will be used.
Selecting previously unselected package lynis.
(Reading database ... 205787 files and directories currently installed.)
Preparing to unpack .../lynis_3.0.6-100_all.deb ...
Unpacking lynis (3.0.6-100) ...
Setting up lynis (3.0.6-100) ...
Processing triggers for man-db (2.9.1-1) ...
Question:

From the output, what is the installed Lynis version?

Type your answer here.
e. To verify the installed version, enter the command lynis show version at the terminal.
cisco@labvm:~$ lynis show version
3.0.6
f. If you want to determine the latest version provided by CISOfy, enter the following command at the
terminal.
cisco@labvm:~$ sudo apt-cache policy lynis
lynis:
Installed: 3.0.6-100
Candidate: 3.0.6-100
Version table:
*** 3.0.6-100 500
500 https://packages.cisofy.com/community/lynis/deb stable/main amd64 Packages
500 https://packages.cisofy.com/community/lynis/deb stable/main i386 Packages
100 /var/lib/dpkg/status
2.6.2-1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
500 http://archive.ubuntu.com/ubuntu focal/universe i386 Packages

g. You can run sudo apt-get update and sudo apt-get upgrade again to ensure that you have all the latest
updates from CISOfy.
end of document

 2017 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 7