Systems Administration: Cyber Defense Edition Write-Up
Author: Agustin Castro
Framework Category: Protect and Defend
Specialty Area: Cybersecurity Defense Infrastructure Support
Work Role: Cyber Defense Infrastructure Support Specialist
Task Description: Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180) Scenario
Our managed service provider has notified us that an important system/application is either missing or no longer functioning properly. This has brought the company’s current cyber defense posture below an acceptable baseline. Confirm the system/application that the managed service provider has identified with engineering and then correct the issue as soon as possible.
Additional Information
More details and objectives about this challenge will be introduced during the challenge meeting, which will start once you begin deploying the challenge.
You will be able to check your progress during this challenge using the check panel within the workspace once the challenge is deployed. The checks within the check panel report on the state of some or all of the required tasks within the challenge.
Once you have completed the requested tasks, you will need to document the methodology you used with as much detail and professionalism as necessary. This should be done on the documentation tab within the workspace once the challenge is deployed. Below the main documentation section be sure to include a tagged list of applications you used to complete the challenge.
Your username/password to access all virtual machines and services within the workspace will be the following…
Username: playerone
Password: password123
The username/password used to access the Firewall’s web interface within the workspace will be the following…
Username: admin Password: password123
Mission Start
On, 06-Feb-2022, at approximately 14:00 hours CST, I, was informed the following by our team:
Ashley Steele:
"So, our MSP just contacted me stating that they no longer
have a connection to the Centipede POS system. I know we
had a working vpn connection just a few days ago, so I'm
not sure whats going on."
Ricardo Cortes:
"Woah, now! We can't let this persist. I don't even want
to think about all the sales we're losing out on because
of this. @jraffin, I need you to get us some information.
Stat!"
Jacques Raffin:
"Yeah, I just got off the phone with one of the managers
at the Centipede location. It seems that the Centipede
POS system can't talk to HQ anymore either. I know that
the router crashed last night and had to be restarted.
I'm wondering if the last working configuration wasn't
saved. Regardless of why, we need to get this fixed
ASAP as we are quickly receiving complaints from the
store staff about not being able to complete transactions."
Jacqueline Smith:
"Please fix this quickly as both staff and customers are
beginning to get really upset."
Recon
I established that Edge-Router1 (Centipede-Router) 172.31.2.4, and Edge-Router2 (Asteroids-Router) 172.31.2.4 lost connectivity to the pfsense firewall 172.31.2.2, and the MSP 172.31.2.5. My first order of business was to learn more about the Edge Router. I connected to 172.31.2.4 and ran the following:
1
2
3
4
5
playerone@Edge-Router1:~$ uname -a
Linux Edge-Router1 3.13.11-1-amd64-vyos #1 SMP Wed Aug 12 02:08:05 UTC 2015 x86_64 GNU/Linux
From this, I, was able to do some research:
https://help.ui.com/hc/en-us/articles/204960094-EdgeRouter-Configuration-and-Operational-Mode
https://docs.vyos.io/en/latest/cli.html
Connect and Configure
From Edge-Router1, I wanted to re-establish the connection to the firewall, and MSP. I did the following:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
playerone@Edge-Router1:~$ show vpn debug detail | grep left
left=172.31.2.3
leftsubnet=192.168.10.0/24
leftsourceip=172.31.2.3
left=172..31.2.3
leftsubnet=192.168.10.0/24
leftsoruceip=172.31.2.3
playerone@Edge-Router1:~$ configure
[edit]
playerone@Edge-Router1:~$ vpn ipsec site-to-site
[edit vpn ipsec site-to-site]
playerone@Edge-Router1:~$ set peer 172.31.2.2 tunnel 1 local prefix 192.168.10.0/24
[edit vpn ipsec site-to-site]
playerone@Edge-Router1:~$ set peer 172.31.2.5 tunnel 1 local prefix 192.168.10.0/24
[edit vpn ipsec site-to-site]
playerone@Edge-Router1:~$ commit
[edit vpn ipsec site-to-site]
playerone@Edge-Router1:~$ save
Saving configuration to `/config/config.boot`...
Done
[edit vpn ipsec site-to-site]
Essentially re-establishing the connection between the Edge-Router1 (Centipede-Router), Firewall, and External MSP through ipsec vpn peer-to-peer configuration. I repeated these steps with Edge-Router2 slightly different as observed below:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
playerone@Edge-Router2:~$ show vpn debug detail | grep left
left=172.31.2.4
leftsubnet=192.168.10.0/24
leftsourceip=172.31.2.4
left=172..31.2.4
leftsubnet=192.168.10.0/24
leftsoruceip=172.31.2.4
playerone@Edge-Router2:~$ configure
[edit]
playerone@Edge-Router2:~$ vpn ipsec site-to-site
[edit vpn ipsec site-to-site]
playerone@Edge-Router2:~$ set peer 172.31.2.2 tunnel 1 local prefix 192.168.10.0/24
[edit vpn ipsec site-to-site]
playerone@Edge-Router2:~$ set peer 172.31.2.5 tunnel 1 local prefix 192.168.10.0/24
[edit vpn ipsec site-to-site]
playerone@Edge-Router2:~$ commit
[edit vpn ipsec site-to-site]
playerone@Edge-Router2:~$ save
Saving configuration to `/config/config
Thus re-establishing the connection between the Edge-Router2 (Asteroids-Router), the pfsense firewall, and External MSP through ipsec vpn peer-to-peer configuration.
Conclusion
MSP to Centipede POS Health Check Desired State Status = “Passing” at 02:41 PM PST
Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.
About The NICE Challenge Project