Scribd
Upload
152 views14 pages

Cybersecurity Lab Guide

The document summarizes the labs completed as part of a Palo Alto Networks Cybersecurity Academy Essentials I course project. The labs focused on creating a zero trust environment, configuring authentication using a captive portal and local user account, implementing two-factor authentication, allowing only trusted applications, managing certificates, and decrypting SSH and SSL inbound traffic. Screenshots were provided showing the successful completion of each lab and configuration of the firewall to implement these security controls.

Uploaded by

aykut köksal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
152 views14 pages

Cybersecurity Lab Guide

The document summarizes the labs completed as part of a Palo Alto Networks Cybersecurity Academy Essentials I course project. The labs focused on creating a zero trust environment, configuring authentication using a captive portal and local user account, implementing two-factor authentication, allowing only trusted applications, managing certificates, and decrypting SSH and SSL inbound traffic. Screenshots were provided showing the successful completion of each lab and configuration of the firewall to implement these security controls.

Uploaded by

aykut köksal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Aykut Koksal Essentials I Project

PaloAlto Networks Cybersecurity Academy Essentials I


ESSENTIALS I COURSE PROJECT

Contents

Lab 1: Creating a Zero Trust Environment ........................................................................................... 2

Lab 2: Configuring Authentication ....................................................................................................... 6

Lab 3: Using Two-Factor Authentication to Secure the Firewall ......................................................... 8

Lab 4: Allowing Only Trusted Applications ........................................................................................... 9

Lab 5: Managing Certificates................................................................................................................ 10

Lab 6: Decrypting SSH Traffic ............................................................................................................... 11

Lab 7: Decrypting SSL Inbound Traffic ................................................................................................. 13

Lab 1: Creating a Zero-Trust Environment

In this lab, I learned to set up security zones on the Firewall and applied Security principles to each of
them. Then I created a NAT policy and tested the entire setup by browsing a Facebook page using
Internet Explorer. Lab result successful:
Zones;
“Security Policy Rule Actions” Student input: 3.10
Student input: 3.15

Student input: 4.6


Student input: 4.16
Lab 2: Configuring Authentication

In this lab, the Firewall is configured to use a Captive Portal to authenticate users by using a lo-

cal user account and Authentication Policy. This lab, the following tasks are performed:

• Configure a Local User Account and Authentication Profile

• Enable the Captive Portal and Enable Web-Form based Logins

• Create an Authentication Policy

• Commit and Test Authentication Policy

See below,
Student input: 4.11

Apparently (again!) The PAN lab 2 example was wrong because IE was having problems with TLS (I'm
not sure what TLS 1.2 is currently) and the mod could not display the page.
Opening the facebook URL on Google created the Sign In Required screen for Google-based breads.
At least that was successful

Student input: 4.15 – 4.16


Lab 3: Using Two-Factor Authentication to Secure the Firewall

In this lab, the Firewall is configured to use two-factor authentication using a certificate, along with a
username and password. The following tasks are performed:

• Create a Local User Account

• Generate Certificates

• Create a Certificate Profile

• Export Certificate and Commit

• Test Connectivity and Import Certificate on the Client

Below result successful:


Lab 4: Allowing Only Trusted Applications

In this application I created a group of reliable laboratory and then I apply a security group that
allows them to communicate on the network. Then, you will test the security policy you modified
earlier. Next, you will add an additional application to the application group, Trusted-Apps. Finally,
you will verify the additional application is allowed. Pictures captured on this lab: My input: From this
lab, I learn how to create an application group. To simplify the creation of security policies,
applications requiring the same security settings can be combined by creating an application group.
Then learn how to modify the Allow-Inside-Out security policy to only allow the applications in the
application group, Trusted-Apps. Finally, commit and learn how to test the security policy. See below,
Lab 5: Managing Certificates

In this lab, I created a self-signed RA Certificate and transfer the Modified Certificate to the client for
incoming traffic management and added the certificate to the client and tested the connection
status. In the domain, this will help me know how to install Certificates to secure traffic between
client and Firewall. See below,
Lab 6: Decrypting SSH Traffic
In this lab, I prepared a policy to decrypt SSL traffic, then I logged into the DMZ server to generate
traffic and checked the Firewall Logs to verify that the traffic was not encrypted.

This monitoring traffic to protect areas prone to attack if necessary helps to real-life scenarios. See
below
After disabling the policy, it was seen that the traffic was not decrypted.

Monitor logs,
Lab 7: Decrypting SSL Inbound Traffic

In this lab, we decrypted the SSL traffic from the internal clients to the DMZ server, then we
examined it to make sure that the allowed applications communicate with it.

By doing this, the firewall can detect malicious content trying to access the DMZ server. See below,

A Decryption policy has been created using the object created so far
It was tested by opening a web page on the DMZ server and checking the Firewall logs to verify that
the traffic was decrypted.

Then we disabled the policy and tested it again. By checking the logs, we can now see that the traffic
is encrypted.

Monitor logs,

You might also like