Online Digital Forensics Courses and Labs

Funded by National Science Foundation (NSF)
Funded by Florida Center for Cybersecurity (Cyber Florida) Capacity Building Program

Remote Access Windows Server 2016 Protection - Part I


 

Authors Mr. Benigno Rodriguez, jrodsoto@knights.ucf.edu; Dr. Cliff Zou, czou@cs.ucf.edu

Prerequisite:

  • Knowledge of basic usage of Linux machine and virtual machine environment.
  • Basic knowledge of networking and TCP/IP.
  • Basic knowledge of Windows Server Services (DHCP, DNS, RAS)

Goals of this tutorial:

  • Learning about possible vulnerabilities and protection of a Windows 2016 Server as Gateway (public internet publish server)
  • DMZ server TCP services connections to Internal Domain Server and services
  • Firewall Configuration to protect DMZ and Internal Windows Services
  • Client Remote Access Configuration and Protection

Software Needed:

  • VirtualBox (if you do not have VirtualBox installed please see lab setup).
  • Kali Linux VM for VirtualBox (can be downloaded here).
  • Windows Server 2016 ISO file (download ISO file here).
  • Windows 10 Enterprise ISO file (download ISO file here).
  • Endian Community Firewall (donwload EFW-3.3 Version here).

Basic Introduction:

Windows Server 2016 as Gateway

External Resources about this infrastructure can be found here.

Key Points for protecting Windows Server Gateway:

Windows Server Gateway Insfrastruture

RAS (Remote Access Services)

The RAS server consists of windows server 2016 install as standard core. Two virtual box adapters will be required for this server; we will be configuring them with powershell from the command-line interface.

The server will be also configured as a joined server to single forest domain. Therefore, additional Windows 2016 server will be required for completing this lab.

The RAS server will also be configured to accept remote access connections from a windows remote client virtual machine. The following diagram illustrate the lab topology. Windows Client 10 will be use on two separate networks.

 

Figure 1: Windows Server 2016 RAS Topology


System Overview

PDC Domain Services Windows 20016 Server

The PDC server is a virtual machine with a virtual box adpater configured as host network. Two host networks and one NAT (network addresss translation) network are going to be created during the pre-configuration for the lab.

The server will be also configured as the primary domain server, therefore a single forest is required.

The PDC will authenticate the windows Remote client throghout the RAS server. Access connections from/to RAS and PDC windows virtual machines will be configured on Endian FW/Router.

 

Figure 2: Windows Server RAS Login Page - Virtual Box VM


Endian Community Firewall/Router

 

Figure 3: Endian virtual software Firewall/Router

Endian Firewall/Router is a community version software that runs a linux kernel and acts as firewall and router for virtual machines.

This VM will be configured with four adapters which will be created in Virtual Box. See PRE-Installation Configuration: here

Instructions for configuring the software, interfaces and networks rules will be done thru console and GUI web management interfaces provided by Endian.


LAB Instructions Breakdown - Below an html document link and portable downloadable file with instructions. The lab is broken down on the following main steps.

A) Pre-Installation and Configuration
1. Ensure Virtual Box is installed (instructions here)
2. Host Networks and NAT network creation
a. create a host network for the DMZ network to inside traffic. (ORANGE ADAPTER on Endian FW/Router)
b. create a host network for the internal network (GREEN ADPTER on Endian FW/Router)
c. create a host network DMZ network for the outside private network traffic (BLUE ADAPTER on Endian FW/Router)
d. create a NAT network for the outside network (RED ADAPTER on Endian FW/Router)
B) Download software requirement (click here for download ISO files)
1. Endian Firewall/Router Installation (instructions)
2. Windows 2016 Server Installation (instructions)
3. Windows 10 Client Installation (instructions)
C) Installation, Configuration, and testing of the following.
1. Endian FW/Router
2. Windows Server 2016 PDC
3. Windows Server 2016 RAS
4. Windows 10 Client
5. Securing

Installation and Configuration Information

The Installation and configuration (pdf format) for all virtual devices (vm machines) are included in document that can be downloaded PDF.

Follow steps by steps installation and configuration here. HTML.