BÁO cáo bài tập GIỮA KỲ môn học an toàn và an ninh mạng cài đặt dịch vụ chứng nhận

Create Virtual MachineName and operating System Name: TranThiHien VVindons Server o Do not add a Virtual hard disk @ Create a Virtual hard disk now o Use an existing Virtual hard disk fì

ĐẠI HỌC QUỐC GIA HÀ NỘI TRƯỜNG ĐẠI HỌC CÔNG NGHỆ

Trần Thị Hiền - 19020281

BÁO CÁO BÀI TẬP GIỮA KỲ

Môn học: An toàn và an ninh mạng Giảng viên: TS Nguyễn Đại Thọ

Hà Nội - 2021

MỤC LỤC

Download Windows Server 2016 ISO

LAB 4.1: Cài đặt dịch vụ chứng nhận

Download Windows Server 2016 thành

công

* 1

a

> Quick access

Desktop

Pictures

Videos

Local Disk (C:)

Lữcal Disk (DO

Local Disk (E)

Create Virtual Machine

Name and operating System

Name: TranThiHien VVindons Server

o Do not add a Virtual hard disk

@ Create a Virtual hard disk now

o Use an existing Virtual hard disk fìle

Windows ServerTranĩliiHien.vdi {Normal, 2.00 GEỘ

Tạo một Virtual Machine mới tên là TranThiHien Windows Server

ranThỉHien Windows Server

Chạy TranThiHien Windows Server vừa tạo

512 : MB

4096 MB

íị Oracle VM VirtualBox Manager

Windows 2015

(54-bit) GVlsers^dmin

\VirtualBox VMS

\TranThiHien Windows Server

2048 MB Floppy, Optical, Hard Disk VT-x/AMD-V, Nested Paging

Please select a Virtual optical disk tìle ũr a physical optical drive containing a disk to start your new Virtual machine from.

The disk should be suitable tor starting a Computer frũm and should contain the operating System you wish to install on the Virtual machine if you wait to do that now The disk míl

be ejected frũm the Virtual drive automatically next time you svvitch the Virtual machine off, but you can also do this yourselt if needed using the Devices menu,

Windows Server 20 1Ẽ Datacenter EVAL en-us 1

[+J Right Ctrl TranThĩHien Windơws Server

Select start-up disk

Chọn ổ đĩa và nhấn Start

TranThiHien [Running] - Oracle VM VirtualBox □ File Machine View Input Devices Help

You have the Auto capture keyboard option turned on This will cause the Virtual Machine to automatically capture the keyboard every time the VM window is activated and make it unavailable to

I

The Virtual Machine reports that the guest os supports mouse pointer ĩntegratĩon This means that you do not need to Éapíurethe mouse pointer to be able to use it in your guest os — all mouse

Chọn Windows Server 2016 Standard Evaluation (Desktop Experience)

File Ma chi ne View Input Devices Help

You have the Auto capture keyboard option turned on This will cause the Virtual Machine to automatically capture the keyboard every tìme the VM window is activated and make it unavailable to

The Virtual Machine reports that the guest os supports mou se poĩnter integratĩon This means that you do not need to cạpỉure the mouse pointer to be able to use it in your guest os — all mouse *) Ộ3

ổi Windows Setup

Applicable notices and licenseterms

IMPORTANT NOTICE ỡollovved by UCENSE TERMS)

Diagnostic and Usage Iníormation Microsoít automatically collects this

information over the internet and uses it to help improve your instalI ation,

upgrade, and User experĩence, and the quality and securĩty of Mĩcrosott

Products and Services Consistent with these purposes, the intormation may

be associated with your organization Windows Server 2016 has íour (4}

intormation collection settings (Security, Basic, Enhanced, and Full), and uses

the 'Enhanced settĩng by detault This level ĩncludes ĩntormatĩon requĩred

to: (i) run our antimalvvare and diagnostic and usage intormation

technologies; (ii) understand device quality, and application usage and

compatibility; and (iii) identiíy quality issues in the use and performance of

the operatĩng System and applĩcatĩons.

V

accept the I cense terms

Next

TranThiHien WindữW5 Server [Running] - Oracle VMVirtualBox

File Machine View Inpưt Devices Help

Sau khi nhập mật khẩu cho administrator

Input Devices Help

Machine

Truy cập vào Windows 2016 trên VirtualBox

Mở Server Manager => chọn Manage => chọn Add Roles and Features

Chọn Active Directory Domain Services

Chọn Next 3 lần, chọn Install

TranThiHien [Running] - Oracle VM VirtualBox □

Windows Server 2016 Standard Evaluation Windows License valid for 180 days

@ © te ỂP í? Bí®®® HCURE ™ LChọn cờ thông báo và chọn Promote this server to a domain controller

File Machine View Input Devices Help

File and Storage Service

Coníiguration requĩred Installation succeeded on WIN-PIEOJ3E29NP.

Conỉiguration required tor Active Directory ưomam Services at WIN-PIEOBE29NP

this local server and íeatures

TranThiHien [Running] - Oracle VM VirtualBox □

Chọn Add a new forest => Nhập Test.local => Next

Domaỉn Controller Optĩons Addítional Options Paths

Select the deployment operation

Speciíỳ the domain intormation for thĩs operation

Ịĩestlocal

Deployment Configuration

o Add a domain controller to an existìng domain

o Add a new domain to an existỉng torest

® Add a new forest

More about deployment coníigurations

I < Previous

Next

TARGET SERVER WIN-PIEOJ3E29NP

I Cancel I andard Evaluation

validíor 130 days

Nhập mật khâu và chọn Next 2 lần

SÈi TranThiHien [Running] - Oracle VM VirtualBox

File Ma chi ne View Input Devices Help

TARGET SERVER WIN-PIEOBE29NP

E

Deploymenỉ ConRguration Domain Controller Options

DNS Opỉions

Additional Options Paths Revỉew Options Prerequisites Check

The NetBIOS domain name:

More about additional options

'revious I I Next Install 1 I Cancel andard Evaluation

valid for 180 days H01RE CTRL

Chọn Install

Mở Server Manager => Manage => Add Roles and Features (Như các bước ở bêntrên)

Chọn Active Directory Certiíicate Services

Chọn Add Features => chọn Next 2 lần

Chọn Certiíicate Authority và Certiíication Authority Web Enrollment

Chọn Add Features => Chọn Next 3 lần => Install

Chọn Coníigure Active Directory Certiíicate Services => Chọn Next

Chọn Certiíication Authority và Certiíicate Authority Web Enrollment => Chọn Next

Ở Private Key, chọn Create a new private key => Next => Next

TranĩhiHien [Runningl - Oracle VM VirtualBox

Chọn Coníigure => Close

Mở mmc

Chọn File => Add/Remove Snap-ins

Thêm các snap vào Console Root

Lưu file PKI

LAB 4.2: Cấu hình lớp ổ cắm an toàn

Chạy Windows Server ở Lab 4.1

Mở PKI => mở rộng Enterprise PKI => Chọn Test-WIN

Nháy đúp vào CA Certiíicate

Mở rộng Certiíication Authority (Local) và chọn Test-WIN-

Chọn Start => chọn Windows Administrative Tools => Internet Information Services(IIS) Manager

Thực hiện bước 5

Chọn Default Web Site => SSL

Settings

Chọn Default Web Site => Authentication

iHlWSí?ìfflRiohtCtrl

Chọn ServerName => Server Certiíicate

Chọn Default Web Site =>

Bindings

OSOcSSlRightcH

Chọn Default Web Site => SSL Settings =>chọn Require SSL => Apply

Thêm https ở cổng 443, chọn SSL certiíicate => OK

Conĩirm password:

I I User cannot change passroord

I I Password never expires

I I Account is disabled

0 User must change passwond at next logon

Windows Server 2016Standard Evaluati Windows License valid íor 179 dỉ Build 1439lrs1_release.161220-17

9:24 AM 1

» ĨS í- 12 /2S/2021 Right Ctrl

Tạo tài khoản user cho mục đích testing

TranThiHien [Running] - Oracle VM VirtualBox

File Machine View Input Devices Help

g ©taiẫ 1 ^ ^BS®(SEwitari

Nhập email cho tài khoản vừa tạo

LAB 4.4: Cấu hình chứng chỉ tự động đăng ký

Chạy Windows server VM ở lab 4.2

Mở PKI, thêm Group Policy Management

Thực hiện các yêu cầu ở bước 3

ra Cìl |£D 1 [ãìliOíCTÌ/^lTlDinhtrtrl

Click phải vào Default Domain Policy => Chọn Edit

Click vào Public Key Policy

Click phải vào Certiíicate Services Client - Auto-enrollment => chọn Properties

File Machine View Input Devices Help

File Action View Help Certificate Services Client - Auto-Enrollment Properties

PKI 1=J Deíault Domain Policy [WIN-PII

V Computer Conhguration

Enrollment Policy Contìguration

Enroll User and Computer certiíìcates automatically

"ì Preterences

V User Coníiguration Coníiguration Model: Enabled

: ĩ Software Settings

V j Windows Settings j^| Scripts (Logon/Li

V Security Settings

> ~ ì Public Key Po

> □ SoftwareRest r~| Polder Redirectio

Additional Stores Use *,* to separate multiple Stores For example:

■storel, Store2, storeý

Q Display User notitìcations for expiring certificates in User and machine

MY store

Windows Server 2016 Standard Evaluati

Windows License valid íor 179 da

Build 14S93.rs1_release.161220-17

B s Eì '3? l±J Right Ctrl

Thực hiện các yêu cầu ở cuối bước 3

Ở PKI console, mở rộng Certiíicate Authority (Local) => mở rộng ServerName =>Chọn Certiíicate Templates

Quay lại Console Root => Chọn Certiíicate Templates => Click phải User => ChọnDuplicate Template

33 certificate templates

o

l e

lỄSíS' RBSí^SlRiqhtcưi

Wmdows Server 2016 Standard Evaluati Windows License valid for 179 dẽ Build 14393.rs1_release.161220-17

ẫ] CertificateTemplates (VVIN-PIE 1

> Ểj Enterprise PKI

> > Certihcation Authority (Local)

> Internet Intormation Services (II

> -ẩ Group Policy Management

í®] Exchange tnrollment Agent ũ] Exchange Signature Only Exchange User

2 IPSec

■3 IPSec (Offlĩn e request) Á®] Kerberos Authentication Á®] Key Recovery Agent

53 OCSP Response Signing ÁẼ3 RAS and IAS Server '2 Root Certihcation Authority

2 Roưter (ữffline request) Á®] Smartcard Logon Á®] Smartcard User Á®] Subordinate Certiíication Authority í®] Trust ListSigning

line requ , CertiticateĩeniplatK

Mũre Actions

Thay đổi các thông số ở General

Thay đổi các thông số ở Request Handling tab

ga TranThiHien [Running] - Oracle VM VirtualBox □ File Machine View Input Devices Help

1 File Acticn View Help

Enterprise p KI 2^] Certification Authority (L Internet Iníormation Serv

í Group Policy Manageme

s PKI - [Console Root\Certific

ã File Action View Favq

Administrator Domain Admins (TESTXDomain Admins)

M Domaỉn Users (TESTXDomain Users) Mi

LertiticateTemplates (WIN

More Actions

Ở tab Security chọn Add

ga TranThiHien [Running] - Oracle VM VirtualBox □Nhập tên và chọn OK

Thiết lập quyền cho tài khoản vừa tạo => Chọn OK

Quay lại Certiíicate Authority (Local) => click phải vào Certiíicate Templates =>click New => click Certiíicate Template to Issue

Secure Email

IP security I KE intermedỉate

IP security IKE intennediate

Key Recovery Agent

OCSP Signing

Client Authentication, Server Authentication Client Authentication

Client Authentication, Smart Card Logon

Secure Email, Client Authentication, Smart Card Logon

Windows Server 2016 Standard Evaluati

Select one Certiíicate Template to enable on this Certiíication Authority.

Note: lf a certiticate template that was recently created does not appear on this list, you may need to wait until iníormation about this template has been neplicatedto all domain controllers.

All of the certiíicate templates ỉn the organization may not be available to your CA.

For more intormation, see Certiticate Template Concepts.

_=[ Detault

V ,{£ Con

«3 Certiíic Enterpr

_ J Certiíic

V Tesỉ

□

□ Internet Group I

Name

ị®) Exchange User

ãl IPSec IPSec (Off1ine request) Key Recovery Agent

£1 OCSP Response Signing RAS and IAS Server Router (Offline request)

Nháy đúp vào ServerName => Chọn Cancel

-ỳỢ A Notsecure| old.kali.org/kali-images/kalĩ-2016.2/kali-lĩnux-2016.2-i386/?fbclĩd=lwAR2sYda6dhR2cJ3wFILyqXRI

Index of /kali-images/kali-2016.2/kali-linux-2016.2-i386

Last modiíied Size Description

Parent Dưectorv kali-lmux-2016.2-i386.iso 2016-08-31 14:41 2.9G

-u kali-lmux-2016.2-i386.txt.shalsum 2016-08-31 14:42 69

Apache/2.4.2Ĩ (Debìan) Serxer at old.kali.org Port so

Tải Kali Linux

Name

Create Virtual Machine

Name and operating System

o Do not add a Virtual hard disk

@ Create a Virtual hard disk now

o Use an existing Virtual hard disk file

TranThiHien.vdi (hlormal, 50.00 GB)

Tạo một virtual machine có tên là Kali Linux TranThiHien => Chọn Create

Kali Li HUM TranThíHien [Povvered Off] 7

Create Virtual Hard Disk

File locatìon

C:\Users^dmin\VirtualBox VMstyíali Linux TranThiHienV<ali Linux TrariThiHien.vdi

25.00 GE

4.00 MB

2.00 TB ndi u uiùiik me Lỵpe

(•) VDI (VirtualBox Disk Image)

o HDD (Parallels Hard Disk)

o QED (QEMU enhanced disk)

□ LUI dye UI 1 pi lysiLđi 1 Idi u uiũãrt.

@ Dynamically allocated

o Fixed size Split into tìles of less than 2GB

Guided

Chọn VDI (Virtualbox Disk image), Dynamically allocated, set File size = 25GB =>Chọn Create

Machine Devices

Select start-up disk

Please select a Virtual optical disk file or a physical optical drive containing a disk to start your new Virtual madiine

from.

The disk should be suitable for storting a Computer from and should contain the operating System you wish tn install on the Virtual machine if you want to do that now The disk wíll

be ejected ftom the Virtual drive automatically next time you switch the Virtual machine off, but you can also do this yourselí if needed using the Devices menu.

kali-linux-2016.2-i3S6.iso (2.90 GB)

Chọn Kali Linux 2016 => Chọn Start

You have the Auto capture keyboard option turned on This will cause the Virtual Machĩne to automatically capture *)

“the quieter you

become, the more you are able to hear”

(686-pae) (686-pae failsafe) (forensic mode)

Instal1 _

Graphical install

Nhập Test.com => Chọn

Continue

File Machine View Input Devices Help

Coníigure the netvvork

Please enterthe hostname torthis System.

The hostname is a single word that identities your System to the netvvork If you dorít know what your

hostname should be, consult your netvvork administrator If you are setting up your own home netvvork,

you can make something up here.

Hostname:

|Test.com|

SQŨrỂPỔ’ s íí? o ® Right Ctrl

Nhập mật khẩu => Chọn

Continue

File Machine View Input Devices Help

You have the Auto capture keyboard option turned on This wiU cause the Virtual Machine to automatically ca p tu re the keyboard every time the VM (*)

The Virtual Machme reports that the guest os supports mouse pointer integration This means that you do not need to G5Ị£»tarethe mouse pointer

You need to set a passmord for root , the System administrative account A malicious or unqualitied User

with root access can have disastrous results, so you should take care to choose a root password that is

not easy to guess It should not be a word tound in dictionaries, or a word that could be easily

associated with you.

A good passvvord will contain a mixture of letters, numbers and punctuation and should be changed at

regular intervals.

The root User should not have an etnpty passvvord If you leave this empty, the root account wilI be

disabled and the system's initial User ácẽount will be given the power to become root using the "sudo"

command.

Note that you will not be able to see the password as you type it.

Root password:

*****

□ show Password in clear

Please enter the same root password again to verity that you have typed it correctly.

Re-enter password to verify:

□ show Password in clear

G3 ữ Cu /ặ I®

Eile Machine Vĩew Input Devices Help

F

-You ha ve the Auto capture keyboard option turned on This will cause the Virtual Machine to automatically capture the keyboard every time the VM ộũ

The Virtual Machine reports that the guest os supports niouse pointer integratĩon This means that you do not need to capturethe mouse pointer 1*) '53

Partĩtion disks

The installer can guide you through partitioning a disk (using ditíerent Standard schemes) or, if you

preter, you can do it manually vvith guided partitioning you wiII still have a chance later to révievv and

customíse the results.

If you choose guided partitioning for an entire disk, you will next be asked vvhich disk should be used.

Partitioning method:

Guided - use entire disk

Guided - use entire disk and set up LVM

Guided - use entire disk and set up encrypted LVM

Manual