This is web page for the Locked Shields preparation tracks of Speciality Course II part of Cybersecurity Master's program at TTÜ.
In 2018 Spring this track is supervised by Lauri Võsandi at the hackerspace.
The goal of the course is to give enough preparation for students who want to participate in the Locked Shields test-run in the end of April as blue team members. Few of the students will get to participate as blondies in the actual run.
Prerequisites: fair understanding of networking, self-sufficient work style, good Googling skills
This is a hands-on course giving you opportunity to learn couple of following topics:
- Network build-up, setting up routers, switches and AP-s
- Hardware build-up, setting up virtualization and VM-s
- Setting up AD-style domain, setting up policies
- Setting up logging, monitoring and packet capture
- Setting up configuration management and customized OS deployment
- Skimming network and infrastructure for vulnerabilities and mishaps
- Certificate management; HTTPS, VPN-s and 802.1x with certificates
Instead of traditional lectures there will be weekly meetings to keep track of the progress. The labs will be held at Akadeemia tee 21/1 fifth floor. Active students will get 24/7 lab access.
Tasks for people who are not going to take part of LS
Track your progress here
Lab timeslots: Mondays 15:00-17:00, Wednesdays 16:00-18:00, Fridays 15:00-17:00
Note: using VPN you can access the intranet from home as well
Some of the infra is already up and running, namely AD-compliant domain controller, web servers, this wiki etc.
There are couple tasks that needs to be taken care of:
- Create Windows GPO-s for installing software used at the hackerspace
- Create Puppet/Ansible profiles for the Ubuntu desktops used at the hackerspace
- Set up management network for management consoles of UPS-es, switches, routers, servers etc.
- Add all Ubuntu boxes to Puppet master
- Set up monitoring, see more information at Monitoring. Tedel & Sasan, host up at 172.20.8.144 behind VPN, Tedel's key added
- Set up central logging for all the boxes at the hackerspace with Elastic Stack. Host up at 172.20.8.197, Brady's key added, but Brady went to LS
- Set up observium. Chinmay, host up at 172.20.8.139, Chinmay's key added
- Set up burglar alert, more info at Surveillance
- Find suitable method and set up Windows deployment over network (MS tools, Clonezilla, etc)
- Set up packet capture box, Roman configures switches and Thilina configures Moloch
- Set up IDS/IPS
- Fine-tuning mailserver config (graylisting, spamhaus etc)
- Set up simple event correlator and generate alerts
- Configure as IPSec gateway to k-space network
- Report on Alienvault by Rohin Sambath Kumar ( https://wiki.k-space.ee/index.php?title=User:Rosamb )
- <insert your own idea here>