Laboratory 4: Configuring a Firewall
In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall “zones” to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.
For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).

NIXENT01 (Enterprise) is a CentOS 7 machine. CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.
NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.)
Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows:

NIXENT01 (Enterprise)

Service

Associated IP Address

domain, telnet

192.168.10.10

http, https

192.168.10.20

ftp, imap2, imaps, pop3, pop3s, urd

192.168.10.30

Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows:

NIXEXT01 (External)

Service

Associated IP Address

domain, telnet

192.168.10.210

http, https

192.168.10.220

ftp, imap, imaps, pop3, pop3s, urd

192.168.10.230

The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content.
Allocating the Lab Machines
Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page.

1. Look for “INFA 620” and select “Nodes.”

2. Select “Allocate Lab” *this should take no more than 1 minute.*

*Please Note* Allocated lab resources expire in 7 days. If a lab expires, work done within the lab machine.

Connecting to the Lab Machines
1. Within the Lab Broker interface, view the current allocated nodes for INFA 620

2. Use the “Connect” button to initiate a connection to each of the two machines:

3. When prompted, enter the course credentials:

a. Username: StudentFirst

b. Password: Cyb3rl@b