Create a VMware Practice Image Project

jim The STEAM Clown's Cyber Pirates

"Create A VMware Practice Image Project"

Project Overview & Goals:

This project is an effort for my SVCTE Cybersecurity class to build some VMware practice images as they learn about securing an host PC or server system.  CyberPatriot is an Awesome organization, but tend to hold their practice images very close, and only release them for a limited time.  This project is an attempt to provide my students with the opportunity to:
  1. Learn about Cybersecurity by building their own VMware OS images
  2. Participate in a significant and robust project where they have to
    • Document the steps to create their base OS image, and then update the OS image with  "flaws" and security vulnerabilities
    • Create the step by step solution and tutorial to solve and correct these "flaws" and security vulnerabilities
    • Additionally, they will gain experience applying their Python coding knowledge, as they develop modules for the Python scoring engine we are going to build

What and Who is Cyber Patriots: 

CyberPatriot is the National Youth Cyber Education Program.

At the center of CyberPatriot is the National Youth Cyber Defense Competition. The competition puts teams of high school and middle school students in the position of newly hired IT professionals tasked with managing the network of a small company. In the rounds of competition, teams are given a set of virtual images that represent operating systems and are tasked with finding cybersecurity vulnerabilities within the images and hardening the system while maintaining critical services in a six hour period.  Teams compete for the top placement within their state and region, and the top teams in the nation earn all-expenses paid trips to Baltimore, MD for the National Finals Competition where they can earn national recognition and scholarship money.

How to Use This Project 

This project and tutorial will be designed with some step by step labs that will help you create a Virtual Machine image that can be used to practice your Cyber and OS security skills.  We will outline the Student deliverables, and organize each step into a set of labs.  If you have any questions or comments, please don't hesitate to contact me.

Student Deliverables

The goal is for individual students or teams to create practice Virtual Machine OS images that can be used to prepare for a real CyberPatriot competition.  These are either Windows or Linux OS configurations, that have security "flaws" that need to be corrected.  Students will deliver a set of pre-created images with the following features:

  1. base and modified VMware OS image
  2. Image overview and game scenario <-- Provides an overview of the Company or organization who owns the PC/Server, Authorized Users Users, and System / User use requirements.
  3. Scenario questions <-- a few questions to drive learning
  4. Hints
  5. Answer Key
  6. Tutorial on how to study for, discover, and fix "flaws"
A secondary goal is to Create a Web based, python coded scoring engine that can be run while students are running the Virtual Machine image

Project teams
  1. Gillman, Giovanni, Ryan
  2. Nikolas, Christy, 
  3. Collin, Corbin, Dameon
  4. Diallo, Jimmy, 
  5. Aiden, Ruben, Will
  6. Andrew, Eric
  7. Carlos, Brian
Robert, what team were you on?

LAB #1

Installing the OS image

  1. As a team, pick 2-3 different OS ISO images.  Windows (Win7 or  Win10), Ubuntu, and then any other OS image, like Kali, Debian, etc. (note to jTSC: Add links to the OS sites for the ISO image)   Floating around on the class USB sticks are ISO images that have been downloaded for you.  Pick one. for each team member.
  2. Install the image in a Virtual Machine. 
    1. Install with all the DEFAULT settings.  Keep track of what you selected for each setting
    2. When you create the image use the following UserName and Password for the Admin Account
      • AdminUserID = CyberPirateAdmin
      • Password = CyberPirate109!
(note to jTSC: Add links to tutorial or video of the process with one OS image)

Verify the VM Image is installed correctly

  • When you are satasfied that the VM image is installed, before yo make any additional changes, close the VM
  • The reopen and restart it.  this will insure you are able to still log in as the "CyberPirateAdmin", with the password CyberPirate109!
  • Now please close the image again

Now make a copy of the VM Image

This step is to prove that you can copy the image and are able to reopen it.  this is important, because when you are finished adding any "flaws" and vulnerabilities, you will need to be able to copy and ZIP up the image
  • Copy the directory where the VM was created.  If you installed the VMware tools and left the default location for VM projects, this will be in your Windows (on a windows host machine) documents directory.  See C:\Users\STEAM-Clown\Documents\Virtual Machines\<YourVirtualImageDirectoryName>.

  • Your virtual Image directory may have a different name, but copy <YourVirtualImageDirectoryName>. to, say, the desktop.
  • At this new location reopen your VMware program and then select "Open a Virtual Machine"
  •  You will be asked if you "I moved it" or "I copied it".  When in doubt, always select "I copied it"


    1.  
    2.  
    3.  
    4. Then create another User  with Administration privileges
      • AdminUserID = CyberPirate
      • Password = Pa$$w0rd!
    5.  

Image and game scenario

The goal is to create a fun "scenario" that adds some back ground to your story.  The following is an example scenario.  The back story is created and potential "hints" at some of the areas to look to fix any "flaws" or vulnerabilities are introduced.  A list of valid users is provided and their user credentials and digital rights are listed.



Demonstration Image: Windows 7 Environment on VMware

You have recently been hired with a new company, The Republic.  They have recently gone through some difficulties with hiring and firings, as well as potentially the victim of corporate espionage.  You have been hired to set things straight, bringing order to their system, affectionately called the Galactic Concordance. Please follow the following directions to be an ‘IT Administrator’ bringing peace and harmony.  Your account already exists, please make your password to “CyberPatriot!” without the quotation marks.

A bright, up and coming young IT administrator named Kylo Ren was recently hired away to a competing company, called the First Order.  Because of the conditions of the departure, there is belief he may have planted some malware.  As well, the company is worried that he may have allowed himself to retain some remote access.  Go through and make sure remote access has been disabled as well as Telnet.  We also had to terminate Han Solo and we don’t know if he was involved with the situation, but he was just dying under the workload, so he needed to leave The Republic anyhow.  Go through and disable their accounts and go through the files to detect and remove any malware that you find.  While disabling Kylo’s account, make sure that only employees of the company have access, make sure they have passwords (make “CyberPatriot!”), and make sure they have the permissions indicated after their name.

Employees of the Company
Luke Skywalker - Recent hire
Leia Organa - Manager - standard user
Rey - New Hire - standard hire
BB-8 - IT Administrator
R2-D2 - IT Administrator

The other two new IT Administrators needed for safety and repair are BB-8 and R2-D2, and they work very hard, they are like machines they get so much done!  Also Leia Organa acts like a princess sometimes, but she is quite the leader and business manager in the company. She was working on special projects, specifically on Alderaan, but after the project was broken up, has now been switched to the CEO’s cabinet and is now in charge of communications, so needs ‘read’ access to all folders to see what is going on, but only ‘write’ access to the communications folder.

Finally, in the wake of Kylo’s now apparent lack of attention to protection and company policy, make sure all updates to the system and firewall are current.  Also make sure all game and music files have been removed.

Scenario Questions

Forensic Questions:
  1. List any user accounts you removed from this system, one per line:

Hints


Answer Key

The Answer Key is where you provide the specific answers for this OS Image scenario.  Each answer in the key should include the following:
  1. List the specific Item that should be fixed
  2. Step by step instructions on how to "break" it
  3. Step by step instructions how do I find this problem?
  4. Step by step instructions how do I fix this problem?
  5. Why is fixing this problem important?
  6. Is there a command line method to text if this problem is fixed or access the status of it?
Here is an example:
  • Guest account has been secured: 10 pts. 
    • How do I find this problem? - Securing Guest accounts is a good cybersecurity practice in general. 
    • How do I solve this problem? - Open the Start Menu and access the Control Panel. Click on "User Accounts" -> "Manage another account." Click on the Guest account. On this page, click the option to "Turn off the guest account." 
    • Why is fixing this problem important? - Guest accounts allow any individual to log on to a computer anonymously. While someone using this account may not be able to directly access other users' information, he or she may still disrupt the resources of the local computer. The Guest account allows individuals to access the computer more easily, and its anonymity makes it harder to hold them accountable for inappropriate actions.
    • Command line method to check this item status: - show the command line method to test for the status of this item.

Tutorial & Checklist

The Tutorial & Checklist is a comprehensive list of "how To" entries that explain how to do specific common tasks to fix, secure and manage an operating system image.
 

Virtual Machine Scoring Engine

Notes & Work in progress:

 Working list of Flaws:

Users have access to installation - beginner
Users have access to uninstallment - beginner
Admin does not have access to certain privileges - intermediate
Certain websites aren’t blocked - intermediate
Admin doesn’t have password - beginner
Users have access to the internet - beginner
Users have access to the control panel - intermediate
Limited download size - intermediate
Unidentified hardware devices can not be plugged in - intermediate
Users can change the password of other users - intermediate

 Admin has no password
● Unauthorized user is there
● Check for anything unauthorized
○ Such as Mp3 files
○ Viruses
○ Remote Host
● Update firewall
● Connect to Wifi
● Phishing e-mails
● Block restricted sites

 1. Passwords that are poor (easy)
2. No passwdz (E
3. Set passwords according to the rules E
4. Make the person change the password rules [I
5. Edit sharing permissions I
6. Make the .DMG not able to w or x mp3s. Advanced
7. Make them look for unauthorized files in the other users directories E
8. Use the password recycle rule and edit it. E
9. Look for unauthorized accounts. E
10. Look for banned files. E
11. Get anti-virus software if needed. I
12. Quit all unauthorized processes I
13. Uninstall all redundant and unnecessary applications. I
14. Get rid of torrents E

 Beginner:
1. Weak or Default Passwords
o Leave admin password to default
2. Misconfigured Firewall
o Accepting all incoming connections
3. Unused services and open ports
o Leaving port open to access the system remotely
4. Ransomware on Browser opening
o Pre-package the system to contain a ransomware file disguised as the default browser
5. Every user has administrative privileges (Excessive privileges)
o Automatically grant all new users full access
6. Lack of Malware Protection
7. Weak or nonexistent drive encryption
8. Clickjacking
Intermediate:
9. Missing Patches
o Set the system not to automatically update
Expert:
10. Hidden Backdoor
o Leave a backdoor to the system

 cloud is not safe it creates new security problems
Actual strong passwords are important so having a shitty password would be a vulnerability
Automatic wifi connecting
Disabling Firewalls, and Windows defender
Leave cookies and automatic saving passwords on the internet
Having all accounts have admin access
Have any authentication systems off or removed
Injection flaws
Having direct hacking by someone placing usb in computer or something of that sort
Using software that is known to have vulnerabilities

  1. Avoid Updates -
● Beginning
2. Keep Old Versions of Applications -
● Beginning
3. Disable User Account Control (UAC) Features -
● Intermediate
4. Double-Click Everything -
● Beginning
5. Download Random Programs From Anywhere -
● Intermediate
6. Open up your Wi-Fi to everyone! -
● Beginning
7. Surfing on an Administrator - Enabled Account-
● Intermediate
8. Continuing to Use Windows XP -
● Beginning
9. Using the Same Password. Everywhere -
● Beginning
10.Not Using Antivirus Software -
● Intermediate
Beginning
Admin Password
User Setting
Update Browser
Setup Password setting
Change Date back to normal

Immediate
Update Firewall
Remove Video/Media
Uninstall a software that Repeated Play a Song or Sound
Change Language back to normal
Remove remote Bluetooth
Change Public Wifi to Private
Set a website that will ping the IP of the VM

Advance
Remove viruses or Malware
Installing an Antivirus program
Remove advance Host
Disable Software on Machine that cause problems
1. Unprotected users - beg
2. Admin doesnt not have a password -beg
3. Have a rat on there that would start when clicking on control panal - xpert
4. Have zero virus protection - beg
5. Have a timer on the side that counting down 15 min and after the 15 ed a ddos attack
happens -xpert
6. Have adware pop up on the screen until they disable and uninstall - inter
7. Have a harmless virus installed on the image - inter
8. Have unwanted add-ons in the web browser - inter
9. Have a fake password capture pop up on boot up that send password to bad people -
inter
10. Have a fake bank account statement pop up and push them to sign into their account in
which the computer has a key logger - xpert
11. Have a lot of vulnerable system files -inter
12. Make every password simple and the same- inter
13. Have installed programs automatically enabled- xpert
14. Have the browser stay logged into admin email - inter
15. Have a whole bunch of websites and tabs open with un updated antivirus
- All accounts have admin rights - int
- Internet explorer is installed - beg
- No users have passwords - beg
- All users in a meme workgroup instead of the right one - int
- All ports open - int
- Firewall off - beg
- No antivirus installed - beg
- No admin password - beg
- No dank memes - EXTREMELY ADVANCED CONCEPT
- FTP server up - adv
- Literally viruses on the computer - int
- Videos/illegal media on the computer - beg
- Desktop background a meme - beg
- Wrong screen resolution - beg
● Users that have access to the computer do not have passwords - beginner
○ Create passwords for each user
● Users that aren’t admins have admin powers - beginner
○ Take away admin powers from any users that should not have access to it
● Malware protection isn’t fully updated - inter
○ Update malware protection
● Secure guest accounts - beginner
● Provide rules for password strength - inter
● Close/ Delete programs that aren’t supposed to be on the computer - Inter
● Delete pictures and videos that should not be on the computer - beginner
● Forget wifi networks that shouldn’t be used - beginner
● Update software protection - beginner
● Make sure the computer has the date and time - beginner
Beginners -
● Admin has no passwords
● Unwanted users
● The date is set to 100 years back
● Unwanted files, picture, videos, etc…
● Has a bad, not secure passwords
Inter -
● No virus or malware protection
● Files that cannot be deleted
● Users who are not allowed to access areas can access it
● Add virus that copies files
● The browser does not work
● Video cam doesn’t work
Expert -
● Can’t connect to wifi
● Automatically connects to wifi
● touchpad or mouse doesn’t work
● Skype security

1. Windows defender off
a. Beginner
b. Turn off windows defender
2. Firewall off
a. Beginner/Intermediate
b. Turn off firewall
3. Admin has no password
a. Beginner
b. Delete admin’s password
4. Users are admin when not supposed to be
a. Beginner
b. Make users admin
5. There is a web server running that is not supposed to be
a. Expert
b. Have a web server in the startup folder
6. Internet explorer is the default browser
a. Beginner
b. Default
7. No ports are blocked
a. Intermediate
b. Change firewall settings
8. There is media on the computer that shouldn’t be on it
a. Beginner/Intermediate depending on the implementation
b. Put media on the machine
9. There is an FTP server running
a. Expert
b. Same as 5
10. There is a remote desktop instance installed on the machine
a. Expert
b. Make a remote desktop instance

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Posts (Atom)