Scribd Logo
Upload

Welcome to Scribd!

  • Scenario: Bots On The LAN: Description

    Uploaded by

    Abdias Vazquez Martinez
    10 views6 pages
    labs 1

    Original Title

    labs 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    labs 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views6 pages

    Scenario: Bots On The LAN: Description

    Uploaded by

    Abdias Vazquez Martinez
    labs 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

     

    Lab 1
    Scenario: Bots on the LAN

    Overview

    Description
    This lab introduces you to the Pravail NSI installation, initial
    configuration and upgrade processes. You will learn about essential steps
    performed. This lab is divided into the following parts:
    • Installation of Pravail NSI Controller
    • Initial CLI configuration using wizard

    • Upgrade process
    • Alert monitoring

    Setup

    Internet

    pcc0

    LAN

    L1-1
    Student 17
    Pravail NSI Installation, Initial configuration and Upgrade
    Lab 1

    In this lab Pravail NSI controller will be getting mirrored traffic to pcc0
    interface. Interfaces are connected in the following way:
    • pcc0 is receiving copies of packets on the internet connection
    • mgt0 is connected to out-of-band management network. It is also
    used for Pravail NSI controller to access the internet

    Objectives
    After completing this lab, you will be able to do the following:
    • Perform installation and initial configuration of Pravail NSI controller;
    • Perform upgrade of Pravail NSI;

    • Monitor Pravail NSI alerts.

    Equipment/Tools
    The following equipment is required to complete this lab:
    • web browser (Chrome or Firefox)
    When accessing training labs, you will be prompted for Training Portal
    Authentication. Use following credentials:
    • Login: student17
    • Password: 44AYJCgf82

    Estimated Completion Time


    • The estimated completion time for this lab is 1 hour.

    Pravail NSI Installation

    Serial console access


    In this section you will use web SSH client to connect to the console server,
    managing serial console port of your Pravail NSI Controller lab appliance.
    Console server address: https://cli.training.arbor.net/ssh/
    Host/IP: 10.2.25.129
    Port: 22
    User: student17
    Password: 44AYJCgf82
    L1-2 Student 17 Pravail NSI 5.5
    Lab 1 Pravail NSI Installation, Initial configuration and Upgrade

    1. To access Pravail NSI Controller serial console press 2

    2. After you have successfully completed step above, ask instructor to


    start your Pravail NSI Controller instance

    Installation process
    In this section we will perform initial installation steps. These steps are
    typically performed on new Pravail NSI appliance after power on.
    1. Wait while Pravail NSI installation process prepares hard drive and
    copies necessary software packages. This process may take up to half
    an hour.
    2. Set system hostname to NSI-LAB17
    3. Set IP address of mgt0 interface to 10.2.25.147
    4. Set Network mask of interface mgt0 to 255.255.255.128
    5. Skip media setting for interface mgt0 (press Enter)
    6. Skip IP configuration for interface flow0 (press Enter)
    7. Set default gateway to 10.2.25.254
    8. Skip BGP, FTP and HTTP ACL configuration (press Enter)
    9. Permit HTTPS access from any network – type 0.0.0.0/0 as the first entry
    and confirm that there are no more entries by pressing enter for [done]
    10. Permit ICMP Ping access from any network – type 0.0.0.0/0 as the first
    entry and confirm that there are no more entries by pressing enter for [done]
    11. Skip SNMP, Telnet, TFTP and VRRP ACL configuration (press Enter)
    12. Permit SSH access from any network – type 0.0.0.0/0 as the first entry and
    confirm that there are no more entries by pressing enter for [done]
    13. Check that current date/time matches actual clock in UTC time zone.
    Format of the string is MMDDhhmm[[CC]YY][.ss]

    Initial CLI configuration


    In this section, you will learn how to perform initial system configuration
    via CLI. This includes changing admin user password, configuring DNS
    service, entering license key and starting Pravail APS service.
    1. Log into the CLI using default login credentials of admin/arbor
    2. Use services aaa local password admin interactive command to
    change admin user password. Change admin password to 44AYJCgf82

    Student 17 L1-3
    Pravail NSI Installation, Initial configuration and Upgrade
    Lab 1

    3. Configure 8.8.8.8 as your dns server using services dns server add
    8.8.8.8 command
    4. Set license key using following command (license key is typically
    provided by ATAC)
    / system license set Pravail-NSI "nsi-model: PRA-NSI-5110 expires: 1451679614"
    4RDSW-S1SHY-NTEAG-PTKA9-T19KB-8YEK2-E2DEH-BBZCN-SKX7Y
    5. Initialize Pravail NSI databases
    services nsi database initialize
    6. Configure interface pcc0 as a promiscuous interface
    services nsi interface add pcc0 promisc
    7. Bring interface pcc0 up
    ip interfaces ifconfig pcc0 up
    8. Configure Pravail NSI shared secret to student17
    services nsi secret set student17
    9. Change system time zone to local
    system timezone set
    10. Start Pravail NSI service
    services nsi start
    Initial start of Pravail NSI service may take few minutes.
    11. Save configuration
    config write

    Initial GUI configuration


    1. Log into https://pod17.training.arbor.net/
    using credentials you have configured. Note that you will be presented
    with proxy authentication first, use your student login: student17
    2. Navigate to Settings->General page. Make sure that date format is set
    conveniently to you.
    3. Configure 10.2.25.129 as SMTP server.
    This will clear up alert you may be getting after initial installation.

    L1-4 Student 17 Pravail NSI 5.5


    Lab 1 Pravail NSI Installation, Initial configuration and Upgrade

    Pravail NSI upgrade


    As a part of this training, we will perform system upgrade. Typically
    upgrade files are uploaded through GUI (Settings->Files), but for sake of
    simplicity we will use direct transfer from remote file server.
    1. Upgrade files are located on local anonymous FTP server 10.2.25.129.
    To copy files to your Pravail NSI appliance, use following commands:
    system files copy ftp://10.2.25.129/arbos-5.3-EAJB-x86_64-vlab
    disk:
    system files copy ftp://10.2.25.129/Pravail-NSI-5.5.1-EAJB-x86_64
    disk:
    2. Stop Pravail NSI service using services nsi stop
    3. Save configuration (config write)
    4. Uninstall old Pravail NSI package using system files uninstall
    command. You can find exact names of installed packages in system
    file show list.
    5. Install new Arbos package using
    system file install disk:arbos-5.3-EAJB-x86_64-vlab
    6. After installation of new Arbos package immediately reboot appliance
    with reload command. WARNING: do not save system configuration
    after installation of new Arbos package until you reboot the device.
    7. Install new Pravail NSI package using
    system file install disk:Pravail-NSI-5.5.1-EAJB-x86_64
    8. Start Pravail NSI service
    services nsi start
    9. Save configuration (config write)

    Alert monitoring
    1. After few minutes of Pravail NSI operation check ongoing security-
    related alerts. Navigate to Explore->Alerts and select Active alerts of
    Security type.
    2. Use dropdown menu of any AIF related alert to study Rule Details
    3. Click View Alerts for any client listed
    4. Click View Flows to see original flow records that generated given
    alert

    Student 17 L1-5
    Pravail NSI Installation, Initial configuration and Upgrade
    Lab 1

    This completes the lab exercise.

    L1-6 Student 17 Pravail NSI 5.5

    You might also like