Title | LAB1-Lab-Setup - Dcs02 001 |
---|---|
Author | HUSSAIN MUHAMMAD ZUN / UPM |
Course | Computer and Network Security |
Institution | Universiti Putra Malaysia |
Pages | 6 |
File Size | 417.3 KB |
File Type | |
Total Downloads | 293 |
Total Views | 542 |
LAB 1: CSF-4613 Security Intelligence: Virtual machines.Student Name: Click or tap here to enter text.Student ID: Click or tap here to enter text.Lab Objectives: In this lab, you will download the two virtual machines thatyou will need to complete the practical labs throughout the semester. Also,you...
CSF-4613
Security Intelligence
Lab 1
LAB 1: CSF-4613 Security Intelligence: Virtual machines. Student Name: Click or tap here to enter text. Student ID: Click or tap here to enter text. Lab Objectives: In this lab, you will download the two virtual machines that you will need to complete the practical labs throughout the semester. Also, you will be accessing the IBM QRadar server (VM) interface using Putty and internet browser (Internet Explorer). Our lab's environment throughout the semester uses the following two virtual machines (VMs). You need to download these machines as the instruction given by your instructor. QRadar SIEM server, a virtual machine running IBM Security QRadar SIEM 7.2 licensed program running on Red Hat Enterprise Linux server 6.3 licensed program. Windows DC, a virtual machine running Microsoft Windows 2008 Enterprise Server x64 Edition Service Pack 1 licensed program with PuTTY licensed program and Mozilla Firefox licensed program used to access the QRadar SIEM virtual machine.
Azure Lab Setup Check your email and look for an email form Microsoft Azure. Click on the Register for the lab to have access the above virtual machines. Once you register, click on the highlighted switch below to start your virtual machine.
Once the VM is running, click on the computer icon on the lower right corner.
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 1
Save the remote desktop (.rdp) file on your course folder for future uses. Double click on the .rdp file and click on Connect.
Type the password CIS@vlab2 then click on Yes Double click on Hyper-V Manager You should see the following two Virtual machines:
Highlight one of the machines, right click then click on connect.
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 1
Then Click on start. Repeat the previous step for the second machine.
Logging in to the Windows VM To log in to the Windows VM, use the following credentials: User name: Administrator Password: Object00 Note: If the mouse locked on the VM desktop, press Ctrl+Alt+Del on the keyboard at the same time to release it.
Logging in to the QRadar SIEM server VM from the windows VM To log in to the QRadar SIEM server VM from the Windows VM, use the following steps and credentials: 1. On the Windows VM desktop, double-click the PuTTY icon.
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 1
2. Double-click the QRadar saved session, or click on the QRadar then click on Open.
3. Use the following credentials to log in to the QRadar SIEM server: User name: root Password: object00
Logging in to the QRadar SIEM console To log in to the QRadar SIEM console, perform the following steps:
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 1
On the Windows VM desktop, open the Firefox web browser. The browser opens the QRadar SIEM console.
End of the lab
Review Questions: The following questions are based on this lab activity, week 1 and week 2. Q1. What is the operating system that IBM Security QRadar SIEM 7.2 software is running on? Click or tap here to enter text.
Q2. What is the operating system that used an interface to access the QRadar SIEM virtual machine? Click or tap here to enter text.
Q3. What is the name of the command line program that used to access the QRadar SIEM virtual machine in this lab? Click or tap here to enter text.
Q4. List three tasks that can IBM Security QRadar performs: Click or tap here to enter text.
Q5. List the four domains of the IBM Security Framework: Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 1
Click or tap here to enter text.
Q6. Regarding the IBM security Maturity categories of integration quadrant model, ___________ security is layered into the IT fabric and business operations. A. B. C. D.
☐ Basic ☐ Proficient ☐ Optimized ☐ Intelligence
Q7. Which of the following is the correct order for an attack chain? A. B. C. D.
☐ Break-in – Latch-on – Exfiltrate – Expand – Gather ☐ Break-in – Gather – Latch-on – Exfiltrate – Expand ☐ Break-in – Latch-on – Expand – Gather – Exfiltrate ☐ Break-in – Latch-on – Gather – Exfiltrate – Expand
Q8. What is Security Intelligence? Click or tap here to enter text.
Instructor/ Student Lab Manual
Ayman Ahmed...