LAB1-Lab-Setup - Dcs02 001 PDF

Title	LAB1-Lab-Setup - Dcs02 001
Author	HUSSAIN MUHAMMAD ZUN / UPM
Course	Computer and Network Security
Institution	Universiti Putra Malaysia
Pages	6
File Size	417.3 KB
File Type	PDF
Total Downloads	293
Total Views	542

Preview

CLICK TO PREVIEW PDF

Summary

LAB 1: CSF-4613 Security Intelligence: Virtual machines.Student Name: Click or tap here to enter text.Student ID: Click or tap here to enter text.Lab Objectives: In this lab, you will download the two virtual machines thatyou will need to complete the practical labs throughout the semester. Also,you...

Description

CSF-4613

Security Intelligence

Lab 1

LAB 1: CSF-4613 Security Intelligence: Virtual machines. Student Name: Click or tap here to enter text. Student ID: Click or tap here to enter text. Lab Objectives: In this lab, you will download the two virtual machines that you will need to complete the practical labs throughout the semester. Also, you will be accessing the IBM QRadar server (VM) interface using Putty and internet browser (Internet Explorer). Our lab's environment throughout the semester uses the following two virtual machines (VMs). You need to download these machines as the instruction given by your instructor.  QRadar SIEM server, a virtual machine running IBM Security QRadar SIEM 7.2 licensed program running on Red Hat Enterprise Linux server 6.3 licensed program.  Windows DC, a virtual machine running Microsoft Windows 2008 Enterprise Server x64 Edition Service Pack 1 licensed program with PuTTY licensed program and Mozilla Firefox licensed program used to access the QRadar SIEM virtual machine.

Azure Lab Setup  Check your email and look for an email form Microsoft Azure. Click on the Register for the lab to have access the above virtual machines.  Once you register, click on the highlighted switch below to start your virtual machine.

 Once the VM is running, click on the computer icon on the lower right corner.

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

 Save the remote desktop (.rdp) file on your course folder for future uses.  Double click on the .rdp file and click on Connect.

 Type the password CIS@vlab2 then click on Yes  Double click on Hyper-V Manager  You should see the following two Virtual machines:

 Highlight one of the machines, right click then click on connect.

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

 Then Click on start. Repeat the previous step for the second machine.

Logging in to the Windows VM To log in to the Windows VM, use the following credentials:  User name: Administrator  Password: Object00 Note: If the mouse locked on the VM desktop, press Ctrl+Alt+Del on the keyboard at the same time to release it.

Logging in to the QRadar SIEM server VM from the windows VM To log in to the QRadar SIEM server VM from the Windows VM, use the following steps and credentials: 1. On the Windows VM desktop, double-click the PuTTY icon.

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

2. Double-click the QRadar saved session, or click on the QRadar then click on Open.

3. Use the following credentials to log in to the QRadar SIEM server:  User name: root  Password: object00

Logging in to the QRadar SIEM console To log in to the QRadar SIEM console, perform the following steps:

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

 On the Windows VM desktop, open the Firefox web browser.  The browser opens the QRadar SIEM console.

End of the lab 

Review Questions: The following questions are based on this lab activity, week 1 and week 2. Q1. What is the operating system that IBM Security QRadar SIEM 7.2 software is running on? Click or tap here to enter text.

Q2. What is the operating system that used an interface to access the QRadar SIEM virtual machine? Click or tap here to enter text.

Q3. What is the name of the command line program that used to access the QRadar SIEM virtual machine in this lab? Click or tap here to enter text.

Q4. List three tasks that can IBM Security QRadar performs: Click or tap here to enter text.

Q5. List the four domains of the IBM Security Framework: Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

Click or tap here to enter text.

Q6. Regarding the IBM security Maturity categories of integration quadrant model, ___________ security is layered into the IT fabric and business operations. A. B. C. D.

☐ Basic ☐ Proficient ☐ Optimized ☐ Intelligence

Q7. Which of the following is the correct order for an attack chain? A. B. C. D.

☐ Break-in – Latch-on – Exfiltrate – Expand – Gather ☐ Break-in – Gather – Latch-on – Exfiltrate – Expand ☐ Break-in – Latch-on – Expand – Gather – Exfiltrate ☐ Break-in – Latch-on – Gather – Exfiltrate – Expand

Q8. What is Security Intelligence? Click or tap here to enter text.

Instructor/ Student Lab Manual

Ayman Ahmed...