LAB1 Lab Setup Solution PDF

Preview

Summary

LAB 1: CSF-4613 Security Intelligence: Virtual machines.Student Name: Ayman AhmedStudent ID: HLab Objectives: In this lab, you will download the two virtual machines thatyou will need to complete the practical labs throughout the semester. Also,you will be accessing the IBM QRadar server (VM) interf...

Description

CSF-4613

Security Intelligence

Lab 1

LAB 1: CSF-4613 Security Intelligence: Virtual machines. Student Name: Ayman Ahmed Student ID: H0011122233 Lab Objectives: In this lab, you will download the two virtual machines that you will need to complete the practical labs throughout the semester. Also, you will be accessing the IBM QRadar server (VM) interface using Putty and internet browser (Internet Explorer). Our lab's environment throughout the semester uses the following two virtual machines (VMs). You need to download these machines as the instruction given by your instructor.  QRadar SIEM server, a virtual machine running IBM Security QRadar SIEM 7.2 licensed program running on Red Hat Enterprise Linux server 6.3 licensed program.  Windows DC, a virtual machine running Microsoft Windows 2008 Enterprise Server x64 Edition Service Pack 1 licensed program with PuTTY licensed program and Mozilla Firefox licensed program used to access the QRadar SIEM virtual machine.

Azure Lab Setup  Check your email and look for an email form Microsoft Azure. Click on the Register for the lab to have access the above virtual machines.  Once you register, click on the highlighted switch below to start your virtual machine.

 Once the VM is running, click on the computer icon on the lower right corner.

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

 Save the remote desktop (.rdp) file on your course folder for future uses.  Double click on the .rdp file and click on Connect.

 Type the password CIS@vlab2 then click on Yes  Double click on Hyper-V Manager  You should see the following two Virtual machines:

 Highlight one of the machines, right click then click on connect.

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

 Then Click on start. Repeat the previous step for the second machine.

Logging in to the Windows VM To log in to the Windows VM, use the following credentials:  User name: Administrator  Password: Object00 Note: If the mouse locked on the VM desktop, press Ctrl+Alt+Del on the keyboard at the same time to release it.

Logging in to the QRadar SIEM server VM from the windows VM

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

To log in to the QRadar SIEM server VM from the Windows VM, use the following steps and credentials: 1. On the Windows VM desktop, double-click the PuTTY icon.

2. Double-click the QRadar saved session, or click on the QRadar then click on Open.

3. Use the following credentials to log in to the QRadar SIEM server:  User name: root  Password: object00

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

Logging in to the QRadar SIEM console To log in to the QRadar SIEM console, perform the following steps:

 On the Windows VM desktop, open the Firefox web browser.  The browser opens the QRadar SIEM console.

Review Questions: The following questions are based on this lab activity, week 1 and week 2. Q1. What is the operating system that IBM Security QRadar SIEM 7.2 software is running on?

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

Red Hat Enterprise Linux Server 6.3 Q2. What is the operating system that used an interface to access the QRadar SIEM virtual machine? Microsoft Windows 2003 Enterprise Server x64 Edition Service Pack 1 Q3. What is the name of the command line program that used to access the QRadar SIEM virtual machine in this lab? PuTTY Q4. List three tasks that can IBM Security QRadar performs: •

Alerts to suspicious activities and policy breaches in the IT environment

•

Provides deep visibility into network, user, and application activity

•

Puts security-relevant data from various sources in context of each other

•

Provides reporting templates to meet operational and compliance requirements

•

Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use

Q5. List the four domains of the IBM Security Framework: People – Data – Application – Infrastructure Q6. Regarding the IBM security Maturity categories of integration quadrant model, ___________ security is layered into the IT fabric and business operations. A. B. C. D.

☐ Basic ☒ Proficient ☐ Optimized ☐ Intelligence

Q7. Which of the following is the correct order for an attack chain? A. ☐ Break-in – Latch-on – Exfiltrate – Expand – Gather

Instructor/ Student Lab Manual

Ayman Ahmed

CSF-4613

Security Intelligence

Lab 1

B. ☐ Break-in – Gather – Latch-on – Exfiltrate – Expand C. ☒ Break-in – Latch-on – Expand – Gather – Exfiltrate D. ☐ Break-in – Latch-on – Gather – Exfiltrate – Expand

Q8. What is Security Intelligence? Is a real-time collection, normalization and analytics of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise

Instructor/ Student Lab Manual

Ayman Ahmed...