Let's get practicing what we've learned from above.
- Generate a key pair
- Encrypt a file
- Have your mentor do the same, and send you a file
- Confirm signatures and such
- Use a symmetric algorithm to encrypt a file and send it to your mentor
- Have your mentor send you an encrypted file (and its secret) and decrypt it
- Create a self-signed certificate
- Use it via nginx
- See what happens when you access the site via HTTPS
- Create a certificate using Let's Encrypt and repeat the above
Limited Project Work
Firewalls are a security concept and as such, the amount of project work you can get done here, at this point in your learning, is limited. We cannot encourage you to play around with the local firewall on your local computer as you might expose yourself to very real, very serious threats.
There will be plenty of firewall related projects in the Cloud section of Stage One, trust us.
- Does your local system have a firewall installed?
- What rules are in place right now?
- Don't list them all, as there might be thousands!
- What happens if you add a rule to block outbound connections to any remote server on
80(HTTP)? Can you access website via
- Try pinging
220.127.116.11(Cloudflare's DNS server[s]), and then try blocking
ICMPping from your host to that exact IP - can you ping it now?
- Using draw.io or miro.com, design a simple diagram that explores the following traffic flows:
- Traffic coming from the Internet, through a firewall, and accessing a web server
- Traffic coming from the web server to a databae in another subnet
- Traffic coming from head office to a VPN server on the network
- Now think about the protocols being used, and design rules for each of the following:
- Only allow HTTPS traffic from the Internet to the web server
- Only allow head office's IP (
18.104.22.168) to access the VPN server
- Prevent anything BUT the web server and VPN from accessing the database
We don't have a Zero Trust project for you to complete. It's an extremely advanced topic, so we'll explore it later on.
- Add an extra step of authentication to your online accounts by adding a 2FA device to them
- We recommend Microsoft's Authenticator app as it allows you to sync the tokens (secrets) to a Microsoft account
- Ensure your email accounts have a unique, separate passPHRASE
- Check your email address and or password at ';--have i been pwned?
We think this one is going to be obvious: download, install and start using a password manager. Here are some choices:
We cannot recommend any others at this time.
Cloud Secrets Management#
We will get the opportunity to delve into application level secrets management later on.
We will also get the opportunity to go use some OWASP resources when we come to write our own web app later on.
These are optional, but fun if you're willing to give them a go.
- Apply some CIS benchmarks to a Ubuntu 22.04 VM
- Write a short report on the tools that CIS provides to help with using their standards.
Repeat the CIS projects above.