Академический Документы
Профессиональный Документы
Культура Документы
CYBER
THREAT
RESPONSE
CLINIC
Module
2
-‐
Lab
–
HackMDs.com
–
Connectivity
and
Setup
Lab
Guide:
Module
2
Welcome to HackMDs. As the new security admin, you’ll want to familiarize yourself
with the resources that you will be working with in this enterprise. During this exercise,
you’ll be walked through connecting to our model enterprise and ensure that the tools
that will be used today are up and available.
Outcome
At the end of this module you will have access to the lab environment and a map to the
resources you will need for using the tools within this lab.
Components
o Lab Resources
o Lab Steps
Required
Resources
• Laptop with Microsoft Remote Desktop
• Internet Connectivity
Step 5 You should see your Cyber Threat Response session available. Click the view button
Note If you do not see your CTR session, contact your Cisco instructor or dCloud lab support representative for
registration support.
Step 6 This will bring up the CTR clinic environment. On the right side of the screen will show the
remaining time available for completing the lab. The Details tab will display details on your
session such as start, end and login credentials. The Resources tab provides links to support
documentation.
Step 7 The Servers tab pulls up all of the systems running with the CTR environment. You have the
ability to turn systems on, off or reboot, if needed from this location.
©Cisco Systems 2017 Cyber Threat Response 2.0 Clinic 2-5
Step 8 To work on the lab, you will need to access the Jumphost. You can either click the Remote
Desktop link to launch a web VPN session or use the IP address and credentials provided with your
own local desktop RDP client. Those credentials are username: hackmds\administrator and
password: CTRLab123!
Note At this point you should now be successfully logged into the windows Jumphost desktop. If you are NOT
able to successfully login to the Jumphost Windows PC, please ask your instructor for assistance.
Note At this point, you have now successfully validated that the enterprise systems above are accessible.
Note We will be using the NoMachine Remote Desktop application instead of Microsoft RDP client to connect
to the Kali Attack client for better compatibility with the Linux system.
Step 22 From the Jumpbox PC desktop, double click on the “Kali_Attacker” shortcut icon to start
the NoMachine remote desktop application.
Step 23 Once the NoMachine program starts, double click the “Connection to 192.168.1.5” icon to
connect to the Kali Attack host.
Step 24 When prompted, login to the Kali Attack host with the username: root and password:
CTRLab123!
Step 25 Validate that you are now able to access the Kali Attack Linux desktop.
Step 26 Now from the Kali Attack Linux desktop, let’s start a Linux Terminal session by clicking on the
icon in the favorites bar on the bottom of the desktop. You can also find applications by clicking
the magnifying glass at the bottom and searching for the term “terminal”.
Step 27 Now let’s resize the Kali Attack Linux desktop session. From the Linux terminal session, enter
the following on the command prompt: xrandr -s 1024x768
Note: Additional screen resolution might be available depending upon your laptop configuration. To
check for additional screen resolution options, enter the command xrandr without any options. You will
then be presented with a list of possible screen resolutions.
Step 28 Next click on the “root” account name in the upper right corner of the Kali Linux desktop, then
click “Log Out…” from the menu options. Next, click “Log Out” from the “Log out root” popup
menu to close the Kali Attack Linux session.
Step 29 Now you can close the NoMachine application by clicking on the X in the right corner of the menu
program.
Note At this point you have now successfully connected to the Kali Attack host.
Note If you get a message asking you to install Adobe Flash Player, just click “Accept and Close”
Step 34 Validate that you are now connected to the Cisco Identity Services Engine (ISE) dashboard.
Step 35 Now browse to the Cisco Firepower Management Console (FMC) at: https://192.168.30.5
Note If you receive a message saying “Existing Session Detected” just click the “Proceed” button.
Step 36 At the login screen, login with the username: admin and password CTRLab123!
Step 37 Validate that you are now connected to the Cisco Firepower Manager Console dashboard.
Step 38 Now browse to the Cisco Stealthwatch Management Console (SMC) at: https://192.168.30.6
Step 39 At the login screen, login with username: admin and password CTRLab123!
Step 40 Validate that you are now connected to the Cisco Stealthwatch Management Console.
Step 41 Now browse to the Cisco Private AMP server at: https://amp.hackmds.com/ or https://192.168.30.9
Step 42 At the login screen login with username: ctr+lab@hackmds.com and password: CTRLab123!
Note Do NOT log into the Cisco Private AMP server with the web browser’s cached credentials for the Admin
user account. Make sure you are using the username ctr+lab@hackmds.com
Step 43 Validate that you are now connected to the Cisco Private AMP console.
Note At this point you have now successfully connected to HackMDs.com security management platforms.
Step 1 Sign into ISE go to Administration>PXGrid Services and check the boxes next to the two bottom
FMC options: then click the Delete button and then select “Delete Selected”
Step 2 Now move to your FMC console via the Firefox browser‐.
1) System
2) Integration
3) Identity Sources
5) Click the “Test” button to reestablish the pxGrid connections between FMC and ISE.
Step 3 Now return back to your ISE console session and verify the two FMC pxGrid connections have been
reestablished as shown below. (Do not worry about the fireshightisetestfmc.hacmds.com connection being
offline.)