The SecurityLab Cybersecurity Lab Guide

Overview: Cypherpath Virtual Lab Environment .

The Security Lab provides you with a computer network to perform hands on experiments as you progress through the training program. To support a large number of students we use virtualization technology. This technology allows us to run multiple computers in separate isolated computer networks using scalable infrastructure.

Some of the assessments require the usage of the labs to solve cybersecurity related problems. Lab activities will enable you to acquire networking, operating system, and cybersecurity skills using a suite of Linux and Windows based applications and tools. You will also acquire abilities to capture data , analyze network traffic and conduct penetration tests.

l

Linux Base Station Login as username: root, password: toor

2. VulnerableNode1, VulnerableNode2These servers have varying degrees of vulnerabilities that make them amenable to attacks. You will not directly log into these servers but instead you will try to hack your way into them.

Cypherpath Lab Access Process: URL: https://securitylab.radford.edu

Step 1: Make sure you have a Radford University single sign on account. If you were provided a username that looks like x@radford.edu, then x is your username. The password is the password that you setup when you first registered for an account.

Step 2: If you do not have Google Chrome™ or Mozilla Firefox™ browser, download any one of them:

o Google Chrome®: http://www.google.com/chromeo Mozilla Firefox®: https://www.mozilla.org/en-US/firefox/new/

Step 3: Browser configurationo Ensure pop-ups are not blocked, some Kali Linux functions may not run properly

without pop-ups enabled.o If you choose to use Firefox®, skip to Step 4. o If using Google Chrome® : Disable touchscreen input using the following steps.

Go to the website: chrome://flags/

On the website search for: Touch Events API

In the drop down box select Disabled

o Next: Re launch the browser

Step 4: Go to the website: https:// securitylab.radford.edu Step 5: Enter username/password of your Radford single sign-on account

o Do not enter the @radford.edu part of your account name. If your username is x@radford.edu, enter x as your username.

o Choose Default as your domain.

Step 6: After the first time you login, you will see this following screen

Step 7: Go to SDIs Shared with Me <some user name> (Note: the name you will see could be any of the professors or TAs)

Step 8: You should see a SDI with your name on it. E.g., Jane Doe’s Lab in the above picture

Step 9: Select the SDI and choose View on the right hand menu (or double-click the cloud)

Step 10: After a brief pause, your SDI’s network topology will be displayed.

Step 11:If the machines are greyed out, press the Play button. Do not press the STOP button for any reason

Step 12: Using the Linux Base Station:o Double-click on the LinuxBASEStation machineo Make sure to disable pop-up blocker

o Move the mouse pointer to Username, and enter rooto If you see two mouse pointers that perform a synchronous dance when you

move them, that is fine. Your system is working. o However: If you cannot move the mouse pointer or if the mouse pointer moves

sluggishly and leaves a trail, please contact the Professor and/or TA help you debug the problem.

o Enter password: toor. o Once you are logged in, start a terminal (see figure below)

o Double-click on Terminal icon. See figure above. You will see a terminal as shown below.

Section 3: Frequently Asked Questions(1) Issue: “I cannot login using my username/password.”

Answer: Check that you are not including the @radford.edu domain portion in the username. Do not enter the @radford.edu into the username field. If you enter your password incorrectly more than 3 times, your account is locked. Send a request to the TA or the Professor to unlock your account.

(2) Issue: “I can login, but cannot see my SDI.”

Answer: Traverse to the menu option: SDIsShared with meprem/soake. If you still do not see a SDI, contact the professor or TA

(3) Issue: “I can login, I can access my SDI, but the is red in color.”

Answer: You will need to start the machine(s). There are two ways: Option 1: Contact the TA/Professor. Please give us at least 1 business day. Option 2:

Select the machine that is red in color, by clicking on it once. The machine will be highlighted with red. In the screenshot below, you will see the LinuxBASE_Station highlighted.

Next, select the icon with the two gear symbols on the right side of the webpage (see screenshot below).

Press the power on button. If your machine doesn’t turn to green after a few minutes, please contact the

IMPACT staff.

(4) Issue: “I double click on my machine and it doesn’t start.”

Answer: Make sure your browser allows pop-ups. Go to the URL part of the webpage and check for a red X or some other message indicating that a pop-up has been blocked. Allow pop-ups from securitylab.radford.edu.

(5) Issue: “I started my Windows and/or Linux box, but the mouse pointer doesn’t move or the mouse pointer leaves a track of other mouse pointers and doesn’t respond (or responds very sluggishly).”

Answer: Unfortunately, this could be due to one of two possible reasons: Option 1: Do you have a touch screen monitor or do you have a Bluetooth (wireless) mouse. If you have a touch-screen disable the touch-screen input to your browser using the information from: Section 3, Step 2. If you have a Bluetooth (wireless) mouse, disable it. A USB mouse is preferred.

Option 2: Using the gear menu option for that machine, select StopKill option. Once the machine’s color changes from red to green, select Start. Once the machine starts-up, the mouse pointer should move s intended.

Option 3: Contact the TA/Professor.