CYSE 450 Lab 1 High level overview of steps: 1. Install VMware 2. Install and configure Raspberry Pi 3. Install ssh 4. Secure the device 5. Test and submit report NOTE: If user ‘pi’ does not exist in your Raspberry Pi installation, you can skip the steps that involve user ‘pi’. Steps: 1. Install WMWare Download and install VMWare on your laptop or desktop. Pick the most current version. Make sure to pick the correct version for your device and OS. For Windows, you can follow the link in this article: https://www.pcworld.com/article/2388668/vmware-workstation-pro-how-toinstall-the-free-professional-tool.html For Mac, download VMware Fusion for macOS: https://www.techspot.com/downloads/2755-vmware-fusion-mac.html Note: You may need to register to Broadcom Support before downloading the software: https://support.broadcom.com/. 1 2. Install Raspberry Pi a. Download and install Raspberry Pi machine on your VM: https://www.raspberrypi.com/software/raspberry-pi-desktop/ . You can follow the installation steps in: https://singleboardbytes.com/1010/install-raspberry-pi-desktop-windows-vmware.htm Requirements: Name your Pi machine “Pi ”. For example: “Pi qnguyeng”. During installation, make sure to create the superuser with “super””super”. Example: “superqnguyeng”. b. Configure two network adapters: one using NAT, and the other one “Host Adapter”. 3. Install SSH a. Install and start the SSH. (Go to “Remote Access” section of the Pi documentation.) https://www.raspberrypi.com/documentation/computers/configuration.html#securingyour-raspberry-pi 4. Secure the device a. Use the instructions in the Raspberry Pi reference below to secure your Pi: Make sudo require a password Update the OS and packages. Improve SSH security. Create users “alice”, “bob”, “jane” and “john” Allow “alice” and “bob” to SSH to your Pi Deny “jane” and “john” to SSH to your Pi Restart SSH (skip key-based authentication) Install and configure the firewall. You should enable the firewall and add the following firewall rules: Only allow port 22 over tcp Limit login attempts on ssh port using tcp b. Add user . Note that this will be a regular user, without prefix “super”. c. Add this user to the same groups as the superuser: $ groups 2 $ sudo usermod -G (the command with parameters is on Raspberry website) Modify the ssh config file so that the new user can use SSH. d. Install fail2ban and set max retry to 3. e. Install a telnet client $ sudo apt install telnet 5. Test and submit the report (15 pts) Submit the screenshot(s) of the tests below to BlackBoard, CYSE 450, Lab1 a. [1 pts] Show VMWare with your Raspberry Pi machine. b. [1 pts] Show the two network adapters being configured. c. [1 pts] Login to your Pi and show the version of the OS $ uname –a (checks version of the OS) $ cat /etc/os-release d. [1 pts] Connect to your network Show the IP and MAC address network interface: $ ifconfig The MAC address is the 6 bytes after “ether” e. [1 pts] Do ssh to the Pi from a client ssh @ f. [2 pts] Default userid security $ su (replace with the one you created in Lab 1). Show failed su command with passwords: , pi, raspberry (passwords will not show on screen) $ su root Should not be able to login as user root with default, no, or weak password Show failed su command with passwords: , root, toor, raspberry (passwords will not show on screen) g. [2 pts] $ su Show failed su command with no password (passwords will not show on screen) Show successful su command with correct password (password will not display) h. [2 pts] $ sudo ufw status Firewall should block all but port 22 i. [2 pts] Test SSH secure configuration from an SSH client Show that “alice” and “bob” can ssh to your Pi machine Show that “jane” and “john” cannot ssh to your Pi machine 3 j. [2 pts] Test fail2ban Show that “alice” SSH login will be blocked after 3 unsuccessful attempts with incorrect passwords. 6. References a. VMWare: https://www.pcworld.com/article/2388668/vmware-workstation-pro-how-toinstall-the-free-professional-tool.html https://www.techspot.com/downloads/2755-vmware-fusion-mac.html b. Raspberry Pi https://www.raspberrypi.com/software/raspberry-pi-desktop/ https://singleboardbytes.com/1010/install-raspberry-pi-desktop-windowsvmware.htm https://www.raspberrypi.com/documentation/computers/ configuration.html#securing-your-raspberry-pi 4