Cyber-Range.png
logo_fortinet.png

Network Security Challenges (1-3)

Review the different situations below and configure FortiGate security gateway to block malicious traffic without interfering over the legitimate traffic.

Network Challenge 1 (1000 score)

 

An infected computer in your LAN is actively communicating with a Command & Control (C&C or C2) server. The C2 is actually hidden inside a legit web application server which has recently been compromised.

 

A straight workaround would be to deny access to this web server. The problem is that your business is dependent on the hosted web application. Also the user of the infected computer absolutely needs to access the web application. Thus, it is not possible to prevent his computer from accessing it. You have to find a temporary solution to block the c2 call-back connection.

Network Challenge 2 (750 score)

 

A server of the company is running corporate application softwares that are supported by an external contractor of the software editor. As such, a remote user regularly connects on that server to perform maintenance operations.

 

An attacker has been aware of this context and has conducted an advanced targeted attack. He managed to broke into the contractor's computer. Then, using its granted access to the server, he succeeded in compromising it, installing a backdoor and an in-memory daemon listening for instructions. The attacker regularly send instructions to the daemon to conducting various malicious activities inside the company.

 

That server cannot be powered down as it is running corporate applications and the company cannot afford business interruption.

 

You have been tasked to implement a temporary workaround. You need to prevent the attacker to exploit his privileged channel toward the servers. You contacted the contractor, to get details on his access to the server, he told you that he uses FTP protocol to perform maintenance.

 

Network Challenge 3 (500 score)

In order to reduce the risk of web drive-by download infections, your company subscribed to an external URL blacklist feed. You will need to use it in FortiGate in order to block every requests to these malicious URLs. The URL for the feed is http://10.2.0.10/fqdn-ko.txt