3.4 Installing IPFire Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your InfoSec lab.
00:00
I'm your host and Instructor, Kevin Hernandez.
00:00
In the last video, we were able to install and have
00:00
a general overview of PFSense on all of its features.
00:00
Even though it was not fully configured,
00:00
since we're still missing the network interfaces,
00:00
basically it's operational,
00:00
and we shall be able to install and configure it
00:00
slightly until our lab is in a more mature process.
00:00
We were also able to validate that
00:00
within it's app market or it's modules,
00:00
we were able to find both light squid,
00:00
squid, and squid guard,
00:00
which will basically replace the need
00:00
of a web proxy in our environment.
00:00
This will help us by basically lowering drastically
00:00
the amount of resources we will need
00:00
in order to make this InfoSec lab.
00:00
Looking at our proposed lab applications,
00:00
we can notice that we have way
00:00
more applications than that installed over here.
00:00
Just by categories itself,
00:00
you have firewalls, SIEMs,
00:00
proxies, IPS, our virtual machine,
00:00
the pen test tools, and our AT tools.
00:00
Now what happens is when you
00:00
>> start eliminating these are
00:00
>> redundant or that are duplicated,
00:00
you can see that the amount of
00:00
CPU cores are starting to get reduced,
00:00
or if you recall correctly,
00:00
our pen test tool will not
00:00
necessarily be required to be always on,
00:00
and therefore you can have
00:00
it installed in your primary system,
00:00
and therefore, having four total CPUs consumption
00:00
for our lab to be fully operational.
00:00
Now, you might think, "Oh, Kevin,
00:00
but what about Windows and CentOS.
00:00
Those two are different operating systems and
00:00
you do have a lot more tools
00:00
per technology than one [inaudible] Yes, that's true.
00:00
We will be required to make choices in here.
00:00
We might not be able to install on
00:00
tangle nor keep two firewalls.
00:00
But in the end of the day, if you think about it,
00:00
your corporation or your workplace most likely
00:00
has only one type of firewall out there.
00:00
Doesn't matter if it's 20,
00:00
50 or just one simple firewall,
00:00
most likely it has that one checkpoint infrastructure,
00:00
or one Palo Alto, one [inaudible] etc.
00:00
It doesn't have normally
00:00
different infrastructures in there,
00:00
unless you're in a very large corporation.
00:00
Therefore, even though we're installing
00:00
different types of firewalls,
00:00
at the end of the day, we'll only keep
00:00
one operational for each category.
00:00
Now, also taking consideration
00:00
that some resources such as Curator,
00:00
Splunk, basically, any of
00:00
these SIEMs are very resource hungry.
00:00
Therefore, you might be required to install these
00:00
in different devices dedicated
00:00
>> just for this application.
00:00
>> Let's go back. What were we doing today?
00:00
We'll be installing IPFire.
00:00
As mentioned earlier, it doesn't mean that we
00:00
will have both firewalls operational at the same time.
00:00
However, we will still show you
00:00
how to install it that way.
00:00
You know how to proceed and you make your own decision
00:00
on which firewall to utilize in your apartment.
00:00
It could be because of familiarization with the tool,
00:00
because you prefer the user interface that it brings,
00:00
maybe the feature it brings.
00:00
But unless you install each and every one of
00:00
these applications at least
00:00
once or to have a general overview,
00:00
you won't be able to properly determine
00:00
which is the best option for your environment.
00:00
It's very reality,
00:00
what works for one corporation does
00:00
not necessarily work for the other.
00:00
That's why we have so many products in the market.
00:00
If you ever come across a decision on
00:00
incorporating a new technology,
00:00
you should test more than one option to make sure
00:00
it fits the needs of your company.
00:00
Now let's get started. Now, like in our prior install,
00:00
IPFire requires us to
00:00
basically unzip it or extracted data.
00:00
But I'm pretty sure you might also be able
00:00
to just remove the extension at the end.
00:00
But a little more pleasure like this,
00:00
especially since I already work with PFSense,
00:00
and here you go and you do have the image right there.
00:00
Now, before we continue
00:00
>> with our installation of IPFire,
00:00
>> I must stop for a very small disclaimer.
00:00
Unlike PFSense, where we were able to create or
00:00
connect our interfaces by
00:00
the utilization of virtual network,
00:00
virtual ports, virtual switches,
00:00
which we configure in EXI.
00:00
IPFire seems a little more
00:00
resistant to these type of configurations.
00:00
I personally spent several hours
00:00
in IPFire configuration trying to get it to
00:00
use the interfaces that we literally used
00:00
a few hours ago during the PFSense installation.
00:00
However, it was just not available.
00:00
I was only seeing the interfaces name like
00:00
the actual NIC in
00:00
it and not those virtual NICs we were creating.
00:00
That led me to believe that I
00:00
require additional hardware,
00:00
and I start Googling around and I was actually able to
00:00
find the hardware requirements
00:00
for my network interface card,
00:00
and you will see these later on in the video.
00:00
Now, obviously, this is not
00:00
as bad if you're building your own computer.
00:00
You can just use one of
00:00
those PCI lanes that you have additional in there,
00:00
and just lap in a network interface card in there which
00:00
matches the criteria of
00:00
the vendor and that should be a lot
00:00
easier to be able to accomplish.
00:00
Now, during my research,
00:00
at least for PFSense,
00:00
I did find other systems,
00:00
and I'm going to show them in this video in a second.
00:00
I cannot tell you
00:00
effectively if this is a reliable store,
00:00
not right or even if this is a reliable product or not.
00:00
But I did find a lot of people
00:00
using products similar than this.
00:00
They don't have four ports in
00:00
the back for their firewalls actually.
00:00
But instead of using them as
00:00
a ESXi's box like we're doing,
00:00
they literally connected their modem straight
00:00
into this and then this to their network.
00:00
It's a different take on
00:00
>> what we're trying to accomplish.
00:00
>> However, this option is also there if you just want to
00:00
use your firewall from the lab,
00:00
and as you can see here,
00:00
it does have a N.2 over there,
00:00
it has what it looks like a wireless.
00:00
It has some RAM slots over there.
00:00
It looks a pretty decent system,
00:00
has the basics, and you see
00:00
the four parts over here, heat sink.
00:00
It doesn't seem to have some fans in there,
00:00
so be aware of that.
00:00
It may have a little bit of overheating issues.
00:00
Options are there for you,
00:00
you just have to be aware of those and be
00:00
careful when buying and research a little
00:00
more on the products you're going to be purchasing.
00:00
Now there's also the limitations itself.
00:00
Even if you want to do this,
00:00
your USB ports may not allow you.
00:00
I was lucky that the system I picked
00:00
that there the system I picked had a USB 3.0
00:00
and I was able to find
00:00
a gigabit adapter for only $15 give or take on Amazon,
00:00
and I'll actually show those during the video.
00:00
However, depending on the part of world where you live,
00:00
this might not be available to you.
00:00
But whichever option you go through,
00:00
make sure you use a gigabit because
00:00
100 meg connection might not be enough for a firewall.
00:00
Be aware of that, and that will not work on USB 2.1.
00:00
Now, I might personally be wrong on this,
00:00
and if you have worked with IPFire,
00:00
you have set it up, feel free to shoot me an email,
00:00
my contact is in here
00:00
>> and I will gladly modify this video
00:00
>> and make the configuration reinstall it and update
00:00
the course just to make this clear.
00:00
Now let's go ahead and show you
00:00
this USB port adapter that
00:00
I was able to acquire
00:00
to meet the criteria to install IPFire.
00:00
>> The last part, IPFire website.
00:00
In order to make this work,
00:00
we will need a USB dongle,
00:00
such as the ones uses an IPFire side,
00:00
TU3ETD USB 3.0 two gigabit element adapter.
00:00
You can find it right here on Amazon for around $13.65.
00:00
In order to utilize our USB internet adapter,
00:00
we will need to download the appropriate drivers
00:00
in order to utilize it in ESXi.
00:00
A small search led us to this page.
00:00
Let's go here, accept
00:00
the technical review license and download.
00:00
Download is now completed.
00:00
However, let's make sure we
00:00
look at the instructions on how to proceed.
00:00
It says download the CIP for
00:00
>> a specific version of ESXi,
00:00
>> in this case like we did, 607.
00:00
Upload the ESXi host using SCP or data store browser.
00:00
Let's go ahead and do that now.
00:00
If you're not familiar with Win SCP,
00:00
it's a free tool that would allow you to
00:00
transfer files from and to your virtual machines.
00:00
Go ahead and run it, accept,
00:00
and let's go ahead and install it.
00:00
It looks like it already installed.
00:00
Let's click finish, and right here we have Win SCP.
00:00
Basically the way it works is you put
00:00
the computer name, username.
00:00
Very important factor before trying to use
00:00
Win SCP is that you will have to enable SSH.
00:00
Now, let me show you what happens when you attempt to
00:00
the Win SCP without SSH being enabled.
00:00
Come here, try to log in, and denied.
00:00
However, if I come here,
00:00
enable the service and to reconnect.
00:00
Now you can see it's actually prompting for
00:00
a password where you can actually come in.
00:00
Now, a very crucial part when installing this plugin or
00:00
this driver is hat you have to do it in
00:00
the var log VMware path or directory.
00:00
Come here, take the file and hit
00:00
upload and okay, and there's the file.
00:00
Now let's connect to Putty.
00:00
Let's put the IP address.
00:00
[NOISE] It open.
00:00
Login. Clear the screen to make it easier.
00:00
Now you clear the screen,
00:00
before we continue, you got to put
00:00
the ESXi in maintenance mode.
00:00
In this case, we can either do it through
00:00
the CLI or user interface.
00:00
You [inaudible] to the user interface,
00:00
you click on actions, enter maintenance mode.
00:00
You get a little warning,
00:00
you want to make sure you won't be able
00:00
to change it [inaudible], click yes.
00:00
Putty back. Now we've got to do the following command.
00:00
Now, before you copy and paste the whole thing.
00:00
Pay attention, this is
00:00
a description, you know what you need to do.
00:00
In other words, don't copy paste the whole thing.
00:00
One of the thing the instructions don't tell you
00:00
is that in order for you to install this properly,
00:00
you need to actually run this from
00:00
the var log VMware directory.
00:00
Otherwise, you will receive errors as seen above.
00:00
In other words, when you upload a file,
00:00
make sure you upload it to this path over here.
00:00
This is very crucial for this to work.
00:00
Afterwards, you won't see
00:00
it will need to reboot the system,
00:00
so let's go ahead and take care of that.
00:00
Let's click reboot and reboot.
00:00
Let's give it a minute. Now,
00:00
let's log back in and see if it works.
00:00
[NOISE]
00:00
Let's remove it from maintenance as well.
00:00
There we go.
00:00
Now that you have the USB interface right here,
00:00
let's create a switch interface for it.
00:00
>> Let's come here.
00:00
>> Let's name it, let's say Lan.
00:00
Select the interface,
00:00
add it, then you see up link one port groups zero.
00:00
In other words, you have to assign it to a port group.
00:00
Let's create a new group,
00:00
let's also call it Lan
00:00
and select the Lan virtual search and hit add.
00:00
Now if you notice this still is a one.
00:00
Don't break your head, you didn't do anything wrong.
00:00
What you have to do now is come to host,
00:00
set the system back to
00:00
maintenance mode and reboot the system.
00:00
Let's give it a minute for it to reboot.
00:00
While the interface is on, let's go ahead and log in.
00:00
As you can see, now we have two network interfaces.
00:00
Now pay close attention.
00:00
You see the line here,
00:00
server is still in maintenance mode.
00:00
Let's go ahead and exit maintenance mode for it.
00:00
Now let's go back to networking.
00:00
Make sure everything is done correctly.
00:00
Little switches, four groups, everything looks good.
00:00
Now if you see something is assigned to it,
00:00
now you've got to assign it to a system.
00:00
Let's go back to host,
00:00
virtual machines, let's pick p of sense,
00:00
let's edit the settings.
00:00
Let's pick Lan, hit save.
00:00
Now, if you go back to networking,
00:00
it should be taken care of.
00:00
Now that we have fully installed
00:00
all the pre-requirements to run IPFire,
00:00
let's go ahead and take a small break.
00:00
Once we return, we'll
00:00
actually go through the installation of
00:00
IPFire and have a little tour
00:00
>> on the application itself.
00:00
>> I hope to see you soon. Have a great day.
Up Next