4. Install and setup an FTP Server and Client
In this video, we’re going to be installing and configuring an FTP server. Now we’re going to be using a piece of software called FileZilla. FileZilla is a free FTP server that you can download, and it has a free client that you can also download. So we’re going to be downloading both on these stations. This lab is really important because not only does it show you how to set up and use an app FTP server, but I’m also going to show you how to set up an open a firewall ports to make sure it works. So you’re going to learn that aspect. And then you’re going to see in the next lab when I sniff the traffic that FTP is insecure. And I’ll also show you how to secure it by using FTP over TLS. So a lot to learn in this lab and the one that comes after this, let me sniff the FTP traffic. All right, so let’s get started.
We’re going to be downloading, installing FileZilla. So you notice that I have two computers that I’m running here. I’m running a Windows Ten and Windows Seven. Now the Windows Seven I’m going to use as my FTP server. My windows. Ten. I’m going to use this. My FTP client. It doesn’t have to be a Windows Ten or Windows Seven. It could just be wind to windows ten. That’s fine. It could be just two windows. Seven. You don’t need a lot of software here. Just need two versions of Windows and we’re good. Okay, so let’s go ahead and first set up that server.
So I’m going to go to my Windows Seven box, and I’m going to put this in a full screen because we got quite a few set up here to do. So I’m going to go to my browser and I’m going to look for FileZilla. FileZilla, the server. So I’m going to say Download FileZilla server. Download, download. And that’s a pretty quick thing. It was like two megs and it was done. So I downloaded it. And I’m going to agree to this. I agree. I’m going to click on Next. There’s my file to the server, Next. And we’re going to install it as a service. I didn’t change any of the default options. I’m just going to leave it as a service, and I’m going to say Install. All right, I’m going to click on Close.
Okay, so right now the server is basically installed, but it’s a little bit of configuration that needs to get done to make sure it works. So I’m going to say connect. To connect to the server. That’s just a port number that it connects to for its interface. Now, there’s a couple of things we want to do. First of all, we want to make a folder and put data in it because that’s the folder we’re going to be shared out on our FTP server. So I’m going to go in here to my C drive and I’m just going to create here a folder that we’re going to call FTP underscore files. FTP underscore files. I’m going to close this out. So I have a folder in there. You know what, let me put some data inside just to make sure I get some data in there. FTP files is the one I just created. FTP underscore files.
I’ll put a Word document in there, a text file. We’ll call this one FTP Data just to make sure I have something to transfer when I’m testing it. This is testing data. Okay. So I have some kind of file in there that I’m going to be transferring. All right, I’m going to go here to users, and I got to create a user for the FTP server. So we’re going to say add, and we’re going to say Mary is the name of the user and Mary’s password is FTP password. So somewhat long. We’re going to give her a shared folder. So we’re going to say add. We go to the C drive FTP files. Okay. Sometimes you may want to click this button that says Set as home directory. And we’re going to say okay, so the server is basically set up. That is one option I do want to configure because I’ve noticed that it gives errors if it’s not set up right. Sometimes FTP servers runs in what’s called passive mode. And when it does that, it’s going to work for a firewall. But it starts to use random ports. So I want to lock the ports now.
So I’m actually going to go right here and into the settings and little cogn icon. I’m going to go to FTP passive mode. And we don’t want to just let it use any range it want. I’m going to say use 2100 to 2100. I’m going to want to remember that IP because I’m going to have to open that. Okay, so I set that up and I think my server is ready to go. Now there’s going to be a problem where this is not going to work, and we’re going to have to figure out why this is done. Let’s go to the Windows Ten box, make this full screen. And we have to download the files of the client on the Windows Ten box. Okay, download this. The files of the client.
And here it is. Yep, I agree. Okay, so loading the data. So this should be ready to be quick to install. Next. Next. Okay, there’s no real configuration here. All right. You just install it. We’re going to start it up. Here it is. So what I’m going to do is I’m going to minimize this now, restore the window, actually. So I have the Windows Ten on the left side with the client itself. And on the right side I have the server. I have to find out the IP address of the server to put in as the host address.
So I’m going to run my Quick CMD here and on the server itself. IP config. I know I could just right click the network adapter, but I’ll do it this way. It’s actually quicker for me. The IP address is 192-16-8175. Is the IP on the Windows Seven box, let me see. 192-16-8175 name is Mary and the password is FTT password. And I want you to watch something. I’m going to press Enter on this. It says connect in. And by default it’s connected on port 21. So you see the call in on the 21, but nothing is happening on the other computer. It’s connecting, but nothing is happening.
This is an important part for any security administrator or any administrator to know because this is a common error when you set software up and it doesn’t want to work. Now, what’s happening here is a firewall. The Windows firewall is blocking it when this firewall is turned on, on this machine. So to turn it off, what I’m going to do is I’m going to on the lower part here of this Windows Seven, I’m going to right click, say Open Network Insurance Center and I’m going to go here to Windows Firewall. Now, you could turn off the firewall. I don’t recommend that. But there is an option for you to turn it off. Now, I really don’t recommend that. So what we’re going to do is we’re going to add some ports. So I’m going to go here and say advanced settings and inbound rules. And we’re going to right click and say New Rule. So we’re going to say Port. Click on Next and we’re going to say port 20.
Remember, FTP is 2021. And remember the 2100 port we had right said the passive modes. We don’t want to make it go all over the place, select its own. So I’m going to go ahead and click on Next and allow a connection. And I’m going to say domains. Yes. FTP. And finish. So I’m going to go back in here and I’m going to my dropbox thing there, okay? So I’m going to go in here and I’m going to, if you notice right here, my firewall. But I want to take a look at my FTP here. I’m going to go in here. I’m just going to press Enter because I already have the settings.
And you notice instantly it starts to work. You see all of this starts to work. So it’s telling me this server does not support FTP of over SSL. It’s fine. And you notice the FTP data. This is the folder. This is the data that was on that Windows Seven. So maybe I want to transfer this to my desktop. So I’m going to click on my desktop and I’m going to just drag it over to my desktop. So I just transferred a file over FTP. And you’ll notice my FTP data is right here. So I just transferred the data over FTP.
Now there’s something to remember about this. Mary doesn’t have the access right, to put data back. You see, if I try to take Mary’s, if I tried to dropbox there, if I try to take this and put it back, it says override it. So I’ve transferred it. Can I put maybe this wallpaper in there? Yes. So you notice permission denied. It didn’t do it. Permission denied. By default, when you set up FTP, the permissions is denied. So I’m going to go right here and you can go to back to your users. And you notice the shared folder. Mary only had read access for that. You’re going to have to give her the ability to delete and to write. But I’m not going to do that. I just wanted to show you that by default, they can take data off the server. If you want, you’re going to have to give them more permissions. Okay. That was setting up your FTP server. So in this lab, you saw how we set up the FTP server. We’re able to transfer files across the FTP link. It works fine. But the problem is this is not secure. So in the next lab, let’s see how to use protocol analyzer to sniff the traffic. And then we’ll see how to secure it with a more secure version of SSL of FTP. I’ll see you in the next lab.
5. Using Wireshark to capture an FTP Password and securing FTP Server
In this lab, what we’re going to be doing is using our protocol analyzer wireshark or sniffer to sniff out the FTP data that’s coming across the computers and to capture the FTP password in clear text. If you remember from your studying, FTP is a clear text password, then what we’re going to do is we’re going to secure it and by securing it by using a TLF connection on the FTP, there will be no more clear text passwords. So this lab is really important because you’re going to learn how we can you’re going to see and learn how we can sniff the information, and you’re going to see and learn how to secure your FTP. So let’s go ahead and get started on this.
So from previous labs, we already have wireshark installed. So what I’m going to do is I’m going to go ahead and just start up my notice. I have wireshark and FTP, and in the Windows Seven, I have the FTP server, and the FTP server is already running. So in the previous lab, I had set up a user that was the name of Mary, and Mary’s password was FTP password. Now that’s just all plain text. So I’m going to go in here and I’m going to open up the client and I’m not going to connect anything. All right? No connection. I’m just going to open up FTP, the client, and the server. I’m not connecting anything. And I’m going to open up wireshark to capture the traffic that’s coming through the nick car and see if we can capture that FCP password.
So I’m using the Ethernet connection. This is the connection that’s connected to the network here. I’m just going to double click on that and instantly it starts to capture a lot of these broadcast traffic in the network. So I’m just going to minimize and leave it alone. And then what I’m going to do is I’m going to go and connect this Mary. So I’ve already saved the connection. If not, I could just put the host in. That 1175 was the IP on the server, Mary. The password was FTP password. And I just press Enter and it’s connected. Okay, so it says okay, so I’ve connected. And this is the data file that I had that I set up when I set up that FTP server. So I’m going to maximize here on my view, I’m going to say full screen here on my Windows Seven box because I want to analyze the wireshark capture of this FTP traffic.
So I’m going to go back to wireshark. Now. It’s captured. It all at the top and it’s a lot of data. If I scroll up, you can see some of the information here. And the easiest way to do this, trying to look all of this is going to be difficult. The easiest way is just to look for the protocol that we’re looking for FTP and just press Enter. And I found all the FTP. So if you look at this carefully, so it’s saying, hey, FTP from the source to the destination is like, hey, I’m a file zillow server. And then it’s like, hey, do you want, do you want to log in as well? The user is Mary. You can see that was just plain text. But if you notice, the request for Mary is like, hey, Mary needs a password, password required for Mary. And there is the clear text password right there in the actual file output.
You can see here also in the file output, that’s the actual FTP passwords. We were able to capture the FTP password in wireshark. So now you can see why you never want to use FTP, because if somebody is running a sniffer on a line and they’re able to capture the traffic on the network, then anybody with an FTP password, they will be able to steal that password and steal the data. So that’s why you don’t want to use FTP here at all.
So in this lab, we’re also going to look at how to secure it. So I’m actually going to close out wiresharker because I don’t need it. We’re not going to save the capture and I’m going to secure the FTP now. So to do that, I’m going to go back to the FTP server. This is the Windows Seven files, FTP server, and we’re going to enable it with SSL now. So we’re going to go to a little cog with an icon here and we’re going to go down to FTP over TLS, right? So Ft beer FTP with just port 21 is no good because what it does is that it’s all clear text. So we’re going to say enable FTP over SSL and don’t allow plain unencrypted FTP, right? We don’t want that at all because we know that’s not secure. Now you need a certificate for this from a TLS uses certificates and we don’t have one.
So we’re just going to generate a new one. Country code is us. Enter the full state. New York. This is not so much required tia. It’s fine, just name of the organization. But I do need to put in where am I going to save the certificates? Let me say browse. I’m going to call it FTP cert and generate it so it makes a self signed certificate. If you have a public cert, you can also install that too. So I’m going to say, okay, now you notice it’s going to need to make this work. It uses its own port, port nine, 90. So we need to make sure we have that port on. So I’m going to put that here. I’m going to just say that’s fine, okay, just leave that as default. Okay, so I said that.
Now I’m going to go right back here to Mary and I’m going to attempt to connect again. I’m just going to press Enter. We establish a new tab here. And I noticed the moment I do this, look at that, the certificate pops up. It’s like, hey, there’s a certificate here that you want to accept it. Is this my certificate? Yes. That’s what I put in there. And I say, okay. And now you can see that it’s logged in using that particular certificate. It’s all encrypted data now. So I’m going to show you guys some interesting thing here. Now we know it works. We’re going to try to capture it and see if you can get the password. So what we’re going to do is we’re going to start up Wireshark.
Okay? Wireshark is running. We’re going to reopen back our FTP client. And I’m going to click right here because see how Mary’s right here already, I’m going to click on Mary. Here’s the trying to connect to it. It’s saying, hey, do you want to use a self significant that’s fine. Okay, so right now it’s opened back up. It’s fully connected. I can see that it’s fully connected here. And you notice password required for Mary password. Look at that. Fully encrypted there. Let’s go back to Wireshark and see what happened in Wireshark. So remember the previous one had this FTP where it gave us the username. Let me max full screen. So here’s the packet capture software. So let’s try that again. We’re going to say FTP percenter. Look at all these weird looking data now. Okay, response from FileZilla. FileZilla is like authentication is TLS. And you notice that it’s like, hey, authentication type is TLS. And then everything after that is gibberish encrypted data. You can’t read it. I don’t know what this is. It doesn’t say anything. So before, how we had that plaintext password, now it’s gone. Now everything that sent between me, between this client, I’m just going to stop this here. But you know what? I could show you one other thing. You can actually type in TLS, and you can see the TLS that’s happening, but there’s no real data to see here. It’s just the exchanging of the certificate, the hello request to set up the certificate, but no data.
No data will be sent in clear text here. I’m going to close this out. Nope, I don’t want to save this. Okay, so in this lab, you saw how by using FTP, a packet capture and software like Wireshark can easily capture that plaintext password. But you also saw that by encrypting SSL, that wasn’t possible anymore. So if you ever needed a reason to not use FTP and make sure to use a more secure version of it, now you can see why. Okay, practice this lab. Very interesting. You learned how to use wireshark. You learn how to secure your FTP, you learn how to capture packets. And you saw how easy it was to capture a password. All right, hopefully you had some fun in this lab. I’ll see you in the next one.
6. Lightweight Directory Access Protocol Over SSL
In this video, I’m going to be talking about LDAPS or LDAP over SSL. LDAP stands for lightweight directory access protocol. Now, you’re probably familiar with LDAP and how it works if you have worked in a company that uses Microsoft Active Directory to communicate, to help manage the workstations and users and so on. LDAP LDAP is basically a directory service that allows you to store and query and manage things that users and groups and computers within a network.
Active directory is based on LDAP So that is the standards or the protocol that they used to make Active Directory. Now, here’s the thing. Most people know it this way, but native LDAP, which you could install on Linux boxes or even as an add on to Windows, is not secure. It’s actually in plain text. Its port number is 389. And that’s just the plain text one. There is another port for 636. 636 is the secure version of what’s known as LDAP s. Now, keep in mind, in order to do LDAP s, you have to get a certificate at RRT to give your certificate in order to get this process done. So I’m going to show you guys how to do this on a Windows server.
Now, I have already gotten a certificate from a certificate authority that I’m going to show you guys how to install. So basically, you got to get a certificate and you just got to basically install it on the computer, on the domain controller, and it’s basically going to allow the LDAP s to work. Now, why do you want to do this? Because if LDAP is in plain text, then anyone’s sniffing the network can get the traffic. But if you encrypted with certificates, it’ll be more secure. Think of you going to Amazon and Amazon is encrypted with certificates, right? So let’s take a look at how to do this.
So I have a server 2019 that’s already set up an Active Directory. So it’s already running full LDAP and we’re going to verify this. Okay? We’re going to type I’m going to go to run I’m going to type a command called LDP and I’m going to say Connection. Connect. If I connect on 389, this machine should be able to connect on 389. No, it does not connect. Well, let’s see why. You know what, I have the box set for SSL. I don’t need that. Okay, so let’s see if it connects on 389. Now, all right, this here may take a few hours. Okay? So what you guys are going to do is you guys I was about to say let’s go get a coffee break. All right, so disconnect. We know that it is working on 389, but if I go in here and I say disconnect, I’m going to say connect. If I go in here and I say three six three SSL connection, it should fail on this connection. Why?
Because it’s not set up. We actually got to go and add the certificate that is available to us onto this machine, okay? So we know it’s not going to connect. So here’s what I’m going to do. I’m going to make an MMC console. Now, I’m hoping you guys did A plus. And you know what your MMC consoles are. So MMC, I just went to write it. Maybe I went too fast. I went to run a type MMC. Remember, this is on a server domain controller. So to do this that you need to have when the server installed, you need to have a domain controller and you need to have a certificate. You need to have a certificate. Now, I went through the certificate Atari Wizard. I created a certificate called LDAP.
It’s a Kerberos certificate for authentication. I created it and I called it LDAP S. So keep that in mind. There’s much more to this lab, but I just want to demonstrate in this video how it’s used. Remember, guys, this class does not substitute an MCSC or MCSA Windows Server class, okay? So I’m going to go here to certificates. I want to just add the certificate management console of this local computer. The CA that’s here is because this machine is configured as a certificate Atari. But I want to just manage the local certificates on this computer, on this computer. So I’m going to double click on that. I’ll say Computer, I’ll say Next, and local computer is fine. Remember, this is the domain controller. So you got to do this on your domain controller.
So I’m going to go to personal certificates. I’m going to right click here and say, New task. We’re going to say Request a new certificate. I’m going to click on Next. Active directory policy is fine. So you see the certificate here for the sale. I made this one already from the certificate. It’s hard to so we’re going to click on Enroll and we’re going to click on Finish. So there you go. Now, I have my Kerberos authentication certificate, but this particular one can be used for a lot. So this one here can be used for server authentication also. Okay, that’s it. It’s basically installed, right? So, you know what? We just minimize this. So let’s try that connection again.
So now we got 636 over SSL, and let’s see if this works. That did work this time. It did not fail. So now all Kerberos requests. Now, remember that this isn’t active directory. This is a domain controller. Any host trying to authenticate now, or users trying to authenticate is going to go through its SSL connection, enabling this LDAP over SSL. So remember, for your exam, LDAP over SSL, basically secures LDAP, instead of it being in plain text.
