Network Device Forensics
This lab is intended to give you practice looking for configuration changes on a router which may indicate compromise.
Examining pfsense router configuration backups
- Download the following pfsense configuration backup files to your local disk.
- backup 1
- backup 2
- backup 3
- backup 4
- backup 5
- For each of the downloaded config backup files, review the configuration in the backup to determine if there are unusual settings which may indicate compromise. Some of the kinds of things you should be checking for could include the following:
- Look for obviously invalid or unusable IP addresses
- Look for suspicious services configured
- Look for accounts which are suspicious
- Look for administrative access which does not appear normal
- Look for credentials which are suspicious
Grading
Submit a single PDF file with your comments about what might be compromised for each of the 5 backup files. Include supporting configuration information and data from the backup xml files to support your comments.