2547 - Applying Advanced DNS Protection (ADP) Rulesets in NIOS

This lab requires a lab environment with Advanced DNS Protection capability!
Please ensure that you have deployed a NIOS Lab Environment (with Advanced DNS Protection) lab environment.

Scenario

As you have set up your environment for ADP it’s now time to apply for the ADP license and perform initial ADP configuration. ADP services require an initial ruleset.

Course References

• 2036: Managing NIOS Advanced DNS Protection (ADP)

Estimate Completion Time

• 30 to 35 minutes

Credentials

Requirements

• Administrative access to the Grid

• Usage of the NIOS Lab Environment (with Advanced DNS Protection) Lab environment

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Tasks

• Task 1: Set up NIOS-4 to join the Grid

• Task 2: Join NIOS-4 to the Grid

• Task 3: Apply ADP License File

• Task 4: Upload Initial Ruleset

• Task 5: Configure Rule Update and Ruleset Download Policies

• Task 6: Configure and Enable the Threat Protection (ADP) Service

• Task 7: Start the Threat Protection Service

Task 1: Set up NIOS-4 to join the Grid

• Log into NIOS-4 VM using the credentials (admin/infoblox).

• Reset the VM to factory settings using the command reset all .

• log back into the VM and validate that it has been reset.

• Edit the network settings, using the following table:

• set the management interface settings using the command set interface mgmt, using the following table:

Task 2: Join NIOS-4 to the Grid

• log back into NIOS-4 VM using the credentials (admin/infoblox).

• add the VM to the grid using the command set membership, using the following table:

Task 3: Apply ADP License File

• Add ADP license by navigating to Shared Drive/Licenses. Select the ADP.txt file

Task 4: Upload Initial Ruleset

• The Threat Protection Service (ADP) requires a ruleset in order to start. In this task, you upload a ruleset. Initially an older ruleset is uploaded, so that you can do an update to the latest ruleset later in the labs.

• Use the rule set ruleset-20240828.bin2 from the Shared Drive file from the Shared Drive/NIOS-Imports folder.

Task 5: Configure Rule Update and Ruleset Download Policies

• Set the Rule Update Policy to Manual, Enable Automatic Ruleset Downloads and test the connection making sure it does work.

Task 6: Configure and Enable the Threat Protection (ADP) Service

• Configure the Threat Protection service to use monitor mode. This enables you to check that the service is configured correctly, and there are no unintended effects on the network traffic.

Task 7: Start the Threat Protection Service

• Start the ADP service on the extibns.techblue.net member, restart the service if required

The best practice is to always run ADP in monitor mode for at least a week, to establish traffic patterns.

Solutions

Task 1 Solution: Set up NIOS-4 to join the Grid

1. Log into NIOS-4 VM using the credentials (admin/infoblox).

2. Reset the VM to factory settings using the command reset all.

   

3. log back into the VM and validate that it has been reset by using the command show network and if the interface is using the default ip then the VM has been reset.

   

4. Edit the network settings using the command set network, using the following table:

   

   

5. set the management interface settings using the command set interface mgmt, using the following table:

   

   

Task 2 Solution: Join NIOS-4 to the Grid

1. log back into NIOS-4 VM using the credentials (admin/infoblox).

2. add the VM to the grid using the command set membership, using the following screenshot:

   

3. Switch over the Jump-Desktop machine and log into the grid Ui with the credentials (admin/infoblox) on the address https://10.100.0.100/

4. Verify that NIOS-4 has joined the grid under the name extibns.techblue.net

   

Task 3 Solution: Apply ADP License File

1. Navigate to Grid → Licenses → Members. Click the plus (+) symbol to add a new license.

   

2. Click Select File to upload the license file.

   

3. Navigate to Shared Drive/Licenses. Select the ADP.txt file and click Open.

   

4. Click Save License(s).

   

5. Confirm that Grid member extibns.techblue.net has the Threat Protection feature licensed. Notice that there are two parts to the license. The Software add-on, and the Update license.

   

Task 4 Solution: Upload Initial Ruleset

The Threat Protection Service (ADP) requires a ruleset in order to start. In this task, you upload a ruleset. Initially, an older ruleset is uploaded, so that you can do an update to the latest ruleset later in the labs.

1. Navigate to Data Management → Security → Threat Protection Rules. Click the plus (+) symbol to add a ruleset.

   

2. Click Select to upload a file. Select the ruleset-20240828.bin2 file from the Shared Drive/NIOS-Imports folder. Click Upload.

   

3. Click Update to update the rules. This is the first ruleset, so nothing will be changed.

   

4. Close the Rule File Upload window.

5. The uploaded ruleset has become the active ruleset, as it’s the first one.

   

Task 5 Solution: Configure Rule Update and Ruleset Download Policies

1. Navigate to Data Management → Security → Threat Protection Rules. Select Grid Security Properties from the Toolbar.

   

2. Set the Rule Update Policy to Manual.

3. Check the box next to Enable Automatic Ruleset Downloads.

   

4. Click Test Connection. When the test is successful, a blue banner displays at the top of the current window. Ensure the connection works. Ask your instructor for assistance if the connection test fails.

5. Click Download Rules Now. When the Download finishes, click Save & Close.

   

6. Confirm you wish to close the Infoblox (Grid Security Properties) window.

   

7. There are now two rulesets.

   

8. Verify that the OLD ruleset is still active – do not activate the new ruleset yet.

   1. If the new ruleset is active, you will need to manually activate the old ruleset.

      1. Verify the update configuration to ensure that Rule Update Policy is set to Manual (as per the instructions above).

      2. Click on the hamburger icon next to the old ruleset and select Activate from the menu.

Task 6 Solution: Configure and Enable the Threat Protection (ADP) Service

• In this task, you configure the Threat Protection service to use monitor mode. This enables you to check that the service is configured correctly, and that there are no unintended effects on the network traffic.

1. Log in to the nios-4 VM console with credentials (admin/infoblox).

2. Issue the set adp monitor-mode on command.

3. Issue the show adp monitor-mode command. You should see that monitor mode is enabled, but the Threat Protection service is disabled.

   

Task 7 solution: Start the Threat Protection Service

1. Navigate to Data Management → Security → Members.

2. Select extibns.techblue.net and click Start in the Toolbar.

   

3. Click Yes to confirm starting the service.

   

4. Restart Services if prompted.

5. Refresh the page to view the latest status for extibns.techblue.net. The status is in yellow, because extibns.techblue.net is in monitoring mode.

   

It can take up to 5 minutes for the Threat Protection service to start

Threat Protection service on the ibns1.techblue.net member is not required for these labs