Demo Lab Guide Dell Data Protection | Protected Workspace€¦ · 3 Dell Demo Center – | Dell...

Demo Lab Guide – Dell Data Protection | Protected Workspace

Quick Start Guide

Product Domain: Networking

Author: Ruairi Mongan

Version: 1.01

Table of Contents 1 Product Overview ............................................................................................................................................ 3

1.1 Lab Preparation Considerations and Caveats .................................................................................. 3

2 Introduction ..................................................................................................................................................... 4

2.1 Lab Topology and Essential Information ......................................................................................... 4

2.1.1 Lab Addressing and Login Details ...................................................................................................... 5

3 Demo Script ..................................................................................................................................................... 6

3.1 Initial Startup: ........................................................................................................................................ 6

4 Scenario 1: Client 1 (Unprotected browser gets hacked) ......................................................................... 7

5 Scenario 2: Client2 (browser secured by Protected Workspace; Client not hacked) ...................... 10

6 Scenario 3: Client 1 (unprotected Excel, Client1 is compromised) ...................................................... 13

7 Scenario 4: Client 2 (Excel secured by Protected Workspace; Client is not compromised) ........... 15

8 Scenario 5: Dell Management Server ......................................................................................................... 17

9 Demo shutdown ............................................................................................................................................ 18

3 Dell Demo Center – https://demos.dell.com | Dell Inc., 2016

1 Product Overview

Any time your users visit a website or open an email attachment, they could be opening the door to a data breach. Today's cyber-attacks increasingly take advantage of the routine, day-to-day tasks of users to infiltrate networks and steal sensitive data. To protect your organization, your endpoint security strategy must include prevention of these subversive attacks. Dell Data Protection | Protected Workspace takes a new approach to malware prevention. It is designed to protect your data and users from all untrusted content - even advanced persistent threats (APTs) and zero-day exploits

Containment: Launches highly targeted applications in a contained virtual environment

Detection: Uses behavior-based malware identification to detect any malicious behavior

Prevention: Stops malware, disposes of the tainted environment and restores a new, secure environment within 20 seconds

1.1 Lab Preparation Considerations and Caveats

It is in your best interests to ensure the demo environment you will be demonstrating is clean & tidy

before you begin. For this reason we would recommend, where possible, you log in to your demo at

least 15 minutes prior to delivery and check the following;

1. Familiarize yourself with the environment during this time and check any specific features you are

expecting to demo.

2. Most importantly, be crystal clear with yourself on what it is you plan to show. A full demo of every

feature described below (with questions) can take several hours. If you only have a short time slot

be sure to focus on the key points that address the customer’s pain points and will drive value home

to them.

3. Ensure that you have scheduled the demo for sufficient time so as not to have the demo end before

you are finished with the customer.

https://demos.dell.com/


2 Introduction

As Demo Presenter, you will assume all three roles:

Demonstrate how easily Client PC1 is compromised when visiting a website by a 0-day

exploit or when opening and excel document containing a weaponized payload.

Demonstrate how Client PC2 secure by Dell Protected Workspace remains

uncompromised despite encountering the same malware as Client PC1.

Demonstrate Dell Protected Workspace’s Management Console which enables tracking

and remediation of advanced threats.

2.1 Lab Topology and Essential Information

The diagram provides detail on the setup of the demonstration environment. The environment

provided is self-contained and has a number of virtual machines images provided for use.



The environment consists of:

2.1.1 Lab Addressing and Login Details Please pay attention to the IP addressing and login details provided. These are essential for the

successful completion of the lab. The information will be required during various phases on of the lab.

The following tables provides IP addressing and login credentials for all elements needed to complete

the lab:

VM List:

VMName Type IP Username / Password

ddpw_client1.ova Windows 7 Client -w/o DDPW as default

172.20.0.101 dell/dell:123

ddpw_client2.ova Windows 7 Client – w/ DDPW as default

172.20.0.102 dell/dell:123

ddpw_hacksvr.ova Metasploit (Hacking) Server

172.20.0.250 OS: dell/dell:123 and root/dell:123 Metasploit App: admin/dell:123

dell_ims.ova DDPW IMS Server 172.20.0.251 OS: root/invincea Mgmt App: ims_admin/invincea App: admin/dell:123

DDPW Demo Sites (Resolvable from all VMs and main PC):

Site Name URL Useraname / Password

Dell DDPW IMS Admin https://172.20.0.251 admin / dell:123

Dell DDPW IMS Appliance http://172.20.0.251:10000 ims_admin / invincea

Hacker Server – Hacker interface (standard)

http://172.20.0.250 or http://hacksvr

NA

Hacker Server – Metasploit interface (advanced)

https://172.20.0.250 or https://hacksvr

admin / dell:123

Linkedin http://172.20.0.250/linkedin/linkedin.html NA

Bobs Pool House http://172.20.0.249 http://www.bobsbilliards.com

NA


https://172.20.0.251/

http://172.20.0.251:10000/

http://172.20.0.250/

http://hacksvr/

https://172.20.0.250/

https://hacksvr/

http://172.20.0.250/linkedin/linkedin.html

http://172.20.0.249/

http://www.bobsbilliards.com/


3 Demo Script

3.1 Initial Startup: 1. Start an HTML5 compatible browser (Google Chrome or Mozilla Firefox); tab 1

(Hacker):

2. Browse to http://hacksvr (we will call this the hacker tab)

3. Wait till all services are running on metasploit server (postgresql, prosvc, nginx,

metasploit) and the exploit is running.

4. Tab 2 (Management Server):

5. Open another tab (management server tab), browse to https://dpwms.dell.local

6. Login as user: admin password: dell:123

7. Tab 3 (Clients):

8. Open another tab (clients tab), browse to http://hacksvr:8081/guacamole

9. Login as user: admin password: dell:123



4 Scenario 1: Client 1 (Unprotected browser gets hacked)

1. In the clients tab, click on client1 to launch it. Within the Client1 UI:

a. Launch Internet Explorer

b. Browse to either bob’s billiards or linkedin bookmark.

c. Point to new java icon on desktop icon tray (bottom right).

d. (optional) Right-click on web page and click on View Source – scroll to the bottom to

show malware embedded in web page.

e. Browse My Documents to show list of files:



f. On the clients tab – close or minimize all windows to show the hacked background.

(This may a take a minute after launching www.bobsbilliards.com to trigger):

g. On the hacker tab, wait until a new session is added to the Sessions table for Client1

and the status panel shows Auto Hack in progress.

i. Click on show files button to show Client1’s files (matching list from My

Documents).

ii. Click on the unhack button (Reset Client1’s background”.

iii. Then, click on the disconnect button (Stop exploit communication with

Client1).



5 Scenario 2: Client2 (browser secured by Protected Workspace;

Client not hacked) 1. Press Back on the browser in the clients tab.

2. Click on client2 to launch it. Within the Client2 UI:

a. Browse My Documents to show similar content as Client1.

b. Launch Protected Workspace – comment on the green border.

c. Browse to either bob’s billiards or linkedin bookmark.



d. Point out the ddpw popup, click on the popup’s Details… link to show details of

Protected Workspace Alert, then click on Restore.

e. In the hacker tab, click on show files button – comment on difference vs. Client1.

i. Click on the disconnect button to stop exploit communication.

f. Back on clients tab, comment on background (not hacked) by minimizing windows.



i. Click restore in Protected Workspace popup



6 Scenario 3: Client 1 (unprotected Excel, Client1 is compromised)

1. On the Client1 tab, launch Microsoft Outlook, open most recent email from Tommy Intern and

download attachment incomestatement.xls to Desktop:

2. Launch incomestatement.xls and if prompted, click on “enable content” to enable macros, explain

that most people do this subconsciously without giving it much thought:



3. Click on View -> Macros to show the Auto_Open macro:

4. Minimize or Close Excel to show the changed background:



7 Scenario 4: Client 2 (Excel secured by Protected Workspace;

Client is not compromised) On the Client2 tab, launch Microsoft Outlook, open most recent email from Tommy Intern and

download attachment incomestatement.xls to Desktop.

2. Launch incomestatement.xls and if prompted, click on “enable” to enable macros, explain that

most people do this subconsciously without giving it much thought.

3. Wait a few moments for DDPW pop-up alerting of the suspicious activity:

5. Click on Details… to review more information about the threat and then click on Restore:



6. Minimize or Close Excel to show the unchanged background.



8 Scenario 5: Dell Management Server

7. On the management server tab, show newly detected exploit attempts on Client 2:

a. Click on Threat Data -> Detections



9 Demo shutdown Steps to shutdown gracefully:

1. On hacker tab, in the status window on the bottom, type quit then press <enter>

2. Close the hacker tab.

3. Disconnect session


Demo Lab Guide Dell Data Protection | Protected Workspace€¦ · 3 Dell Demo Center – | Dell...

Documents

Transcript of Demo Lab Guide Dell Data Protection | Protected Workspace€¦ · 3 Dell Demo Center – | Dell...