Class Setup Guide

KL 002.12.
1: Kaspersky Endpoint Security and Management
KL 002.12.1
Kaspersky Endpoint
Security and
Management
Class setup guide

Table of contents
1. Introduction ....................................................................................................................................... 2
2. Environment description .............................................................................................................. 2

Computers ..................................................................................................................................................... 2
Domain .......................................................................................................................................................... 3
Users ............................................................................................................................................................. 3
Subnets ......................................................................................................................................................... 3
Static addressing ........................................................................................................................................... 3
Operating systems ........................................................................................................................................ 3
Computer summary ....................................................................................................................................... 3
Hardware requirements ................................................................................................................................. 4
Additional virtual machine settings ................................................................................................................ 4
3. Configuring VMware Workstation network.......................................................................... 5
4. Lab environment .............................................................................................................................. 6
5. Class setup......................................................................................................................................... 6
DC ................................................................................................................................................................. 6
KSC ............................................................................................................................................................... 7
Alex-Desktop ................................................................................................................................................. 8
Admin-Laptop ..............................................................................................................................................10
Kali ...............................................................................................................................................................12
1
KL 002.12.1: Kaspersky Endpoint Security and Management
1. Introduction
The guide is designed for course KL 002.12.1 that teaches how to deploy KSC 14.2 and KES 12.1,
manage protection and control components in KES 12.1, detect threats and respond to incidents in a
centralized manner, maintain the products (for example, keep databases up to date), configure and use
notifications and reports.
This guide helps to prepare a class for the training sessions devoted to Kaspersky Security Center 14.2
and Kaspersky Endpoint Security 12.1 products.
The guide contains step-by-step instructions on how to configure physical and virtual computers for
technicians who just prepare the class and neither want nor need to understand the training environment.
For trainers who need to thoroughly understand the training environment, the guide describes the class
setup in detail: virtual machines, their characteristics and interrelations.
Additionally, the guide explains the reasons why the described configuration was selected and how
the instruction can be changed depending on the available equipment.
2. Environment description
All labs will be done on virtual machines. Our guide presumes using VMware Workstation; however, it is
not a must. Feel free to reproduce a similar virtual configuration on any other virtual platform.
The lab environment models a network of an abstract company, ABC Inc. Its computers belong to
the abc.lab domain and use the abc.lab email domain.
Computers
The following computers will be used in the labs:
— DC—the domain controller and DNS server of the abc.lab domain. It is used in all labs as an
infrastructure element, meaning, must be running, but actions are not performed there. In some
labs, DC also acts as the mail server for the abc.lab domain.
— KSC—a computer whose main role is to be the Administration Server at ABC Inc. It belongs to
the ABC domain and has a static IP address.
— Alex-Desktop—a typical desktop workstation of ABC Inc. It also belongs to the ABC domain and
has a static IP address.
— Admin-Laptop—this machine acts as an administrator's laptop. The administrator uses this
computer to connect to various systems and configure them. It also belongs to the ABC domain
and has a static IP address.
— Kali—a criminal’s computer. It does not belong to the ABC domain; it has a static IP address. It is
used for hacker attacks in some labs.
KL 002.12.1: Kaspersky Endpoint Security and Management. Class Setup Guide 2. Environment description
Domain
Most of the computers belong to the ABC domain.
Users
The domain administrator account, ABC\Administrator, is used only when setting up the lab
environment. Alex-Desktop: ABC\Alex account; Admin-Laptop: ABC\Admin account. Kali—a local
hacker account.
Set the same password for all users: Ka5per$Ky.
Subnets
Computers belong to subnet 10.28.0.0/24, which represents the network of the ABC Inc. headquarters.
These specific IP addresses are not particularly important, but they were used when designing the course
labs and are mentioned in the Lab Guide.
Static addressing
Static addressing is used for all computers.
Operating systems
The computers that perform server functions are running Windows Server 2019 Standard. On other
domain computers, Windows 10 Professional is installed. The adversary computer is running CentOS 8
Stream.
Computer summary
The following table summarizes the names, operating systems and addresses of the computers.
RAM, HDD,
Computer Operating system Address CPU
MB GB
DC Windows Server 2019 Standard 10.28.0.10 2048 1 60
KSC Windows Server 2019 Standard 10.28.0.20 5120 4 60
Alex-Desktop Windows 10 Professional 10.28.0.200 4096 2 42
Admin-Laptop Windows 10 Professional 10.28.0.100 4096 2 42
Kali Centos 8 Stream x64 10.28.0.50 2048 1 40
3
KL 002.12.1: Kaspersky Endpoint Security and Management. Class Setup Guide 2. Environment description
Hardware requirements
Since we need to run up to 5 virtual machines with modern operating systems, the host machine must
have at least 20 GB of RAM.
Another (and maybe even more important) bottleneck is the disk subsystem. A host machine with one
HDD drive usually cannot ensure comfortable performance. An SSD drive or performance-oriented RAID
configuration is preferred.
Additional virtual machine settings

Additional settings of the virtual machines required for the course:
— DC—is additionally supposed to act as a mail (SMTP and POP3/IMAP4) server of the abc.lab
domain. We will create [email protected] and [email protected] mailboxes on the mail server.
This guide presumes using the hmailserver software.
— Alex-Desktop—the Firefox web browser must be installed. In one of the labs of the 3rd unit, we
will imitate blocking third-party browsers. Also, a mail client must be configured for the user
[email protected]. A third-party antivirus must be installed. In our guide, clamwin antivirus is used.
— Admin-Laptop—a mail client must be installed and configured for the user
[email protected].
Since all computers belong to subnet 10.28.0.0/24 and at least in some labs need internet access, the
easiest way to achieve this is to modify NAT interface settings in VMware Workstation. Typically, it is
VMNet8 interface.
4
KL 002.12.1: Kaspersky Endpoint Security and Management. Class Setup Guide 3. Configuring VMware Workstation network
3. Configuring VMware Workstation network

1. Open Virtual Network Editor (you can run this utility from the Start\VMware menu; or click
Edit\Virtual Network Editor on the VMware Workstation menu)
2. Check that the network type and External Connection of VMnet8 are NAT
3. Select VMnet8 and specify the following:
— Subnet IP = 10.28.0.0
— Subnet mask = 255.255.255.0
5
KL 002.12.1: Kaspersky Endpoint Security and Management. Class Setup Guide 4. Lab environment
4. Lab environment
5. Class setup
DC
1. Create a virtual machine with the following minimum parameters:
— 2048MB RAM
— 60GB hard disk
— One network adapter (NAT)
2. Install Windows Server 2019:
— Computer name—DC
— IP address—10.28.0.10
— DNS server and gateway—10.28.0.1
— Local administrator password—Ka5per$Ky
3. Install VMware Tools
4. Add the Active Directory Domain Services server role with the following parameters:
— New forest
— New domain named abc.lab
— Functional level—Windows Server 2019
— Add the DNS server role
— Other parameters—by default
— Directory Services Restore Mode Administrator Password: Ka5per$Ky
5. Add domain users:
— Alex with the password Ka5per$Ky
— Admin with the password Ka5per$Ky
6. Modify the domain policy:
— Disable automatic Windows Updates (in Group Policy Object Editor, expand Computer
Configuration, Administrative Templates, Windows Components, Windows Update,
double-click Configure Automatic Updates, and then click Disabled)
6
KL 002.12.1: Kaspersky Endpoint Security and Management. Class Setup Guide 5. Class setup
— Disable Windows Defender (in Group Policy Object Editor, expand Computer
Configuration, Administrative Templates, Windows Components, click Windows
Defender, double-click Turn off Windows Defender, and then click Enabled)
Most likely, on KSC, Admin-Laptop and Alex-Desktop computers, you will need to
additionally disable Windows Defender as described in the following instruction
https://woshub.com/disable-windows-defender-antivirus/
— Disable Windows Firewall for the domain profile (in Group Policy Object Editor: Computer
Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with
Advanced Security)
— Disable Maximum Password Age: Select Not Defined for this parameter (In Group Policy
Object Editor: Computer Configuration, Policies, Windows Settings, Security Settings,
Account Policies, Password Policy)
— Disable SmartScreen Filter in Group Policy Object Editor: Computer Configuration,
Administrative Templates, Windows Components, Internet Explorer.
⎯ Prevent bypassing SmartScreen Filter warnings about files that are not commonly
downloaded from the Internet = Disabled
⎯ Prevent bypassing SmartScreen Filter warnings = Disabled
⎯ Prevent managing SmartScreen Filter = Enabled. Select SmartScreen Filter mode =
off
7. For the Administrator, Alex and Admin users, select the Password never expires checkbox
8. Create the Admins group and add it to the Administrators and Remote Desktop Users groups
9. Add the Admin and Alex user accounts to the Admins group
10. Install hMailServer (is available at www.hmailserver.com)
— Create the abc.lab mail domain
— Create the following mailboxes in the abc.lab domain: [email protected],
[email protected]; all with the Ka5per$Ky password
— In the Settings\Advanced\Auto-ban window, clear the Enable checkbox and save the
changes
— Go to Settings\Advanced\IP Ranges\My computer and clear all checkboxes in the
Require SMTP authentication section
— Open Settings\Advanced\IP Ranges\Internet and clear all checkboxes in the Require
SMTP authentication section (if the External to external e-mail addresses checkbox is
not editable, leave it unchanged)
11. Disable IPv6 in the network interface settings
12. Take a snapshot naming it kl_002.12.1
KSC
1. Create a virtual machine with the following parameters:
— At least 4 CPU
— At least 5120 MB RAM
— At least 60 GB hard drive
2. Install Windows Server 2019 Standard Edition:
— Computer name—KSC
— IP address—10.28.0.20
— Default gateway—10.28.0.1
— DNS—10.28.0.10
— Password of the administrator account: Ka5per$Ky
7
3. Log on as .\Administrator
5. Add Features: .NET Framework 3.5.1 without WCF Activation
6. Install PostgreSQL 14
7. Install the Google Chrome browser
8. Make Google Chrome the default browser
9. Set the desktop background color to R/G/B = 0/168/142 (dark green)
10. Download the full Kaspersky Security Center 14.2 distribution for Windows from the official
website (https://www.kaspersky.com/small-to-medium-business-
security/downloads/endpoint?utm_content=endpoint-select) and place it on the desktop
11. Configure the screen not to turn off automatically
12. Disable Windows Defender as described at https://woshub.com/disable-windows-defender-
antivirus/
This instruction is required for recent operating systems. On older versions, it is enough to turn off
Windows Defender in the group policy.

Alex-Desktop
— At least 2 CPU
— 4096 MB RAM
— 40 GB hard drive
2. Install Windows 10 Professional:
— Name—Alex-Desktop
— IP address—10.28.0.100
— DNS server—10.28.0.10
4. Add the computer to the abc.lab domain (the DC computer must be turned on)
5. After the restart, log on to the system under the ABC\Alex account
6. Install Microsoft Office Word 2013
7. Install the Mozilla Firefox browser
9. Make Google Chrome the default browser.
10. Install the Mozilla Thunderbird mail client
11. Install the ClamWin antivirus
12. Install the 7-Zip archiver
13. In Mozilla Thunderbird mail client, configure an account for [email protected]:
— Password: Ka5per$Ky
— Username: [email protected]
— Email: [email protected]
8
— POP3/SMTP server: 10.28.0.10 (or dc.abc.lab)

14. Install the encryption utility aescrypt.exe with default parameters. The distribution is available at
www.aescrypt.com/download/
15. Place the following files on the desktop:
— ransomware.bat—an executable file that imitates ransomware actions.
Contents of ransomware.bat:
@echo off
if exist "C:\Program Files\AESCrypt\aescrypt.exe" goto :Step1

echo **** not exist C:\Program Files\AESCrypt\aescrypt.exe ****
pause
exit
:Step1
if exist .\invoice.txt goto :Step2
echo **** not exist .Desktop\invoice.txt ****
pause
exit
:Step2
"C:\Program Files\AESCrypt\aescrypt.exe" -e -p root .\invoice.txt
if exist .\invoice.txt.aes goto :Step3
:Step3
del .\invoice.txt
echo **** Congratulations!!! Your personal files are encrypted ****
pause
exit
— ransomware2.bat—an executable file that imitates ransomware actions.
Contents of ransomware.bat:
@echo off
if exist "C:\Program Files\AESCrypt\aescrypt.exe" goto :Step1

echo **** not exist C:\Program Files\AESCrypt\aescrypt.exe ****
pause
exit
:Step1
if exist \\ADMIN-LAPTOP\temp\invoice.txt goto :Step2
echo **** not exist \\ADMIN-LAPTOP\temp\invoice.txt ****
pause
exit
:Step2
"C:\Program Files\AESCrypt\aescrypt.exe" -e -p root \\ADMIN-
LAPTOP\temp\invoice.txt
if exist \\ADMIN-LAPTOP\temp\invoice.txt.aes goto :Step3
:Step3
del \\ADMIN-LAPTOP\temp\invoice.txt
echo **** Congratulations!! Your personal files are encrypted! ****
pause
exit
— invoice.txt—a user’s text document Contents of invoice.txt:
Test_ransomware
9
16. Allow remote administration via Remote Desktop with Network Level Authentication
17. Copy the Document1.zip archive to the Documents folder
18. Copy the Procmon.zip archive to the Documents folder
19. Copy the invoice.txt file to the Documents folder
20. Copy the WeeklyReport.rar archive to the Documents folder
21. Create the folder C:\Reports
22. Copy the Report with converting macros.zip archive to the C:\Reports folder
23. Configure the Start menu: remove unnecessary shortcuts and add the Mozilla Thunderbird mail
client
antivirus/

Admin-Laptop
— At least 2 CPU
— 4096MB RAM
— 40GB hard drive
2. Install Windows 10 Professional with the following settings:
— Name—Admin-Laptop
— IP address—10.28.0.200
— DNS server—10.28.0.10
3. Add the computer to the abc.lab domain (the DC computer must be turned on)
4. Log on to the system as ABC\Admin
6. Install Microsoft Office Word 2013
8. Make Google Chrome the default browser
9. Install the Mozilla Thunderbird mail client
10. Install the 7-Zip archiver
11. Install the MMC console of Kaspersky Security Center. Its distribution is available at
https://www.kaspersky.com/small-to-medium-business-
security/downloads/endpoint?utm_content=endpoint-select
12. In Mozilla Thunderbird mail client, configure an account for [email protected]:
— Password: Ka5per$Ky
— Username: [email protected]
10
— Email: [email protected]
— POP3/SMTP server—10.28.0.10 (or dc.abc.lab)
13. Install the encryption utility aescrypt.exe with default parameters. The distribution is available at
www.aescrypt.com/download/
14. Install the Putty.exe utility Its distribution is available at
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
15. Place the Putty.exe shortcut on the desktop
16. Create a shared folder C:\temp\ with Write permission granted to everybody
17. Copy the bsstest_amsi.zip archive to the C:\temp \ folder
18. Copy the invoice.txt file (a user’s text document) to C:\temp\:. Contents of invoice.txt:
Test_ransomware
19. Place the following file on the desktop: Malware_Common_Paths.txt – a text document.
Contents of Malware_Common_Paths.txt:
C:\Users\*\Appdata\Roaming*
C:\Users\*\Appdata\Local*
C:\Windows\Temp*
C:\Users\*\Desktop*
C:\$Recycle.Bin*
C:\Windows
C:\Windows\system32*
C:\Users\*\Documents*
C:\Users\*\Downloads*
C:\Users\*\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup*
C:\Documents and Settings\*\Application Data*
C:\Documents and Settings\*\Local Settings\Application Data\*
C:\Documents and Settings\*\Local Settings\Temporary Internet Files*
C:\Documents and Settings\*\Desktop*
C:\Documents and Settings\*\My Documents*
C:\Documents and Settings\*\Start Menu\Programs\Startup*
20. Allow running local PowerShell scripts without restrictions. Run PowerShell as administrator and
enter the following command:
set-executionpolicy remotesigned
22. Configure the Start menu: remove unnecessary shortcuts. Add the Mozilla Thunderbird and
Putty.exe shortcuts to the menu
antivirus/

11
Kali
— 2048MB RAM
— 40GB hard drive
2. Install Centos 8 Stream x64 with the following settings:
— Name—Kali
— IP address—10.28.0.50
— DNS server—10.28.0.10; 8.8.8.8
3. Create a hacker user account with the password Ka5per$Ky
4. Log on to the hacker account
5. Upgrade the distributions:
sudo dnf update

6. Install Metasploit framework
curl https://raw.githubusercontent.com/rapid7/metasploit-
omnibus/master/config/templates/metasploit-framework-
wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
sudo ./msfinstall
7. Install the postfix mail server
sudo dnf install -y postfix

8. Run postfix and add it to autorun
sudo systemctl start postfix

sudo systemctl enable postfix
9. Install the mailx mail client:
sudo dnf install -y mailx

10. Configure postfix. In the /etc/postfix/main.cf file, uncomment and edit the following lines:
myhostname = hacker.abc.lab
mydomain = abc.lab
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination =
11. Restart postfix
sudo systemctl restart postfix

13. Add ports 4444/tcp and 8080/tcp to the firewall exceptions
sudo firewall-cmd –permanent –add-port=4444/tcp

sudo firewall-cmd –permanent –add-port=8080/tcp
sudo firewall-cmd --reload
12

Class Setup Guide

Uploaded by

Copyright:

Available Formats

Class Setup Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Class Setup Guide

Uploaded by

Copyright:

Available Formats

KL 002.12.

1: Kaspersky Endpoint Security and Management

Class setup guide

2. Environment description .............................................................................................................. 2

3. Configuring VMware Workstation network.......................................................................... 5

4. Lab environment .............................................................................................................................. 6

Set the same password for all users: Ka5per$Ky.

KSC Windows Server 2019 Standard 10.28.0.20 5120 4 60

Alex-Desktop Windows 10 Professional 10.28.0.200 4096 2 42

Admin-Laptop Windows 10 Professional 10.28.0.100 4096 2 42

Kali Centos 8 Stream x64 10.28.0.50 2048 1 40

Additional virtual machine settings

3. Configuring VMware Workstation network

13. Disable IPv6 in the network interface settings

— POP3/SMTP server: 10.28.0.10 (or dc.abc.lab)

if exist "C:\Program Files\AESCrypt\aescrypt.exe" goto :Step1

if exist "C:\Program Files\AESCrypt\aescrypt.exe" goto :Step1

26. Configure the screen not to turn off automatically

25. Disable IPv6 in the network interface settings

sudo dnf update

sudo dnf install -y postfix

sudo systemctl start postfix

sudo dnf install -y mailx

sudo systemctl restart postfix

sudo firewall-cmd –permanent –add-port=4444/tcp

14. Take a snapshot naming it kl_002.12.1

You might also like