Day 2: Small Business Online Shop - Home Operation

Part 1 – LAMP Stack Installation (Debian Server)

System Preparation

• sudo -s
• apt update
• apt upgrade -y
• apt install wget -y
• apt install apache2 -y
• systemctl enable apache2
• systemctl start apache2

MySQL Installation

• MySQL Repo
• wget https://repo.mysql.com//mysql-apt-config_0.8.36-1_all.deb
• apt install ./mysql-apt-config_0.8.36-1_all.deb
• apt update
• apt install mysql-server -y
• systemctl enable mysql.service
• systemctl start mysql.service
• netstat -tunap

Web Directory Test

• cd /var/www/html
• echo "helloworld" > hello.html

PHP Installation

• apt install php -y
• apt install php-mysqli -y

MySQL Configuration

• mysql -u root -p

Run the following inside MySQL:

create database mydatabase;
create user 'mydbuser'@'localhost' identified by 'mypassword';
grant all privileges on mydatabase.* to 'mydbuser'@'localhost';
flush privileges;
show databases;
    

Wordpress Install

• wget https://wordpress.org/latest.zip
• uznip latest.zip

Part 2 – Business Scenario

Environment

• One Windows workstation (home computer)
• WordPress site hosted online
• Business selling handmade blankets

Discussion Questions

1. What security measures need to be in place?
2. What security practices need to be taught?
3. How could you, as a Cybersecurity Professional, provide the most value?

SSH Configuration

• Set up SSH key from Windows workstation to web server

Part 5 – Security Testing

• Download Wireshark on Windows desktop
• Log in to WordPress

Analysis Questions

• Can you see credentials in plain text?
• How did you identify them?
• What is a better solution?

Improvement Discussion

• Enable SSL (HTTPS)
• Separate Web and Database servers
• Are SSH keys necessary?
• What real-world attack scenarios could occur?

Bonus

• Install MySQL Workbench
• Install additional WordPress plugins and themes