Reference no: EM132300419
Assignment - Managing Services and Security
Task - Your job in this assignment is to create two Virtual machines each running a different but the latest distribution of Linux Ubuntu Server and Fedora Server. Each of these VM's is to offer services to a user base.
The Virtual Machines can be implemented using any hypervisor e.g. VMWare Player, Virtual Box or anything else you think is appropriate.
You can use bridged or host-only networking when setting up these Virtual Machines. When implementing the Virtual Machines, rather than obtaining an address from the Hypervisors DHCP server you should ensure the addresses used are static and assigned from your network. YOU WILL NEED TO WORK OUT WHAT ADDRESS SPACE YOU ARE USING AND HOW IT WILL IMPACT YOUR LAN.
Set up the ip addresses for your systems to include key digits of your student number. Let A represent the first digit of your student number down to H representing the last digit. This is explained in the table below.
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
1
|
1
|
6
|
7
|
2
|
3
|
1
|
8
|
Ubuntu Server IP: XXX.XXX.1BC.0GH
Fedora Server IP: XXX.XXX.1DE.1ED
Substituting your digits from your student in place of the letters above.
Part 1: Virtual Machine One (Ubuntu) - DNS & SSH Server
The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ namespace your name server should manage the following domains: your_last_name.net.au
The name server should answer queries for this domain. In addition to the your_last_name.net.au zone, a zone should be set up for the reverse zone - the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones.
You should set up the your_last_name.net.au zone with the usual information including SOA, NS and other records where appropriate. The address used for this should be the address of the virtual machine. You should give this Virtual Machine an A record with the name Ubuntu Linux. You should also create an A record for the Fedora system.
In addition to this, you should create a CNAME record with the name mysql. When a user does a lookup onmysql.your_last_name.net.au - the address returned should be that of the Fedora system.
Be sure to create the appropriate reverse (PTR) records for the machines and to help other administrators be sure to put in place appropriate TXT records.
Once complete, you should fine-tune your DNS Servers Virtual machine. Do this by disabling services that were installed but are not required. Be very careful not to break anything here. As a tip, you will want to keep both DNS, SSH, database and web services active. Ensure DNS, SSH, database and web services are invoked at startup.
Finally, harden the two Linux Servers using a firewall. Set up filters which allow access to the services DNS and web from anywhere, and restrict SSH and database to only your two Linux servers. You can assume this incoming traffic can come from anywhere. You will need to make sure these rules always take affect at boot.
Your resolve test result should able to query from any of your server.
Document the entire process and challenges you experienced. You can install BIND from source or using your package manager.
Part 2: Virtual Machine Two (Fedora) - Web and Database servers
Once complete set up this Virtual Machine to host a website using the Apache Web Server and database server using MySQL. Ensure PHP is enabled with Apache and database services and able to show proof from phpinfo().
The Virtual Machine should have a statically assigned address which matches that specified in the A record for host mysql. Test your Apache Server Virtual Machine by using a web browser on another host and trying to browse the websitemysql.your_last_name.net.au.
Finally, harden this host so that only services being used can be accessed by other machines. You will need to use iptables for Fedora or ufw for Ubuntu.
Confirm that you can connect to both ssh and mysql from virtual machine one (Ubuntu).
Document the entire process and challenges you experienced.
Part 3: Remote File Access
Provide two methods to transfer files to any of Linux server from remote. At least one is secured and another non-secure file transfer method.
Document the entire process and challenges you experienced.
Part 4: Simple Web Services
In Virtual Machine Two set up a web server for the DNS www.your_last_name.net.au. Make sure you create an appropriate CNAME in the DNS service on the Ubuntu Server. The web server on the Fedora system is implemented using the HTTP protocol listening on port 8888. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with a self-signed certificate for the site.
Once configured correctly you should be able to access www.your_last_name.net.au on both HTTP/HTTPS ports. Naturally, you will need to make appropriate changes to your firewall rules.
Document the entire process and challenges you experienced.
Rationale - This assessment task will assess the following learning outcome/s:
- be able to apply technical knowledge to manage servers.
- be able to investigate the layout of server file systems.
- be able to plan, create and manage information services.
- be able to design and write scripts to automate various server management tasks.
- be able to justify an appropriate protection strategy for data and services.
- be able to critically evaluate security policies and procedures.
In this assignment students will develop a understanding and appreciation for building complex services whilst considering impacts on security.
Length: 15 - 20 pages including screenshots.