Data Networking/Fall 2016/SAPS

From Wikiversity
Jump to navigation Jump to search

Team Members[edit | edit source]

1. Akshay Mahajan
2. Praveen Prakash
3. Sagar Raikar
4. Siddesh Shenoy

Objective[edit | edit source]

To create a secure, reliable and dynamic network that can support multiple hosts.

Behaviour of Protocols[edit | edit source]

Domain Name System[edit | edit source]

DNS(Domain name system) server also called as name server, which implements network services for providing responses to queries against directory services i.e. It translates user supplied host name (web site) to IP addresses and vice versa and which contains a databases of network names and IP address. DNS process flow: DNS client running on the user host, request a server page, at first it needs a IP address of that web server which is processed by the DNS Server.
1)First the client sends a query with the given hostname to the DNS server
2)The DNS server receives the query from the client and maps it with the IP address
3)The DNS server sends the IP address to the DNS client operating at the user machine
4)Once the Host user receives the IP address, it can access the web server.

Dynamic Host Configuration Protocol[edit | edit source]

DHCP referred to as Dynamic host configuration protocol. It is a client server protocol which assigns host with an IP address through a DHCP server. In general, DHCP automatically assigns IP address to new devices or to devices when moved from one subnet to another. DHCP server has as a pool of IP address and leases an address when it start up in the network and also has TCP/IP configuration parameters for all hosts on the network,that received IP address
Assigning IP addresses to the networking component can be done in the following ways.
Types of DHCP Allocation:
1) Automatic allocation - DHCP server assign permanent IP address to the client.
2) Dynamic allocation -DHCP server assigns IP address to the client only for a limited period of time. Automatic reuse of IP address is allowed.
3) Manual allocation -IP address Assigned by the network administrator and DHCP is used simply to convey the messages to the client.

Webserver & Firewall[edit | edit source]

A Web server is a software responsible for accepting HTTP request from the client, which are know as web browser and serving them the HTTP responses We are using apache 2 webserver to host our website, we are using a firewall for providing security to the website.
Algorithm of web server.
1) Client obtain server IP address from the DNS Server. 2) Client initiate a TCP connection to the server on port 80. 3) Server responds with the SYN-ACK message , thereby opening the port to request information. 4) Client sends an ACK message and request for HTML page.

Backup[edit | edit source]

Backup is done to the webserver file to add redundancy to the fle and make it robust . All the files in the webserver are sent to the backup in a zipped format at a scheduled time Backup for the webserver data is achieved by using rsync and ssh protocols.
Rsync is used to synchronize files between the webserver and the backup. Therefore whenever changes are made at the webserver the backup gets updated at the scheduled time.
Ssh provides a secure channel to send and receive files by using end to end encryption and decryption. .

Installation Steps[edit | edit source]

DNS[edit | edit source]

Step 1: Update the package list(

               sudo apt-get update

Step 2: Install Bind9 for DNS server configuration

sudo apt-get install bind9

Step 3: Make virtual machine interface as static

sudo nano /etc/network/interfaces

For IPv4 configuraiton

auto eth0
iface eth0 inet static

For IPv6 configuration
face eth0 inet6 static
address 2001:aaaa:1000:0000:0000:0000:0000:0007
netmask 64
gateway 2001:aaaa:1000:0000:0000:0000:0000:0001

             dns-nameservers 2001:aaaa:1000:0000:0000:0000:0000:0007
dns-nameservers 2001:aaaa:1000:0000:0000:0000:0000:0008

Step 4: Configuring the forwarding addresses

               sudo nano /etc/bind/named.conf.options
forwarders {
# Local DNS and Google DNS

sudo nano /etc/bind/named.conf.local

Step 6: Creating DNS forward Zone file

             sudo nano /etc/bind/db.siddesh.lanr

Step 7: Creating DNS reverse zone file
sudo nano /etc/bind/db.192

Step 8: Adding name server in resolv.conf file
sudo nano /etc/resolv.conf

Step 9: Adding server addresses in hosts file
sudo nano /etc/hosts

Step 10: Commands to start/ restart/stop the DNS server

sudo /etc/init.d/bind9 start
sudo /etc/init.d/bind9 restart
sudo /etc/init.d/bind9 stop

Step 11: Configuring named.conf.local file on slave

                          sudo nano /etc/bind/named.conf.options

Step 12: Adding server addresses in hosts file for slave
sudo nano /etc/hosts

DHCP[edit | edit source]

Step1: Install ISC-DHCP server for DHCP configuration

               sudo apt-get install isc-dhcp-server

Step2: Configuring static address for IPv4 DHCP

               sudo nano /etc/network/interfaces

Step3: Setting range for IPv4

sudo nano /etc/dhcp/dhcpd.conf

Step4: Setting up the interface

                sudo nano /etc/default/isc-dhcp-server

Step4: Restart to set the configuration
sudo service networking restart
sudo service isc-dhcp-server restart
sudo ifdown eth0
sudo ifup eth0
Step5: Setting static IP address for IPv6
sudo nano /etc/network/interfaces

Step6: Setting range for IPv6 address
sudo nano /etc/dhcp/dhcpd6.conf

Step7: Creating empty file
sudo nano/var/lib/dhcp/dhcpd6.leases

Step8: Verifying the configuration
/usr/sbin/dhcpd -6 –d –cf /etc/dhcp/dhcpd6.conf eth0

Step9: Restarting to set the configuration
sudo service networking restart
sudo service isc-dhcp-server restart
sudo ifdown eth0
sudo ifup eth0

Webserver[edit | edit source]

Step 1: Install Apache2 Webserver

                sudo apt-get install apache2 

Step 2: To create a HTML page for the Web server

                sudo chmod 755 /var/www/
Sudo chown -R $ user:$user /var/www/html/
Sudo nano /var/www/html/index.html

Step 3: Restart the web server

                sudo /etc/init.d/apache2 restart

Step 4: To test web server


Firewall[edit | edit source]

Step 1: Install firewall:
Command: sudo apt-get install ufw
Step 2Enabiling the firewall:
Command: Ufw enable
Step 3Checking the status
Command: Ufw status
Step 4To allow and deny or deny specific port.
Command: ufw deny proto tcp from to any port 80
ufw allow 80
ufw allow 22

Backup[edit | edit source]

Step 1: Install rsync on both web server and backup machine

                            sudo apt-get install rsync 

Step 2: Copy files from webserver to backup machine

                            rsync -avzhe ssh @:/var/www 

Step 3: Generate a public and a private key for security

                            ssh-keygen -trsa 

Step 4: Share the private and public key with the backup machine

                            ssh-copy-id -l  /root/.ssh/  vm3@

Step 5: Zipping the .HTML file and sending the file automatically using crontab

crontab –e
***** sudo tar –cvpzf /home/dnspraveen/finalbackup1234.tar.gz /var/www/html/index.html
***** rsync –azvp --delete –e ssh /home/dnspraveen/finalbackup1234.tar.gz /vm3@

Add-ons[edit | edit source]

VPN configuration[edit | edit source]

Step 1: Install Strongswan on both the machines
Command: sudo apt-get install ipsec-tools strongswan-starter
Step 2: Configure ipsec.conf file in Machine 1
Command: sudo nano /etc/ipsec.conf
1. authby=secret
this specifies authentication by accepting values secret
2. auto=route
this specifies that automatically at startup "route" is lodaded into the between left and right ip addresses and connection is established
3. keyexchange=ike
this specifies th the method of keyexchange and which protocol should be used to iniitalise the conection. ike reates to accepting both protocol ikev1 and ikev2
these are the end parameters specifing the ip address of the two endpoints for a VPN connection
4. type=transport
this specifies the type of connection to be done. the type "transport" specifies that a transport mode is host-to-host
5. esp=aes128gcm16!
esp aloright is defined and exclimation mark(!) at the end spcifies that responder to accept a specific cipher suite only
Step 3: Configure ipsec.secrets file in Machine 1
Command: sudo nano /etc/ipsec.secrets
Step 4: Restart IPsec
Command: ipsec restart
Step 5: Checking IPsec status
Command: ipsec statusall
This specifies a tunnel is established.
Step 6: Configure ipsec.conf file in Machine 2
Command: sudo nano /etc/ipsec.conf
Step 7: Configure ipsec.secrets file in Machine 2
Command: sudo nano /etc/ipsec.secrets
Step 8: Checking IPsec status on Machine 2
Command: watch ipsec statusall
Step 9: Testing the Tunnel
Command: ping -s 4048
Since we are able to observe ESP packets above going from interface we can conclude that IPsec has been applied and VPN tunnel is established

NFS[edit | edit source]

Server Side ( Step 1: Install nfs for server:
Command: sudo apt-get install nfs-kernel-server
Step 2: Create a directory path
Command: sudo mkdir /export/project
Step 3: Add in details in /etc/exports
Command: sudo nano /etc/exports
Step 4: Provide the permission
Command: sudo chown nobody:nogroup /export/project
Step 5: Export the Directory
Command: sudo exportfs -a
Step 6: Restarting
Command: sudo /etc/init.d/nfs-kernel-server start

Receiver Side ( Step 1: Install nfs for client
Command: sudo apt-get update
sudo apt-get install nfs-common
Step 2: Create a directory path to access the file from server
Command: mkdir –p /mnt/nfs/export/project
Step 3: Execute the mount command
Command: sudo mount /mnt/nfs/export/project/
Step 4: Verify by using df -h
Command: df -h

ARP[edit | edit source]

Scapy is a python script used to get the MAC address of the victim and the gateway it performs ARP spoofing followed by ARP poisoning.
It the allows a malicious attacker to construct a man in the middle attack.

Test Plan[edit | edit source]

DNS Test[edit | edit source]

DNS can be tested using the following commands
nslookup is used to query DNS server.

DHCP Test[edit | edit source]

A device entering a network gets an IP address, which is allocated by the DHCP server. IP address can be verified using .

                /var/lib/dhcp/dhcpd.leases    - This command is used to view the lease provided by the DHCP server to a particular device 
=== Webserver Test ===

Open the web browser and enter the host name or the local IP address. If it is working, then the web server is up and running.

Firewall Test[edit | edit source]

A client Can try to ping the servers which are blocked. If the response is request timed-out then, the firewall has blocked the client and it is working properly.
The client won't gain access to the webpage because it is forbidden.

Future Improvement[edit | edit source]

i. In this project WEB server can be made more secured by implimentng ssh security against DDOS attacks ii. The concept of Dynamic DNS can be implemented. iii. Provision of Multiple and automatic back-up for DNS , DHCP.

Conclusion[edit | edit source]

We have created a secure, reliable and dynamic network which can support multiple hosts, Provides DHCP and DNS functionalities and a back-up server for a secured web server.

References[edit | edit source]

j. Refernece: