Category:I802 Firewalls and VPN IPSec: Difference between revisions
Line 61: | Line 61: | ||
* [https://www.mediawiki.org/wiki/MediaWiki Wiki], for exchanging information, [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Configuration_Examples set up LDAP to authenticate with domain controller and later possibly configure web server to authenticate with Kerberos] | * [https://www.mediawiki.org/wiki/MediaWiki Wiki], for exchanging information, [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Configuration_Examples set up LDAP to authenticate with domain controller and later possibly configure web server to authenticate with Kerberos] | ||
* Windows XP workstation, join to domain | * Windows XP workstation, join to domain | ||
* Ubuntu 16.04 MATE workstation, [https://raw.githubusercontent.com/laurivosandi/puppet-butterknife/master/files/etc/butterknife/helpers/join-domain join to domain] | * Ubuntu 16.04 MATE workstation, [https://raw.githubusercontent.com/laurivosandi/puppet-butterknife/master/files/etc/butterknife/helpers/join-domain join to domain]. Possibly also set up as LTSP server, so we can boot terminals in 417 | ||
* OpenVPN connection to headquarters, use shared secret at first, later X509 certificates | * OpenVPN connection to headquarters, use shared secret at first, later X509 certificates | ||
* [https://github.com/bpoldoja/pastebin Pastebin] (Berit) | * [https://github.com/bpoldoja/pastebin Pastebin] (Berit) |
Revision as of 07:14, 8 September 2016
Firewalls and VPN/IPSec
General information
ECTS: 4
Lecturer: Lauri Võsandi
Scenario
In this course we will attempt to set up a network similar to a corporate network with multiple offices, eg http://docplayer.it/docs-images/20/596222/images/25-0.png
We will use VPN software to connect subnets to each other and we will use VPN software to connect our personal computers to the intranet.
For this course we have 3 Sun servers, each with 16GB of RAM. In each server we should be able to create 3 or more virtual machines. As host operating system we will install Ubuntu 16.04 server. On disks set up ext4 on mdraid set up in RAID1 configuration.
For virtualization let's use libvirtd and virt-manager on your Ubuntu laptops. Adventurous might want to try to set up Kimchi web interface.
Offices
Headquarters
Gateway: 193.40.194.220
DNS: 193.40.0.12, 193.40.56.245
Public IP address (eth0): 193.40.194.160/24
Internal IP address of the physical server (eth1): 172.16.1.1/24
Management network IP address (eth2), accessible from robotics club: 192.168.12.10
Team members: Keijo, Anton, Mohanad, Etienne
Services:
- domain controller, at this point primarily for user accounts (Keijo)
- nginx web server, for company's homepage (Anton)
- SMB/CIFS fileserver, join to domain (Etienne)
- VPN server for other subnets, presumably OpenVPN
Research & development
Gateway: 193.40.194.220
DNS: 193.40.0.12, 193.40.56.245
Public IP address (eth0): 193.40.194.161/24
Internal IP address of the physical server (eth1): 172.16.2.1/24
Management network IP address (eth2), accessible from robotics club: 192.168.12.11
Team members: Marvin, Madis, Taavi, Berit, Joosep
Services:
- Git hosting, for sharing scripts, set up LDAP to authenticate with domain controller
- Wiki, for exchanging information, set up LDAP to authenticate with domain controller and later possibly configure web server to authenticate with Kerberos
- Windows XP workstation, join to domain
- Ubuntu 16.04 MATE workstation, join to domain. Possibly also set up as LTSP server, so we can boot terminals in 417
- OpenVPN connection to headquarters, use shared secret at first, later X509 certificates
- Pastebin (Berit)
Devops
Gateway: 193.40.194.220
DNS: 193.40.0.12, 193.40.56.245
Public IP address (eth0): 193.40.194.162/24
Internal IP address of the physical server (eth1): 172.16.3.1/24
Management network IP address (eth2), accessible from robotics club: 192.168.12.12
Team members: Arti, Meelis Hass, Artur O, Sheela, Ilja (exchange)
Services:
- IRC, for chatting
- Certificate management for roadwarriors
- Monitoring software of your choice to make sure that services are up and running
- E-mail for sending notifications from monitoring software at first
- Later, in the beginning just monitor public services: OpenVPN connection to headquarters
Pentest
Find security issues in the deployed services.
Team members: Kustas, Ender, Indrek (?)
This category currently contains no pages or media.