Category:I802 Firewalls and VPN IPSec (2017): Difference between revisions

From ICO wiki
Jump to navigationJump to search
Line 23: Line 23:
Send your SSH public key to Lauri and state which service you want to take care of.
Send your SSH public key to Lauri and state which service you want to take care of.


* Get the service up and running (10p)
Collect 100p in total to pass the course, note that there are opportunities to collect much more points in total:
* Configure Let's Encrypt certificates for your service if applicable (10p)
 
* Add your service to monitoring at mon.momcorp.eu (10p)
* Get the service up and running (15p)
* Enable log forwarding to log.momcorp.eu (10p)
* Configure Let's Encrypt certificates for your service if applicable (15p)
* Configure your service to send e-mails (mail.momcorp.eu) if applicable (10p)
* Add your service to monitoring at mon.momcorp.eu (15p)
* Enable log forwarding to log.momcorp.eu (15p)
* Configure your service to send e-mails (mail.momcorp.eu) if applicable (15p)
* Keep the service up and running through the semester (up to -20p)
* Keep the service up and running through the semester (up to -20p)
* Keep the bad guys out from your servers (up to -30p)
* Keep the bad guys out from your servers (up to -30p)
* Have a disaster recovery plan (up to -20p)
* Have a disaster recovery plan (up to -20p)
* Configure layer3 firewall (10p)
* Configure layer3 firewall (15p)
* Configure application firewall(s) if applicable
* Configure application firewall(s) if applicable
* Configure your laptop to connect to intranet using OpenVPN and IPSec (10p)
* Configure your laptop to connect to intranet using OpenVPN and IPSec (15p)
* Configure your mobile device to connect to intranet using OpenVPN or IPSec (10p)
* Configure your mobile device to connect to intranet using OpenVPN or IPSec (15p)
* Configure your service to use authentication from AD (20p)
* Configure your service to use authentication from AD (20p)



Revision as of 09:53, 11 September 2017

Firewalls and VPN/IPSec

General information

ECTS: 4

Lecturer: Lauri Võsandi


Scenario

In this course we will attempt to set up a network similar to a corporate network with multiple offices, eg http://docplayer.it/docs-images/20/596222/images/25-0.png

Our virtual company's story is based on Mom's Friendly Robot Company.

We will use VPN software to connect subnets to each other and we will use VPN software to connect our personal computers to the intranet.


Grading

If you don't know what to do pick a topic from the services list below. Send your SSH public key to Lauri and state which service you want to take care of.

Collect 100p in total to pass the course, note that there are opportunities to collect much more points in total:

  • Get the service up and running (15p)
  • Configure Let's Encrypt certificates for your service if applicable (15p)
  • Add your service to monitoring at mon.momcorp.eu (15p)
  • Enable log forwarding to log.momcorp.eu (15p)
  • Configure your service to send e-mails (mail.momcorp.eu) if applicable (15p)
  • Keep the service up and running through the semester (up to -20p)
  • Keep the bad guys out from your servers (up to -30p)
  • Have a disaster recovery plan (up to -20p)
  • Configure layer3 firewall (15p)
  • Configure application firewall(s) if applicable
  • Configure your laptop to connect to intranet using OpenVPN and IPSec (15p)
  • Configure your mobile device to connect to intranet using OpenVPN or IPSec (15p)
  • Configure your service to use authentication from AD (20p)

Services

To support our virtual company in everyday business we need to provide them with a variety of services:

  • www.momcorp.eu - Install nginx and create a homepage for the company and link to remaining sites. ???
  • shop.momcorp.eu - Install Magento and add some fictive products like dark matter and neutron star. ???
  • wiki.momcorp.eu - Install MediaWiki, later integrate with AD. Peep
  • blog.momcorp.eu - Install WordPress, later integrate with AD. Steven
  • chat.momcorp.eu - Install IRC server, provide multiple channels for developers. Install some web based software for customer helldesk. Ardi
  • ns1.momcorp.eu - Primary Bind9 installation, later also add DNSSEC. ???
  • ns2.momcorp.eu - Secondary Bind9 installation in another physical host. ???
  • git.momcorp.eu - Gogs installation. ???
  • mon.momcorp.eu - Nagios monitoring. Nika
  • log.momcorp.eu - Graylog or similar for central logging. ???
  • mail.momcorp.eu - Mailserver with Postfix (postfw, greylisting, dkim, spf, setup secondary mx), later with AD integration if exchange won't be used. Andris
  • ca.momcorp.eu - Java servlet container, EJBCA installation for certificate management. ???
  • nas.momcorp.eu - Samba fileserver. Hindrek

This category currently contains no pages or media.