#Task 1: Configuring SSH XXXXXXXXXX3 Marks) Secure Shell ( SSH ) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include...

1 answer below »


#Task 1: Configuring SSH (3 Marks)



Secure Shell(SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.SSH protocol usespublic-key cryptography to authenticate endpoints when setting up a terminal session as well as for encrypting session commands and output. In this task, your job is to perform the following tasks:



  1. Use Linux operating system setup under assessment item 1 to configure Virtual Machine network adapters as a private network (see diagram below),

  2. configure the ssh protocol on both client and server, (e.g., SSH CA Certificate, distributing SSH Public Key and all the necessary configurations),

  3. document all the steps and challenges while configuring the ssh protocol with a plain description of each step,

  4. explaining the cryptographic algorithms are used for the configuration.




























#Task 2: DNS configuration (6 Marks)


Implement server a simple local DNS server calledns1.StudentLastName.org.au. The Local DNS accepts queries from clients and tries to resolve them, first by checking its local cache. The Local DNS must reply toA,
NS, andCNAMErequests. Before you start to implement your server, you should have a clear understanding of the DNS protocol and, specifically, of the message format. You can find good information online inLearning DNS by Cricket Liuor the textbook and the lecture slides.


Local DNS must be able to resolve queries iteratively starting from a given root name server. In other words, Local DNS must work even with a root server that does not support recursive queries. Local DNS must also correctly handle canonical names (
www
). This means that a server (the root server or others) might reply with a CNAME record in response to a request for the A record for
www.ns1.studentLastName.org.au
. In this case, Local DNS should first resolve the CNAME record and then reply to the original request with a DNS message that includes both the canonical-name record (CNAME) for the original name and the address record (A) for the canonical name.


You should demonstrate your Local DNS fully functional and tests your local DNS using dig tool to submit queries to your DNS server. Below is a summary of the most important requirements for your implementation:



  • Your configuration must compile,

  • Your server must reply to DNS requests of typesA,NS,PTR, andCNAME. Other types are optional,

  • If your server receives a CNAME response from a name n while looking for the A record of n, your server should first recursively resolve the name returned in the CNAME record,

  • you have to demonstrate that DNS configuration/zone files are free from errors by using
    named-checkconf
    ,

    named-checkzone
    and

    systemctl status named

    with the proper arguments,

  • You have to install Local DNS usingBINDto implement local DNS,

  • You can easily test your implementation using the
    dig command
    with the proper arguments.




Note:




  • You are required to configure network virtual machines based on the above diagram,


  • document all the steps and challenges while configuring the DNS with a clear description of each step,


  • Submit all your zone/config files as an appendix.






#Task 3:Simple Web Services (3 Marks)




InstallingLEMPsoftware onServer 2. LEMP is a standard bundle in the Ubuntu Server platform. Once complete set up this Server 2 to host a website using the
NGINX web server
. The server should have astatically assigned addresswhich matches that specified in the A record for host www. Test your
NGINX
Server by using a web browser on another host and trying to browse the website LastNameStudentID.org.au. Once you have set up the webserver and tested it, install anFTPserver. The FTP server would allow users to upload/ download files to the webserver. Configure the server appropriately and then test from another host.




Next: in Server 2, your task is to configure the
NGINX web server
for the DNS namewww.StudentName.com.au. The server is implemented using the HTTP protocol listening on port 8181. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with aself-signed certificatefor the site.


Once configured correctly you should be able to accesswww.StudentName.com.auon bothHTTP/HTTPS ports. Naturally, you will need to make appropriate changes to your firewall rules.




  • document all the steps and challenges while configuring the LEMP with a clear description of each step,





#Task 4: Security and System-hardening (Configuring SELinux) (3 Marks)


Linux security is built on UNIX security. UNIX security consists of different solutions that were never developed with current IT security needs in mind. Most of the UNIX solutions focus on a part of the operating system only. That means that you need to collect a lot of different security solutions to get a secure operating system, which may be very hard. SELinux was developed to provide a complete and mandatory security solution. The basic principle is that if it is not specifically allowed it will be denied. That is what SELinux will do for you and that is what UNIX security won't bring you. As a result, all unknown services will always need additional configuration to enable them in an environment where SELinux is enabled. Overall, SELinux makes your system more secure, because it is one overall security solution, where things are only allowed to happen if the system administrator really wanted to allow them. In this task, you are required to:



  1. describes the difference between SELinuxenforcing and permissive modes,


  2. enableand
    enforcing permissive SELinux
    on Server 2,

  3. Ensure that thessh serviceis running on server 2,

  4. Make sure that the ssh service runs onports 22and2022,

  5. Once you have configured port numbers, usenetstate -Ztulpento check thatport 2022is being enforced by SELinux,

  6. if not, use set SELinux to enforce a permissive policy to fix the problem,

  7. use
    netstate -Ztulpen
    to check if the port2022is enforced by SELinux.




Answered Same DayJun 01, 2021ITC514Charles Sturt University

Answer To: #Task 1: Configuring SSH XXXXXXXXXX3 Marks) Secure Shell ( SSH ) is a cryptographic network...

Gaurav answered on Jun 03 2021
145 Votes
Server Configuration Task
Sanjeev
SSH Configuration
Figure: Generating the SSH key for secure setup connections
Here we
install the sshd service, then generate the key for the Public and Private key.
After that using the below command generate the keys
#ssh-keygen –t rsa
Then provide the file path and password for the Public key to cross validate it.
Figure – check the both the key we have create one for the Client side and the other for the server side for the authentication process.
Figure – Configure the File of SSH server named as sshd_config
Here we done the PasswordAuthehtication set to NO, UsePAM user as yes. And save the file.
Figure – Regenerate the key with the Private key use from the Server side to client side part
Here with the help of WinSCP tool, we just copy the private key we jus create and open in PuttyGen tool in windows and save it as new private key.
Figure – The key is imported successfully.
Figure – Getting the access from Client side to Server side through SSH connections.
Figure – RSA algorithm
Here in the above task I have taken the RSA crypto algorithm as it provide one of the best encryption method while communicating the information exchange between the server and...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here