The Final Project for this course is the capstone of this course – it is what all the previous assignments have led to, and it makes up the bulk of the assessment weighting. Much of what you are asked...

The Final Project for this course is the capstone of this course – it is what all the previous assignments have led to, and it makes up the bulk of the assessment weighting. Much of what you are asked to do is drawn from the weekly assessment tasks and material covered in the readings. Some additional research and reading will be required. Any questions of clarification or requests for help for the Final Project should be raised on the Course Forum under the topic 'Final Project'.
The Scenario You are required to setup and install a small network and set of servers to support a small company which operates a tomato packing plant. The plant operates in a small regional town and has 10 permanent employees and around 25 part-time and casual employees. The company requires a forward facing (connected to the Internet) Web Server that is located onsite in the main office. The National Broadband Network has just been enabled in the area so a high speed Internet connection is now available. An existing file server, TommyToe, used by the permanent employees to store various documents, spreadsheets, databases, etc., will need to be integrated into the new network. TommyToe runs Microsoft Windows or MacOS* as the operating system and is backed up daily via an attached high speed tape drive with suitable software. All new servers should mount a shared space on TommyToe to save backups to. These will then form part of the backup process already operating on the TommyToe server. COIT20266 Systems Security Administration Final Project [2] *students not using windows or mac as their host OS should simply use whichever they do have, e.g. Linux. The Network Summary A single internal network is to be created using DHCP for all networked device configuration. All servers (including TommyToe) should be allocated a fixed IP address by the DHCP server and have a fixed server name as specified below. All other client hosts should be allocated an IP address from a range of IP addresses. The internal network should be protected using a single gateway/firewall server. The Servers General To provide simple, robust and secure systems throughout the company the following standards and recommendations have been agreed to and must be adhered to, for all systems: * all servers will be Ubuntu based (excluding TommyToe) * lighttpd will be used for all web servers * Samba client is used for all internal file sharing requirements (ie Ubuntu servers accessing the Windows file server should have Samba client installed). * all new systems must be hardened and scanned for security issues prior to being made available for use * an intrusion detection and prevention systems (IDPS) must be running at all times * appropriate password aging must be implemented on all servers * assume that an appropriate DBMS such as MySQL is installed and used for managing company data in general. COIT20266 Systems Security Administration Final Project [3] DHCP Server [Cherry] A small, secure, dedicated server should be created that provides automatic server and client network configuration using DHCP. Only support staff will have access to this server. DHCP configuration must be backed up regularly and a simple recovery procedure must be developed in the event of server failure. It is suggested that one of the other servers be setup as a manual failover time-synced DHCP server with changeover procedures detailed in the recovery procedure. All servers should have fixed IP addresses assigned to them from the DHCP server, based on MAC addresses. The internal network IP address range to be used is 192.168.33.0/24. Web Server [BigBeef] The Web Server offers an overview of the organisation and provides potential casual staff with all necessary details to apply for a position within the company. The Web content is handled by an external web developer. The only requirements are that lighttpd and php5 be available on the server and that the server be very secure. Only support staff and the web developer should have access to the Web Server itself. File Server [TommyToe] The existing Microsoft Windows or Mac host computer is the file server. Client machines on the internal network, a mix of Windows, Mac OS and Linux machines, will all access the File Server using Samba shares. All client machines will receive network configuration from the DHCP server. All of the organisations servers and data should be backed up to the central File Server over the network. All backup procedures must be scripted, well documented and limited to a backup group of staff members.