introduction to the course network architecture hervey allen chris evans phil regnauld september 3 -...
TRANSCRIPT
Introduction ToThe Course Network Architecture
Hervey AllenChris Evans
Phil Regnauld
September 3 - 4, 2009Santiago, Chile
Overview
• Course Architecture Diagram• Introducing Your “ccTLD”• How to Connect to Your Network• Practice Exercises
2
Course Architecture
• This architecture was designed to give each group of students a sample “registry” to secure, operate, and defend
• Each group of two students will be assigned one registry network.
• Each group will have a separate registry consisting of a Cisco Router, Name Server, and Network Operations Center server at a minimum
• Other servers and routers exist on the network to simulate an “Internet connected” registry and support course delivery
• All student “servers” are virtualized!
3
Course Architecture
• Connectivity– Each “ccTLD” is separated from the network by a
gateway router – which is under YOUR control– Each “ccTLD” connects to the same “ISP” router
which provides live Internet access (except during attack scenarios) and inter-connectivity
– The ISP router also connects the instructor management servers and attack boxes
– The Core Router provides Internet access and connects you to the ISP and your “ccTLD”
4
Course Architecture
• DNS Architecture– A “Root” name server is setup on 192.168.128.20
which provides delegations to the ccTLD networks and to regular TLDs when connected live.
– A “ISP” name server provides recursive services for _everyone_ on the network
– Each “ccTLD” has an authoritative name server for their own networks (e.g. .TLD1)
5
Root (.)
.MGMT .TLD1 .TLD2 … .TLD8
Course Architecture
• Core Services– Course Support Server: 192.168.75.20– NTP: 192.168.128.5
6
Course Architecture
7
Course Architecture
8
YOU ARE HERE!
Course Architecture
9
A “ccTLD” Network
Course Architecture
10
The Core Router
Course Architecture
11
The “ISP” Router
Course Architecture
12
The Management Network
Course Architecture
13
Your Laptop Internet Access
Course Architecture
14
ccTLD Internet Connectivity
Course Architecture
15
Backchannel Connection to ccTLD
ISP Router
Course Architecture
16
“External Monitoring”
Course Architecture
17
“Attack” Path
Course Architecture
18
Here’s YOUR ccTLD NetworkHere’s YOUR ccTLD Network
Introducing Your “ccTLD”
19
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Recursive NameServer
Introducing Your “ccTLD”
20
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Root NameServer
Introducing Your “ccTLD”
21
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
ISP Router
Introducing Your “ccTLD”
22
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Your Router
Introducing Your “ccTLD”
23
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Your Auth NameServer
Introducing Your “ccTLD”
24
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Your NOC
Introducing Your “ccTLD”
25
A “Cheat Sheet” is Available on the Wiki
A “Cheat Sheet” is Available on the Wiki
Your “Office” Workstation
Connecting to Your “ccTLD”
26
This is Great But, How Do I Use It?!
This is Great But, How Do I Use It?!
Connecting to Your “ccTLD”
• A Word on Programs – SSH (Secure Shell) is the primary connection protocol used in this
network. You must provide a username AND a identity key to login
– You can use any ssh client you are familiar with, but we have Putty available for Windows users
– To view web pages on your network (e.g. network monitoring from your NOC), use any browser you are comfortable with
– To view GUI programs on your network (e.g. wireshark, a packet capture program), you must redirect X11 output via a SSH connection • On Windows, this requires a X11 server; we suggest Xming• On Linux, its easy, use the –X option with ssh
• Download links for Putty, XMing, and identity keys are available on the wiki… 27
Connecting to Your “ccTLD”
• Connecting to Your Router– SSH as ‘tldadmin’ user to 192.168.10X.1– Password: tldadmin!– Enable Password: tldadmin!
• Example: ssh [email protected]
28
Remember - A “Cheat Sheet” is Available on the Wiki
Remember - A “Cheat Sheet” is Available on the Wiki
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your Router with Putty– IP Address: 192.168.101.1– Click “Open”
29
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your Router with Putty– You will be doing this a lot! – Save connection information as a Session!– IP Address: 192.168.101.1– Session Name: TLD-Router– Click “Save”
30
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your Nameserver– SSH as ‘tldadmin’, with tldadmin identity key to
192.168.10X.10– Password: tldadmin!
• Example: ssh –i tldadmin [email protected]
31
Remember - A “Cheat Sheet” is Available on the Wiki
Remember - A “Cheat Sheet” is Available on the Wiki
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– IP Address: 192.168.10X.10– Enter “TLD-NS1” in Saved
Sessions Box
32
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– Click Connection -> SSH -> Auth– Identity File: Path to tldadmin.ppk
33
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– Click Connection -> SSH -> X11– Check “Enable X11 Forwarding”– Put Your Laptop IP Address Here
• e.g. 192.168.75.101
34
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– Click Connection -> Data– Enter ‘tldadmin’ for Auto-login username
35
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– Click Session– Click “Save”
36
Connecting to Your “ccTLD”
• Connecting to Your Nameserver with Putty– Double Click the Session Name to Connect!
37
Connecting to Your “ccTLD”
• Connecting to Your NOC– SSH as ‘tldadmin’, with tldadmin identity key to
192.168.10X.30– Password: tldadmin!
• Example: ssh –i tldadmin [email protected]
38
Remember - A “Cheat Sheet” is Available on the Wiki
Remember - A “Cheat Sheet” is Available on the Wiki
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– IP Address: 192.168.10X.30– Enter “TLD-NOC” in Saved
Sessions Box
39
X – your group number, 1-8
X – your group number, 1-8
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– Click Connection -> SSH -> Auth– Identity File: Path to tldadmin.ppk
40
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– Click Connection -> SSH -> X11– Check “Enable X11 Forwarding”– Put Your Laptop IP Address Here
• e.g. 192.168.75.101
41
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– Click Connection -> Data– Enter ‘tldadmin’ for Auto-login username
42
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– Click Session– Click “Save”
43
Connecting to Your “ccTLD”
• Connecting to Your NOC with Putty– Double Click the Session Name to Connect!
44
Your “ccTLD” Cheat Sheet
• View Your Copy on the Course Wiki
• Usernames, Passwords, Keys, IPS, and sample command line instructions included
45
Your “ccTLD” Configuration
• Your Router Has Very Minor Security Precautions, No ACLs, and only allows SSH
• Your NOC is a base installation of Ubuntu 8.10 Desktop with OpenSSH server – We’ll be adding to this as we move through the course
• Your NS is a base installation of Ubuntu 8.10 Server with OpenSSH and BIND– We may make BIND configuration changes as we go
46
Ground Rules
• Please respect other student’s registries – while you have the power to do so, do not change them!
• Please respect the underlying servers running VMWare!
• Please don’t make any configuration changes except those presented in class – they may break attack scenarios!
• Please respect the course management servers, wiki and attack boxes – they are there to assist in course delivery!
• Do not conduct cyber attacks on others students or the instructors!
47
Practice Exercises
• View Exercises on Wiki1. Login to your Nameserver by SSH2. Login to your NOC by SSH3. Run wireshark on your NOC with X11 Forwarding
** Be sure to save your SSH profiles to make connections easier – you’ll be doing a lot of this!
48
EX: Intro to Course
Architecture
QUESTIONS ON YOUR “CCTLD”?
49
?