Introduction to Laboratory Works

T-110.5102 Laboratory Works in Networking and Security

Course Arrangements

11.9.2012 Otaniemi

Responsible teacher: Miika Komu

Head assistant: Antti Tolonen

Assistants:

Teemu Kämäräinen Matti Kemppainen

Eetu Jalonen Sipi Seppälä Artturi Karila

Use T-110.5102@list.aalto.fi to contact the course staff!

Course Personnel

Material & Contact Information

Course material and news:

https://noppa.aalto.fi/noppa/kurssi/t-110.5102/

Course personnel mailing list: T-110.5102@list.aalto.fi

IRC: /join !dcslabcourses (ircnet)

Contents of the Courses

l  Web pages l  https://noppa.aalto.fi/noppa/kurssi/t-110.5102/

l  Get your hands dirty! l  With the topics already learned on Computer Networks

course

l  We hope you will learn basics of... l  Configuring, monitoring and diagnosing of computer

networks and services l  Configuring and inspection of network security

l  No coding!

What’s new?

l  Two lectures instead of one: general intro + UNIX / network tools intro

l  Former two lab courses joint into a single one l  New mix of assignments: path A or path B l  No extra penalties or rewards l  If you have completed any of the former lab courses

before or have completed assignments from previous years, contact the course staff

Prerequisites

l  Highly recommended l  T-110.4100 Computer networks, or l  S-38.2188 Communication networks

l  Very useful l  Basics of UNIX/Linux system administration

•  Command line •  System commands

l  Otherwise more work for you! l  Next lecture is a brief primer on UNIX basics

•  During the course, we assume you can do UNIX!

Enrollment for the Course

l  Please register for the course in Oodi ASAP l  Even if you're not sure to participate l  You can unregister later l  Choose which path (or both) you take in Oodi

l  Deadline for course registration is 15.9. l  If you register later...

l  There will be more delay in setting up a virtual machine for you

l  You will have less time for the assignments l  Do you have a working email address in Oodi?

Material

l  Google l  Various RFCs at the IETF l  Linux man pages (man -k keyword) l  O'Reilly's Safari books at http://nelliportaali.fi/ l  Linux Documentation Page l  Debian Administrator's handbook

–  http://debian-handbook.info/ –  http://wiki.debian.org/ –  http://www.debian-administration.org/

Assignments

l  Rounds for path A 1. Network tools 2. Email server 3. IPv6 4. Encrypted filesystems 5. Firewall 6. Extra: LDAP

l  Rounds for path B 1. Network tools 2. Web server 3. DNS 4. Network filesystems 5. VPN 6. Extra: Router

NB: course personnel may do minor corrections to the assignments

Schedule (see Noppa)

Environment for the Assignments

l  Course provides you... l  Three virtual Ubuntu servers l  Each virtual machine has three network interfaces l  DO NOT TOUCH eth0! l  Personnel will send you accounts by email

l  You can use your own virtual machines but... l  ...then bring your laptop to the sessions! l  Course assistants are not required to help you

with problems with your own virtual machines

Passing the Course 1/2 l  T-110.5102 laboratory works in networking and

security l  Path A: five (5) ECTS l  Path B: five (5) ECTS l  Path A+B: ten (10) ECTS l  5cr: 1 intro + 4 mandatory assignments (+ 1 extra) l  10cr: 1 intro + 8 mandatory assignments (+ 1 extra)

l  You have demonstrate each assignment to an assistant to be graded

Passing the Course 2/2

l  First assignment shared between the courses l  Has to be completed only once!

l  Optional extra assignment l  Missed one of the mandatory assignments? Do it to pass the course.

l  Can be used to increase your total score

l  Extra assignment is mandatory if you're targeting for grade 5 l  If you do 10cr during this Fall, you can only do either one

l  Points published on the course Noppa pages l  Each round is graded separately

l  To pass the assignment, you need to get 30% of the points

l  See Noppa for the complete grading information and grade limits

l  Course feedback in December is mandatory

Demo and Reception Sessions l  Weekly schedule for demo and reception sessions

–  Reservation of session time to avoid overlap –  Session room at A120 (aka playroom) at the CS building –  Reservation system at https://playground.cs.hut.fi/kaiku/

l  Reception session = face-to-face time with assistant –  Troubleshoot difficult obstacles with assistant –  The assistant will not do the exercise for you –  Ask your questions during the reception week, not demo!

l  Demo sessions (also in room A120) –  Demonstrate your solution for the assignment face-to-face –  Do not ask help from the assistant; he asks questions! –  Thinking aloud is encouraged!

On Course Policies l  Can I bring paper notes? Or can I use electronic notes and copy paste?

l  Yes but you should leave all material you brought to course personnel

l  Can I script?

l  You can but not often useful (and you'll have to explain the script to assistant)

l  Can I work with a pair?

l  Yes but you will have to demo with your own virtual machines without your pair!

l  See also the next question!

l  Can I just reuse the work of some other student?

l  Zero tolerance; plagiarism will lead to failing of the whole course

l  The course personnel will ask “quiz” questions related to the topic (unlisted in the assignment) to test that you have understood what you're doing

l  Did you understand what you were doing and why things work as they do?

l  Plagiarism cases are notified to the department

First Joint Lab Assignment: Network tools

l  Basic UNIX-tools for networking

l  ifconfig, netstat, dig …

l  Simple client-server communication with netcat and telnet

l  The use of man pages!

Path A

A2: Email Server l  Setup an e-mail server

l  Configuring Postfix

l  Fighting spam with procmail and spamassassin

l  Procmail used also for non-spam filtering

A3: IPv6 l  Build a small network with IPv6

l  Routing with static or advertised routes

l  Connect to global IPv6 using Teredo tunneling

A4: Encrypted Filesystems l  Simulation of encryption of an external memory (such as an usb

memory stick)

l  Two different schemes: l  Encrypted loopback device with dm_crypt

l  Encryption layer for an existing filesystem with encFS

l  Truecrypt also used to create a hidden volume inside another encrypted volume -> “plausible deniability”

A5: Firewall l  Firewalling basics

l  Packet filtering with netfilter/iptables

l  squid as web proxy to control traffic

Extra A6: LDAP l  Lightweight Directory Access Protocol

l  In this assignment used for authentication l  Can be used to many other things

l  Steps: l  1. Implement server

l  2. Create database

l  3. Setup client

Path B

B2: Web server l  Apache configurations

l  Serving dynamic pages using Django framework

l  SSL/HTTPS

B3: DNS l  Create caching-only name server with BIND9

l  Own domain .insec

l  Subdomains

B4: Network Filesystems l  Setup and compare various network filesystems

l  NFS

l  Samba

l  sshfs

l  WebDAV

B5: VPN l  Introduction to Virtual Private Network (VPN) concept

l  OpenVPN used to establish a host-to-net VPN scenario

Extra B6: Router l  Playing with Cisco router simulator software CCNA Network

Visualizer 6.0

l  With preliminary subnetting exercise

l  Topics: DHCP, NAT, ACL, Virtual LAN, dynamic vs. static routing

Questions?