t-110.5102 laboratory works in networking and … · laboratory works in networking and security...
TRANSCRIPT
Introduction to Laboratory Works
T-110.5102 Laboratory Works in Networking and Security
Course Arrangements
11.9.2012 Otaniemi
Responsible teacher: Miika Komu
Head assistant: Antti Tolonen
Assistants:
Teemu Kämäräinen Matti Kemppainen
Eetu Jalonen Sipi Seppälä Artturi Karila
Use [email protected] to contact the course staff!
Course Personnel
Material & Contact Information
Course material and news:
https://noppa.aalto.fi/noppa/kurssi/t-110.5102/
Course personnel mailing list: [email protected]
IRC: /join !dcslabcourses (ircnet)
Contents of the Courses
l Web pages l https://noppa.aalto.fi/noppa/kurssi/t-110.5102/
l Get your hands dirty! l With the topics already learned on Computer Networks
course
l We hope you will learn basics of... l Configuring, monitoring and diagnosing of computer
networks and services l Configuring and inspection of network security
l No coding!
What’s new?
l Two lectures instead of one: general intro + UNIX / network tools intro
l Former two lab courses joint into a single one l New mix of assignments: path A or path B l No extra penalties or rewards l If you have completed any of the former lab courses
before or have completed assignments from previous years, contact the course staff
Prerequisites
l Highly recommended l T-110.4100 Computer networks, or l S-38.2188 Communication networks
l Very useful l Basics of UNIX/Linux system administration
• Command line • System commands
l Otherwise more work for you! l Next lecture is a brief primer on UNIX basics
• During the course, we assume you can do UNIX!
Enrollment for the Course
l Please register for the course in Oodi ASAP l Even if you're not sure to participate l You can unregister later l Choose which path (or both) you take in Oodi
l Deadline for course registration is 15.9. l If you register later...
l There will be more delay in setting up a virtual machine for you
l You will have less time for the assignments l Do you have a working email address in Oodi?
Material
l Google l Various RFCs at the IETF l Linux man pages (man -k keyword) l O'Reilly's Safari books at http://nelliportaali.fi/ l Linux Documentation Page l Debian Administrator's handbook
– http://debian-handbook.info/ – http://wiki.debian.org/ – http://www.debian-administration.org/
Assignments
l Rounds for path A 1. Network tools 2. Email server 3. IPv6 4. Encrypted filesystems 5. Firewall 6. Extra: LDAP
l Rounds for path B 1. Network tools 2. Web server 3. DNS 4. Network filesystems 5. VPN 6. Extra: Router
NB: course personnel may do minor corrections to the assignments
Environment for the Assignments
l Course provides you... l Three virtual Ubuntu servers l Each virtual machine has three network interfaces l DO NOT TOUCH eth0! l Personnel will send you accounts by email
l You can use your own virtual machines but... l ...then bring your laptop to the sessions! l Course assistants are not required to help you
with problems with your own virtual machines
Passing the Course 1/2 l T-110.5102 laboratory works in networking and
security l Path A: five (5) ECTS l Path B: five (5) ECTS l Path A+B: ten (10) ECTS l 5cr: 1 intro + 4 mandatory assignments (+ 1 extra) l 10cr: 1 intro + 8 mandatory assignments (+ 1 extra)
l You have demonstrate each assignment to an assistant to be graded
Passing the Course 2/2
l First assignment shared between the courses l Has to be completed only once!
l Optional extra assignment l Missed one of the mandatory assignments? Do it to pass the course.
l Can be used to increase your total score
l Extra assignment is mandatory if you're targeting for grade 5 l If you do 10cr during this Fall, you can only do either one
l Points published on the course Noppa pages l Each round is graded separately
l To pass the assignment, you need to get 30% of the points
l See Noppa for the complete grading information and grade limits
l Course feedback in December is mandatory
Demo and Reception Sessions l Weekly schedule for demo and reception sessions
– Reservation of session time to avoid overlap – Session room at A120 (aka playroom) at the CS building – Reservation system at https://playground.cs.hut.fi/kaiku/
l Reception session = face-to-face time with assistant – Troubleshoot difficult obstacles with assistant – The assistant will not do the exercise for you – Ask your questions during the reception week, not demo!
l Demo sessions (also in room A120) – Demonstrate your solution for the assignment face-to-face – Do not ask help from the assistant; he asks questions! – Thinking aloud is encouraged!
On Course Policies l Can I bring paper notes? Or can I use electronic notes and copy paste?
l Yes but you should leave all material you brought to course personnel
l Can I script?
l You can but not often useful (and you'll have to explain the script to assistant)
l Can I work with a pair?
l Yes but you will have to demo with your own virtual machines without your pair!
l See also the next question!
l Can I just reuse the work of some other student?
l Zero tolerance; plagiarism will lead to failing of the whole course
l The course personnel will ask “quiz” questions related to the topic (unlisted in the assignment) to test that you have understood what you're doing
l Did you understand what you were doing and why things work as they do?
l Plagiarism cases are notified to the department
First Joint Lab Assignment: Network tools
l Basic UNIX-tools for networking
l ifconfig, netstat, dig …
l Simple client-server communication with netcat and telnet
l The use of man pages!
A2: Email Server l Setup an e-mail server
l Configuring Postfix
l Fighting spam with procmail and spamassassin
l Procmail used also for non-spam filtering
A3: IPv6 l Build a small network with IPv6
l Routing with static or advertised routes
l Connect to global IPv6 using Teredo tunneling
A4: Encrypted Filesystems l Simulation of encryption of an external memory (such as an usb
memory stick)
l Two different schemes: l Encrypted loopback device with dm_crypt
l Encryption layer for an existing filesystem with encFS
l Truecrypt also used to create a hidden volume inside another encrypted volume -> “plausible deniability”
A5: Firewall l Firewalling basics
l Packet filtering with netfilter/iptables
l squid as web proxy to control traffic
Extra A6: LDAP l Lightweight Directory Access Protocol
l In this assignment used for authentication l Can be used to many other things
l Steps: l 1. Implement server
l 2. Create database
l 3. Setup client
B4: Network Filesystems l Setup and compare various network filesystems
l NFS
l Samba
l sshfs
l WebDAV
B5: VPN l Introduction to Virtual Private Network (VPN) concept
l OpenVPN used to establish a host-to-net VPN scenario
Extra B6: Router l Playing with Cisco router simulator software CCNA Network
Visualizer 6.0
l With preliminary subnetting exercise
l Topics: DHCP, NAT, ACL, Virtual LAN, dynamic vs. static routing