the matrix photo studio

Securing Web Server and File Sharing in Matrix Photo Studio

1

CHAPTER 1

INTRODUCTION

1.1 Background

Today, many companies used technology to easy their work. In the

competition of business which progressively rises, where system of

management is need in business world like this time. Linux operating system

becomes one of the best chosen; it can handle many tasks as good as

Microsoft. It was implemented by Matrix Photo Studio that located in Jl.

Supratman No. 13 Bandung, but still has weaknesses.

No doubt again opinion of expressing of company expanded in system

of management with security system. And also no doubt again technology is

one of the factor of in this case is “data”, which are data sharing, data security,

centralized data, web server and many more.

Centralized data is a very needed in a company in all area, such as, in

education area, restaurant, business area, and also government. It’s used in a

Photo Studio is very complex. At this opportunity the writer will try to make

data in Matrix Photo Studio centralized and easy to be accessed anytime

anywhere also secure in transmitting the transaction in web service using the

service implemented in Linux Operating System.

1.2 Problem Formulation

1. How to make the data centralized?

2. How to manage data sharing using FTP in Linux?

3. How to build the Web Server and Mail Server?

4. How to make Secure Web Server?

1.3 Purpose

As the purpose of Project is:

1. Adding and performing knowledge and science about how to

implement Linux Administration in Matrix Photo Studio.

2. We can manage data from Management in Matrix Photo Studio.


2

3. Makes the company efficient and secure in the process of transaction

and access manner in web service.

1.4 Benefit

1. Making the writer know about implementation and administration of

Linux Operating System.

2. Data is more efficient and secure because of FTP and firewall and

data centralized.

3. The writer can design and implement syntax command of Linux in

Matrix Photo Studio.

4. Customer easy to do the transaction and access information about

Matrix Photo Studio.

1.5 Problem boundaries

Problems which we discuss in this Project include:

1. We only discuss about configuration FTP.

2. What are the firewall and the implementation inside?

3. What is web server and mail server about the configuration in Matrix

Photo Studio?

1.6. Writing Systematic

The writing systematic for this project of “Securing Web Server and

File Sharing in Matrix Photo Studio” consists of four chapters, that is:

CHAPTER 1 INTRODUCTION

Explain about article background, problem formulation, purpose,

benefit, problem boundaries, writing systematic, and time schedule.

CHAPTER 2 CONTENT

This chapter explains about the current system and envisioned system

of Matrix Photo Studio.

CHAPTER 3 ANALYSIS

This chapter explains about the Design System of Network Design

Logical Design, Physical Design, Implementing Network, Requirement

System, Implementation System, Installation and OS Configuration, Service


3

Configuration, Testing, Cost Implementation.

CHAPTER 4 CLOSING

This chapter explains about conclusion and suggestion.

BIBLIOGRAPHY

APPENDIX

1.7 Time Schedule

Table 1.1 Time Schedule

No Activities February 2009

14 15 16 17 18 19 20 21 22 23 24

1

Looking of Data

2

Making Abstraction

and Preface

3

Make Chapter I – IV

4

Make Closing

6

Making Slide Show

7

Monitoring


4

CHAPTER 2

BUSINESS PROCESS

2.1 Current System of Matrix Photo Studio

At the time, all the administration and transaction on the Matrix Photo

Studio used manual administration and a simple implementation program, the

confessional or manual manner as well. So the progress report and process

transaction was very slow and little bit confusing. There so many data, such as

billing transaction, ordering product, client request, and many more.

But here, they were not collected all in the same media, they were

booked in every single book, such as record menu displayed in manual book.

And about the web service that was developed so simple and not secure

anymore. No web service was activated before, and just advertisement. No

firewall activated in the system, so the result of security was not implemented

well, inside of many threats in the internetworking traffic. About the security

of File Sharing still used old configuration and not secure.

2.2 Envisioned System of Matrix Photo Studio

Matrix Photo Studio wants a Linux program which can make easy in

transferring data, and web application that can make easy in accessing

information about our services. So the user of Matrix Photo Studio can enjoy

the services.

So, we try to make the services about sharing file in Linux OS using

FTP (File Transfer Protocol), and we used the Secure FTP by activating

additional service in FTP configuration. About the system of networking

implemented in Matrix Photo Studio uses firewall for eliminating whose can

enter to the private or internal network. By using the firewall we can control

the connection manner, and it is about the security data packet anymore. About

the ordering to the customer we user web server and using mail service, used

postfix, and can send back to the customer via their email address as well.


5

CHAPTER 3

ANALISYS

3.1 Design System of Network Design

3.1.1 Logical Design

In the logical design explains about the design of the system in

general view. At this time, Matrix Photo Studio needs some device to

connect the web server to the Internet using the ISP of Speedy developed

by Telkom. There has some device such as Router, Switch, PC, Web

Server, FTP Server, and DNS and so on. How it can be connected to

build the right system and services? Here is about the Logical design.

Internet -- ISP Speedy

Router

Web Server,

DNS, FTP, Mail

Server, Firewall,

Customer

Service

Admin

Room

Print

ServerArt Media

Router

SwitchSwitchSwitch Switch

Picture 3.1 Logical Design Network of Matrix Photo Studio


6

3.1.2 Physical Design

The detail configuration of all devices about called the Physical

Design which represents the entire network device, so they are set into

one good system network used by Matrix Photo Studio. Here is the

illustration of it.

INTERNET

Admin

RoomPrint

Server

Art Media

Customer

Service

Switch 8 Port

ADSL Router

Firewall Enabled

Modem Router

DNS, Web, Mail,

FTP Server

Picture 3.2 Physical Design Network of Matrix Photo Studio

3.1.3 Implementing Network

A. Subnetting

- Matrix Photo Studio make the subnetting for making a secure

transmission and privacy sharing from one host to another. We have five

groups of subnetting, Art Media, Print Server, Admin, Customer Service

and Server Room. It should be depends on host for allocating the

subnetting.


7

Maximum host = 6 Computer (Art Media)

So the formula,

2n-2>=6 computer

N = 4

255.255.255.0

11111111.11111111.11111111.00000000

11111111.11111111.11111111.11110000

New Subnet Mask >> 255.255.255.240

Block Per Subnet = 256-240

= 16 Block

Address Range = 192.168.0.0 - 192.168.0.15

192.168.0.16 - 192.168.0.31

192.168.0.32 - 192.168.0.47

192.168.0.48 - 192.168.0.63

.…….. – 192.168.0.254

B. IP Allocation

In a real implementation, Matrix Photo Studio has IP Allocation

according the Server or Department to make easy in security settings and

privacy, also for development phase in the next time. Here is the allocation.

Table of IP Allocation

No. Department/Server IP Address/Network ID

1. Core Server 192.168.0.2

2. Public IP Address 202.17.10.2

3. Art Media 192.168.0.16

4. Customer Service 192.168.0.32

5. Admin 192.168.0.48

6. Print Server 192.168.0.64


8

C. Routing Process

1. Configure the IP eth0 (default) in the

2. Configure the eth1

vi /etc/sysconfig/network-scripts/ifcfg-eth1

3. Setting ip_forwarding and masquerading.

vi /etc/rc.d/rc.local

And add the script:

echo “1″ > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A POSROUTING -s 192.168.0.0/24 [eth0 –j]

MASQUERADE

4. Ada route of router as shown bellow.


9

5. Finally test the configuration.

Ping the 192.168.0.3

3.2 Requirement System

The requirements, analyzed from the above case study, are as follows:

Network topology

a. The network should be easy to install and reconfigure

b. System administrator should be able to add new users without

disturbing the current setup

c. The network topology is not expensive and reliable

Network Model

a. Centralized data storage

b. Shared data processing

c. Authentication of users from a centralized location

Network Cabling

a. Reliability and speed

b. Less expensive

Network Operating System

a. Easy to install and administer

b. User friendly, Reliable and free of charges and licenses

c. Routing capability


10

Network Protocol

a. Connectivity across computer running on different operating

systems and different configuration

b. Easy to manage the protocol

c. High speed and reliable

Network Security

a. Protection against virus attacks

b. Secure data transfer

c. Analyze system configurations and vulnerabilities

d. Spam mails should not be allowed

Other Requirements

The other requirements are:

a. Static allocation of IP Address: IP Static

b. Uploading files to the clients: FTP Server

c. Domain specification : DNS server

d. Online Service to end-clients : Web Server

e. Communication trough e-mail: Mail Server

3.3 Implementation System

3.3.1 Installation

1. Press the “Start this virtual machine” to start the installation and

wait the loading. And type “linux text” to enter the text mode

installation, and press Enter.


11

2. In welcome screen, click OK to continue.

3. Choose the language section to install and choose the keyboard that

is used, about “US”. And click Ok.

4. In the disk partition setup press “Disk Druid” and OK

5. And set the partition of it in option: new, edit, delete dll.

6. Crate the “swap” partition as virtual memory on the Hard disk about

512 MB.

7. Create mount partition as: /. And choose the “fill all available space”

press Ok.

8. Check the configuration carefully and press OK


12

9. In the “Boot Loader Configuration” window set as the requirement,

be careful of it and press Ok.

10. Here is the configuration was made before, read it carefully and

click OK.

11. In this window should be committing about the security, assumed no

GRUB password and click OK.

12. Here about the place wants to be installed of Linux, press OK.

13. In the network configuration for eth0 select all “Configure using

DHCP” and “activate on boot”. And click OK.

14. About configuration of hostname choose “Automatically via DHCP”

press OK

15. Enable the “Firewall”. And press OK.

16. Select the language that is used in Linux, for instance English UK

and click OK.

17. Choose time zonal we are living, example Asia/Jakarta

18. Set the root password as you can and easy to be remembered by

yourself.


13

19. Select the software additional package want to be installed or leave

it.

20. In the “customise” of package group selection, select the programs

will be customized. Select as the requirement and click OK.

21. Will appear the window “Installation to begin” it just clicks OK to

start formatting phase.


14

3.3.2 Operating System Configuration

A. Desktop Environment

Matrix Photo Studio uses GNOME Desktop Environment

which is a legal desktop from GNOME Project and this is

acronym of GNU Network Object Model Environment. Why we

use GNOME because GNOME has characteristic economical

memory usage than KDE, so that way, GNOME is little bit faster

than KDE (it is caused of GNOME not orienting in graphical as

like KDE). Once more it is about performance.

Picture 3.1 The Screen Shoot of GNOME in Linux Red Hat Enterprise

B. Package Installation

1. Squirrelmail-1.4.11.tar.gz used for developing a simple

webmail server

2. Redhat-switch-mail-0.5.20-1.src.rpm used for building MTA

switcher to select a service between mail service, ex. Postfix,

qmail, and sendmail.

C. User Configuration

We divide the user configuration into two main

configuration that is user account planning and group planning as


15

shown bellow.

1. User Accounts Planning

Table of User Accounts Planning

No. User Login Name Member of Group Password

1. Irfan Customer Service irfan

2. Ririn Admin ririn

3. Algry Art Media algry

2. Group Planning

Table of Groups Planning

D. Backup Configuration

It used for backup the necessary file stored in computer in

each department, for detail allocation and configuration follow

this table.

Table of Backup Configuration

Folder to be

Backed Up

Backup Media Type of

Backup

Day Responsibility

Order Hard disk Incremental Friday Irfan

Finance Hard disk Full Friday Ririn

Art Hard disk Incremental Friday Algry

No. Groups Description

1. Art Handles task of Art Media Department

2. Print Handles task of Print Server Department

3. Admin Handles task of Admin Department

4. Service Handles task of Customer Service Department


16

3.3.3 Service Configuration

A. Domain Name System

Make sure that the package was installed, and the setting of

installation is “Everything” minimally all service network enabled.

Use "rpm -qa | grep bind command:

#bind-utils-9.2.4-2

#bind-9.2.4.-2

#bind-libs-9.2.4-2

#bind-chroot-9.2.4-2

If not installed yet, mount the CDROM:

[root@localhost]# mount /media/cdrom/

Then follow this command:

[root@localhost]# rpm –ivh --

/media/cdrom/RedHat/RPMS/bind-9.2.4-2.i386.rpm

[root@localhost cdrom]# rpm –ivh --

RedHat/RPMS/caching-nameserver-7.3-3.noarch.rpm

After all package installed well, it should be configured about

the file inside.

1). Configure the file /etc/named.conf

Open the file "vi /etc/named.conf", and add the script

bellow.

2). Create file in

“/var/named/chroot/var/named/matrix.net.id.db”.


17

3). Then create file in the

“/var/named/chroot/var/named/0.168.192.db”.

4). Link the file which already made by:

5). Then configure the file “/etc/resolv.conf” and add the

script "nameserver 192.168.0.2"

And the IP must be in eth0 192.168.0.2 using command

"ifconfig eth0 192.168.0.2" as shown bellow.

6). Restart the service by "service named restart" to see

the last configuration made.

7). Then write this "nslookup 192.168.0.2" to unsure

configuration was made set correctly or "ping

matrix.net.id", the result as shown bellow.


18

Make Alias Domain Name Server

In the matrix.net.id we make Alias for the domain matrix.net.id,

the name of alias is algry.com. We modify file

“/var/named/chroot/var/named/matrix.net.id.db”, then we add the

argument in the last array that is “alrgy IN CNAME

matrix.net.id”.

This is picture of file that we had been modified.

After making the alias, we want to test that matrix.net.id can be

reach with domain algry.com.


19

B. FTP Server

File Transfer Protocol is a service for file sharing request, it is

about sharing file. The user can send (upload) file to the server and can

take them (download) from the server. It can be developed using

vsstpd application. Here is the step for making this service.

1. Make sure that was installed by checking “rpm –qa | grep ftp”

2. Some service that must be configured such as,

1. etc/vsftpd.ftpusers (can be added the draft of

login user that not allowed to access FTP Server)

2. etc/vsftpd.user_list

3. etc/vsftpd/vsftpd.conf (main file configuration)

3. The steps to make FTP Server and secure it

4. Edit etc/vsftpd/vsftpd.conf, set and add the syntax as

shown bellow.

For eliminating the user in the etc/vsftpd/user_list

make sure that the configuration as shown bellow.

Remove the commend of #, from the entry as shown bellow

for storing all the log information to the file

/var/log/vsftpd.log


20

5. Create user accounts on the FTP Server

We create user accounts as irfan, ririn, algry with the same

password with the name. After that we put the name above to

the file /etc/vsftpd.user_list as shown bellow.

6. Verify authentication access to the FTP Server

Check the saved configuration of FTP Server by doing this

command,

The result is right as shown bellow, if the configuration is

right also. And you should test the FTP Server or Secure

FTP Server by this command.

You can add the file wants to be shared to the one folder


21

called /var/ftp/pub. It means that the content of the

folder are free to be downloaded as the authentication user

wants.

C. Firewall Configuration

4. First, it should check the firewall, already installed or not using

command,

5. If you want a data packet allowed for entering and leaving the

port but it is not routed anymore, use this command,

6. To open the route of in and out data use this command,

7. And if you want to test is the firewall works, follow this

command,

To limit the acceses of client to server using IP tables, the command is :


22

D. Web Server

1. In Red Hat Enterprise 4 already installed Apache. And become

one service application in Linux namely httpd. Using this

command.

2. If no installed yet, do the same action as we explain before.

And the main point DNS must run well about matrix.net.id.

After that we should configure the directive file located in

/etc/httpd/conf/httpd.conf

Enter the Server Name match with DNS before [matrix.net.id]

3. Run the httpd service using the command.

And for checking the configuration run or not, uses the netstat

command

Or uses the command telnet, and to see the response of it open

the HEAD/HTML, as shown bellow


23

4. The other ways use the Web Browser, such as, Mozilla,

Internet Explorer, Konqueoror, etc.

5. For customizing the index file, it stored in /var/www/html

and must be configured about the welcome file in

/etc/httpd/conf.d/welcome.conf

We use the noindex.html that was being modified. Use the

command:


24

cp /var/www/error/noindex.html --

/var/www/html/index.html,

After customizing the index, you will see the result as shown bellow.

E. Mail Server

To configure postfix it should be edited the file.

1. Edit the /etc/postfix/main.cf to identify the domain name and the

local delivery workstation address.

Then make new entry again as follow:

And then add the command myorigin=$mydomain

Add the entry of the mydestination become as follow


25

Edit the inet_interfaces = all

Add the network become mynetworks = 127.0.0.0/8,

192.168.0.0/24

Make sure and op eth # of home_mailbox = Maildir/

Open the # of header_checks = regexp:/etc/postfix/header_checks

and add the command as shown below:

Close all configurations and save it.

2. Activate the Postfix as the default mail server

Use the MTA Switcher tool to activate postfix as default mail

server and deactivate Sendmail. First, deactivate the Sendmail mail

server by:

Then invoke the MTA Switcher tool use the command:

3. Start the postfix

The Client-Mail Configuration

Set all needs configuration to the client, so the user can send

and receive the e-mail across mail server using Postfix.

1. Identify the identity of person who handles the mail server, as

shown bellow.


26

2. Set all need the receiving mail as same as the requirement,

such as shown bellow.

3. It is about sending configuration, it used SMTP, set the host

name as shown bellow. It is almost over the confifuration, you

need to check it carefully, and enjoy e-mail services.


27

Test the configuration made you should send a message: irfan

send to algry about the order photo. Follow this command:

3.4 Testing

1. It can not switch the mail services

Solution

It was not installed yet about the package Redhat-switch-mail-0.5.20-

1.src.rpm, install it and run the same command.

2. It cannot send an e-mail


28

Solution

- Enable the dovecot properties in the ntsysv service. The set all the

required setting in the Domain configuration as

- Restart the services of postfix, network and named

3.5 Cost Implementation

Product : Router Price Justification

TP-link TL WR6416-4

Port

Rp. 480.000 Because this router

have a speed 100Mbps

Product : Antivirus Price Justification

Kaspersky Linux

Version

Rp.500.000 We would be using it

because of the security

are complete

Product : RJ 45 Price Justification

RJ 45 RP. 15000/box connector from

switch

computer and etc.

Product : Cable UTP Price Justification

UTP CAT 5 Rp. 5.000/meter Because this version

can handle of

transmission data up to

100Mbps so the speed

in transmission is fast.

Product : Complete CPU Price Justification

Complete CPU Intel

Pentium 4

Rp 4.500.000,00 This computer is

enough for

requirements


29

Product : Switch Price Justification

D-link DES-1008D Rp. 204.900,00 Because the flexibly

connect to Ethernet

and have a speed

810/100 Mbps Port

Product : Printer Price Justification

Canon IP 1880 Rp. 450.000 Because the printer is

enough for used in the

system and the price is

low.


30

CHAPTER IV

CLOSING

4.1 Conclusion

After explaining about Matrix Photo Studio above, we can get some of

the conclusion for making sharpness in understanding the content and all about

our problem formulation. Here, one of them:

7. DNS used to handle the domain requirement in matrix.net.id and

becomes the main point to run other application stored in

/etc/named.conf,

/var/named/chroot/var/named/matrix.net.id.db, and

/var/named/chroot/var/named/0.168.192.db

8. FTP used for handling the file sharing task in Matrix Photo Studio by

enabling the FTP Configuration stored in the /etc/vsftpd/ftpuser,

/etc/vsftpd/user_list, and /etc/vsftpd/vsftpd.conf

9. To the security phase need a firewall to again the spam or other bad packet

across the internet.

10. ............................................................................................................. W

eb Server is used to develop and give services to the department in Natrix.inc

about the connection and service to the customer that built in editing the

/etc/httpd/conf/httpd.conf

11. Mail Server gives the service mail to the customer and the employee in every

occasion needed stored in /etc/postfix/main.cf, and

/etc/postfix/master.cf

4.2 Suggestion

Here we suggest when wants to built the same service ensure that all

requirements, costs are planned well. Then on the next arrangement of paper

we suggest explain more detail of process transmitting data, routing process

and the firewall configuration more detail.


31

BIBLIOGRAPHY

[1] http://www.redhat.com/docs [January 19 2008]

[2] http://id.wikipedia.org/wiki/FTP [January 19 2008]

[3] http://id.wikipedia.org/wiki/Web Server [January 19 2008]

[4] [email protected] Guide Linux Networking and Security

Administration

[5] [email protected] Guide Implementing and Mmanaging Security

[6] [email protected] and Reference reading guide

http://id.wikipedia.org/wiki/FTP

mailto:[email protected]

the matrix photo studio

Documents