Data Networking/Fall 2014/GRP061
Group Members
edit- Ruinan Hu
- Siying Ma
- Yenting Liao
- Zilu Zhao
Understanding the Protocol
editDomain Name System (DNS)
editThe Domain Name System is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. There are three classes of DNS servers: 1) Root DNS servers; 2) Top-level domain (TLD) server; 3) Authoritative DNS servers.
Dynamic Host Configuration Protocol (DHCP)
editDHCP stands for Dynamic Host Configuration Protocol. DHCP server is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers configured for a given network. DHCP can return more than just allocated IP address on subnet: 1) Address of first-hop router for client 2) Name and IP address of DNS server 3) Network mask (indicating network versus host portion of address)
DHCP Procedure
edit[file1] The communication between the DHCP server and the Client can be given as below: Step1: The Client sends DHCP-DISCOVER broadcast packet. Since no network configuration is there, source address is 0.0.0.0 and destination is 255.255.255.255. If server is in local subnet, it directly receives the message else a relay agent is used to pass request to DHCP server. Step2: Server receives DHCP-DISCOVER packet and offer available IP address to client by sending DHCP-OFFER. Step3: Client receives DHCP-OFFER and sends DHCP-REQUEST requesting the IP address lease offered. Step4: Server receives DHCP-REQUEST and grants IP address lease officially by sending DHCP-ACK. Step5: Client requests extension on lease before it expires. Step6: Server sends ACK to client granting an extension on the IP address lease.
Hypertext Transfer Protocol (HTTP)
editThe Web Server, which is also known as World Wide Web server, is to store the webpages, and transmit the webpages to the clients. And the content of the webpages are HTML documents, which may include images, text, sheets. etc. The protocol used between the web server and the clients is HTTP.
There are four steps during the HTTP process: Step1: The client send TCP request Step2: The web server send TCP response back to the client Step3: The client will send HTTP request Step4: The server sends the webpages (HTML documents) to the client using HTTP response message.
There are two kinds of HTTP: 1) Non-persistent HTTP, which means for each requested object, there should be a TCP connection. 2) Persistent HTTP, which means there is only one TCP connection between the server and client during the transmission of the webpage.
There are two versions of HTTP: HTTP1.0 and HTTP1.1: The difference is that HTTP 1.1 can use pipelining technology that can transmit the objects of the webpages faster. The port number of the web server for HTTP request is 80.
Virtual Private Network (VPN)
editA virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer or Wi-Fi-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users to secure their wireless transactions, to circumvent geo restrictions and censorship, and to connect to proxy servers for the purpose of protecting personal identity and location, also use VPN technology.
Network File System (NFS)
editNetwork File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The Network File System is an open standard defined in RFCs, allowing anyone to implement the protocol.
Firewall
editA Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set. Firewalls can be defined in many ways according to your level of understanding. A firewall establishes a barrier between a trusted, secure internal network and other network (e.g., the Internet) that is not assumed to be secure and trusted.
Backup (RSYNC)
editRSYNC can be used for Backup. The RSYNC is a file synchronization and file transfer program for Unix-like systems that minimizes network data transfer by using a form of delta encoding. The RSYNC can compress the data to save the bandwidth. RSYNC also supports SSH security channel to transfer files.
SNORT
editSNORT is an open source intrusion detection system. It can perform the real-time traffic analysis based on Internet Protocol network. It provides many capture function to get packets from network. It supports protocol analysis content search, and content matching. It helps administrator to detect probes or attacks, including, but not limited to, operation system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. The SNORT supports three main modes: sniffer, packet logger, and network intrusion detection. In the intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by user. The program will then perform a specific action based on what has been identified.
PSAD
editThe PSAD is a lightweight IDS system. It analyzes iptables log to detect port scans and other suspicious traffic. It support many rules from SNORT. 1) Iptables capture packets from network and save them to a log file. 2) PSAD loads the packets and then analyzes the packets according the rules. 3) If PSAD detect some suspicious action, it would send email alerts to administrator.
The Requirements
editDHCP
editScope of IP
editDefault Router 192.168.1.254 DNS 192.168.1.253 DHCP 192.168.1.252 WEB 192.168.1.251 Slave DNS 192.168.1.250 PXE 192.168.1.248 IP Range 1~246
PXE Boot
editPXE protocol stands for Preboot eXecution Environment. To ensure that the meaning of the client-server interaction is standardized as well, certain vendor option fields in DHCP protocol are used, which are allowed by the DHCP standard.
DNS
editDepending on the query forwarded by the client, the DNS can perform two functions: 1) Forward DNS Query – Hostname to IP address; 2) Reverse DNS Query – IP address to Hostname. In our project we use BIND 9. [file2] BIND is the most widely used Domain Name System (DNS) software on the Internet. The name originates as an acronym of Berkeley Internet Name Domain. The BIND 9 software distribution contains both a name server and a resolver interface library. BIND 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. Some of the important features of BIND 9 are DNS Security (DNSSEC, TSIG), IPv6, DNS Protocol Enhancements (IXFR, DDNS, DNS Notify, EDNS0), Views, Multiprocessor Support, and Improved Portability Architecture. There are some basic terms used in BIND 9: 1) Domains and Domain Name – The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree is called a domain. 2) Zones – A zone consists of those contiguous parts of the domain tree for which a name server has complete information and over which it has authority. It contains all domain names from a certain point downward in the domain tree except those which are delegated to other zones. 3) Authoritative Name Server – Each zone is served by at least one authoritative name server, which contains the complete data for the zones. There are two types of authoritative name servers: Master (Primary) and Slave (Secondary).
Webserver
editIn our project we use Apache2.
Apache
editNowadays, there are many kinds web servers, like Nginx, IIS, lighttpd, apache, etc. As half of the web servers in the world are apache web server, we choose apache as the web server of the company. Apache supports a variety of features; many implemented as compiled modules that extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support Perl, Python, Tcl, and PHP.
Firewall
editMake your server the most secured one in all possible ways. In this project, we allow data transfer between Web Server and Client on port 80 (for HTTP), port1194 (for OpenVPN) and port 22 (for RSYNC).
Backup server
editOur group use RSYNC as a backup tool.
Rsync
editRsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.
Steps to perform the setup / installation
editDHCP
editStep1: Install the required packages for DHCP server and TFTP server
sudo apt-get install dhcp3-server tftpd-hpa syslinux nfs-kernel-server initramfs-tools
Step2: Set network interfaces and edit eth0
sudo vi /etc/network/interfaces
Step3: Restart the networking service
sudo /etc/init.d/network restart
Step4: Change the network environment for DHCP
sudo vim /etc/default/isc-dhcp-server INTERFACES = “eth0”
Step5: Edit the configuration of DHCP file, to offer /tftpboot/pxelinux.0 as a boot file as a minimum. sudo vi /etc/dhcp/dhcpd.conf Step6: Restart the DHCP server
sudo service isc-dhcp-server restart
Step7: Configure the TFTP Server
1) Edit the configuration of TFTP file sudo /etc/default/tftpd-hpa 2) Set permission sudo chmod -R 777 /var/lib/tftpboot 3) Start the tftp-hpa service sudo /etc/init.d/tftpd-hpa start
DNS
editStep1: Install bind 9
apt-get install bind9
Step2: Enter the directory of the bind server
cd/etc/bind
Step3: Create a file for IP address resolution
touch bind9.ubuntu.e
Step4: Edit the file for IP address resolution (both ipv4 and ipv6) Step5: Create an address file for ipv4 reverse lookup
touch bind9.192.168.1
Step6: Edit the address file for ipv4 reverse lookup Step7: Create an address file for ipv6 reverse lookup
touch bind9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f
Step8: Edit the address file for ipv6 reverse lookup Step9: Edit the configuration file for named.conf.local Step10: Restart the DNS server
sudo /etc/init.d/bind9 restart
Slave DNS Server
editStep1: Clone an Ubuntu from the Master DNS Server as the Slave DNS server Step2: Assign IP address 192.168.1.250 to this server Step3: Modify the conf file of Master DNS Server, to allow Slave DNS Server to get transferred authority Step4: Edit the configuration file for named.conf.local Step5: Restart the DNS server
Web server
editStep1: Install the apache2 web server on the Linux OS, and we test whether it is installed correctly Step2: Install mysql which is a relational database management system. Because we need to save and change the files of the web site, so we need to use mysql to store the files. During the installation, we need to set a password for the root user. Step3: Install php to write our webpage. To test whether it is installed correctly. We can write a php file under /var/www/html, and then we browns localhost/php to see the result. Step4: Add modules for the php, like php-mysql modules and some other modules. We just search for all the modules and install some of them. Step5: Restart apache2, and we can see from the info.php that all the modules are installed. (e.g. install php5-mysql, php5-curl and php5-gd.) Step6: Install phpmyadmin, which we could use to manage the mysql database like add or delete the sheets. And we need to move its folder to /var/www/html, so that we can open it by typing localhost/phpmyadmin in the browser to open it. Step7: Change the content of the webpage.
Firewall
editStep1: Enable the firewall
ufw enable
Step2: Allow HTTP request to the webserver
ufw allow 80
Step3: Allow RSYNC
ufw allow 22
Step4: Allow OpenVPN
ufw allow 1194
Testing
editDHCP
edit• Checking each machine IP ( o Create Ad-hoc network and connect with webserver, DNS, and client. o Looking ifconfig in each machine that assigned the right specific IPv4 and IPv6 that fixed in DHCP server, in case of DNS and webserver. Also client IP is assigned within IP pool. • Check each service that provide by DHCP server can start successfully. o $ sudo service radvd restart o $ sudo service isc-dhcp-server restart o $ sudo service isc-dhcp-server6 restart o If it still fail, we should revise *.conf of each service.
DNS
edit1. Type in nslookup and check if IPv4 is working Check result that the IPv4 DNS server works well and every domain names reflects to the IP address properly. Problems we met: 1. IPv6 is not working after configuration. Solution: We first follow the syntax as the project paper, ipv6.arpa. But that turns out to be wrong, and we exchange the ipv6 to ip6 to make it usable. 2. The IP address is not coming out properly. Solution: we need to try the DNS server in our own network, or it will forward the query to our root DNS server. 3. DNS is not working at all. Solution: add our nameserver into the resolv.conf. both IPv4 and IPv6 of DNS server address.
Webserver
edit• To check to see if Apache is running open Firefox and type in the following web address:
http://localhost or, loopback address
We will see the message, "It Works!" This is the Apache homepage, the index.html file and it means the server has installed correctly and is currently running.
If it doesn’t see "It Works!" try starting the server. The commands to start, stop and restart Apache are:
$ sudo /etc/init.d/apache2 start
$ sudo /etc/init.d/apache2 stop
$ sudo /etc/init.d/apache2 restart
Integration
editIntegrate combination: 1. Set up a private wireless network by DHCP, assign the IPv4 and IPv6 for itself. Start isc-dhcp-server, isc-dhcp-server6 and radvd, then reconnect to that network. 2. Make Web server, DNS server and client connects to this network. Check if DNS server and Web server gets their fixed address(both IPv4 and IPv6) by DHCP. 3. First visit Web server with its IPv4 address and see if Web server is available to client. 4. Visit the Web server with its domain name, see if the DNS server works well. 5. Try to back-up file from Web server to a remote host automatically. Set the time in the crontab, and check if there is a new file existing in the target directory. 6. Due to the block of icmp message, we need to ping Web server's IP address, and confirm that the firewall is working. Problem we met: 1. Web server and DNS server is not able to connect to the network. Solution: isc-dhcp-server didn't run automatically, we need to sudo service isc-dhcp-server start, sudo service isc-dhcp-server6 start and sudo service radvd start before we set up the network. 2. The client cannot get a proper IPv6 address which should be ranged by the DHCP server. Solution: revise the radvd.conf---turn “AdvAutonomous” off in the DHCP server, restart radvd and reconnect to the network. 3. The client cannot visit Web server by domain name, while DNS server can. Solution: This problem is because that hosts other than DNS server don't know the ip address of the DNS server, so we need to enable the “option domain-name-servers” and set it as 192.168.10.2 in the dhcpd.conf. 4. The domain name of our web server has been used in the Internet. If our client host has been to that web page once, it cannot visit the right page in our network. Solution: We tried two solutions. The first one is to fix the DNS server, thus, client won't get to any domain server other than ours, but the problem is that this client won't be able to surf the Internet. The second one is to change our domain name. We tried both and decided to change our domain name from tic.com to sudotic.com, which is a easier way and causes no confusion. 5. The backup file cannot be automatically transferred. Solution: Firstly, we try to transfer file manually and it succeed. But it still cannot be done automatically. So secondly we checked the Internet and found the log file where you can get all the error information, and tried to check the problem every time when we failed to transfer the file. Then we found that there is something wrong the publickey which is denied by the remote host. Thirdly, we found another way to give the publickey to the remote host, using ssh-copy-id -i ~/.ssh/id_rsa.pub usr@backupserverIP
Add-on
editNIS-Network Information Service NFS- Network File System VPN-Virtual Private Network
Future improvement
editDHCP
DNS
Webserver/Backup/Firewall
-support more languages such as php mysql
-mail server will be provided
-encrypted backup file and provide more option about transfer file
-more efficient script
-improvement in security
-close all the hole