Data Networking/Fall 2016/SARA

Motivation

edit

This project builds a deeper understanding of basic Networking fundamentals through practical implementation of a Domain Name System Server (DNS), Dynamic Host configuration Protocol Server (DHCP), Web Server, Firewall, Backup Server. The concepts that are part of the Data Networking class (TELE5330) became clearer through the implementation of this project.

The aim of this project is to deliver a complete network solution in which the servers and clients will be able to obtain an IP address from the DHCP server, and then with the help of our DNS Server, the users within our network should be able to successfully fetch the web page that is being host in our own web server... Moreover, we will implement and configure extra networking tools like firewall, backup server etc. to provide a robust, secure, intelligent inter-networking scheme that could be used at any company or organization.

Team Members

edit

1. Shriya Kane

2. Aditya Kulkarni

3. Rohit Dongare

4. Amruta Kondra

Behaviour of Protocols

edit

Domain Name System

edit

DNS resolves domain names into corresponding IP addresses also vice versa. It runs over primarily on UDP and on TCP on port number 53. Reverse look up is facilitated by in-addr.arpa. It follows hierarchical system of Local name servers, Root name servers, Top level domain (TLD) servers and Authoritative name servers. Generally, queries from host to local name server are recursive and rest all are iterative. Resource record is a four-tuple: {Name, Value, Type, TTL}

1. A: Name is hostname and Value is IP address.

2. AAAA: Name is hostname and Value is IPv6 address.

3. NS: Name is hostname and Value is the hostname of the authoritative server.

4. CNAME: Value is the canonical name for a Name hostname.

5. MX: Translation of an alias mail server to its canonical name.

6. PTR: Gives IP address to hostname translation.

Dynamic Host Configuration Protocol

edit

Dynamic Host Configuration Protocol is a client/server protocol that automatically assigns IP-addresses to client machines. It also provides related configuration information like the subnet mask, DNS server, default gateway etc. DHCP is controlled by a DHCP server which helps in automatic allocation of the IP addresses to the machines from a defined range of IP's for a given network .

There are 3 ways of IP address allocation:

  1. Static Allocation:-IP addresses are assigned statically and remain fix until changes are made by the network administrator.
  2. Dynamic Allocation:-IP addresses are assigned to the machines from a specified IP address range in the DHCP server.We can assign both IPv4 and IPv6 addresses.In dynamic allocation to avoid wastage of IP addresses , we need to provide a suitable subnet mask for correct IP address allocation.
  3. Automatic Allocation:-Same IP address is allocated when a machine connects to a network.

Webserver & Firewall

edit

A Webserver is a program that uses HTTP to respond to requests made by clients. A computers browser acts as a client which makes a request to a server. The Server can be requested using the fixed IP address of the server as well. Since it is difficult for users to remember the IP address of servers the fixed IP address is mapped with to a unique name using the DNS server. In this case the fixed IP address of the server is 10.10.10.5 and the name it is mapped to is Linuxsara.com. The secondary web server IP 10.10.10.6 is also mapped to the same name. Apache2 is one of the most commonly used web server. This web server is sed to serve Web pages requested by client computers.

A firewall is a network security implementation that allows or denies specific network traffic to the monitored incoming and outgoing traffic. Ubuntu has an inbuilt firewall called “uncomplicated firewall”- ufw. By default, ufw is disabled. We need to enable ufw and add the specific commands to allow or deny IP addresses and protocols.

Backup Server

edit

In order to prevent the loss of data due to any unforeseen events backing up of the data is of at most importance. System backup provides security to the network by retaining compressed versions of the filesystems of various nodes in the network.The web server has to create a backup of its files and store in a remote server. In the event of system crash, corruption or failure, the filesystem can be restored from the backup that was stored beforehand. Systems backups are taken as frequently as desired.

Signalling

edit

Domain Name System

edit

1. DNS request is sent to Local DNS server.

2. Local DNS forwards the query to Root name server.

3. Root name server responds with the A record for TLD server.

4. Local DNS then sends query to TLD.

5. TLD responds with NS and A record for the Authoritative server.

6. Local DNS then queries Authoritative server and it in turn responds with the A record for the queried hostname.

7. Local DNS then responds with that reply from Authoritative server to the client.


Dynamic Host Configuration Protocol

edit

DHCP signalling:-

DHCP is a connection-less service model which uses UDP (User Data-gram Protocol). DHCP uses two UDP ports for its operations , 67 is used by the DHCP server and 68 is used by the DHCP client. These ports are similar to the BOOTP protocol.

The DHCP operates as follows:-

1) DHCP DISCOVER: The DHCP server starts with a client broadcasting a request using a destination address or a specific subnet broadcast address.This is the IP address lease request.

2) DHCP OFFER: Once the DHCP server receives the DHCPrequest from the client, the server reserves an IP address for that client and makes the lease offer by sending a DHCPOFFER message to the client. The DHCP OFFER message contains the MAC address of the client, the leased IP address, the subnet mask, the lease duration and the the IP address of the DHCP server.

3) DHCP REQUEST: In response to the DHCPOFFER message, the client replies with a DHCPREQUEST to the server,requesting the offered address.The client can receive DHCP offers from multiple DHCP servers,but the client accepts only one offer. The servers are informed about whose offer is accepted by the client.When the other servers receive this message, they withdraw their offer and send back the offered IP address back to the IP pool.

4) DHCP ACKNOWLEDGEMENT: When the DHCP server receives the DHCPREQUEST message from the client,the configuration goes into the final state.In this phase a DHCPACK packet is sent to the client.This packet has the information about the lease duration and other details requested by the client.

Web Server

edit

1.Download the apache2 package for webserver.

2.After the package is installed, the Apache 2 web server is started.

3.Change the directory if desired. (It has been done in this project)

4.The web page of the server is changed and restarted.

5.Add specific address to web server port.

6.To listen only on specific IP address we add commands to ensure web server listens only on specific IPv4 and IPv6 address. Server listens on port 80.

7.Backup data in compressed form which the backup server can retrieve when required.

Firewall

edit

1. The IP tables are configured in the web server.

2. The HTTP response and HTTP request from the web server are accepted, forwarded or rejected based on the IP tables.

Backup Server

edit

1. The web server backs up its data with backup server.

2. It retrieves the compressed data of .zip file format by using rsync command and with the help of ssh protocol, the data is synced between the web server and the backup serve

3. All these commands are automated using crontab

The Requirements

edit
  • Implement a DHCP server that assigns IP addresses to the clients in the network
  • Implement a web server that hosts a web page
  • Implement a master DNS server and a slave DNS server
  • Ensure that the clients in the network can access the web pages in the server by getting the name-to-IP address resolved by the DNS server
  • Create backups of the webpages of the web server to another backup server on the network

Hierarchy

edit

Dynamic Host Configuration Protocol (DHCP)

        1. When a clients joins a private network, the Dynamic Host Configuration Protocol(DHCP) assigns an IP address based on the DHCP pool to the client.
        2. The client initially sends an DHCP discover message to determine the DHCP server.
        3. The DHCP server broadcasts a DHCP Offer message to the client with an IP address.
        4. The client sends an DHCP request with the required IP address in the pool of IP address.
        5. The DHCP server acknowledges the IP address by sending an DHCP Acknowledgement message back to the client.

Client -> DNS Server -> Client

        1.Client sends HTTP request to web server by its URL.
        2.DNS request is sent to the appropriate DNS server
        3.Client receives DNS response with the corresponding IP address for the web server.

Web Server

        1.Using the IP address corresponding to the particular Domain name the Client sends a HTTP request to the Web Server.
        2.The Web server responds to the Client with its HTML page
        3.Web server creates a Backup zip file. 

Backup Server

        1. The web server backs up its data with backup server.
        2. By using rsync command and with the help of ssh protocol, the data is synced between the webserver and the backup server.
        3. All these commands are automated using crontab.

Configuration

edit

BIND9 DNS server is used. Master and slave configuration is implemented in which slave is updated automatically with the master DNS. Both forward and reverse look ups have been implemented.

Steps to configure Master DNS server:

1.Installing BIND9 DNS server:

        sudo apt-get install bind9 bind9utils bind9-d

2.Change hostname:

       sudo nano /etc/hostname
       primary

3.Edit hosts file:

       sudo nano /etc/hosts
       127.0.0.1       localhost
       10.10.10.2      primary.linuxsara.com primary

4.Edit file

       sudo nano /etc/resolvconf/resolv.conf.d/head
       nameserver 10.10.10.2
       nameserver 10.10.10.3
       search linuxsara.com

5.Edit this file to configure forwarders:

       sudo nano /etc/bind/named.conf.options
       forwarders {
               10.10.10.1;
        };

6.Create forward and reverse zones:

       sudo nano /etc/bind/named.conf.local
       # Forward zone
            zone "linuxsara.com" {
            type master;
            file "/etc/bind/zones/db.linuxsara.com";
               allow-transfer {10.10.10.3;};
            };
       # Reverse IPv4 Zone
            zone "10.10.10.in-addr.arpa" {
            type master;
            file "/etc/bind/zones/db.10";
               allow-transfer {10.10.10.3;};
            };
  1. Reverse IPv6 Zone
zone "1.0.1.f.0.0.1.0.8.b.d.0.1.0.0.2.ip6.arpa" {
            type master;
            file "/etc/bind/zones/db.2001";
               allow-transfer {10.10.10.3;};
            };

7.Create folder ‘Zones’

        sudo mkdir /etc/bind/zones

8.Copy contents of local hostname file to the file ‘db.linuxsara.com’

        sudo cp /etc/bind/db.local  /etc/bind/zones/db.linuxsara.com

9.Edit ‘db.linuxsara.com’ file to create records for forward and reverse zones

       sudo nano /etc/bind/zones/db.linuxsara.com
       ; BIND data file for linuxsara.com           
       ;
       $TTL    604800
       @       IN      SOA     primary.linuxsara.com. admin.linuxsara.com. (
                             7         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                       2419200         ; Expire
                        604800 )       ; Negative Cache TTL
       ;
       @       IN      NS      primary.linuxsara.com.
       @       IN      NS      sec.linuxsara.com.
       @       IN      A       10.10.10.5
       @       IN      A       10.10.10.6
       primary IN      A       10.10.10.2
       sec     IN      A       10.10.10.3
       sloth   IN      A       10.10.10.5
       sloth   IN      A       10.10.10.6
       www     IN      CNAME   sloth.linuxsara.com.
       web    IN      AAAA    2001:0dbd:0100:f101::5

10.Copy contents of local hostname file to ‘db.10’

       sudo cp /etc/bind/db.127 /etc/bind/zones/db.10

11.Edit ‘db.10’ to add reverse records.

       sudo nano /etc/bind/zones/db.10
       ; BIND reverse data file for linuxsara.com
       ;
       $TTL    604800
       @       IN      SOA     primary.linuxsara.com. admin.linuxsara.com. (
                             1         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                       2419200         ; Expire
                        604800 )       ; Negative Cache TTL
       ;
       @       IN      NS      primary.linuxsara.com.
       @       IN      NS      sec.linuxsara.com.
       5       IN      PTR     linuxsara.com.
       6      IN      PTR     linuxsara.com.
       2       IN      PTR     primary.linuxsara.com.
       3       IN      PTR     sec.linuxsara.com.

12. Create file ‘db.2001’ in a same way as created for IPv4

sudo nano /etc/bind/zones/db.2001
; 2001:db8:acad:abcd::/64
;
;
$TTL 1h ; Default TTL
@       IN      SOA     primary.linuxsara.com.  admin.linuxsara.com. (
       2016120301      ; serial
       1h              ; slave refresh interval
       15m             ; slave retry interval
       1w              ; slave copy expire time
       1h              ; NXDOMAIN cache time
       )
;
; domain name servers
;
@       IN      NS      primary.linuxsara.com.
@       IN      NS      sec.linuxsara.com.
; IPv6 PTR entries
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    web.linuxsara.com.
0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    web.linuxsara.com.



Steps to Configure Slave DNS Server:

Repeat steps from 1 to 5.

Create forward and reverse zones:

       sudo nano /etc/bind/named.conf.local
  1. Forward zone
            zone "linuxsara.com" {
            type slave;
            masters {10.10.10.2;};
            file "/etc/bind/zones/db.linuxsara.com";
            };
  1. Reverse IPv4 Zone
            zone "10.10.10.in-addr.arpa" {
            type slave;
            masters {10.10.10.2;};
            file "/etc/bind/zones/db.10";
               };
  1. Reverse IPv6 Zone
zone "1.0.1.f.0.0.1.0.8.b.d.0.1.0.0.2.ip6.arpa" {
            type slave;
            file "/etc/bind/zones/db.2001";
               masters {10.10.10.2;};
            };


Testing

1.Use ‘nslookup’ command to query DNS server for multiple hostnames.

Example: nslookup linuxsara.com
nslookup www.linuxsara.com
nslookup sloth.linuxsara.com

2.Use ‘dig’ command for the detailed analysis of DNS records and authoritative servers

DHCP

edit

STEPS TO CONFIGURE DHCP server for IPv4:-

Step 1: Update all the packages

       sudo apt-get update

Step 2: Install DHCP server

       sudo apt-get install isc-dhcp-server

Step 3: Edit the configuration file

       cd /etc / dhcp / dhcpd.conf
       sudo nano dhcpd.conf
       subnet 10.10.10.0 netmask 255.255.255.0 {
          range 10.10.10.30 10.10.10.50;
          option domain-name-server 10.10.10.2, 10.10.10.3;
          option domain-name "linuxsara.com";
          option routers 10.10.10.1;
          option broadcast-address 10.10.10.255;
          default-lease-time 21600;
          max-lease-time 43200;
        }

static IP address using DHCP

       host PrimaryDNSserver{
        hardware ethernet 00:0c:29:aa:ef:29;
        fixed-address 10.10.10.2;
       }
       host WEBserver{
        hardware ethernet 00:0c:29:87:26:23;
        fixed-address 10.10.10.5;
        }
       host Backupserver{
        hardware ethernet 00:0c:29:67:FF:83;
        fixed-address 10.10.10.10;
        }
       host SecondaryDNSserver{
         hardware ethernet 00:0c:29:6d:66:03;
         fixed-address 10.10.10.3;
        }


STEP 4: edit the interface

        sudo nano /etc/default/isc-dhcp-server
        INTERFACES="eth0"

STEP 5: Assign a static IP to ETH0

        sudo nano /etc/network/interfaces
        #Static IP for DHCP (IPV4)
        auto eth0
              iface eth0 inet static
              address 10.10.10.4
              netmask 255.255.255.0
              gateway 10.10.10.1
              network 10.10.10.0
              broadcast 10.10.10.255              
  1. DNS
             dns-domain linuxsara.com 
             dns-search linuxsara.com
             dns-nameservers 10.10.10.2 10.10.10.3

STEP 6: Restart the interfaces and the DHCP server

       sudo /etc/init.d/networking restart 
       sudo service isc-dhcp-server restart
       sudo service isc-dhcp-server start
       sudo service isc-dhcp-server stop


STEPS TO CONFIGURE DHCP server for IPv6

STEP 1:Configure the /etc/network/interfaces with static IP of IPV6

       sudo nano /etc/network/interfaces
       iface eth0 inet6 static
              pre-up modprobe ipv6
              address 2001:0db8:0100:f101::4
              netmask 64
              gateway 2001:0db8:0100:f101::1

STEP 2:Set in /etc/sysctl.conf the following configuration

       sudo nano /etc/sysctl.conf
       net.ipv6.conf.all.forwarding=1 

STEP 3:Execute the following command to make changes in the kernel

       sudo sysctl -w net.ipv6.conf.all.forwarding=1 

STEP 4:Install the router advertisement daemon

       sudo apt-get install radvd

STEP 5:Configure the radvd.conf file

       /etc/radvd.conf

STEP 6:Start the daemon

       sudo service radvd start 

STEP 7:Create and edit the dhcpd6.conf file

       nano /etc/dhcp/dhcpd6.conf 

       ddns-update-style none;
       default-lease-time 600;
       
       max-lease-time 720;

       subnet6 2001:db8:acad:abcd::/64 {
         range6
          2001:0db8:0100:f101::30
          2001:0db8:0100:f101::45;

         option dhcp6.name-servers
          2001:0db8:0100:f101::2,
          2001:0db8:0100:f101::3;

         option dhcp6.domain-search
           "linuxsara.com";
        }

STEP 8:Start the dhcp server6

         sudo service isc-dhcp-server6 start

DHCP Testing:-

a) ifconfig

Check whether the client has been assigned with an IP address from the given range.

b)grep -i dhcp /var/log/syslog

Check logs on the client for the DHCP message

c)sudo dhclient -r

Releases the current IP address assigned.

Webserver

edit

1) Install the apache2 package:

        sudo apt-get update
        sudo apt-get install apache2

2)Change the Default Directory apache2 server: -

a)Change the directory to the user defined directory in apache2.conf file

       sudo nano /etc/apache2/apache2.conf
       <Directory /home/rohit/@TSM/>
               Options Indexes FollowSymLinks
               AllowOverride None
               Require all granted
       </Directory>

b)Change the Document root to point towards the Particular folder containing the html page.

       sudo nano /etc/apache2/sites-enabled/000-default.conf
       DocumentRoot /home/rohit/@TSM/Linux_Project

3)Change the HTML file

4)Assigning IP addresses to the Webservers:-

a)The primary webserver has a statically assigned IPv4 address from the DHCP server and a static IPv6 address configured.

  sudo nano /etc/network/interfaces
  Add the following: -
  auto eth0
  allow-hotplug eth0
  iface eth0 inet dhcp
  iface eth0 inet6 static
  address 2001:db8:100:f101::6
  netmask 64 
  gateway 2001:db8:100:f101::1
  b)The secondary webserver has a statically configured IPv4 address and a static IPv6 address configured. 
  sudo nano /etc/network/interfaces
  Add the following: -
  iface eth0 inet static
   address 10.10.10.6
   netmask 255.255.255.0
   network 10.10.10.0
   gateway 10.10.10.1
   dns-nameservers 10.10.10.2
   dns-nameservers 10.10.10.3
   iface eth0 inet6 static 
   address 2001:db8:100:f101::6
   netmask 64
   gateway 2001:db8:100:f101::1

5)Listen for HTTP requests on both IPv4 and IPv6 address for primary and secondary webservers:-

   Primary:-
   sudo nano /etc/apache2/ports.conf
   Add the following: - 
   NameVirtualhost *:80
   Listen 10.10.10.5:80
   Listen [2001:db8:100:f101::5]:80
   Secondary:-
   sudo nano /etc/apache2/ports.conf
   Add the following: - 
   NameVirtualhost *:80
   Listen 10.10.10.6:80
   Listen [2001:db8:100:f101::6]:80

6)Restart the server

   Sudo /etc/init.d/apache2 restart

Testing

1. Enter the URL in the web browser and check if the hosted html page is displayed or not.

Firewall

edit

Firewall allows the system administrator to accept, forward or drop the packets using ip tables.
Ubuntu has an inbuilt firewall called “uncomplicated firewall”- ufw. By default, ufw is disabled. We need to enable ufw and add the specific commands to allow or deny IP addresses or protocols.

   Firewall on Primary server: -
       sudo ufw allow from 10.10.10.6 to any -->  Allow Secondary Web server all Access
       sudo ufw deny from 10.10.10.30 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw deny from 10.10.10.34 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw deny from 10.10.10.36 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw allow from 10.10.10.0/24 to any port 80 --> Allow HTTP everyone else from a network
       sudo ufw deny from 0.0.0.0/0 to any --> Deny everyone for other protocols
       sudo ufw enable --> to enable the firewall


   Firewall on secondary server: -
       sudo ufw allow from 10.10.10.5 to any -->  Allow Primary Web server all Access
       sudo ufw deny from 10.10.10.30 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw deny from 10.10.10.34 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw deny from 10.10.10.36 to any port 80 --> Deny HTTP access to a particular PC
       sudo ufw allow from 10.10.10.0/24 to any port 80 --> Allow HTTP everyone else from a network
       sudo ufw deny from 0.0.0.0/0 to any --> Deny everyone for other protocols
       sudo ufw enable --> to enable the firewall


Testing:

       sudo ufw status
       sudo ufw status numbered

Backup

edit

rsync is a protocol built for Unix-like systems that provides unbelievable versatility for backing up and synchronizing data. It can be used locally to back up files to different directories or can be configured to sync across the Internet to other hosts.

First, we need to install/update the rsync client:

    sudo apt-get install rsync

To configure rsync for external backup, we will use method of tunneling rsync through SSH. Most servers and even many clients already have SSH, and it can be used for your rsync backups.If not, install ssh on webserver and backup server:

    sudo apt-get install ssh

Create and share hey generated to allow ssh access from secondary to primary without password access:- To generate a rsa key (The default is a 2048 bit key):-

    ssh-keygen -t rsa 

Allows a host to transfer the generated key to another host. By sharing of such a key a ssh can be perfomed without the use of any password

    ssh-copy-id rohit@10.10.10.5

Automatically create a backup zip file on Primary server:-

    sudo crontab -e 

The data files on the webserver are first zipped and compressed:

    18 14 * * * sudo zip -r /home/rohit/@TSM/Backup -j /home/rohit/@TSM/Linux_Project/

Then, this compressed .zip is moved to the backup server using the following command:

Automatically retrieve backup zip file from primary server and unzip it to be in synch with the primary server:-

    sudo crontab -e
    Retrieve File:-
    19 14 * * * sudo rsync -avzhe ssh rohit@10.10.10.5:/home/rohit/@TSM/Backup.zip /home/rohitd/@TSM/Linux_Project/
      -v: verbose
      -r: copies data recursively
      -a: archive mode
      -z: compress file data
      -h: human-readable format

Then this file is decompressed using unzip to obtain original files.

Unzip File:-

      20 14 * * * sudo unzip -o /home/rohitd/@TSM/Linux_Project/Backup -d /home/rohitd/@TSM/Linux_Project/


Testing:

    To test the backup server functioning, check the files after the scheduled time in the crontab.

Integrated Testing

edit

1) DHCP should be up and running

2) Ensure the Primary and Secondary DNS is up and running.

3) Enter the command 'ifconfig' in the terminal and check whether IP address is assigned to the client from the range assigned.

4) Execute 'nslookup' linuxsara.com' on the client. This will confirm that the client can access the DNS server.

5) Client requests for the WEB-PAGE "www.linuxsara.com" which is hosted by the webserver.

6) The firewall will authenticate the request and send the webpage as a reply to the client request.

7) Client request for the Web-Page and is blocked by the Firewall.This is because the client has the IP address which belongs to the denial range.

8) Check the system time , modify the crontab accordingly , confirm backup is taken and copied to the backup server.

ALGORITHM

edit

1) DHCP:

Client request for an IP from DHCP server

        if (request==success)
         {
          IP address is assigned to client
        else
         {
          Check network connectivity , flush previous IP and reconnect
         }

2) DNS:

DNS Query is generated by the client and sent to the DNS server

         if(DNS has entry)
          {
            DNS server sends the DNS response to client
          }
         else
          {
            check for network interconnectivity , restart bind9 
           }


3) Webserver:

Client gets an IP address after DNS resolving

Client sends an HTTP request to the webserver to get the web page hosted on the server

         if (IP address is resolved correctly)
          { 
            WEBPAGE will be displayed
         else
           {  
            ERROR PAGE will be reflected to client
            }


4) FIREWALL:

The packet received by the Web Server is authenticated

         if (packet is in the IP table)
          {
           the packet is accepted or rejected depending upon firewall settings
         else
           { 
           the packet is dropped
          }



Future Improvements

edit

1) Security and Robustness can be improved by adding security features like VPN, NTP etc.

2) Dyanamic DNS can be implemented

3) Simulation of real-time network traffic and validating network performance.


References

edit

[1] [2] [3] [4] [5] [6] [7] [8] [9]

  1. https://www.youtube.com/watch?v=bdIOrm0gKWo
  2. https://en.wikipedia.org/wiki/File:DHCP_session_en.svg
  3. https://help.ubuntu.com/lts/serverguide/dhcp.html
  4. https://wiki.ubuntu.com/IPv6
  5. http://manpages.ubuntu.com/manpages/trusty/man8/radvd.8.html
  6. https://help.ubuntu.com/lts/serverguide/dns.html
  7. https://help.ubuntu.com/community/UFW
  8. https://help.ubuntu.com/lts/serverguide/httpd.html
  9. http://www.howtogeek.com/135533/how-to-use-rsync-to-backup-your-data-on-linux/