Ask Question, Ask an Expert

+61-413 786 465

info@mywordsolution.com

Ask Software Engineering Expert

Computer Science


Home >> Software Engineering

Instructions

This assignment consists of three questions each of equal value. They con¬sist of common tasks required of a system administrator-tasks I have had to do at some time in the past.

Clear Layout

It is vitally important that your assignment is clearly laid out with ques-tions and parts of questions clearly defined. It must be a straight for¬ward matter for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly or¬ganised submissions will be rejected or receive a poor mark.

A text file or PDF/A document typeset using vanilla DTEX are preferred over a document produced by a word-processor. If you must use Microsoft Word please export your document as PDF/Al not PDF.

Command Output
When answering these questions you will have to run commands under Linux-whenever a command is run you will need to:

a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the "Description" section from the man page!) Also, you need to ex-plain in your own words all terminology used-as if you were ex¬plaining to an average user! (Please show you understand what you are doing!)

b. show that the command worked-either from its output or the output from another command.

c. To capture text output from programs you will have to redirect the output to a file or use the command script. If you are us-ing the command script turn off the tty escape sequences that change the colour of console text-the escape sequences will ap¬pear in output file and make it impossible to read.

Question 1
A "gateway" machine has been setup for a small business. The following "firewall" script is run on the "gateway" machine before the gateway's interfaces are brought up-

#!/bin/bash

iptables -F iptables -t nat -F

iptables -X iptables -t nat -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -s 192.168.67.0/24 --dport 22 \

-m state --state NEW -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 163.72.140.107 --dport 25 \

-  j DNAT --to-destination 192.168.67.23:25 iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.67.0/24 \

-  j SNAT --to-source 163.72.140.107

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables - A FORWARD - i ethl -p tcp -s 192.168.67.0/24 --dport 80 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth1 -p tcp -s 192.168.67.0/24 --dport 443 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth0 -p tcp -d 192.168.67.23 --dport 25 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

Using the script above answer the following questions:

a. Explain, in your own words what a "gateway" machine is and what it is used for.

b. Explain the general purpose of the firewall above. Your explanation should include a description of the networks the gate¬way machine is connected to, how it is connected, and what pack¬ets are being allowed into and out of the gateway machine.

Note: this is a "general description" do not make any explicit reference to the commands above.

c. Explain in detail the reason for including lines 12 and 18.

d. Explain in detail the reason for including lines 13 and 19.

e. Explain in detail the reason for including lines 21, 32 and 34.

f. Explain in detail the reason for including lines 23, 28, 30 and 34.

Question 2

As the system administrator you would like to SSH to a gateway machine (see Exercise 1) from off-site. Unfortunately that would mean opening the SSH port to the world-and currently that is against your organisations security policy.

A friend tells you of the concepts of "port knocking" and "single packet authorization" (SPA) - a way of temporarily opening a hole in a firewall to let an authorised connection through. This sounds exactly what you need so you study up on "port knocking" and "single packet authoriza¬tion" and experiment with the software "fwknop".

To convince your supervisor that the software "fwknop" should be in-stalled to allow access to the gateway machine from the Internet you write a report on "port knocking" and SPA with examples of securely configuring and using "fwknop".

Your report will need to include the following:

a. What is "port knocking" and what are the inherent flaws in using multiple packets?

b. What is "single packet authorization" and how this addresses the flaws of multi-packet "port knocking".

c. What is the data encapsulated in an SPA packet and fwknop in particular and how is it protected?

d. The steps taken and the configuration file or files you needed to modify to open a secure temporary hole in a firewall using fwknop. Include an explanation in your own words of the purpose of every command used and every line in the configura¬tion file or files.

e. The firewall on the virtual machine. Use the output from the command ipt ables -L -v to show that the machine has been firewalled.

f. Output showing that fwknop worked. A successful SSH session and the output from the command iptables -L -v to show the hole that fwknop has created in the firewall.

Question 3

The Australian Government's "Data Retention" legislation requires ISPs to retain, for two years, the IPs of all remote systems accessed by their users. The legislation created a lot of interest in VPNs as a way to ensure Internet privacy. Most people have become aware of VPNs but have very little knowledge of the technical aspects of VPNs.

In about a page, explain in your own words what a VPN is, what it is used for and how it works. As there are a number of VPN technologies, use the popular technology OpenVPN as the basis of your explanation.

Your explanation should include:
- In general terms what a VPN is,
- examples of where a VPN may be useful explicitly ex-plaining the problem they overcome and how they overcome it (e.g. Using a VPN to access Netflix USA: what is the problem and how is it overcome using a VPN?),
- the technologies used in SSL/TLS VPNs such as Open-VPN, and
- how the technologies are used to ensure a secure Inter¬net connection between two networks or a remote machine and a network over the public insecure Internet
Hint: One way to answer this question is to describe the steps the software goes through to establish and maintain a connection.

a. We are not discussing here web browser SSL connections (though the technology is the same) this is a discussion of a VPN with all that implies.

b. This is an extremely technical topic and I do not expect you to cover all aspects of it. But you should explain all terms used in your answer (not covered in the study book), for example, VPN, SSL/TLS, certificates, HMAC, key authentication, session keys, ...

c. You do not have to implement an OpenVPN connection - though it may be helpful in understanding the underlying technologies.

d. List all resources used in answering the question.

Software Engineering, Computer Science

  • Category:- Software Engineering
  • Reference No.:- M92836723
  • Price:- $60

Priced at Now at $60, Verified Solution

Have any Question?


Related Questions in Software Engineering

Research projectin the course we have covered various

RESEARCH PROJECT In the course, we have covered various security and privacy issues that arise in the cyberspace field. We have learned to identify these risks and have discussed the current approaches and developments f ...

In this assignment you will answer the following review

In this assignment, you will answer the following review questions from the reading materials of the module/week. 1. "What are the key components of a typical P2P application? Describe their functions." 2. "What are the ...

Overviewyou are required to modify and logically extend

Overview You are required to modify and logically extend the functionality of a provided code base to implement a game. This requires you to modify the code base as well as create documentation and implement various user ...

Write review on this article with apa formatgovernment

Write review on this article with APA format. Government surveillance is a major issue in the United States and globally. Surveillance refers to any collection and processing of personal data, whether, identifiable or no ...

Assignment part 1objectives to learn to identify the

Assignment Part 1 Objectives: To learn to identify the relevant use cases for a given application, describe the use cases and develop an object-oriented domain model. Problem Statement - Standing Orders Management System ...

Proposaldesign of an efficient gps tracking system tag for

Proposal Design of an efficient GPS Tracking System (tag) for monitoring small species IMPLEMENTING EMBEDDED SYSTEMS USING SYSML Task Using PapyrusSysML Software (Downloadable online - Evaluation Copy- Latest Version) Mo ...

Write review on this article with apa formatalthough

Write review on this article with APA format. Although computer crimes are being seen in our society more and more each day, it is still difficult to prosecute people who commit these crimes mainly because everything is ...

In this assignment you will answer the following questions

In this assignment, you will answer the following questions related to Android platform and Android security design. 1. Describe Android architecture in detail by explaining the four conceptual layers. 2. Describe Androi ...

Instructionsprivacy-preserving data miningdata mining

INSTRUCTIONS PRIVACY-PRESERVING DATA MINING Data mining technology can be exploited to reveal sensitive information from the original data. Thus it is important to preservethe privacy of the parties that the data refer t ...

Address the following integrating biblical perspectives

Address the following, integrating biblical perspectives where appropriate: Define a hate crime and describe how white supremacist groups use the Internet to spread their message of hate. Explain why hate crime legislati ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Why might a bank avoid the use of interest rate swaps even

Why might a bank avoid the use of interest rate swaps, even when the institution is exposed to significant interest rate

Describe the difference between zero coupon bonds and

Describe the difference between zero coupon bonds and coupon bonds. Under what conditions will a coupon bond sell at a p

Compute the present value of an annuity of 880 per year

Compute the present value of an annuity of $ 880 per year for 16 years, given a discount rate of 6 percent per annum. As

Compute the present value of an 1150 payment made in ten

Compute the present value of an $1,150 payment made in ten years when the discount rate is 12 percent. (Do not round int

Compute the present value of an annuity of 699 per year

Compute the present value of an annuity of $ 699 per year for 19 years, given a discount rate of 6 percent per annum. As

Follow Us

© Copyright 2013-14 mywordsolution.com All rights reserved