Data Networking/Fall 2014/GRP061

Group Members
- Ruinan Hu - Siying Ma - Yenting Liao - Zilu Zhao

Domain Name System (DNS)
The Domain Name System is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. There are three classes of DNS servers: 1) Root DNS servers; 2) Top-level domain (TLD) server; 3) Authoritative DNS servers.

Dynamic Host Configuration Protocol (DHCP)
DHCP stands for Dynamic Host Configuration Protocol. DHCP server is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers configured for a given network. DHCP can return more than just allocated IP address on subnet: 1) Address of first-hop router for client 2) Name and IP address of DNS server 3) Network mask (indicating network versus host portion of address)

DHCP Procedure
[file1] The communication between the DHCP server and the Client can be given as below: Step1: The Client sends DHCP-DISCOVER broadcast packet. Since no network configuration is there, source address is 0.0.0.0 and destination is 255.255.255.255. If server is in local subnet, it directly receives the message else a relay agent is used to pass request to DHCP server. Step2: Server receives DHCP-DISCOVER packet and offer available IP address to client by sending DHCP-OFFER. Step3: Client receives DHCP-OFFER and sends DHCP-REQUEST requesting the IP address lease offered. Step4: Server receives DHCP-REQUEST and grants IP address lease officially by sending DHCP-ACK. Step5: Client requests extension on lease before it expires. Step6: Server sends ACK to client granting an extension on the IP address lease.

Hypertext Transfer Protocol (HTTP)
The Web Server, which is also known as World Wide Web server, is to store the webpages, and transmit the webpages to the clients. And the content of the webpages are HTML documents, which may include images, text, sheets. etc. The protocol used between the web server and the clients is HTTP.

There are four steps during the HTTP process: Step1: The client send TCP request Step2: The web server send TCP response back to the client Step3: The client will send HTTP request Step4: The server sends the webpages (HTML documents) to the client using HTTP response message.

There are two kinds of HTTP: 1)	Non-persistent HTTP, which means for each requested object, there should be a TCP connection. 2)	Persistent HTTP, which means there is only one TCP connection between the server and client during the transmission of the webpage.

There are two versions of HTTP: HTTP1.0 and HTTP1.1: The difference is that HTTP 1.1 can use pipelining technology that can transmit the objects of the webpages faster. The port number of the web server for HTTP request is 80.

Virtual Private Network (VPN)
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer or Wi-Fi-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users to secure their wireless transactions, to circumvent geo restrictions and censorship, and to connect to proxy servers for the purpose of protecting personal identity and location, also use VPN technology.

Network File System (NFS)
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The Network File System is an open standard defined in RFCs, allowing anyone to implement the protocol.

Firewall
A Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set. Firewalls can be defined in many ways according to your level of understanding. A firewall establishes a barrier between a trusted, secure internal network and other network (e.g., the Internet) that is not assumed to be secure and trusted.

Backup (RSYNC)
RSYNC can be used for Backup. The RSYNC is a file synchronization and file transfer program for Unix-like systems that minimizes network data transfer by using a form of delta encoding. The RSYNC can compress the data to save the bandwidth. RSYNC also supports SSH security channel to transfer files.

SNORT
SNORT is an open source intrusion detection system. It can perform the real-time traffic analysis based on Internet Protocol network. It provides many capture function to get packets from network. It supports protocol analysis content search, and content matching. It helps administrator to detect probes or attacks, including, but not limited to, operation system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. The SNORT supports three main modes: sniffer, packet logger, and network intrusion detection. In the intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by user. The program will then perform a specific action based on what has been identified.

PSAD
The PSAD is a lightweight IDS system. It analyzes iptables log to detect port scans and other suspicious traffic. It support many rules from SNORT. 1) Iptables capture packets from network and save them to a log file. 2) PSAD loads the packets and then analyzes the packets according the rules. 3) If PSAD detect some suspicious action, it would send email alerts to administrator.

Scope of IP
Default Router	192.168.1.254 DNS               192.168.1.253 DHCP	     192.168.1.252 WEB	             192.168.1.251 Slave DNS	     192.168.1.250 PXE	             192.168.1.248 IP Range 	     1~246

PXE Boot
PXE protocol stands for Preboot eXecution Environment. To ensure that the meaning of the client-server interaction is standardized as well, certain vendor option fields in DHCP protocol are used, which are allowed by the DHCP standard.

DNS
Depending on the query forwarded by the client, the DNS can perform two functions: 1) Forward DNS Query – Hostname to IP address; 2) Reverse DNS Query – IP address to Hostname. In our project we use BIND 9. [file2] BIND is the most widely used Domain Name System (DNS) software on the Internet. The name originates as an acronym of Berkeley Internet Name Domain. The BIND 9 software distribution contains both a name server and a resolver interface library. BIND 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. Some of the important features of BIND 9 are DNS Security (DNSSEC, TSIG), IPv6, DNS Protocol Enhancements (IXFR, DDNS, DNS Notify, EDNS0), Views, Multiprocessor Support, and Improved Portability Architecture. There are some basic terms used in BIND 9: 1) Domains and Domain Name – The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree is called a domain. 2) Zones – A zone consists of those contiguous parts of the domain tree for which a name server has complete information and over which it has authority. It contains all domain names from a certain point downward in the domain tree except those which are delegated to other zones. 3) Authoritative Name Server – Each zone is served by at least one authoritative name server, which contains the complete data for the zones. There are two types of authoritative name servers: Master (Primary) and Slave (Secondary).

Webserver
In our project we use Apache2.

Apache
Nowadays, there are many kinds web servers, like Nginx, IIS, lighttpd, apache, etc. As half of the web servers in the world are apache web server, we choose apache as the web server of the company. Apache supports a variety of features; many implemented as compiled modules that extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support Perl, Python, Tcl, and PHP.

Firewall
Make your server the most secured one in all possible ways. In this project, we allow data transfer between Web Server and Client on port 80 (for HTTP), port1194 (for OpenVPN) and port 22 (for RSYNC).

Backup server
Our group use RSYNC as a backup tool.

Rsync
Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.

DHCP
Step1: Install the required packages for DHCP server and TFTP server sudo apt-get install dhcp3-server tftpd-hpa syslinux nfs-kernel-server initramfs-tools Step2: Set network interfaces and edit eth0 sudo vi /etc/network/interfaces Step3: Restart the networking service sudo /etc/init.d/network restart Step4: Change the network environment for DHCP sudo vim /etc/default/isc-dhcp-server INTERFACES = “eth0” Step5: Edit the configuration of DHCP file, to offer /tftpboot/pxelinux.0 as a boot file as a minimum. sudo vi /etc/dhcp/dhcpd.conf Step6: Restart the DHCP server sudo service isc-dhcp-server restart Step7: Configure the TFTP Server 1) Edit the configuration of TFTP file         sudo /etc/default/tftpd-hpa      2) Set permission sudo chmod -R 777 /var/lib/tftpboot 3) Start the tftp-hpa service         sudo /etc/init.d/tftpd-hpa start

DNS
Step1: Install bind 9 apt-get install bind9 Step2: Enter the directory of the bind server cd/etc/bind Step3: Create a file for IP address resolution touch bind9.ubuntu.e Step4: Edit the file for IP address resolution (both ipv4 and ipv6) Step5: Create an address file for ipv4 reverse lookup touch bind9.192.168.1 Step6: Edit the address file for ipv4 reverse lookup Step7: Create an address file for ipv6 reverse lookup touch bind9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f Step8: Edit the address file for ipv6 reverse lookup Step9: Edit the configuration file for named.conf.local Step10: Restart the DNS server sudo /etc/init.d/bind9 restart

Slave DNS Server
Step1: Clone an Ubuntu from the Master DNS Server as the Slave DNS server Step2: Assign IP address 192.168.1.250 to this server Step3: Modify the conf file of Master DNS Server, to allow Slave DNS Server to get transferred authority Step4: Edit the configuration file for named.conf.local Step5: Restart the DNS server

Web server
Step1: Install the apache2 web server on the Linux OS, and we test whether it is installed correctly Step2: Install mysql which is a relational database management system. Because we need to save and change the files of the web site, so we need to use mysql to store the files. During the installation, we need to set a password for the root user. Step3: Install php to write our webpage. To test whether it is installed correctly. We can write a php file under /var/www/html, and then we browns localhost/php to see the result. Step4: Add modules for the php, like php-mysql modules and some other modules. We just search for all the modules and install some of them. Step5: Restart apache2, and we can see from the info.php that all the modules are installed. (e.g. install php5-mysql, php5-curl and php5-gd.) Step6: Install phpmyadmin, which we could use to manage the mysql database like add or delete the sheets. And we need to move its folder to /var/www/html, so that we can open it by typing localhost/phpmyadmin in the browser to open it. Step7: Change the content of the webpage.

Firewall
Step1: Enable the firewall ufw enable Step2: Allow HTTP request to the webserver ufw allow 80 Step3: Allow RSYNC ufw allow 22 Step4: Allow OpenVPN ufw allow 1194

DHCP
•	Checking each machine IP ( o	Create Ad-hoc network and connect with webserver, DNS, and client. o	Looking ifconfig in each machine that assigned the right specific IPv4 and IPv6 that fixed in DHCP server, in case of DNS and webserver. Also client IP is assigned within IP pool. •	Check each service that provide by DHCP server can start successfully. o	$ sudo service radvd restart o	$ sudo service isc-dhcp-server restart o	$ sudo service isc-dhcp-server6 restart o	If it still fail, we should revise *.conf of each service.

DNS
1.	Type in nslookup and check if IPv4 is working Check result that the IPv4 DNS server works well and every domain names reflects to the IP address properly.

Problems we met: 1.     IPv6 is not working after configuration. Solution: We first follow the syntax as the project paper, ipv6.arpa. But that turns out to be wrong, and we exchange the ipv6 to ip6 to make it usable. 2.     The IP address is not coming out properly. Solution: we need to try the DNS server in our own network, or it will forward the query to our root DNS server. 3.     DNS is not working at all. Solution: add our nameserver into the resolv.conf. both IPv4 and IPv6 of DNS server address.

Webserver
• To check to see if Apache is running open Firefox and type in the following web address: http://localhost  or,    loopback address We will see the message, "It Works!" This is the Apache homepage, the index.html file and it means the server has installed correctly and is currently running. If it doesn’t see "It Works!" try starting the server. The commands to start, stop and restart Apache are: $ sudo /etc/init.d/apache2 start $ sudo /etc/init.d/apache2 stop $ sudo /etc/init.d/apache2 restart

Integration
Integrate combination: 1.	Set up a private wireless network by DHCP, assign the IPv4 and IPv6 for itself. Start isc-dhcp-server, isc-dhcp-server6 and radvd, then reconnect to that network. 2.	Make Web server, DNS server and client connects to this network. Check if DNS server and Web server gets their fixed address(both IPv4 and IPv6) by DHCP. 3.	First visit Web server with its IPv4 address and see if Web server is available to client. 4.	Visit the Web server with its domain name, see if the DNS server works well. 5.	Try to back-up file from Web server to a remote host automatically. Set the time in the crontab, and check if there is a new file existing in the target directory. 6.	Due to the block of icmp message, we need to ping Web server's IP address, and confirm that the firewall is working.

Problem we met: 1.	Web server and DNS server is not able to connect to the network. Solution: isc-dhcp-server didn't run automatically, we need to sudo service isc-dhcp-server start, sudo service isc-dhcp-server6 start and sudo service radvd start before we set up the network. 2.	The client cannot get a proper IPv6 address which should be ranged by the DHCP server. Solution: revise the radvd.conf---turn “AdvAutonomous” off in the DHCP server, restart radvd and reconnect to the network. 3.	The client cannot visit Web server by domain name, while DNS server can. Solution: This problem is because that hosts other than DNS server don't know the ip address of the DNS server, so we need to enable the “option domain-name-servers” and set it as 192.168.10.2 in the dhcpd.conf. 4.	The domain name of our web server has been used in the Internet. If our client host has been to that web page once, it cannot visit the right page in our network. Solution: We tried two solutions. The first one is to fix the DNS server, thus, client won't get to any domain server other than ours, but the problem is that this client won't be able to surf the Internet. The second one is to change our domain name. We tried both and decided to change our domain name from tic.com to sudotic.com, which is a easier way and causes no confusion. 5.	The backup file cannot be automatically transferred. Solution: Firstly, we try to transfer file manually and it succeed. But it still cannot be done automatically. So secondly we checked the Internet and found the log file where you can get all the error information, and tried to check the problem every time when we failed to transfer the file. Then we found that there is something wrong the publickey which is denied by the remote host. Thirdly, we found another way to give the publickey to the remote host, using ssh-copy-id -i ~/.ssh/id_rsa.pub usr@backupserverIP

Add-on
NIS-Network Information Service NFS- Network File System VPN-Virtual Private Network

Future improvement
DHCP DNS Webserver/Backup/Firewall -support more languages such as php mysql -mail server will be provided -encrypted backup file and provide more option about transfer file -more efficient script -improvement in security -close all the hole