Data Networking/Fall 2016/AAN

Linux Project : Buiding Infrastructure Network Solution for a Start-Up Company
In this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.

The Team
1) Abhishek Senapati 2) Amit Kumar 3) Naveen Yanamaddi

But Why Linux
Many organizations and businesses worldwide are converting their core computer operating system to Linux as opposed to other operating systems. We are also seeing a shift from commercial software to free software (also referred to as open-source software). Linux LICENSE | CUSTOMIZATION | Linux SOURCE CODE | Linux SUPPORT/COMMUNITY

What is the Story
We have built a robust, secure and effective solution for a startup company in Boston. This simple yet dynamic solution consists of DNS Server, DHCP Server, WEB Server/Firewall/Backup and a client server. So when a computer comes in this network, it gets its IP address allocated by the DHCP Server, domain name resolved to IP by the DNS and Webpages served by the Web Server. It has additional security parameters like the firewall and ARP poisoning. Redundancy by taking timely backups.

About The Servers
 1) Domain Name System (DNS)  DNS or Domain name service is the means by which domain names which humans understand get translated into IP addresses that computers understand. The Domain Name System is a distributed system. It does not reside on any one computer. There is a hierarchy to the organization of the servers, however which allows local servers to broaden their search for an answer to a DNS lookup request. These lookup requests are called "queries". DNS uses port no.53.

 2) Dynamic Host Configuration Protocol (DHCP)  The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually. HTTP uses port no.80.

 3) Web Server  A Web server is a system that delivers content or services to end users over the Internet. A Web server consists of a physical server, server operating system (OS) and software used to facilitate HTTP communication. The primary function of a web server is to store, process and deliver web pages to clients

 4) Backup Web Server  A backup server is a type of server that enables the backup of data, files, applications and/or databases on a specialized in-house or remote server. It combines hardware and software technologies that provide backup storage and retrieval services to connected computers, servers or related devices.

 5) Firewall  A firewall is a network security device that grants or rejects network access to traffic flows between an untrusted zone (e.g., the Internet) and a trusted zone (e.g., a private or corporate network). The firewall acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is where traffic is granted or rejected access.

Project requirements

 * Linux Based OS (We have used Ubuntu 14.04.1)
 * Bind9 server to configure DNS.
 * Isc-dhcp-server and radvd to configure DHCP.
 * Apache2 to configure our web server.
 * RSync package for web backup server.
 * SSH package.

DHCP Server For IPv4
1. Install DHCP Server

sudo apt-get install isc-dhcp- server

2. Set the static Ip address of the DHCP server

sudo vim /etc/network/interfaces

3. Configure the DHCP server   4. Restart the DHCP Server sudo service isc-dhcp-server restart 

For IPv6
1. Install the radvd to configure the parameters sudo apt-get install radvd 

2. Modify the file /etc/radvd.conf sudo vi /etc/radvd.conf 3. Modify the file /etc/sysctl.conf sudo vi /etc/sysctl.conf net.ipv6.conf.all.forwarding=1

4. Restart the radvd sudo /etc/init.d/radvd restart

DNS server
1. Install Bind9
 * For IPv4

sudo apt-get install bind9

2. Configure static IP address getting from DHCP server for the DNS server

sudo nano /etc/network/interfaces

auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp

5. Configure zones in the named.conf.local file

sudo vi /etc/bind/named.conf.local

// For Reverse Zone IPV6 Reverse Zone

// Configure the forward lookup table

// Configure the reverse lookup table for ipv4 and ipv6 addresses      //IPV6  //Restart the Bind9 server

DNS slave configurations
//forward zone

//Reverse Zone

// Restart the Bind9 server sudo /etc/init.d/bind9 restart

Web server
// Install Apache webserver

sudo apt-get install apache2

// Creating directory file // Configuring Apache 2- apache 2.conf

// Configuring Apache2-dir.conf Because we haven’t used index.html as default we need to add our sample.html to the list of accessible directory indices. // Configuring Apache 2  -000-default.conf // Now we Map IP address to domain name

Firewall
1. Active ufw firewall “sudo ufw enable” “sudo ufw default deny”

2. Start the service using the command

sudo service iptables-persistent start

3. Enable the SSH service “sudo ufw allow ssh”

4. Open the port “sudo ufw allow 80” “sudo ufw allow 22” “sudo ufw allow 1723”

5. Enter a rule “Sudo ufw allow proto tcp from 192.168.10.19 to any port 22"

6. See the firewall status sudo ufw status

Backup Server
1. Install SSH

sudo apt-get install ssh

2. Generating RSA keys

ssh-keygen –t rsa

3. Use ssh to create a directory on backup server

ssh naveen@192.168.10.19 mkdir –p .ssh

4. Append web servers key to the back up server

cat /home/.ssh/id_rsa.pub | ssh naveen@192.168.10.19 ‘cat >> .ssh/authorized_keys’

5. We are making the file compressed for back up

sudo tar –cvpz webserver.tar.gz  /var/www/linuxproject.com/sample.html

6. Use cron tab to schedule backup every 5 minute

sudo crontab –e

NFS
Network File Systems is used for sharing files with other computers on the network. It is a file distribution system protocol.

Initially, repositories should be updated sudo apt-get update Next, install nfs server package Then, make a directory which is to be shared with other devices     /etc/exports is the main config file for NFS and add the following command to the file Now, start the service Check the NFS share status by following commands     NFS CLIENT

Install NFS client and dependencies         Create a directory /rhome     Mount the remote share /shome on local directory /rhome     And the following line in /etc/fstab file for permanent mount The two files text1 and text2 are created in NFS Server’s /shome directory. Two files text3 and text4 are created in NFS Client. As, they are mounted it is shown in both folders.

ARP POISONING
Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).

= Testing =

DHCP
1. DHCP tested by checking the leased IP address with following command. It shows the leases on the DHCP server and the IP addresses that have been leased to the clients. sudo tail /var/lib/dhcp/*.leases 2. For more log information, the output of the DHCP can be verified by using the following command. sudo tail –f/var/log/syslog

DNS Server 1. Test master DNS server (Forward Lookup)
Reverse Lookup 2. Test slave DNS server Turn off the master DNS server and use the same method with master DNS server

Future Improvements
1. Implement defending mechanisms to prevent attacks like ARP Poisoning, MITM (Man in the middle Attack).

2. Improve DNS Zone Security with Zone owner keys.

3. DHCP Superscope implementation, to provide the flexibility of allocating multiple addresses to the subnets.

Websites:
http://www.bind9.net

https://help.ubuntu.com/community/BIND9ServerHowto

https://help.ubuntu.com/community/isc-dhcp-server

https://help.ubuntu.com/community/rsync

https://help.ubuntu.com/community

https://www.techopedia.com/

http://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html

Books:
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross