User:Anuhyap

Objective Of the Project
To Design and implement a secure and dynamic network that supports DHCP(Dynamic Host Configuration Protocol),DNS(Domain Name System),Web Server, Firewall and Backup System in the Linux Operating System.

Project Team
Anirudh Bhatnagar Anuhya Polisetti Navya Sandra Paras Babbar

Domain Name System(DNS)
Domain name system maps the domain names of web pages to the resources by designating upi the domain hierarchy and provides translation services between it and address-spaces.A DNS name server stores the DNS records for a domain, and responds with answers to queries against it database.

Dynamic Host Control Protocol(DHCP)
DHCP is a Client-server protocol which provides a host with an IP Address.DHCP has a pool of servers which assigns IP addresses to the devices in the network. Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed.
 * DHCP allocates IP addresses to the clients in three different ways:
 * 1) Static Allocation: DHCP does static allocation of IP addresses based on a preconfigured mapping to each device‟s MAC address. And, the addresses assigned to the devices will remain unchanged until changed by the network administrator.
 * 2) Dynamic Allocation: Network administrator allocates a pool of IP addresses for DHCP and the server will assign IP addresses to the clients from this reserved pool. Both IPv4 and IPv6 addresses are assigned by DHCP in this project.
 * 3) Automatic Allocation: This is similar to Dynamic allocation but here the server assigns the same IP address which the client had previously when it got connected to the network.

Webserver & Firewall
Web server’s primary job is to deliver web pages as per the client‟s request. And this communication between server and the client is done through HTTP. The available web servers are Windows web server or Linux (Apache) web server. In this project, we are using an Apache Web Server because Linux is an open source system and it provides free license for configuring the web server. Whereas for using Windows web server,license needs to be purchased for hosting websites. A firewall is a network security system, which is hardware or software based, that controls incoming and outgoing network traffic based on set of rules. We can block certain packets by configuring our firewall. All the traffic except the one’s entered into the IP routes will be blocked by the firewall and cannot access the network.

BackUp
To add redundancy to our network and make it robust, Backup is implemented to our web server. So that if our server fails, whole network will automatically routed to the backup server & hence there will be no black out.All the files from the web server are sent to the backup server in zip form. Backup server updates itself by copying only those files which were modified.

Algorithm

 * 1) Client machine tries to join the network “telco.com “
 * 2) Client obtains an IP Address from DHCP server pool of addresses,if the request is not successful client tries to connect to the network again.
 * 3) Once the client gets an IP address, it can now try to connect to “ www. telco.com “website via web browser.
 * 4) If the domain name is valid, web server will send request to DNS for the domain name’s IP address. DNS server will reply with an IP address otherwise it will display an error saying “server not found”.
 * 5) Once DNS server responds, webbrowser of client will send HTTP request to the server.
 * 6) If the request is successful,HTML web page will be displayed.

Behavior of Protocol
DNS gets the query containing domain-name requested in the web server of the client which sends request on port 53 using UDP.

Algorithm of DNS

 * 1) The client will first contact the local DNS server with the DNS query containing the hostname.
 * 2) The local DNS server forwards the query to the root DNS server. The root DNS server sends a reply to the local DNS with a list of the possible TLD servers.
 * 3) The local DNS server sends its query message to one of the TLD servers.
 * 4) The TLD server responds back with the IP address of the authoritative name server to the local DNS server.
 * 5)  The local DNS server then sends its query to the authoritative DNS server which responds back with the IP address for the queried hostname

Steps To Configure DNS Server
1.	Update the package list. sudo apt-get update 2.	Install Bind9 Dns server.

sudo apt-get install bind9

3.	Create a forward Zone database file 4.	Create Reverse Zone database File

5.	Open “/etc/bind/named.local.conf” and add forward,reverse zones. 6.	 Change nameserver. sudo nano /etc/resolv.conf 7.	 Restart Bind. sudo service bind9 restart

Test Results for DNS
Check whether DNS is working for forward zone and reverse zone by doing nslookup.

Behavior of Protocol
DHCP uses Transport layer protocol UDP to to dynamically allocate the IP addresses requested by the client in the subnet.

Algorithm of DHCP
•	When a client enters the network, it broadcasts a DHCP discover message to all the DHCP servers. •	The DHCP server on receiving the discover message, unicasts an offer message to the client. •	The client accepts the offer and responds with a request message for the IP address. •	The server responds back with an acknowledgement message.

Steps to configure DHCP Server
1.To update the package sudo apt-get update 2.Install ISC-DHCP Servers sudo apt-get install isc-dhcp-server

3.Go to cd /etc/dhcp and make necessary changes in the dhcp configuration file.

sudo nano /etc/dhcp/dhcpd.conf 4.In order to assign IPv6 addresses the following configurations are made in dhcpd6.conf sudo nano /etc/dhcp/dhcpd6.conf 5.Restart the DHCP Server sudo /etc/init.d/isc-dhcp-server restart sudo /etc/init.d/isc-dhcp6-server restart

Test Results for the DHCP
sudo tail /var/lib/dhcp/*.leases
 * Checking the Leased IP addresses given to clients.

Algorithm of Signaling
1.The client obtains server IP address from DNS server. 2.Client initiates TCP connection by sending SYN message on port 80 of the server. 3.Server responds with SYN-ACK message thereby opening the port for the client to request the information. 4.Client completes three-way handshake process by sending ACK message. It also requests for basic HTML page along with this.

Steps to Configure Web server
1.Installing Apache 2 sudo apt-get install apache2 2.To check whether Webserver is successfully installed or not. Go to webbrowser,give the below link which displays that apache has been successfully installed. http://localhost

3.Creating directory file

sudo mkdir /var/www/telco.com/ sudo chmod 755 /var/www/ sudo chmod $USER: $ USER /var/www/telco.com/ sudo nano /var/www/teleco.com/tele.html

4.Configuring Apache 2- apache 2.conf sudo nano /etc/apache2/apache2.conf

Changes to be done as shown below

< Directory /var/www/telco.com/> Options indexes followsymlinks Allow override none Require all granted < /Directory>

5.	Configuring Apache2-dir.conf


 * Adding our html file to this directory.

Sudo nano /etc/apache2/mods-available/dir.conf


 * Appending our tele.html as shown below.

 Directory index index.html index.cgi index.p1 index.phpindex.xhtml index.htm tele.html 

6.	Configuring Apache 2-000-default.conf

Server Admin webserver@localhost Server name teleco.com DocumentRoot /var/www/teleco.com

7.	Restart the webserver

sudo service apache2 restart

8.	To test the webserver, go to the webbrowser and give the below url which displays tele.html

http://localhost

Firewall
Packages used in firewall iptables and ufw packages Steps to Configure Firewall 1.	install iptables using command sudo apt-get install iptables 2.	Accepting loopback

iptables -A INPUT -i lo -j ACCEPT

3.	Accepting a HTTP request from particular network 192.168.1.0/24 through port 80

iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j ACCEPT

4.	Accepting a SSH request from particular network 192.168.1.0/24 through port 22

iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT

5.	Accepting an echo reply from particular network 192.168.1.0/24

iptables -A INPUT -s 192.168.1.0/24 -p icmp -m icmp --icmp-type 0 -j ACCEPT

6.	Rejecting an echo request from particular network 192.168.1.0/24 with a message

iptables -A INPUT -s 192.168.1.0/24 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-host-unreachable

7.	Rejecting TELNET request from particular network 192.168.1.0/24 through port 23

iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 23 -j DROP


 * Webserver has to restarted after configuring the firewall.

TestPlan for Firewall

 * To list all rules configured in firewall.

sudo iptables -L


 * To flush/remove the rule from iptable.

sudo iptables –F


 * To check status of ufw

sudo status ufw

Steps to Configure backup
1.Install ‘Rsync’ in both server and client sudo apt-get install rsync 2. copy file from server to client rsync –avzhe ssh @:/var/www /var/www 3. Generate public and private key ssh-keygen –t rsa –b 2048 4. Share public and private keys with main server ssh-copy-id –I /root/ .ssh/id_rsa.pub ritesh@192.168.3.75 5. Setup ‘cron’ to schedule automatic backup every 5 minutes and edit the file. sudo crontab -e 60 00 *** rsync -avz –progress -e ssh name@ip /var/www/

Test Results for Backup
The backup is taken every minute and the file is securely copied to backup server using a cronjob. For this SSH needs to be installed on both the web server and back up server and the public key of web server should be copied to the backup server.

Future Improvements

 * 1) In a realm of rapidly changing technology, especially when it is so deeply intertwined with many other dynamic factors from across the modern world structure, DNS is going to be more secured as a result of government influence.
 * 2) DHCP ‘s scope, multicast scope, and super scope environments: In a multinet environment, superscopes allow a DHCP server to assign leases to clients on multiple subnets.

Conclusion
Created a DNS SERVER, DHCP SERVER, and Webserver for a network so that client can access the web page by following various protocols and secured the network by using Firewall and BackUp.

Books Referred
•	Computer Networking A TopDown Approach - KUROSE | ROSS