User:Data-networking-blackswan

TELE 5330 : LINUX PROJECT

Project Member
1. Avaneesh Murthy

2. Poigeno Nazila

3. Samir Shelar

Project Objective
To design and build a secure, dynamic, intelligent startup network which consists of the DNS, DHCP and WEB SERVER with firewall and a CLIENT.

DHCP (DYNAMIC HOST CONTROL PROTOCOL)
The Dynamic Host Configuration Protocol (DHCP) is a network service that assigns network settings to the host computers from the server. These configurations are transparent to the user. The DHCP server provides the following general settings to the DHCP clients include:


 * IP-Address and Netmask


 *  DNS


 * WINS

Additional Configuration Settings provided by the DHCP server are:


 * Hostname


 * Domain Name


 * Default Gateway


 * Time Server


 * Print Server

The changes in the network need only be changed at the DHCP server. All network hosts will be reconfigured. It is easier to integrate new computers into the network, as there is no need to check for the availability of an IP address. IP address allocation conflicts are reduced.

DNS (Domain Name System)
Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualified domain names (FQDN) to one another. In this way, DNS alleviates the need to remember IP addresses. It is a hierarchical database. DNS is a application layer protocol. It follows the client-server model. It uses the port number 53 and UDP as the transport layer protocol. For a company, the DNS server holds the record for its web servers, mail servers and canonical names of the servers.

Webserver & Firewall
HTTP (Hypertext Transfer Protocol) provides a network protocol standard that Web browsers and servers use to communicate. Default port for HTTP is 80. In a typical HTTP communication, the client sends a request a page & establishes a TCP connection between itself & server via three-way handshake process. After the connection is established, client requests a web page. Server sends requested HTTP page over the TCP connection. The connection is either closed or kept open after the transfer depending upon the type of connection (i.e. persistent or nonpersistent).

DHCP
The process of leasing TCP/IP configuration from the DHCP server involves the following 4 steps:

DHCP DISCOVER: The client device sends out a broadcast request for all DHCP servers available on the network to provide an IP address.

DHCP OFFER: All DHCP servers on the network that have an available address respond. The client device may receive multiple offers if multiple servers are on the network.

DHCP REQUEST: The client chooses one offer and sends a request back to the DHCP server. Because the client is not authorized to use the offered address yet, the DHCP Request is still a broadcast. The client accepts the first offer received unless another offer matches the last IP address that the client had.

DHCP ACK OR NAK: The DHCP server finalizes the process with an acknowledgment, or Ack, allowing the client device to start using the address. In rare cases, the server issues a Negative Acknowledgment, or NAck, because it may have decided that the address is not available in the milliseconds that have passed since it offered the address.

DNS
The following steps are involved in a DNS query REQUEST-REPLY.


 * The Client requests for a DNS query to the ISP/Local DNS server.


 * The Local DNS server forwards the query to the ROOT DNS server.


 * The Root DNS server responds with a the TLD server IP address.


 * The Local DNS server requests the TLD server with the required query.


 * The TLD server replies with a Authoritative DNS server IP address.


 * The Local DNS server requests the query to the Authoritative DNS server.


 * The Authoritative DNS server responds with the IP address of the required query.


 * The Local DNS server responds with a DNS reply packet containing the IP address of the website. Thus the hostname query is resolved.

WEBSERVER

 * The Client obtains Server IP address from DNS server.


 * Client initiates TCP connection by sending SYN message on port 80 of the server.


 * Server responds with the SYN-ACK message thereby opening the port for the client to request the information.


 * Client completes the three way handshake by sending the ACK message. It also requests for basic HTML page along with this.

DHCP CONFIGURATION
PART 1: IPv4 DHCP server

Step1: Install DHCP Server

Command:

sudo apt-get install isc-dhcp-server

Step2: Change the DHCP configuration file

Command:

sudo nano /etc/dhcp/dhcpd.conf

Step3: Configure the Static IP address for Web Server and DNS server.

Command:

sudo nano /etc/dhcp/dhcpd.conf

Step4: Restart DHCP server to apply changes

Command:

sudo service isc-dhcp-server restart

PART 2: IPv6 DHCP server

Step1: Install DHCP Server

Command:

sudo apt-get install radvd

Step2: Change the DHCP configuration file

Command:

sudo nano /etc/radvd.conf

sudo nano /etc/dhcp/dhcpd6.conf

Step3: Configure the Static IP address for Web Server and DNS server.

Command:

sudo nano /etc/dhcp/dhcpd6.conf

Step4: Restart DHCP server to apply changess

Command:

sudo service radvd restart

DNS CONFIGURATION
PART 1: Configuration of Master DNS Server

Step 1: Update the server using the following commands.(

Command:

sudo apt-get update

sudo apt-get upgrade

sudo apt-get dist-upgrade

Step 2: install bind9

Command:

sudo apt-get install bind9

Step 3: Edit bind9 configuration file:

Command:

sudo nano /etc/bind/named.conf Step 4: Define the Forward and Reverse zone files:

Command:

sudo nano /etc/bind/named.conf.local

Step 5: Create zone files which were defined in the previous step

Command:

sudo nano /etc/bind/for.blackswan.org

sudo nano /etc/bind/rev.blackswan.org Step 6: Set the proper permissions and ownership to the bind9 directory:

Command:

sudo chmod -R 755 /etc/bind

sudo chmod -R 755 /etc/bind

Step 7: Edit network interfaces and add the DNS server IP address

Command:

sudo nano /etc/network/interfaces

Step 8: Restart Bind9 service

Command:

sudo systemctl restart bind9

PART 2: Configuration of Slave DNS Server

Step 1: Repeat step 1, 2, and 3 of Part 1 on the Slave DNS server.

Step 2: Define the zone files

Command:

sudo nano /etc/bind/named.conf.local

Step 3: Set the proper permissions and ownership to the bind9 directory

Command:

sudo chmod -R 755 /etc/bind sudo chmod -R bind:bind /etc/bind

Step 4: Edit the network configuration file and add the Master and slave DNS server’s IP addresses

Command:

sudo nano /etc/network/interfaces

Step 5: Reboot your system to take effect of all the changes

Command:

sudo reboot

WEBSERVER
Step 1: Install Web Server Apache2

Command: sudo apt-get install apache2

Step 2: Make a directory

Command: sudo mkdir /var/www/blackswan.org

Step 3: Create and edit html page

Command: udo nano index.html

Firewall
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewall Configuration

 * IPTABLES: A set of rules configured on Linux Machine Terminal. It has come built-in chains.


 * INPUT Chain: For packets coming into the machine


 * OUTPUT Chain: For packets generated inside and going outside of the machine.


 * FORWARD: For packets routed through the local host.

Step 1: Block the ICMP requests:

Command:

sudo iptables -A INPUT -p icmp -j REJECT

Step 2: Prevent Telnet

Command:

sudo iptables -A INPUT -p tcp --dport 23 -j REJECT

Step 3: To block FTP ports:

Command:

sudo nano /etc/bind/named.conf Step 4: Define the Forward and Reverse zone files:

Command:

sudo iptables -A INPUT -d  -p tcp --dport 20 -j DROP

sudo iptables -A INPUT -d  -p tcp --dport 21 -j DROP

Step 5: To allow HTTP requests:

Command:

sudo ufw allow from  port 80

Step 6: To block HTTP requests

Command:

sudo iptables -A INPUT -p tcp -s  --dport 80 -j REJECT

Step 7: To enable firewall

Command:

sudo ufw enable

Firewall Testing
1. To list all rules configured in firewall:

sudo iptables -L

2. To flush/remove the rule from iptable:

sudo iptables -F

3. To check status of ufw:

sudo status ufw

Algorithm

 * A Client tries to connect to the network


 * Once the client gets connected to the network, he will end and IP address request to DHCP server


 * If the DHCP request is successful, DHCP server will reply with an IP address.


 * Client wants to access the webpage, and if the domain name is correct, a request will be sent to DNS server for IP address of the website.


 * DNS will reply with the IP address of the website.


 * The Client accessed the web server. An HTTP request is send to the server. If the request is successful, Web page will be displayed.

Web Server Backup
To implement redundancy in the network, we need to have a backup web server. So if our server fails, the whole network will be automatically routed to the backup server.

Network File System (NFS)
The Network File System (NFS) is a client/server application that lets a computer user view and optionally store and update files on a remote computer as though they were on the user's own computer.

DHCP
1. DHCP Leasing : The following command can be used to verify the leases on DHCP server and the IP addresses that has been leased to the client..

sudo tail /var/lib/dhcp/dhcpd.leases

2. DHCP LOG: The log output of DHCP can be verified using this command.

sudo tail -f /var/log/syslog