Difference between revisions of "SRT210 Assignment2 2019-1"

From CDOT Wiki
Jump to: navigation, search
(Created page with "Due date: 10th of april Late penalties: 10% per day, including weekends and holidays. Must be submitted before the exam week starts. = Part 1: VPN setup = For this assignme...")
 
Line 1: Line 1:
Due date: 10th of april
+
Due date: 7th of august
 +
'''(Update: May 7 2019): Additional requirements will be added at a later date'''
  
 
Late penalties: 10% per day, including weekends and holidays. Must be submitted before the exam week starts.
 
Late penalties: 10% per day, including weekends and holidays. Must be submitted before the exam week starts.

Revision as of 13:23, 7 May 2019

Due date: 7th of august (Update: May 7 2019): Additional requirements will be added at a later date

Late penalties: 10% per day, including weekends and holidays. Must be submitted before the exam week starts.

Part 1: VPN setup

For this assignment you are to set up a VPN server that will allow you to securely access resources inside your virtual networks from anywhere in the world.

When you've set everything up correctly: you should be able to use a VPN client outside your hypervisor to connect to c7host and access all of the hosts in your virtual networks by hostname. For a 20% bonus set it up so you can log in with credentials from your LDAP server.

There is more than one VPN server available on Linux. You may choose whichever you find is easiest for you to complete the assignment. Document the steps you took to do the setup, particularly including:

  • What IP addresses will VPN clients get. Why did you choose that range?
  • How traffic will be routed outside the VPN subnet.
  • How VPN clients will resolve hostnames both on your virtual networks and on the internet.
  • How you configure the VPN clinets.

If it helps - you can include screenshots in your report.

Part 2: Security

Pretend that your virtual network has valuable resources on it (servers/services/data) that should only be accessible by employees of a specific organisation. Describe how using a VPN to access thouse resources makes them easier to secure compared to having those resources accessible via internet-routable IP addresses and secured individially.

Is it easier or more difficult to set up? What's the difference in terms of vectors available for attack? What about the encryption strength of the VPN versus the service you're comparing its security with?

You may choose any combination of servers, services, and data (use at least two different ones) that you like to make your point. If you find that a VPN is not particularly helpful to secure the services you chose: you can still get your marks if you thoroughly explain why not.

Report

Submit a report that addresses all of the points in part 1 and part 2 of the assignment. The report should be at least two pages long, not including screenshots, titles, and other fluff.