Difference between revisions of "Winter 2009 NAD810 Weekly Schedule"

From CDOT Wiki
Jump to: navigation, search
(Week 3 (January 26) - Network Authentication using NIS)
 
(48 intermediate revisions by 6 users not shown)
Line 17: Line 17:
 
* Introduction to [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.pdf Netfilter and Iptables]
 
* Introduction to [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.pdf Netfilter and Iptables]
 
* [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.sh.txt Sample Firewall Script]
 
* [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.sh.txt Sample Firewall Script]
 
+
* [[NAD810_Lab2_Firewall_Python | Python Firewall]] The same firewall script as above, translated into Python.
 
<b>Lab 2</b>
 
<b>Lab 2</b>
 
Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN<br />
 
Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN<br />
 
* ssh, and
 
* ssh, and
 
* all the ports specified in the file /etc/openports
 
* all the ports specified in the file /etc/openports
** the first field of each line is the port number, the rest is description or comment
+
** the first field of each line is the port number, the second field is the transport, and the rest is description or comment
 
** line starts with the # sign is a comment
 
** line starts with the # sign is a comment
 
* all the ports to be forwarded specified in the file /etc/fwports
 
* all the ports to be forwarded specified in the file /etc/fwports
 
** this file should exist only on a gateway/router machine
 
** this file should exist only on a gateway/router machine
 
** line starts with the # sign is a comment
 
** line starts with the # sign is a comment
** the first field of each line is the port to be forward, the rest is description or comment   
+
** the first field of each line is the port to be forwarded, the second filed is the transport, and the rest is description or comment   
  
 
After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt".  
 
After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt".  
Line 35: Line 35:
 
= Week 3 (January 26) - Network Authentication using NIS  =
 
= Week 3 (January 26) - Network Authentication using NIS  =
 
[http://cs.senecac.on.ca/~rchan/images/ssh-key-setup.png Using SSH/SCP without password]
 
[http://cs.senecac.on.ca/~rchan/images/ssh-key-setup.png Using SSH/SCP without password]
 +
 +
[http://www.cipherdyne.org/LinuxFirewalls/ Linux Firewall Book By Michael Rash]
 +
 +
[http://cs.senecac.on.ca/~rchan/nad810/0901/nis-server.pdf NIS Server Slides]
 +
 +
[http://cs.senecac.on.ca/~rchan/nad810/0901/nis-client.pdf NIS Client Slides]
 +
 +
[[NAD810 0901 Lab 3| Lab 3]]
  
 
= Week 4 (February 2) - DHCP and Dynamic DNS =
 
= Week 4 (February 2) - DHCP and Dynamic DNS =
 +
 +
 +
Two guides for setting up a DHCP server in Linux:<br />
 +
[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server www.linuxhomenetworking.com] <br />
 +
[http://www.yolinux.com/TUTORIALS/DHCP-Server.html www.yolinux.com] <br />
 +
 +
[http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-dhcp-configuring-server.html DHCP Server Configuration]
 +
 +
Configure DHCP to perform Dynamic DNS update:
 +
[http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html Secure Dynamic DNS How To]
 +
 +
[[NAD810 DHCP LAB|Lab 4]]
 +
 +
[[NAD810 DDNS LAB|Lab 4a]]
  
 
= Week 5 (February 9) - Network Authentication Using LDAP =
 
= Week 5 (February 9) - Network Authentication Using LDAP =
= Week 6 (February 16) - =
+
[[OpenLDAP Installation and Test]]
= Week 7 (February 23)  - Mid-term Test =
+
 
 +
[http://www.openldap.org/ OpenLDAP Web Site]
 +
 
 +
[[NAD810 0901 A1|Assignment 1]]
 +
 
 +
[[NAD810 LDAP LAB|Lab 5]]
 +
 
 +
[[OpenLDAP Installation and Test|OpenLDAP Server Installation and Test]]
 +
 
 +
= Week 6 (February 16) - OpenLDAP Administration =
 +
* OpenLDAP administration
 +
** directory backup and restore
 +
* VMware Server Console
 +
** Online Virtual Machine
 +
*** Stephen Carter: zenit.senecac.on.ca:9417/nad810_091a01
 +
*** Tak Nagi Chan: zenit.senecac.on.ca:9418/nad810_091a02
 +
*** Patricia Constantino: zenit.senecac.on.ca:9417/nad810_091a03
 +
*** Varinder Singh Jhand: zenit.senecac.on.ca:9418/nad810_091a04
 +
*** Kezhong Liang: zenit.senecac.on.ca:9417/nad810_091a05
 +
*** Katherine Ada Masseau: zenit.senecac.on.ca:9418/nad810_091a06
 +
*** Milton Paiva Neto: zenit.senecac.on.ca:9417/nad810_091a07
 +
*** Mohak Dilipbhai Vyas: zenit.senecac.on.ca:9418/nad810_091a08
 +
** Enable Internet Services
 +
*** [[NAD810-Sendmail-VM|SMTP Service]]
 +
*** [[NAD810-rootDNS-VM|Root Name Server]]
 +
*** [[NAD810-httpd-VM|Web service]]
 +
*** [[NAD810-ldap-VM|LDAP service]]
 +
 
 +
= Week 7 (February 23)  Fedora/Red Hat Directory Server=
 +
[http://www.redhat.com/docs/manuals/dir-server/ Red Hat Directory Server]
 +
 
 +
[http://directory.fedoraproject.org/ Fedora Directory Server]
 +
 
 +
[http://www.redhat.com/f/pdf/rhas/NetgroupWhitepaper.pdf Scalable Centralized Authentication Services using RHDS]
  
 
= Study Week (March 2) =
 
= Study Week (March 2) =
= Week 8 (March 9) - =
+
= Week 8 (March 9) - Midterm Test =
= Week 9 (March 16)  -  =
+
Midterm Test on March 10, 2009
= Week 10 (March 23) - =
+
 
= Week 11 (March 30) - =
+
= Week 9 (March 16)  -  Advanced IP Routing=
= Week 12 (April 6) -  =
+
* [https://cs.senecac.on.ca/~rchan/nad810/0901/notes/AdvRouting.pdf -Slides-]
= Week 13 (April 13) - =
+
** Policy routing
 +
** QoS
 +
** RVSP
 +
* iproute resources
 +
** [https://cs.senecac.on.ca/~rchan/nad810/0901/notes/ip-cref.pdf ip command reference ] (I got this on the web, but can't find the source now. Help is welcome.)
 +
 
 +
= Week 10 (March 23) - Linux Terminal Server and Diskless Workstation =
 +
 
 +
The basic overview of Linux Diskless Workstation [https://cs.senecac.on.ca/~rchan/nad810/0701/notes/diskless/siframes.html]
 +
 
 +
[http://ltsp.mirrors.tds.net/pub/ltsp/docs/ltsp-4.1-en.html#AEN53 Linux Terminal Server Project LTSP - Theory of Operation]
 +
 
 +
== More Links ==
 +
 
 +
[https://cs.senecac.on.ca/~selmys/diskless.html John Selmys' Diskless Client Configuration]
 +
 
 +
[http://www.gentoo.org/doc/en/diskless-howto.xml Diskless Howto on Gentoo]
 +
 
 +
[http://tldp.org/HOWTO/XDMCP-HOWTO/index.html Linux XDMCP HOWTO]
 +
 
 +
= Week 11 (March 30) - IPSec and VPN =
 +
 
 +
[https://cs.senecac.on.ca/~rchan/nad810/0901/IPSec-VPN.pdf IPSec and VPN Slides]
 +
 
 +
[http://unixwiz.net/techtips/iguide-ipsec.html An Illustrated Guide to IPSec]
 +
 
 +
[http://www.freeswan.org FreeSWAN]
 +
 
 +
[http://www.openswan.org OpenSWAN]
 +
 
 +
[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs Configure Linux VPN]
 +
 
 +
 
 +
 
 +
==Assignment 2==
 +
[[NAD810 A2|Specification]]
 +
 
 +
[http://zenit.senecac.on.ca/wiki/index.php/Milton-vpn-openswan]Milton's Assignment #2 - Linux VPN with OpenSwan
 +
 
 +
'' '''[http://zenit.senecac.on.ca/wiki/index.php/Talk:Winter_2009_NAD810_Weekly_Schedule Nes: a fantastic, awarding winning tutorial: 'VPN/IPSec for Dumpling']''' ''
 +
 
 +
= Week 12 (April 6) -  DNSSEC =
 +
DNS Security Extensions
 +
* FOUR New Resource Record Types:
 +
** The DNSKEY Record
 +
*** Zone-signing Key
 +
*** Key-signing Key
 +
** The RRSIG Record - store the digital signature on an RRset
 +
** The NSEC Record - "Next SECure" record, to indicate which domain name comes next after a given domain name
 +
** The DS Record - for Delegation Signer
 +
* EDNS0 - Teh Extension Mechanisms for DNS, version 0
 +
** handle a DNS message larger than 512 bytes
 +
** DO flag - DNSSEC OK
 +
** AD and CD flag for DNS queries:
 +
*** AD - Authenticated Data
 +
*** CD - Checking Disabled
 +
* Zone Signing
 +
** Use dnssec-keygen to generate KSK and ZSK pairs
 +
*** dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE mydomain.com.
 +
*** dnssec-keygen -a RSASHA1 -b 512 -n ZONE mydomain.com.
 +
** Use dnssec-zonesige to sign the zone file
 +
*** dnssec-signzone -o mydomain.com. db.mydomain
 +
*** keyset file
 +
*** dsset file
 +
 
 +
References:
 +
* DNS and BIND by Cricket Liu and Paul Albitz - 5th Edition
 +
* [http://www.isc.org ISC]
 +
* [http://ftp.isc.org/www/bind/arm95/Bv9ARM.ch04.html DNSSEC - BIND Administration Reference Manual]
 +
* [http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf Secure Domain Name System Deployment Guide - PDF file]
 +
 
 +
= Week 13 (April 13) - Review =
 +
* Assignment 2 Due (April 14)
 +
 
 +
* Final Quiz on April 16 (5%)
 +
* Exam Review
 +
 
 
= Exam Week (April 20) -  =
 
= Exam Week (April 20) -  =
 +
 +
[[Category:LUX]][[Category:NAD810]]

Latest revision as of 22:39, 16 July 2012

Welcome the Linux Network Administration.

Week 1 (January 12) - Overview of TCP/IP and Configure Networking Environment

  • Setting up a small (4 nodes) physical Local Area Network
  • Setting up a Virtual Local Area Network using FC10
  • Review of end-node and gateway network configuration
  • Manual and automatic network configuration

Lab 1

Study the virtualization platform on Fedora Core 10
                 or
Set up a Four-node LAN in Lab T2107 

If you want to use VMWare, Check here for pre-build virtual machine images for VMWare

Week 2 (January 19) - Protecting your Local Network with a Packet Filtering Firewall

Lab 2 Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN

  • ssh, and
  • all the ports specified in the file /etc/openports
    • the first field of each line is the port number, the second field is the transport, and the rest is description or comment
    • line starts with the # sign is a comment
  • all the ports to be forwarded specified in the file /etc/fwports
    • this file should exist only on a gateway/router machine
    • line starts with the # sign is a comment
    • the first field of each line is the port to be forwarded, the second filed is the transport, and the rest is description or comment

After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt".

Email both files to your instructor by Feb 3, 2009.

Week 3 (January 26) - Network Authentication using NIS

Using SSH/SCP without password

Linux Firewall Book By Michael Rash

NIS Server Slides

NIS Client Slides

Lab 3

Week 4 (February 2) - DHCP and Dynamic DNS

Two guides for setting up a DHCP server in Linux:
www.linuxhomenetworking.com
www.yolinux.com

DHCP Server Configuration

Configure DHCP to perform Dynamic DNS update: Secure Dynamic DNS How To

Lab 4

Lab 4a

Week 5 (February 9) - Network Authentication Using LDAP

OpenLDAP Installation and Test

OpenLDAP Web Site

Assignment 1

Lab 5

OpenLDAP Server Installation and Test

Week 6 (February 16) - OpenLDAP Administration

  • OpenLDAP administration
    • directory backup and restore
  • VMware Server Console
    • Online Virtual Machine
      • Stephen Carter: zenit.senecac.on.ca:9417/nad810_091a01
      • Tak Nagi Chan: zenit.senecac.on.ca:9418/nad810_091a02
      • Patricia Constantino: zenit.senecac.on.ca:9417/nad810_091a03
      • Varinder Singh Jhand: zenit.senecac.on.ca:9418/nad810_091a04
      • Kezhong Liang: zenit.senecac.on.ca:9417/nad810_091a05
      • Katherine Ada Masseau: zenit.senecac.on.ca:9418/nad810_091a06
      • Milton Paiva Neto: zenit.senecac.on.ca:9417/nad810_091a07
      • Mohak Dilipbhai Vyas: zenit.senecac.on.ca:9418/nad810_091a08
    • Enable Internet Services

Week 7 (February 23) Fedora/Red Hat Directory Server

Red Hat Directory Server

Fedora Directory Server

Scalable Centralized Authentication Services using RHDS

Study Week (March 2)

Week 8 (March 9) - Midterm Test

Midterm Test on March 10, 2009

Week 9 (March 16) - Advanced IP Routing

  • -Slides-
    • Policy routing
    • QoS
    • RVSP
  • iproute resources

Week 10 (March 23) - Linux Terminal Server and Diskless Workstation

The basic overview of Linux Diskless Workstation [1]

Linux Terminal Server Project LTSP - Theory of Operation

More Links

John Selmys' Diskless Client Configuration

Diskless Howto on Gentoo

Linux XDMCP HOWTO

Week 11 (March 30) - IPSec and VPN

IPSec and VPN Slides

An Illustrated Guide to IPSec

FreeSWAN

OpenSWAN

Configure Linux VPN


Assignment 2

Specification

[2]Milton's Assignment #2 - Linux VPN with OpenSwan

Nes: a fantastic, awarding winning tutorial: 'VPN/IPSec for Dumpling'

Week 12 (April 6) - DNSSEC

DNS Security Extensions

  • FOUR New Resource Record Types:
    • The DNSKEY Record
      • Zone-signing Key
      • Key-signing Key
    • The RRSIG Record - store the digital signature on an RRset
    • The NSEC Record - "Next SECure" record, to indicate which domain name comes next after a given domain name
    • The DS Record - for Delegation Signer
  • EDNS0 - Teh Extension Mechanisms for DNS, version 0
    • handle a DNS message larger than 512 bytes
    • DO flag - DNSSEC OK
    • AD and CD flag for DNS queries:
      • AD - Authenticated Data
      • CD - Checking Disabled
  • Zone Signing
    • Use dnssec-keygen to generate KSK and ZSK pairs
      • dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE mydomain.com.
      • dnssec-keygen -a RSASHA1 -b 512 -n ZONE mydomain.com.
    • Use dnssec-zonesige to sign the zone file
      • dnssec-signzone -o mydomain.com. db.mydomain
      • keyset file
      • dsset file

References:

Week 13 (April 13) - Review

  • Assignment 2 Due (April 14)
  • Final Quiz on April 16 (5%)
  • Exam Review

Exam Week (April 20) -