Difference between revisions of "Winter 2009 NAD810 Weekly Schedule"
(→Week 3 (January 26) - Network Authentication using NIS) |
|||
(48 intermediate revisions by 6 users not shown) | |||
Line 17: | Line 17: | ||
* Introduction to [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.pdf Netfilter and Iptables] | * Introduction to [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.pdf Netfilter and Iptables] | ||
* [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.sh.txt Sample Firewall Script] | * [http://cs.senecac.on.ca/~rchan/nad810/0901/iptables.sh.txt Sample Firewall Script] | ||
− | + | * [[NAD810_Lab2_Firewall_Python | Python Firewall]] The same firewall script as above, translated into Python. | |
<b>Lab 2</b> | <b>Lab 2</b> | ||
Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN<br /> | Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN<br /> | ||
* ssh, and | * ssh, and | ||
* all the ports specified in the file /etc/openports | * all the ports specified in the file /etc/openports | ||
− | ** the first field of each line is the port number, the rest is description or comment | + | ** the first field of each line is the port number, the second field is the transport, and the rest is description or comment |
** line starts with the # sign is a comment | ** line starts with the # sign is a comment | ||
* all the ports to be forwarded specified in the file /etc/fwports | * all the ports to be forwarded specified in the file /etc/fwports | ||
** this file should exist only on a gateway/router machine | ** this file should exist only on a gateway/router machine | ||
** line starts with the # sign is a comment | ** line starts with the # sign is a comment | ||
− | ** the first field of each line is the port to be | + | ** the first field of each line is the port to be forwarded, the second filed is the transport, and the rest is description or comment |
After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt". | After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt". | ||
Line 35: | Line 35: | ||
= Week 3 (January 26) - Network Authentication using NIS = | = Week 3 (January 26) - Network Authentication using NIS = | ||
[http://cs.senecac.on.ca/~rchan/images/ssh-key-setup.png Using SSH/SCP without password] | [http://cs.senecac.on.ca/~rchan/images/ssh-key-setup.png Using SSH/SCP without password] | ||
+ | |||
+ | [http://www.cipherdyne.org/LinuxFirewalls/ Linux Firewall Book By Michael Rash] | ||
+ | |||
+ | [http://cs.senecac.on.ca/~rchan/nad810/0901/nis-server.pdf NIS Server Slides] | ||
+ | |||
+ | [http://cs.senecac.on.ca/~rchan/nad810/0901/nis-client.pdf NIS Client Slides] | ||
+ | |||
+ | [[NAD810 0901 Lab 3| Lab 3]] | ||
= Week 4 (February 2) - DHCP and Dynamic DNS = | = Week 4 (February 2) - DHCP and Dynamic DNS = | ||
+ | |||
+ | |||
+ | Two guides for setting up a DHCP server in Linux:<br /> | ||
+ | [http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server www.linuxhomenetworking.com] <br /> | ||
+ | [http://www.yolinux.com/TUTORIALS/DHCP-Server.html www.yolinux.com] <br /> | ||
+ | |||
+ | [http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-dhcp-configuring-server.html DHCP Server Configuration] | ||
+ | |||
+ | Configure DHCP to perform Dynamic DNS update: | ||
+ | [http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html Secure Dynamic DNS How To] | ||
+ | |||
+ | [[NAD810 DHCP LAB|Lab 4]] | ||
+ | |||
+ | [[NAD810 DDNS LAB|Lab 4a]] | ||
= Week 5 (February 9) - Network Authentication Using LDAP = | = Week 5 (February 9) - Network Authentication Using LDAP = | ||
− | = Week 6 (February 16) - | + | [[OpenLDAP Installation and Test]] |
− | = Week 7 (February 23) - | + | |
+ | [http://www.openldap.org/ OpenLDAP Web Site] | ||
+ | |||
+ | [[NAD810 0901 A1|Assignment 1]] | ||
+ | |||
+ | [[NAD810 LDAP LAB|Lab 5]] | ||
+ | |||
+ | [[OpenLDAP Installation and Test|OpenLDAP Server Installation and Test]] | ||
+ | |||
+ | = Week 6 (February 16) - OpenLDAP Administration = | ||
+ | * OpenLDAP administration | ||
+ | ** directory backup and restore | ||
+ | * VMware Server Console | ||
+ | ** Online Virtual Machine | ||
+ | *** Stephen Carter: zenit.senecac.on.ca:9417/nad810_091a01 | ||
+ | *** Tak Nagi Chan: zenit.senecac.on.ca:9418/nad810_091a02 | ||
+ | *** Patricia Constantino: zenit.senecac.on.ca:9417/nad810_091a03 | ||
+ | *** Varinder Singh Jhand: zenit.senecac.on.ca:9418/nad810_091a04 | ||
+ | *** Kezhong Liang: zenit.senecac.on.ca:9417/nad810_091a05 | ||
+ | *** Katherine Ada Masseau: zenit.senecac.on.ca:9418/nad810_091a06 | ||
+ | *** Milton Paiva Neto: zenit.senecac.on.ca:9417/nad810_091a07 | ||
+ | *** Mohak Dilipbhai Vyas: zenit.senecac.on.ca:9418/nad810_091a08 | ||
+ | ** Enable Internet Services | ||
+ | *** [[NAD810-Sendmail-VM|SMTP Service]] | ||
+ | *** [[NAD810-rootDNS-VM|Root Name Server]] | ||
+ | *** [[NAD810-httpd-VM|Web service]] | ||
+ | *** [[NAD810-ldap-VM|LDAP service]] | ||
+ | |||
+ | = Week 7 (February 23) Fedora/Red Hat Directory Server= | ||
+ | [http://www.redhat.com/docs/manuals/dir-server/ Red Hat Directory Server] | ||
+ | |||
+ | [http://directory.fedoraproject.org/ Fedora Directory Server] | ||
+ | |||
+ | [http://www.redhat.com/f/pdf/rhas/NetgroupWhitepaper.pdf Scalable Centralized Authentication Services using RHDS] | ||
= Study Week (March 2) = | = Study Week (March 2) = | ||
− | = Week 8 (March 9) - | + | = Week 8 (March 9) - Midterm Test = |
− | = Week 9 (March 16) - = | + | Midterm Test on March 10, 2009 |
− | = Week 10 (March 23) - | + | |
− | = Week 11 (March 30) - | + | = Week 9 (March 16) - Advanced IP Routing= |
− | = Week 12 (April 6) - = | + | * [https://cs.senecac.on.ca/~rchan/nad810/0901/notes/AdvRouting.pdf -Slides-] |
− | = Week 13 (April 13) - | + | ** Policy routing |
+ | ** QoS | ||
+ | ** RVSP | ||
+ | * iproute resources | ||
+ | ** [https://cs.senecac.on.ca/~rchan/nad810/0901/notes/ip-cref.pdf ip command reference ] (I got this on the web, but can't find the source now. Help is welcome.) | ||
+ | |||
+ | = Week 10 (March 23) - Linux Terminal Server and Diskless Workstation = | ||
+ | |||
+ | The basic overview of Linux Diskless Workstation [https://cs.senecac.on.ca/~rchan/nad810/0701/notes/diskless/siframes.html] | ||
+ | |||
+ | [http://ltsp.mirrors.tds.net/pub/ltsp/docs/ltsp-4.1-en.html#AEN53 Linux Terminal Server Project LTSP - Theory of Operation] | ||
+ | |||
+ | == More Links == | ||
+ | |||
+ | [https://cs.senecac.on.ca/~selmys/diskless.html John Selmys' Diskless Client Configuration] | ||
+ | |||
+ | [http://www.gentoo.org/doc/en/diskless-howto.xml Diskless Howto on Gentoo] | ||
+ | |||
+ | [http://tldp.org/HOWTO/XDMCP-HOWTO/index.html Linux XDMCP HOWTO] | ||
+ | |||
+ | = Week 11 (March 30) - IPSec and VPN = | ||
+ | |||
+ | [https://cs.senecac.on.ca/~rchan/nad810/0901/IPSec-VPN.pdf IPSec and VPN Slides] | ||
+ | |||
+ | [http://unixwiz.net/techtips/iguide-ipsec.html An Illustrated Guide to IPSec] | ||
+ | |||
+ | [http://www.freeswan.org FreeSWAN] | ||
+ | |||
+ | [http://www.openswan.org OpenSWAN] | ||
+ | |||
+ | [http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs Configure Linux VPN] | ||
+ | |||
+ | |||
+ | |||
+ | ==Assignment 2== | ||
+ | [[NAD810 A2|Specification]] | ||
+ | |||
+ | [http://zenit.senecac.on.ca/wiki/index.php/Milton-vpn-openswan]Milton's Assignment #2 - Linux VPN with OpenSwan | ||
+ | |||
+ | '' '''[http://zenit.senecac.on.ca/wiki/index.php/Talk:Winter_2009_NAD810_Weekly_Schedule Nes: a fantastic, awarding winning tutorial: 'VPN/IPSec for Dumpling']''' '' | ||
+ | |||
+ | = Week 12 (April 6) - DNSSEC = | ||
+ | DNS Security Extensions | ||
+ | * FOUR New Resource Record Types: | ||
+ | ** The DNSKEY Record | ||
+ | *** Zone-signing Key | ||
+ | *** Key-signing Key | ||
+ | ** The RRSIG Record - store the digital signature on an RRset | ||
+ | ** The NSEC Record - "Next SECure" record, to indicate which domain name comes next after a given domain name | ||
+ | ** The DS Record - for Delegation Signer | ||
+ | * EDNS0 - Teh Extension Mechanisms for DNS, version 0 | ||
+ | ** handle a DNS message larger than 512 bytes | ||
+ | ** DO flag - DNSSEC OK | ||
+ | ** AD and CD flag for DNS queries: | ||
+ | *** AD - Authenticated Data | ||
+ | *** CD - Checking Disabled | ||
+ | * Zone Signing | ||
+ | ** Use dnssec-keygen to generate KSK and ZSK pairs | ||
+ | *** dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE mydomain.com. | ||
+ | *** dnssec-keygen -a RSASHA1 -b 512 -n ZONE mydomain.com. | ||
+ | ** Use dnssec-zonesige to sign the zone file | ||
+ | *** dnssec-signzone -o mydomain.com. db.mydomain | ||
+ | *** keyset file | ||
+ | *** dsset file | ||
+ | |||
+ | References: | ||
+ | * DNS and BIND by Cricket Liu and Paul Albitz - 5th Edition | ||
+ | * [http://www.isc.org ISC] | ||
+ | * [http://ftp.isc.org/www/bind/arm95/Bv9ARM.ch04.html DNSSEC - BIND Administration Reference Manual] | ||
+ | * [http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf Secure Domain Name System Deployment Guide - PDF file] | ||
+ | |||
+ | = Week 13 (April 13) - Review = | ||
+ | * Assignment 2 Due (April 14) | ||
+ | |||
+ | * Final Quiz on April 16 (5%) | ||
+ | * Exam Review | ||
+ | |||
= Exam Week (April 20) - = | = Exam Week (April 20) - = | ||
+ | |||
+ | [[Category:LUX]][[Category:NAD810]] |
Latest revision as of 22:39, 16 July 2012
Welcome the Linux Network Administration.
Contents
- 1 Week 1 (January 12) - Overview of TCP/IP and Configure Networking Environment
- 2 Week 2 (January 19) - Protecting your Local Network with a Packet Filtering Firewall
- 3 Week 3 (January 26) - Network Authentication using NIS
- 4 Week 4 (February 2) - DHCP and Dynamic DNS
- 5 Week 5 (February 9) - Network Authentication Using LDAP
- 6 Week 6 (February 16) - OpenLDAP Administration
- 7 Week 7 (February 23) Fedora/Red Hat Directory Server
- 8 Study Week (March 2)
- 9 Week 8 (March 9) - Midterm Test
- 10 Week 9 (March 16) - Advanced IP Routing
- 11 Week 10 (March 23) - Linux Terminal Server and Diskless Workstation
- 12 Week 11 (March 30) - IPSec and VPN
- 13 Week 12 (April 6) - DNSSEC
- 14 Week 13 (April 13) - Review
- 15 Exam Week (April 20) -
Week 1 (January 12) - Overview of TCP/IP and Configure Networking Environment
- Setting up a small (4 nodes) physical Local Area Network
- Setting up a Virtual Local Area Network using FC10
- Review of end-node and gateway network configuration
- Manual and automatic network configuration
Lab 1
Study the virtualization platform on Fedora Core 10 or Set up a Four-node LAN in Lab T2107
If you want to use VMWare, Check here for pre-build virtual machine images for VMWare
Week 2 (January 19) - Protecting your Local Network with a Packet Filtering Firewall
- Introduction to Netfilter and Iptables
- Sample Firewall Script
- Python Firewall The same firewall script as above, translated into Python.
Lab 2
Modify the sample firewall script and run it on your LAN gateway and hosts to allow access to the following services on your LAN
- ssh, and
- all the ports specified in the file /etc/openports
- the first field of each line is the port number, the second field is the transport, and the rest is description or comment
- line starts with the # sign is a comment
- all the ports to be forwarded specified in the file /etc/fwports
- this file should exist only on a gateway/router machine
- line starts with the # sign is a comment
- the first field of each line is the port to be forwarded, the second filed is the transport, and the rest is description or comment
After testing your firewall, use the iptables-save command to save the output to a file. Name the file on the gateway as "gw-fw.txt" and name the file on the host as "host-fw.txt".
Email both files to your instructor by Feb 3, 2009.
Week 3 (January 26) - Network Authentication using NIS
Using SSH/SCP without password
Linux Firewall Book By Michael Rash
Week 4 (February 2) - DHCP and Dynamic DNS
Two guides for setting up a DHCP server in Linux:
www.linuxhomenetworking.com
www.yolinux.com
Configure DHCP to perform Dynamic DNS update: Secure Dynamic DNS How To
Week 5 (February 9) - Network Authentication Using LDAP
OpenLDAP Installation and Test
OpenLDAP Server Installation and Test
Week 6 (February 16) - OpenLDAP Administration
- OpenLDAP administration
- directory backup and restore
- VMware Server Console
- Online Virtual Machine
- Stephen Carter: zenit.senecac.on.ca:9417/nad810_091a01
- Tak Nagi Chan: zenit.senecac.on.ca:9418/nad810_091a02
- Patricia Constantino: zenit.senecac.on.ca:9417/nad810_091a03
- Varinder Singh Jhand: zenit.senecac.on.ca:9418/nad810_091a04
- Kezhong Liang: zenit.senecac.on.ca:9417/nad810_091a05
- Katherine Ada Masseau: zenit.senecac.on.ca:9418/nad810_091a06
- Milton Paiva Neto: zenit.senecac.on.ca:9417/nad810_091a07
- Mohak Dilipbhai Vyas: zenit.senecac.on.ca:9418/nad810_091a08
- Enable Internet Services
- Online Virtual Machine
Week 7 (February 23) Fedora/Red Hat Directory Server
Scalable Centralized Authentication Services using RHDS
Study Week (March 2)
Week 8 (March 9) - Midterm Test
Midterm Test on March 10, 2009
Week 9 (March 16) - Advanced IP Routing
- -Slides-
- Policy routing
- QoS
- RVSP
- iproute resources
- ip command reference (I got this on the web, but can't find the source now. Help is welcome.)
Week 10 (March 23) - Linux Terminal Server and Diskless Workstation
The basic overview of Linux Diskless Workstation [1]
Linux Terminal Server Project LTSP - Theory of Operation
More Links
John Selmys' Diskless Client Configuration
Week 11 (March 30) - IPSec and VPN
Assignment 2
[2]Milton's Assignment #2 - Linux VPN with OpenSwan
Nes: a fantastic, awarding winning tutorial: 'VPN/IPSec for Dumpling'
Week 12 (April 6) - DNSSEC
DNS Security Extensions
- FOUR New Resource Record Types:
- The DNSKEY Record
- Zone-signing Key
- Key-signing Key
- The RRSIG Record - store the digital signature on an RRset
- The NSEC Record - "Next SECure" record, to indicate which domain name comes next after a given domain name
- The DS Record - for Delegation Signer
- The DNSKEY Record
- EDNS0 - Teh Extension Mechanisms for DNS, version 0
- handle a DNS message larger than 512 bytes
- DO flag - DNSSEC OK
- AD and CD flag for DNS queries:
- AD - Authenticated Data
- CD - Checking Disabled
- Zone Signing
- Use dnssec-keygen to generate KSK and ZSK pairs
- dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE mydomain.com.
- dnssec-keygen -a RSASHA1 -b 512 -n ZONE mydomain.com.
- Use dnssec-zonesige to sign the zone file
- dnssec-signzone -o mydomain.com. db.mydomain
- keyset file
- dsset file
- Use dnssec-keygen to generate KSK and ZSK pairs
References:
- DNS and BIND by Cricket Liu and Paul Albitz - 5th Edition
- ISC
- DNSSEC - BIND Administration Reference Manual
- Secure Domain Name System Deployment Guide - PDF file
Week 13 (April 13) - Review
- Assignment 2 Due (April 14)
- Final Quiz on April 16 (5%)
- Exam Review