| 26 February |
No First Lab Go through the prelab material.
Introduction
Zhiyi Huang
- Introduction to the paper, and system and network administration
Lab 00: Prelab Material
Marks: None
- Familiarisation with using Unix in the new Windows lab environment.
- Develop your skills in the terminal shell to help you work faster and smarter.
Network Hardware and Protocols
Zhiyi Huang
- A quick tour of IEEE standards.
- Ability to identify common network hardware, such as a network interface card, hub, switch, router; explain the purpose of each.
- While we concentrate on IP and ethernet in this paper, the student should also have a little exposure to concepts such as serial connections (eg. DSL), and also high-speed interconnects such as InfiniBand or FibreChannel.
- Be able to appreciate the difference between various bus interconnections, and why on-board NICs may give superior performance.
- Understand how network traffic enters and leaves a machine, from a basic understanding of what a socket is, to a more thorough understanding of concepts of hardware interrupts, DMA, and performance issues such as zero-copy (scatter/gather I/O).
Lab 01: Introduction to VirtualBox and Linux VM
Marks: None
- Familiarisation with the VirtualBox-based lab environment and resources.
- Develop your skills in the terminal shell to help you work faster and smarter.
|
| 4 March |
Assignment 1 (10 marks) released, due in the week of 20 March
This assignment is mainly based on the skills learnt from Lab01, Lab02, and Lab03.
You are required to repeat the necessary steps of these labs and create a new client named ClientPro that is properly configured within the network 192.168.10.0/24 and has both IPv4 and IPv6 Internet connections after reboot.
You are expected to find detailed requirements of the assignment by asking questions. You can also show your initial work to the demonstrators to get feedbacks before due date.
In case the system crashes and you lose your work, you should keep a journal (log) of your work such as
progress made, errors found and corrected, screenshots, etc to show that your system worked.
IPv6 Bootcamp
Zhiyi Huang
- Revise IPv6 addressing
- Understand basic IPv6 mechanisms, such as stateless address autoconfiguration, neighbour discovery and router advertisements
- Topics such as DNS are not talked about yet, that is covered in a later lecture.
- Advanced topics such as Mobile IPv6 or IPSec are not encountered in this lecture.
- Brief overview of transition mechanisms.
- Security problems associated with IPv6.
- Interface management in Linux.
Lab 02: Basic Interface Management
Marks: None
- View the status of Ethernet interfaces and the result of auto-negotiation.
- Name interface logically when this is appropriate.
- Practice the use of IPv4 configuration and query tools.
- Practice the administration of IPv4 interface configuration in Ubuntu Linux.
Scripting Technique
Zhiyi Huang
- Understand the concept, scope and benefits of applying the use of scripting solutions.
- Learn the constructs used in developing Bourne shell scripts.
- Learn a number of useful commands, as applied to example problems.
- Spend a little time covering common uses of sed and awk.
Lab 03: IPv6 Bootcamp
Marks: None
- Practice enabling and disabling IPv6 on Linux, and how to control autoconfiguration etc.
- Observe how IPv6 works with router advertisements.
- Practice the use of IPv6 configuration and query tools.
- Practice the administration of IPv6 interface configuration in Ubuntu Linux.
- Practice the creation of tunnels and how this complicates things.
|
| 11 March |
Filesystems
Zhiyi Huang
- Be aware of the different types of hard-drive technologies, including ATA, SCSI and SATA, including the performance issues of each.
- Understand how Unix (and to a lesser extent Windows) file-systems work, including concepts of inode, permissions, links, journalling and performance issues such as block size and fragmentation.
- Have an understanding of other access-control mechanisms, such as access-control-lists (ACLs); the difference between discretionary and mandatory access-control.
- Be able to identify different types of file-system objects found in the file-system, such as files, directories, symbolic links, named pipes etc.
- Identify the common RAID levels.
Lab 04: Shell Scripting/vim
Marks: None
- Utilise best practices in creating UNIX shell scripts.
- Practice the constructs covered in the lecture.
- Create a script to generate a report about web-server utilisation.
Basic System/Network Administration
Zhiyi Huang
- Learn about the available network configuration and diagnostic tools for IPv4.
- Learn about the available network configuration and diagnostic tools for IPv6, especially stateless autoconfiguration.
Lab 05: Filesystems
Marks: None
- Create and manage file-system objects, assign permissions.
- Use access-control-lists.
- Use common archival tools.
- Investigate a particular backup solution.
|
| 18 March |
Assignment 1 (10 marks) due this week
The first assignment on the IPv4/IPv6 client is due this Wednesday.
Show the demonstrators your client named ClientPro works for both IPv4 and IPv6 after a reboot. Get your assignment checked by 6pm on Wednesday.
System Installation
Zhiyi Huang
- Understand methods of which operating systems can be installed.
- Understand the role virtualisation plays in a modern infrastructure.
- Basic steps involved in installing any (esp. Linux) system.
- Learn how a classical Linux/UNIX systems boots and how this is changing.
- Managing security during installation.
- Investigate some methods used to manage mass installations.
- Learn about best practices in account management, and managing access to administrative privileges.
Catchup
Marks: None
- This lab session is dedicated to students who need to catch up. Students who are up-to-date will have lower priority.
Post-Installation
Zhiyi Huang
- Basic user management.
- Trim any unnecessary services to reduce security exposure.
- Look at system-hardening methods, and sources of best practices.
- Investigate the use of version management tools to manage configuration files.
- Look at where services may be started, and how to manage inetd or xinetd.
Marking assignment 1
Marks: None
- This lab session is dedicated to marking assignment 1. Students whose assignment 1 has been marked off will have lower priority.
|
| 25 March |
Assignment 2 (25 marks) released, due in the week of 1st May
This assignment is mainly
to show that you can apply the skills learnt from relevant labs to a new context.
You are required to create a new server named ServerPro using the New
operation under VitualBox Manager. ServerPro should be properly configured
and host five services (DNS, DHCP, SSH, Email, and WWW).
Each service is worth 5 marks.
Here are some details of the assignment. Feel free to ask the teaching team questions to find out more details or get your initial work
checked in an early stage in order to get feedbacks. First, ServerPro should be in a
network with subnet id 192.168.2.0 and netmask 255.255.255.0 (different from the one used by Server1),
where there are ClientPro and Client2 (boot with live CD) for testing purposes.
Second, DNS should work to support all network services with IP names, though reverse mapping and IPv6
will be tested for individual cases to show they function well. Third, DHCP should work to support ClientPro
to get a static IPv4 address and Client2 to get a dynamic IPv4 address. Fourth, SSH should work to allow
ClientPro to have a password-less login to ServerPro. Fifth, Email should work to allow user mal on ClientPro
and another user bob on Client2 to send emails to each other and process them with Thunderbird. Sixth, WWW
should allow ClientPro or Client2 to get a .php page using domain names www.localdomain. and www.cosc301.otago.nz.
We will test the 5 services after reboot of ServerPro, ClientPro, and Client2. Each service is worth 4 marks. In addition,
you need to answer a number of questions in writing, which is worth 5 marks.
In case system crashes and you lose your work, you should keep a journal (log) of your work such as
progress made, errors found and corrected, screenshots, etc to show that your system worked.
Wireless Networking
Zhiyi Huang
- Develop a familiarity with wireless terminology and behaviour, including how signals behave and interference.
- Develop a working knowledge of basic 802.11 wireless networking, sufficient to set up such a network using best practices.
- Understand the motivation and basic structure of a Wireless Distribution System (WDS).
- Understand the purpose and basic mechanisms of network authentication using 802.1x and RADIUS (WPA-Enterprise).
- Familiarise students with the various types of antennas, and the typical coverage volumes and uses.
- Understand the correct use of independent (ad-hoc) networks.
Lab 08: System Installation
Marks: None
- Ubuntu Linux into a VirtualBox virtual machine.
- Create appropriate set-up and configuration documentation for the system.
- Perform any necessary security updates.
Scheduled Tasks and Log Management
Zhiyi Huang
- Investigate possible uses, benefits and costs of scheduled tasks by administrators and users.
- Look at how scheduled tasks can best be managed on a typical Linux system, what is lacking, and how it is changing.
- Look at how logs can be rotated and archived (and the benefits and costs), and laws and regulations for log-keeping.
- Learn about how logs can be filtered and monitored.
- Set up cloud services in Ubuntu.
Lab 09: Post Installation
Marks: None
- Find out what services are running, evaluate the necessity of each, and stop or limit those that are not needed.
- Configure inetd or xinetd to manage services used by those.
- Use TCP Wrappers to limit access to services.
|
| 1 April |
Easter Break
|
| 8 April |
The Domain Name System (DNS)
Zhiyi Huang
- Learn the configuration methods and elements for a DNS client.
- Understand how DNS works.
- Learn about best practices in DNS management.
- Learn how DNS handles IPv6 and the problems that occur.
- Find out what additional security features are available in DNS such as DNS-SEC and TSIG.
- Look at current issues, including Internationalised Domain Names (IDNs.)
Lab 10: Scheduled Tasks and Log Management
Marks: None
- Look at how scheduled tasks are managed on an Ubuntu Linux system.
- Manage scheduled tasks by adding a new task.
- Modify log rotation and archive settings.
- Filter log entries using simple regular expressions.
- Enable remote syslog operation.
Address Assignment and Service Discovery (DHCP)
Zhiyi Huang
- Learn about the development that lead up to DHCP.
- Learn about the DHCPv6 and its relationship to router advertisements and stateless address auto-configuration.
- Look at how DHCP services can be made more reliable.
- Find out about problems faced by DHCP implementations, and best practices to manage them.
- Investigate alternative ways of service discovery that are not addressed by DHCP.
- This should introduce concepts of directory services.
- Look at how Dynamic DNS helps solve the service discovery problem.
- Investigate how service discovery is solved in an ad-hoc network, by using link-local addresses, mDNS, and DNS-SD.
Lab 11: The Domain Name System (DNS)
Marks: None
- Practice using the available DNS querying and diagnostic tools.
- Configure the BIND 9 DNS server using best practices for a small network environment.
- Add IPv6 data to the DNS.
- Add IDNA data to the DNS.
- Audit and harden security settings.
|
| 15 April |
Remote Terminal Services (SSH)
Zhiyi Huang
- Understand the history of remote terminal services, and the problems associated with each.
- Understand the problems that SSH solves.
- Explore the various ways that ssh can be used.
- Look at the development of GUI-based terminal services, including issues such as remote assistance, multiple logon, compression, ancillary services (file transfer, report gathering, command execution).
- Look briefly at X11, VNC and Remote Desktop.
Lab 12: Address Assignment and Service Discovery
Marks: None
- Install and configure a DHCP server and provide basic services including static and dynamic address assignments.
- Install and configure radvd, a IPv6 SLAAC daemon.
- Install and configure a DHCPv6 server.
Electronic Mail
Zhiyi Huang
- Understand the processes by which the electronic mail is sent on the Internet, including a reasonable understanding of the SMTP, POP and IMAP protocols.
- Understand the problems solved by MIME.
- Understand the problems of spam and viruses, and tools and techniques for combatting it.
- Look at cryptographic tools available for protecting e-mail content, such as GPG, and the nature of such protections.
Lab 13: Remote Terminal Services
Marks: None
- Set up public key access using best practices.
- Practice using SSH tools to explore major features.
- Configure SSH services using best practices.
- Identify security weakpoints introduced using SSH services.
- Experience using X11 tunnelled over a SSH connection.
- Experience accessing either VNC or Remote Desktop to access a remote machine (optional, at home activity)
|
| 22 April |
World Wide Web (WWW)
Zhiyi Huang
- Observe a HTTP request and identify important fields and their function.
- Get an overview the mechanisms that can be used to generate content dynamically.
- Look at the common security problems involved in building web applications, and how these risks can be mitigated.
- Learn about the use of virtual hosting.
- Touch on issues of high performance and availability, such as load-balancing, clustering, fail-over techniques.
Lab 14: Electronic Mail
Marks: None
- Provide basic e-mail services to a small network, including a manually-managed mailing list.
- Provide basic spam protection and filtering.
- Use GPG to protect e-mail content.
Guest Lecture: TBD
TBD
- By a professional from industry
Lab 15: World Wide Web
Marks: None
- Install and configure the Apache web server.
- Enable the PHP pre-processor and create some simple content.
- Configure name-based virtual domains.
- Protect content using various forms of access control.
- Harden the web server configuration using best practices.
|
| 29 April |
Assignment 2 (25 marks) due this week The second assignment on the server is due this Wednesday.
Show the demonstrators your server named ServerPro which hosts five services
(DNS, DHCP, SSH, Email, and WWW) works.
Get your assignment checked by 6pm on Wednesday.
Transport Layer Security (TLS)
Zhiyi Huang
- Cover basic cryptography concepts.
- Look at the brief history of Transaction Layer Security (TLS) and Secure Sockets Layer (SSL).
- Understand how certificate-based cryto-systems work.
- Know what TLS can and cannot effectively guard against.
- Look at the process of getting a certificate, and the cryptographic mechanisms behind having a certificate signed.
Catchup
Marks: None
- This lab session is dedicated to students who need to catch up. Students who are up-to-date will have lower priority.
Network Security
Zhiyi Huang
- Tie up loose ends.
- Talk about Network Administration.
- Learn about common security attack vectors to the system and network.
- Recap of material covered so far, concentrating on the principles involved.
Catchup
Marks: None
- This lab session is dedicated to students who need to catch up. Students who are up-to-date will have lower priority.
|
| 6 May |
Internal Routing
Zhiyi Huang
- Understand routing issues, and the benefits and costs of dynamic routing.
- Understand the differences between internal and external routing algorithms, and the different problems each must solve.
- Understand basic RIP and the improvements that can be made of it.
- Understand the differences between OSPF and RIP, and why OSPF is superior.
- See how different routing domains can be integrated.
- Investigate the security issues faced by dynamic routing.
- Cover the common configuration mechanisms of routers.
Lab 18: Virtual LANs & Internal Routing
Marks: 5
- Learn about and configure virtual LANs.
- Gain experience with the Vyatta OFR router platform.
- Configure static routing.
- Configure a network to use RIP.
- Configure a network to use RIPng for IPv6.
Management Tools & Protocols
Zhiyi Huang
- Understand the aims, uses, benefits and costs of monitoring systems for network elements.
- Understand the structure of SNMP, and how it is used. Look briefly at alternatives.
- Look at common ways of presenting or using the data.
- Evaluate the usefulness of in-band and out-band monitoring and alerts.
- Look at best practices in deploying a management solution.
- Cover concepts such as Lights Out Management.
- Briefly look at policy-based configuration using tools such as configd.
Lab 18: Virtual LANs & Internal Routing (cont.)
Marks: None
|
| 13 May |
Virtual Private Networks
Zhiyi Huang
- Types of VPN: Intranet VPN and Extranet VPN.
- How VPN works.
- Pros and Cons of VPN.
- VPN protocols.
Lab 20: Virtual Private Networks (VPN)
Marks: 3
- Learn about and configure virtual private networks.
Network Accounting & Visibility
Zhiyi Huang
- Understand the philosophical and technical issues regarding network accounting.
- Explore ways we can observe what is happening on a network.
- Observe the security benefits and costs of accounting, including how it pertains to visitor and wireless networks.
- Understand what we can account for.
- Learn about the common NetFlow protocol, and to what extent it meets the requirements.
- Learn a little about RADIUS and the accountancy data it can provide.
- Look at how network measurement and accounting can be integrated into a defence-in-depth strategy.
- Cover best practices in network accounting.
Lab 19: Subnetting Tutorial
Marks: 2
- Learn how to subnet a network and become comfortable working with IPv4 CIDR addressing.
- Cover subnetting and addressing in IPv6.
|
| 20 May |
Firewalls
Zhiyi Huang
- Understand where a firewall fits into a network infrastructure.
- Survey the different firewall architectures available.
- Trace the path of a packet through a firewall.
- Find the types of traffic that firewalls should protect against.
- Understand the benefits and costs of stateful packet inspection.
- Look at best practices in firewall design and management.
- Learn about common firewall-associated tasks, namely NAT.
Lab 21: Firewalls
Marks: 5
- Implement a firewall based on a given policy.
- Implement source and destination NAT.
Exterior Routing
Zhiyi Huang
- Understand the issues relating to routing between autonomous systems, and how it is different to interior routing systems.
- Understand the basics of Border Gateway Protocol (BGP).
- Investigate Internet Management issues relating to routing.
- Investigate the security issues and best practices in managing BGP.
Lab 21: Firewalls (cont.)
Marks: None
|
| 27 May |
Final Week
Diagnostics & Ethics
Zhiyi Huang
- Cover diagnostic techniques, and what to do in a crisis.
- Look at fault-management procedures.
- When to use scheduled and unscheduled outages.
- Discuss ethical restraints the System/Network Administrators have to consider, and their legal/regulatory/moral responsibilities.
Catchup
Marks: None
- This lab session is dedicated to students who need to catch up. Students who are up-to-date will have lower priority.
Revision
Zhiyi Huang
- Re-cap of the paper.
- Exam preparation.
- Questions and Answers
Final Lab (The final chance to get labs or assignments checked by demonstrators.)
Marks: None
- The final chance to get labs or assignments checked by demonstrators.
|
