Asc Hanoi 2014 Module A Day1

ASC_HANOI_2014
1 of 13

DAY 1 Test project Windows and Linux
Environments

Version: 1.0
ASCHANOI_2014_DAY1 Date: 19.03.14 2 of 13
OVERVIEW
DAy 1 ....................................................................................................................................................... 3
CONTENTS .......................................................................................................................................... 3
INTRODUCTION .................................................................................................................................. 3
DESCRIPTION OF PROJECT AND TASKS ....................................................................................... 3
PART 1 ................................................................................................................................................. 4
Working Tasks Windows Virtual Server Wincore1 ....................................................................... 7
PART 2 ................................................................................................................................................. 8
PART 3 ................................................................................................................................................. 8
APPENDIX ............................................................................................................................................... 9
SPECIFICATIONS ............................................................................................................................... 9
lnxrtr1 ............................................................................................................................................... 9
lnxsrv1 ............................................................................................................................................. 9
winsrv1 ............................................................................................................................................. 9
Wincore1 .......................................................................................................................................... 9
lnxclt1 ............................................................................................................................................... 9
Winclnt1 ........................................................................................................................................... 9
Winclnt1 ........................................................................................................................................... 9
Notebook1 ..................................................................................................................................... 10
NETWORK SPECIFICATIONS ..................................................................................................... 10
INSTRUCTIONS ................................................................................................................................ 13
INSTRUCTIONS TO THE COMPETITOR .................................................................................... 13
EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED ......................... 13

Version: 1.0
DAY 1
CONTENTS
This Test Project proposal consists ofthe following document/file:
1. ASC_HANOI_2014_DAY1

INTRODUCTION
Warning: SAVE ALL YOUR CONFIGURATIONS!!! Every device will be rebooted before marking.

The competition has a fixed start and finish time. You must decide how to best divide your time.

Please carefully read the following instructions!

Due to the problem of VMWare freezing, please do not connect the DVD drives (.iso) when they are
not in use.

DESCRIPTION OF PROJ ECT AND TASKS
You are working for a book and movie library in Hanoi.
As the library is growing, a relocation was planned. You have been assigned with building the network
infrastructure at the new location.
For the employees, you have to setup a server for file sharing as well as ensure access through VPN
by road warriors.
The visitor area is equipped with a few guest computers for browsing local and internet webpages. For
speeding up internet access, a proxy should be used.
You are also responsible for setting up the webserver, which hosts internal as well as external web
sites.
Please consult the diagrams and other additional information is provided inthe appendix.

Version: 1.0
PART 1
Work Task Installation (lnxrtr1, lnxsrv1)
Note: Please use the default configuration if you are not given the details.
The base Debian OS has been set up on lnxsrv1.

Work Task Server lnxrtr1
Configure the server with the hostname, domain and IPspecified in the appendix
Install the services:
o Routing
Enable routing
Use rtr1 as default gateway
o Firewall (iptables)
Prohibit access from External to neither Guest nor Internal VLAN
Prohibit access ping from the whole Guest VLAN (VLAN 20) to any network
Forward all HTTP traffic from Guest VLAN to local proxy
o Proxy (squid)
Configure in transparent mode
You are testing the blocking function of Squid, so as a test you decided to
block HTTP access to all hosts in the sub.library-hanoi.vn domain. You will
test it on lnxclt1.
You need to perform necessary configuration on either the DNS server on
lnxclt1 so that www.sub.library-hanoi.vn and m.sub.library-hanoi.vn resolve to
IP addresses not on the inside network (Internal, Guest).Plese keep in mind
that the IP addresses do not have to really exist as the proxy will block access
to them anyway.
o VPN (OpenVPN)
Configure VPN access to Internal VLAN. External clients should connect to
81.6.63.115 which has been already mapped to lnxrtr1s VLAN 10 IP address
on rtr1.
Make sure that VPN clients can only access server lnxsrv1
For login create a user vpn with password Skills39
Use address range 172.17.118.200 to 172.17.118.255 for VPN clients
Either the built-in CA or preshared key can be used

Version: 1.0
Work Task Server lnxsrv1
Configure the server with the hostname, domain and IPspecified in the diagrams shown in
appendix
Install the services

o Webserver (Apache2)
Install apache2 including php5
Enable both HTTP and HTTPS
Use a certificate signed by lnxsrv1
o Make sure no certificate warning is shown
Create websites library-hanoi.vn and intranet.library-hanoi.vn
For library-hanoi.vn, HTTP access should be redirected to HTTPS
automatically
Make sure intranet.library-hanoi.vn is protected by authentication
No authentication is needed from Internal VLAN
Use user library with password Skills39
Show on both websites the website name (the fully qualified domain name)
and the current date and time
As a basic security measure, make sure Apache2 provides minimum
information in the response regarding the OS and its version.
o FTP (vsftpd)
Create a FTP user account for each website of the webserver
User library with password Skills39
User intranet with password Skills39
Make sure the users are jailed in their respective website document root
directories
o Configure SSH service
If the user user1 on lnxclt1tries to login as the user intranet on lnxsrv1, it
must be done using public key authentication and the passphrase must be set
to Skills39
Root access is prohibited
It has to listen on port 2222
o Monitoring (Cacti)
Create an admin-user master with password Skills39
Create a graph showing the traffic statistics of the interfaces of the switch
using SNMP v2c (refer to part 2 for details)

o CA (openssl)
Configure as CA
CA attributes should be set as follows
o Country code is set to VN
o Organization is set to WorldSkills International
Create a root CA certificate
Install the services
o File sharing (Samba)
Share internal
Path is /data/internal
Give access only to user library with password Skills39
Make sure the share is not shown in the network browser of the
clients
Share public
Path is /data/public
Enable read-only access to everyone

Create a backup script named backup.sh located in roots home directory which will use tar
withgzip compression to back up the files located inside /etc (including /etc itself and its sub-
directories). The backup file is named using the pattern backup-YYYY-MM-DD-hh-mm-
ss.tar.gz and should be put into the /backup directory.

Version: 1.0
o Schedule crontab to run it every 5 minutes

Configure Lnxsrv1 to join Domain with WinSrv1 Active Directory User.

Work Task Server winsrv1
Configure hostname, ip address the server with the settings specified in the appendix
Configure the disk and partitions:
o Disk 1 & 2 (10 GB)
D:\ DRIVE 10GB RAID1 (mirrored)

Install Active Directory Domain Services for library-hanoi.vn.
o Use Skills39 as the Active Directory Recovery Password
o Create a new Organizational Unit named hanoi. All new users and groups must be
created in this OU.
o Create the user and security global group with membersas indicated in the following
table. Use Skills39as the password for all user accounts.
Groups Members
IT itXX (01 50)
Sales salesXX (01 50)
Marketing mktXX (01 50)
Visitor visitorXX (01-10)
Employees IT Group, Sales Group, Marketing Group

Install the services:
o File sharing

Folder Target Local Folder on both Servers Description
\\WinSRV1\rfolders

D:\share\rfolders On WinSRV1

Folder Redirection &
home folder
\\WinSRV1\IT

D:\share\IT On WinSRV1

Departmental Share
for IT
\\WinSRV1\Sales

D:\share\Sales On WinSRV1

Departmental Share
for Sales
\\WinSRV1\Mkt

D:\share\Mkt On WinSRV1

Departmental Share
for Marketing
Configure users profiles and share folders:
o Create users home folder \\library-hanoi.vn\skills\rfolders\username and ensure it is
mapped to Z: at each logon automatically.
limit the storage space to every home folder to 50MB
Prevent any .exe and .bat files to be stored on the home folder.
o Redirect the Documents folder to \\library-
hanoi.vn\skills\rfolders\username\Documents.
o Create departmental share folders on \\library-hanoi.vn\skills\IT, \\library-
hanoi.vn\skills\Sales and \\library-hanoi.vn\\skills\Marketing and map the respective
share folder to Y: at logon, depending on the department the user is in. Users should
not be allowed to access other departments or users home shares.
Enable read-only access to everyone

o DHCP
Scope for Guest VLAN:
Range: 192.168.20.10 192.168.20.254
Gateway: 192.168.20.1
DNS: 172.17.116.10
Scope for Internal VLAN:

Version: 1.0
Range: 172.17.117.0 172.17.117.255
Gateway: 172.17.116.1
DNS: 172.17.116.10
DNS-Suffix: library-hanoi.vn

o DNS
Make sure DNS library-hanoi.vn both websites are resolvable to the external
IP address of rtr1
Requests from internal networks (DMZ, Guest, Internal) for both websites
should be resolvable to the internal IP address of lnxsrv1

o Active Directory
Use Skills39 as the Active Directory Recovery Password
Create a new Organizational Unit named Hanoi2014. All new users and
groups must be created in this OU.

GPO Password Policies
o Ensure the company user password must meet the following criteria:
Domain passwords will be at least 6 characters.
Strong passwords need not be enforced.
Passwords will be changed every 90 days.
Accounts will be locked out for 5 minutes after five invalid logon attempts.
The password of the users in IT group must meet the following criteria:
o Domain passwords will be at least 8 characters.
o Complex passwords will be enforced.
o Passwords will be changed every 30 days.
o Accounts will be locked out for 5 minutes after three invalid logon attempts.
GPO Security Policies
o At logon on winclnt1, users should see this message before logging in: For
authorized usage only. Unauthorized usage is strictly prohibited.
o All users, except the IT group, are not allowed to access the display settings on the
Control Panel.
o Configure Restricted Group policy to include IT group in the local Administrators group
for all of the organizations computers.
o disable the use of USB devices for the Visitor group
o disable the use of cmd and run for the Visitor group
o hide all local drives for the Visitor group
Install Print Server
o Add the network printer to this print server.
o Delegate IT group as the Print Administrators.
o Publish the printer to the entire organization in Active Directory, so that it can be
searched by location (Main).
o IT and Sales Groups should be the only users who can print jobs to the printer.
o Printer drivers can be located in D:\hanoi2014\drivers\printers.
Working Tasks Windows Virtual Server Wincore1
Please configure the server with the settings specified in the diagram at the end of the
document.
Install Microsoft Windows Server 2008 R2 Server Core (Enterprise).
Install IIS
o Setup the company web server www.hanoi.vn.
Install Branch Cache
o Configure Distributed cache mode for the IIS web server

Version: 1.0

PART 2
Work Task Networkswitch swi1
Connect LAN cables and configure hostname and IP addressesaccording to the network
diagram in the appendix
o All other ports should be configured for clients of Guest VLAN
Enable snmp v2c with WSI as the read-only community string

Work Task Networkrouter rtr1
Connect theLAN cablesaccording to the network diagram in the appendix
Load the configuration file provided to you, which configuresthe following items according to
the network diagram in the appendix
o IP addresses
o Routing to reach all networks.
o PAT (overload) for internet access
o Static NAT mappings
192.168.10.2 <=>81.6.63.115
192.168.10.10<=>81.6.63.114
Save the configuration

PART 3
Work Task Installation (lnxclt1)
Install a GUI (graphical user interface) of your choice
Create a user named user1 on AD with password Skills39

Work Task Installation (winclt1)
Join Client1 to library-hanoi.vn domain
Logon as random IT users
o IT users are able to access departmental share at Y:
o IT users are able to access home folder at Z:
o IT users are local administrator
Logon as random Sales users
o Sales users are able to access departmental share at Y:
o Sales users are able to access home folder at Z:
Logon as random Marketing users
o Marketing users are able to access departmental share at Y:
o Marketing users are able to access home folder at Z:
Logon as random Visitor user
o Visitor users are not able to use a USB device
o Visitor users are not allowed to run cmd and run
o Visitor users do not see the local hard drives

Work Task Notebook1
Configure the client with the hostname, domain and IPspecified in the appendix
Make sure the client can connect to lnxsrv1 (via lnxrtr1)through VPN
Make sure the root CA certificate of lnxsrv1 is trusted
Install FileZilla FTP client
Make sure to access the Samba server.

Version: 1.0

APPENDIX
SPECIFICATIONS
lnxrtr1
Organization: library-hanoi.vn organization
Computer name: lnxrtr1
Domain name: library-hanoi.vn
User name: root
Administrator password: Skills39
IP addresses: 192.168.10.2
192.168.20.1
172.17.116.1
lnxsrv1
Computer name: lnxsrv1
User name: root

winsrv1
Computer name: winsrv1
User name: Administrator

Wincore1
Computer name: Wincore1
User name: Administrator

lnxclt1
Computer name: lnxclt1
User name: root

Winclnt1
Computer name: Winclnt1
User name: Admin
IP addresses: DHCP (VLAN 30)

Version: 1.0

Notebook1
Computer name: Notebook1
User name: Admin
IP addresses: Static

NETWORK SPECIFICATIONS
External network 81.6.63.111/30
VLAN 10 (DMZ) 192.168.10.0/28
VLAN 20 (Guest) 192.168.20.0 /24
VLAN 30 (Internal) 172.17.116.0 /22

Version: 1.0

Version: 1.0

THIS PAGE IS LEFT BLANK INTENTIONALLY

Version: 1.
ASCHANOI_2014_MODULE_A Date 2014-03-21 13 of 13
INSTRUCTIONS
INSTRUCTIONS TO THE COMPETITOR

Warning: SAVE ALL YOUR CONFIGURATIONS!!! Every device will be rebooted before marking.
Do not bring any materials with you to the competition.
Mobile phones and any electric devices are prohibited.
Do not disclose any competition material / information to any person during each days competition.
Read the whole competition script prior to starting your work.
Be aware of different tasks attract a percentage of the overall mark. Plan your time carefully.

EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED
PowerPC 1:
Performance PC with 16GB memorywith 3 network cards (one is onboard)
VMware Workstation preinstalled
VMs are preconfigured
PowerPC 2:
Performance PC with 16GB memorywith 2 network cards
VMware Workstation preinstalled
VMs are preconfigured
Network:
1x Switch Cisco 2960
1x Router Cisco 1941 - SEC/K9 (IOS UNIVERSAL - S190UK9-15104M)
Additional software:
Operating System (Debian 7) (DVD1-3 as .iso files available on D: drive)
Drivers for peripherals
Additional equipment:
Console Cable for Router/Switch

Asc Hanoi 2014 Module A Day1

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Asc Hanoi 2014 Module A Day1

Hochgeladen von

Copyright:

Verfügbare Formate

ASC_HANOI_2014

Das könnte Ihnen auch gefallen