TNE80006 Secure Network Project 2020-1v.2 Page 1 of 4 V.1.5 Swinburne University of Technology TNE80006 Secure Networks Semester 1 – 2020 Securing Linux Server and Its Network Project Page 2 of 4...

1 answer below »
secure networks


TNE80006 Secure Network Project 2020-1v.2 Page 1 of 4 V.1.5 Swinburne University of Technology TNE80006 Secure Networks Semester 1 – 2020 Securing Linux Server and Its Network Project Page 2 of 4 V.1.5 Project Overview Project contributes 25% to your total subject score as per the unit outline and is, therefore a major assessment. This is an individual assignment and the project report must be submitted on Week 12 via the Canvas submission system. The other project deliverables need to be briefly demonstrated to the instructor in week 11 and 12 labs. So, all students have to be ready to present in week 11. In case, if instructor cannot cover all students in the same week, then some students will be pushed to week 12. This project will be mainly assessed based on the formal report submitted and the demonstration is more of a proof for your implementations. Project outline: This project requires you to implement a security solution to a scenario by using the knowledge and skills gained from lectures and labs as well as your own research. The project scenario describes the project in general terms and what sorts of security solutions are being expected to be built into the network. It is important to read and understand the scenario so as to identify the required security tools or solutions needed in the context of the given scenario. Project Deliverables You must prepare: • A Formal Written Report – Project Report Mark Allocation Guide A mark allocation guide will be provided in the coming weeks. Project Submission As per the project handout, the project is completely assessed on the formal report submitted. The demonstration in week 11 and week 12 lab classes is primarily for proving that you have accomplished the project scenario solution as a prototype. NB: Without demonstration, project report will not be evaluated and marked as zero You must submit the project report as a pdf document via Turnitin system on Canvas portal which will be due on Saturday 18th April 2020 23:59 PM Late submission – a penalty of 10% per day applies for a maximum of 5 days and then marked as zero. Page 3 of 4 V.1.5 Project Scenario KL.Swiss is a department store chain which is evolving in textile market due to its trend setter clothing products. The company has recently decided to host a web server in their network to account for an online shopping portal in order to cater increased demand for products and to strengthen its market. The company deployed a flexible, popular and open source http server - Apache 2.x, which can also make use of server-side scripting tools so as to facilitate dynamic web contents, on a CentOS Linux Server. The implementation was carried out by a system administrator trainee who had a very little understanding about server and network security. As part of testing he connected the web server to the internet and after a few days of monitoring he noticed that someone from a trusted IP address has been conducting TCP scans on the network. So, the company is worried that someone might be planning to attack the web server in the near future. As a senior network systems administrator, your task is to propose a secure solution by implementing and configuring appropriate security tools so as to secure the server and network from potentially malicious activities. The company’s CIO requires your solution design to cover below requirements: 1. Implementing firewall rules so that only http, https protocols are open to the public if attackers scan your system from the public network; 2. Creating self-ssl with your student ID and name in the certificate details; 3. Enabling https protocol on the webserver so that the users type http://webserver_ip or https://webserver_ip on users’ browser address bar, the server script auto redirect to https for secure transmission; 4. Installing and configuring a SQL server (MySQL referable) on the same as webserver and allow certain internal computer access to this database server using ODBC. For instance, a database username jack wishes to access to database name stock from Windows OS with IP address is 192.168.1.35. Then the database server rules only allow this username with provided set of conditions to access and deny for any other users from anywhere and to any databases on this database server, including database’s root account from remote; 5. Allowing remote secured administration control for a member of administrators. For example, username john is a member of administrators and wishes to access to ssh server from 192.168.1.35. Your tasks to re-configure the ssh server and server firewall which only username john access from a computer has 192.168.1.35 and allows to access ssh server and deny everything else, including root account from remote. Note: this question student can use ssh client on Apple Mac or putty.exe on Windows computer as a client. 6. Including at least one test machine in your design to be able to test your security design. Note: As this project is strictly based on securing the web server and the network, you are not required to implement any programming aspects of the server which is Web Development team’s job. You must include your name and student ID on the main page of your website Project Report Structure You are required to document a report that contains the following information. Page 4 of 4 V.1.5 Introduction A brief discussion on the given scenario and identification of possible threats this web server and the network might be vulnerable to. Network drawing A logical diagram showing the CentOS Linux server and test machines in your network. Design Discussion Discussion of your design and decision-making processes with justifications. Device configuration summary A table which includes various threats anticipated and their mitigations should be provided in this section. Threat/vulnerability Mitigating action/Tools Device Configured Commands Used Testing Plan An outline of the potential threats in your network and an overview of your testing to verify the successful mitigation of issues using the tools deployed. Output and screen dumps, alongside explanations should be included to verify that your design and configuration work.
Answered Same DayMar 28, 2021TNE80006Swinburne University of Technology

Answer To: TNE80006 Secure Network Project 2020-1v.2 Page 1 of 4 V.1.5 Swinburne University of Technology...

Gaurav answered on Apr 05 2021
112 Votes
Securing Linux Server and Its Network – Project
Introduction
In the project scenario is given that, we have to setup a lab where we do install the Linux server and then configure some security services and other services like web server, database and SSH. After that we have to filter he
traffic on Firewall base so that only privilege user can access the data or any other resources. Now, here we have to configure these all services in that way, that there will be no security flaws. As if we see that any unknown port is open, than an attack always try to get into that part. So, we have to perform the Linux Server Configuration and perform safety processes.
Here I design the setup for the scenario is provided to ensure the security safety of the Linux server and done the different ways to secure the Linux Server.
Network Diagram
Here I tried to make a scenario based system and server network topology to showcase the project scenario. Here I use paint and draw a network communication where we can simply understand the case scenario of the project and understand the how we can secure are Linux Server.
Figure – 1: Network Topology to showcase the project scenario
Here in the above I use one CentOS 8 as a Linux server and one windows 10 as a client machine. After that configuration, we will think to work on these servers. But as an Attacker side we are using the Kali machine and try to trigger in to our system to start it.
Here we use the software firewall and if we want so we can use Physical Firewall, to setup the Inbound and Outbound traffic.
Design Discussion
Here, in Figure we can see the case scenario which is pretty similar to the project base.
Now we can do check the why I have choose this Network topology. As, here we can established the network connection from server to client using the only two ways, either from SSH connection or through website, web server only.
For Database connections, it’s limited to two user only, root and John, other than that all our closed.
Now here we can see the step-by-step configuration process:
Step – 1:
Here, we have to setup the HTTP, HTTPS, protocol and it will be open to public only.
For this we have to following process:
· Install the httpd package
· Then configure the html file and enable the ports and services
#firewall-cmd –permanent –add-service=httpd
#firewall-cmd –permanent –add-protocol=tcp
#firewall-cmd –permanent –add-port=80
#firewall-cmd –permanent –add-port=443
#firewall-cmd –reload
#systemctl restart httpd.services
Figure – 2: httpd service file configuration
Figure -3: Firewall permanent runtime and reloading
Figure – 4: Adding the http, https, protocol and port number in Firewall accessing to public zone
Figure -5: Output after the configuration done
Step -2: Creating the self SSL certificate for the webserver.
Here we have to follow below process;
#cd...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here