Network Installation

Download Report

Transcript Network Installation

Introduction
IT 443 – Network Security
Door Code for S-3-143
*
Contact Operator for the current code
Class Assignment
• Lab assignments
– Students will form a team of two for lab work
– 2 choices:
• Students will use the IT lab VMware environment itvmvcs1.cs.umb.edu to finish the assignment
• Students will download the needed VM and use the lab
VMWare workstation to finish the assignment
– Students will use vSphere client for VMware host
connection. The client can be downloaded from
http://www.cs.umb.edu/~stran/Download
– Students will email the results to [email protected]
• Exams: 2, in the middle and at the end of the semester
Lab environment
• Logon with the vSphere client
– Server name: itvm-vcs1.cs.umb.edu
– ID: IT443s2tx (x: is your team number)
– Password: is provided by your instructor
• Verify that you see 2 VM in your list:
– Kali1
– 2K8_Webx (x: is your team number)
• Verify that you can logon to your Kali. ID and password
will be provided in class
Lab environment
• Kali IP: 10.10.10.1x
• Linux server: 10.10.10.5x
• Windows server: 10.10.10.10x
*** x is your team number
Sys admin and Info Sec
• System administration includes the installation, configuration
and maintenance of network equipment
• Management of virtual machine – software container into
which an OS and applications can be installed.
– VM function like physical server but without hardware
failure
– VM can be started and stopped on demand
• System administration is the first line of defense for CIA –
confidentiality, integrity and availability
– Availability : capability to recover
– Confidentiality: information stealing
– Integrity: information can be modified without approval
Sys admin tasks
• Installation: writing the necessary data in the appropriate
locations on a computer’s hard drive for running a software
program
– Installing the operation system (OS)
• Configuration: Selecting one among many possible
combination of features of a systems
– Complex configurations can create vulnerabilities
– Sys admin may be unable to fully comprehend the implications of the
components’ interactions
– Many desirable software components are not maintained. This creates
information security hazards
Access Control and User Management
• AC - the act of limiting access to information system resources
only to authorized users, programs, process or other systems
– Access to file or directory
– Access to network port and other OS-level structures
• AC - Can be controlled at the application level
• User management – defining the rights of organizational
members to information in the organization
– Update user record appropriately when users change roles
– Can organize users with similar privileges into groups
• Access control and user management is to fulfill
confidentiality and integrity in the CIA triad.
Monitor, Test and Update
• Monitoring to ensure desired performance and security
• Monitoring is the act of listening or recording the activities of a
system.
– Reactive monitoring – the act of detecting and analyzing failures after they
have occurred
– Proactive monitoring – the act of testing a system for specific issues before
they occur (vulnerability scanners)
• Software updates – the act of replacing defective software
components with components in which the identified defects have
been removed
– OS updates: fix issues with the low-level components
– Application updates: fix problems in individual applications
• Keeping systems update is a challenge because of the unpredictable
behavior of installed application on updated systems
Single point of failure
• A part of a system whose failure will stop the entire system
from working is a single point of failure
– Power supply
• Standard solution for single point of failure is redundancy
– Surplus capability to improve the reliability of a system
• Hardware failure
– Cold spares – requires downtime
– Hot spares – redundant components that are housed inside the server
and can replace the failed component with no downtime.
Microsoft Windows Admin
• 2 lines: desktop and server
– Desktop: support a wide range of computer hardware and
peripherals
– Server: support small set of hardware and peripherals and
include a number of services for access control and user
management
• Active directory provides centralized user management and access
control across all computers that are members of the domain
• Group policy implements specific configurations for users and
computers; used to restrict certain actions that may pose potential
security risks
• Domain controller maintains information on user accounts,
authenticates users and authorizes users to access resources.
System Center – admin utility
• System center: contains several tools for securely installing
and configuring Windows
• System Center Configuration Manager (SCCM) manage
– The Windows installation process on hundreds of servers and desktops
from one console
– Automate the update process for Windows and other software
packages that have been installed
• System center includes a monitoring system called System
Center Operations Manager (SCOM)
– Alerts hardware failures or other issues affecting the data availability
Linux Admin
• Linux is open source Operating System
• Major distribution of Linux is Red Hat Entterprise Linux (RHEL)
• Automated OS installation and configuration tools are:
– Jumpstart on Oracle Solaris
– Kickstart on RHEL
– Network installation Manager on IBM AIX
• Puppet: an application that provides cross-platform support
for configuring software after operating system installation
************