ppt - TAFE Trojans
Download
Report
Transcript ppt - TAFE Trojans
TAFE Trojans
http://trojans.virtualhost.com.au
Cert 4 Project
A Little About Ourselves
The Trojans…
Nick: Security, firewalls, UNIX and switch management.
Paul: Cable Runs, Hardware, web design/management and Documentation.
Kellie: Pricing, Documentation, Time Management and Project Analysis.
Ian: Research, tech support and Time Management.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
The Job
As a part of the cert IV class, TAFE has asked us to address certain
problems existing on the network.
These issues are…
• 30 day secure channel problem
• PXE Workstation Imaging
• Internet control and filtering
• Network Speed to classroom C-312
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
What We Will Do
• 2 New Gigabit Switches for C-312 and C-block server room.
• Installation of Smoothwall School Guardian
• Implementation of PXE network boot imaging.
• 30 day secure channel problem.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
What We Won’t Do
• System Backups.
• Anti-Virus.
• KVM-Switch for server room – Already a 4 Port in room.
• USB Caddies.
• Facility for storing Ghost images – Flash Already Sufficient.
• Wireless Connectivity – Not important at the moment but a future
possibility.
• Domain Controller – IT.net is happy with their 2000 server at the moment.
Moving onto 30 day secure channel…
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness
will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
The Problem.
- after 30 days, the it.net computers can’t log onto goth because the secure
channel password has changed.
- typically a computer has its own individual name and account on the DC,
and doesn’t suffer this problem.
- unfortunately tafe’s computers all share the same name and therefore he
same secure channel password and account.
- this password identifies individual computers to the domain, and changes
every 30 days.
- for Tafe, once this password changes for one computer, the other
computers can’t log on because they are using the old password with the
same account.
- this is where we found a fix
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
First attempt.
• The first registry key we found changed the amount of days till password
expriry
• Allowed a potential of 1 000 000 days
• When the server restarted the registry value was reset
So we thought we could build a startup script or find a better solution.
We went for option 2 ….. We found another key.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
Second Attempt
The “new” key is at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg
Values\MACHINE
/System/CurrentControlSet/Services/NetLogon/Parameters/MaximumPasswordAge
Changing the key allows to enable/disable the maximum password age,
rather than specify days.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
These changes are illustrated thorough the following various pictures
The Registry Entry Before it was changed
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
These changes are illustrated thorough the following various pictures
The Registry Entry After it was changed
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
These changes are illustrated thorough the following various pictures
The Policy Editor Before it was changed
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
These changes are illustrated thorough the following various pictures
The Policy Editor After it was changed
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
30 day Secure Channel
Because of these changes through the registry, in effect it turns off the 30
day check.
Moving onto PXE…
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
PXE
Pre-boot Execution Environment
overview
• A network boot enabled PC makes imaging a host computer very easy.
• Most computers today support network boot.
• Enabled through bios, select first boot device as network boot.
• Relies on a DHCP and TFTP server
• OS images are transferred via TFTP to the host computer.
• The option for a boot menu for user input is available.
• Replaces the need for individual boot floppies. (“Thank god” says Andy)
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
PXE
Pre-boot Execution Environment
process
• Firstly the network boot PC looks for a IP address through DHCP.
• The file dhcpd.conf on the DHCP server has a static entry for the
workstation, and the bootfile to load.
• The Server responds with an IP and asks the client if network boot
enabled.
• The workstation says “Yes” then gets an IP and is directed to the TFTP
server.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
PXE
Pre-boot Execution Environment
Process (con’t)
• At the TFTP server the workstation requests the “filename”.img referred
to in the dhcpd.conf file on the DHCP server and executes it.
• The boot image does the rest, maps drives, runs ghost and images the
host computer
Moving on to Smoothwall…..
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Introduction to Smoothwall
• Linux based operating system.
• Simplified Linux Kernel
• We will be demonstrating the free version – Smoothwall Express
• Very powerful firewall and internet filter
• Very easy to install
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
System monitoring..
• Notices of available smoothwall updates
• System Uptime, Process status, Disk Usage
• Traffic graphs
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
This is the main Smoothwall front page.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
This is the statistics area.
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Traffic Graphs
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Security..
Port Forwarding
• DMZ Pinholes
• Remote access
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Port Forwarding Interface
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
DMZ Pinholes Interface
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
More Security..
• IP Blocking
• Internet Connectivity (PPP)
• Log Viewer of all activity
• Settings - Backup
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Supporting Text
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
PPP Internet Connectivity
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Smoothwall
Settings - Backup
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Budget
• 2 New switches for C3-12 and C-Block server room
- $1310.78
• 100m of Cat 5e for 2 runs from C-Block server room to C3-12 - $450
• Smoothwall School Guardian 4 inc 70 concurrent licences
• Labour Cost for Tafe Trojans (Inc GST)
- $2145.00
Total (Inc GST)
We Are The Trojans, You will be Assimilated, Your Biological and Technological
Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
- $2053.70
________
- $5959.48