(PODS, SECURITY and SERVICES)

1. Team leads, please email instructors and TAs the exact list of personnnel responsible for each activity in this homework. These team mebers will be responsible for the work and demo of the results. Bullets that need to be demoed are marked as such.

   Dalat Did This, DONE

2. ( 10 points (demo)) Set-up firewall on and NAT on your gateway machine and have it certified! Use ipchains or iptables to do that.

   Set up NAT service on your gateway machine to serve your 10.Z.x.y network. NAT services will run as 152.1.xxx.yyy where xxx is your subnet, and yyy is one more than your switch (e.g., 131 for 130 switch). There is a bunch of PC software for that, you can use that. DO NOT PUT A LINUX BOX OUT THERE UNLESS IT IS SAFE (for that you need an ok from Dr. Vouk). Prepare to demo for grade.

   ONLY that machine sees the outside world directly (and only after the machine's security has been certified). If your gateway machine is not certified, continue using the DHCP asigned 10.x address on the gateway.

   The IP address you will be using after certification (gateway only) will be 152.zzz.xxx.yyy where zzz is 1 on main campus and 14 in V2, xxx is your subnet (158 on main campus, 16 in V2) and yyy is one more than your lower switch host number (e.g., 132 for 131 switch group). If you are not sure what your switch group is, please ask.

   Gateway must be Linux (again, use Ipchains or Iptables for firewalling and NAT-ing). You cannot use a gateway "facing real world" unless it is approved to be secure (by Dr. Vouk or by a certified by certified security team personnel). See class notes and web for information on how to do that. IT IS A MAJOR OFFENCE TO PUT AN UNSECURED BOX (either PC or Linux) DIRECTLY ONTO THE CAMPUS NETWORK. Hence, until you receive an explicit permission from Dr. Vouk (in writing), you must stay behind the lab firewall.

   Make sure that the machine has ip forwarding turned on and it routes for your 10.Z.x.y subnet. All your other machines are on private subnet 10.Z.x.y where Z is your team number, while x and y are your choice.

   If you are behind the lab firewall, you will not be able to reach to the world from your "inner" stations unless your gateway is running NAT and you may have other problems if you do not set up your "inner" DNS server properly (read on). p> Test your firewall by self mapping (see next section) and prepare to demo for grade.

   This was accomplished through two scripts that we created and placed in the /usr/bin directory on the gateway. These scripts are run from /etc/rc.d/init.d/iptables {start, stop, restart}.

   Chris Did This, DONE

3. ( 5 points) Submit (as part of this homework) a white paper (2 pages) on the security of your team workspace (workstations, lab, especially linux boxes). Describe how you plan to make your set-up secure from intrusions (e.g., scan protection, firewall, "green wire" manouver - if you do not know what it means please ask -, coordination with your local Security Team to certify your stations, etc.). Some useful links are in the News.

   Security White Paper for Team3

   Chris Did This, DONE

4. ( 2 points (demo)) You will make sure that your PCs are running latest NCSU verson of Norton Anti-Virus software. You will set-up your sweep schedule for at least once a week.

   NAV will scan our PC every Sunday at 12:00am

   Tyler Did This, DONE

5. ( 2 points) You will inspect your server on monet, and the monet class server http logs for http-port scans and report in the homework on that. We are looking for intrusion info. Explain your findings (illustrate, and of course read-up in it if you have not done so already).

   No port scans were found in the recent history of the access log. 99% of action was the GET command from users outside of campus logged under teamx.

   Tyler Did This, DONE

6. ( 1 points) You will inspect the monet syslog (at /NET/syslog) for intrusion patterns, especially for probes that may concern your team. You will report on on your findings (both general attack finding and team-specific attacks, if any).

   No attacks were found, however there were attempts to enter team3 space by IP addresses not belonging to our group.

   Tyler Did This, DONE

7. ( 1 points (demo)) You will find on the web, and install on your GATEWAY a port scan alert software (such as portsentry). You will test it out and show us that it works.

   To test portsentry you can just run nmap on that computer, and you will see it light up like a Christmas Tree. Portsentry will log the attempts, showing that it works.

   Fritz Did This, DONE

8. ( 1 points (demo)) You will (with the help of your system group) activate syslogd daemon on your GATEWAY boxes and monitor those logs for intrusions and other possible security violations.

   The following process is running on the gateway:

   gateway% ps -x | grep syslogd| grep -v grep

   2744 ? S 0:00 syslogd

   Shadi Did This, DONE

9. ( 3 points) You will install ssh2 on your machines (if it is not there yet, you need to run both the ssh daemon, and have the ability ssh out). There should be NO services listening on any port on your machine that are not absolutely necessary - each one has to be justified in writing - part of this homework is a self-scan of your gateway with an explanation of open ports - scan with portsentrly OFF or you will get false readings, don't forget to turn portsentry on after that. Also, required services (e.g., portsentry and ssh) must re-start automatically on reboot of your gateway - test for that.

   The ports that are found when doing an nmap on ourselves from ourself are 22 (ssh), 111 (sunrpc), 1024 (kdm). To start portsentry up we have added it to our /etc/rc.local file. ssh2 was installed during the RedHat 8.0 install and automatically comes up.

   Dalat Did This, DONE

10. You will regularly audit your own security status! Please remember that this is an necessary component of your weekly HB. SEUCURITY TEAM will do that as well (on their own) as a cross check for all in the class.

    We Will Take Turns Doing This, DONE

11. ( 5 points (demo)) Download and install both nmap and NetSaint. Learn how to use them. WHILE YOU ARE LEARNING or experimenting with them, YOUR STATION MUST BE DISCONNECTED FROM THE NETWORK. YOU ARE IN THE LEARNING MODE UNTIL Dr. Vouk says otherwise. YOU ARE NOT ALLOWED TO SCAN ANYTHING IN THE LAB OR OUTSIDE THE LAB WITHOUT EXPLICIT WRITTEN APPROVAL of Dr. Vouk. YOU ARE ONLY ALLOWED TO SCAN YOUR OWN MACHINES. FAILURE TO COMPLY WITH THIS PROCEDURE WILL BE CONSIDERED A MAJOR BREACH OF LAB and UNIVERSITY SECURITY.

    Dalat Did This, DONE

12. ( 5 points) Learn how to use snmp, set-up an initial snmp information retrieval system/script (to display results on the web) for your lab switches and monet. Community names for switches are (DAN360, WI200, DAN359), and for access to monet it is 402470. Make sure you can interpret the output. You can use the snmpinfo command on monet. Man pages are on the web (IBM man pages) and snmp related commands on Linux. You will demo for grade

    SNMP output for monet and our switch 152.1.158.171

    Using snmpwalk we were able to successfully talk to the switch and monet, getting all of the variables one could ever ask for. We did originally have an issue with a request timeout until we realized that our iptables was not allowing the snmp back through. On monet, however it is a different story. We kept getting a request time out. This made us thing that this might be the problem on monet.

    After talking to other groups, we found out that this is only the case with certain variables. After narrowing it down, we have created a script that runs every hour on monet to update and copy snmp.html over to our www space.

    Shadi Did This, DONE

13. ( 5 points) Set up DNS (for your 10.Z.x.y network) on a NON-gateway machine on your Pod. Give your private network names, test it out. It might be easier if you used a Linux box for that. Prepare to demo for grade

    DNS is setup on Baker.

    Fritz Did This, DONE