Assignment Help - homework help

Csc3412 - what is port knocking and what are the inherent


Instructions

This assignment consists of three questions each of equal value. They con¬sist of common tasks required of a system administrator-tasks I have had to do at some time in the past.

Clear Layout

It is vitally important that your assignment is clearly laid out with ques-tions and parts of questions clearly defined. It must be a straight for¬ward matter for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly or¬ganised submissions will be rejected or receive a poor mark.

A text file or PDF/A document typeset using vanilla DTEX are preferred over a document produced by a word-processor. If you must use Microsoft Word please export your document as PDF/Al not PDF.

Command Output
When answering these questions you will have to run commands under Linux-whenever a command is run you will need to:

a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the "Description" section from the man page!) Also, you need to ex-plain in your own words all terminology used-as if you were ex¬plaining to an average user! (Please show you understand what you are doing!)

b. show that the command worked-either from its output or the output from another command.

c. To capture text output from programs you will have to redirect the output to a file or use the command script. If you are us-ing the command script turn off the tty escape sequences that change the colour of console text-the escape sequences will ap¬pear in output file and make it impossible to read.

Question 1
A "gateway" machine has been setup for a small business. The following "firewall" script is run on the "gateway" machine before the gateway's interfaces are brought up-

#!/bin/bash

iptables -F iptables -t nat -F

iptables -X iptables -t nat -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -s 192.168.67.0/24 --dport 22 \

-m state --state NEW -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 163.72.140.107 --dport 25 \

-  j DNAT --to-destination 192.168.67.23:25 iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.67.0/24 \

-  j SNAT --to-source 163.72.140.107

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables - A FORWARD - i ethl -p tcp -s 192.168.67.0/24 --dport 80 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth1 -p tcp -s 192.168.67.0/24 --dport 443 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth0 -p tcp -d 192.168.67.23 --dport 25 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

Using the script above answer the following questions:

a. Explain, in your own words what a "gateway" machine is and what it is used for.

b. Explain the general purpose of the firewall above. Your explanation should include a description of the networks the gate¬way machine is connected to, how it is connected, and what pack¬ets are being allowed into and out of the gateway machine.

Note: this is a "general description" do not make any explicit reference to the commands above.

c. Explain in detail the reason for including lines 12 and 18.

d. Explain in detail the reason for including lines 13 and 19.

e. Explain in detail the reason for including lines 21, 32 and 34.

f. Explain in detail the reason for including lines 23, 28, 30 and 34.

Question 2

As the system administrator you would like to SSH to a gateway machine (see Exercise 1) from off-site. Unfortunately that would mean opening the SSH port to the world-and currently that is against your organisations security policy.

A friend tells you of the concepts of "port knocking" and "single packet authorization" (SPA) - a way of temporarily opening a hole in a firewall to let an authorised connection through. This sounds exactly what you need so you study up on "port knocking" and "single packet authoriza¬tion" and experiment with the software "fwknop".

To convince your supervisor that the software "fwknop" should be in-stalled to allow access to the gateway machine from the Internet you write a report on "port knocking" and SPA with examples of securely configuring and using "fwknop".

Your report will need to include the following:

a. What is "port knocking" and what are the inherent flaws in using multiple packets?

b. What is "single packet authorization" and how this addresses the flaws of multi-packet "port knocking".

c. What is the data encapsulated in an SPA packet and fwknop in particular and how is it protected?

d. The steps taken and the configuration file or files you needed to modify to open a secure temporary hole in a firewall using fwknop. Include an explanation in your own words of the purpose of every command used and every line in the configura¬tion file or files.

e. The firewall on the virtual machine. Use the output from the command ipt ables -L -v to show that the machine has been firewalled.

f. Output showing that fwknop worked. A successful SSH session and the output from the command iptables -L -v to show the hole that fwknop has created in the firewall.

Question 3

The Australian Government's "Data Retention" legislation requires ISPs to retain, for two years, the IPs of all remote systems accessed by their users. The legislation created a lot of interest in VPNs as a way to ensure Internet privacy. Most people have become aware of VPNs but have very little knowledge of the technical aspects of VPNs.

In about a page, explain in your own words what a VPN is, what it is used for and how it works. As there are a number of VPN technologies, use the popular technology OpenVPN as the basis of your explanation.

Your explanation should include:
- In general terms what a VPN is,
- examples of where a VPN may be useful explicitly ex-plaining the problem they overcome and how they overcome it (e.g. Using a VPN to access Netflix USA: what is the problem and how is it overcome using a VPN?),
- the technologies used in SSL/TLS VPNs such as Open-VPN, and
- how the technologies are used to ensure a secure Inter¬net connection between two networks or a remote machine and a network over the public insecure Internet
Hint: One way to answer this question is to describe the steps the software goes through to establish and maintain a connection.

a. We are not discussing here web browser SSL connections (though the technology is the same) this is a discussion of a VPN with all that implies.

b. This is an extremely technical topic and I do not expect you to cover all aspects of it. But you should explain all terms used in your answer (not covered in the study book), for example, VPN, SSL/TLS, certificates, HMAC, key authentication, session keys, ...

c. You do not have to implement an OpenVPN connection - though it may be helpful in understanding the underlying technologies.

d. List all resources used in answering the question.

Solution Preview :

Prepared by a verified Expert
Software Engineering: Csc3412 - what is port knocking and what are the inherent
Reference No:- TGS02793539

Now Priced at $60 (50% Discount)

Recommended (97%)

Rated (4.9/5)