Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.

Slides:

Advertisements

Similar presentations

Customizing Putty to work with Consuls. Step 1Get Putty Go to the website –

Advertisements

PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.

Workshop 5: IPSec Security Ricky Mok 4 Apr Preparation Group yourself into groups of 2 people. – You will take turn to be “client” and “server”.

Software environment Sander Stuijk January 18th, 2006.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

DHP-306AV & DHP-W306AV. Agenda: How to change Encryption on a DHP-306AV How to change the Device Password on a DHP-306AV What will happen if the Device.

1 SEEM3460 Tutorial Access to Unix Workstations in SE.

hotEx RADIUS Manager Installation

1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

EDUROAM Windows. Open Control Panel and go to wireless settings.

Remote access and file transfer Getting files on and off Bio-Linux.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

A crash course in njit’s Afs

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Telnet/SSH: Connecting to Hosts Internet Technology1.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

BIF713 Operating Systems & Project Management Instructor: Murray Saul

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Module 4: Add Client Computers and Devices to the Network.

Pc Naming Configuration 1.WEB REGISTER 2.FIXNAME 3.MCAFEE AGENT SETUP ITC Training: Session 2.

CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

Connecting to USF Network for Web Site SSH Secure Shell is the FTP program you will use to download your http files onto the USF server. To get the SSH.

System Administration and Basic Functionality Version 4.0 – September 2007 Q-Advisor Quick Start.

 For Oracle Based Products  Windows XP Professional-SP3 / Window7-SP1 (32 Bit)  Min. Dual Processor or above  RAM 2GB or above  Internet explorer.

Larry Clark My webpage:

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

CSCI-A110 Lab Welcome!. Overview: a busy 1 st day Welcome – Introduction Purpose of the lab Course Structure/Grading Online Course Material (Oncourse)

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

Downloading and Installing Autodesk Revit 2016

CPSC 233 Run graphical Java programs remotely on Mac and Windows.

© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.

CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.

HotEx Radius Manager Installation. hotEx RADIUS Manager Network Diagram.

Integrating and Troubleshooting Citrix Access Gateway.

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.

Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.

Linux Services Configuration

How to use WS_FTP A Step by Step Guide to File Transfer.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Part A. Remote Viewing IP Surveillance Camera Application Guide.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.

Windows Vista Configuration MCTS : Advanced Networking.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.

Setting up a remote office connection September 2011 Nick Maxwell.

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (

WHAT ARE THE STEPS TO CONNECT MY HP DESKJET 3520 TO WI-FI?

Holland Computing Center STAT802 Create and access Anvil Windows 10 SAS instance 01/23/2017.

FTP - File Transfer Protocol

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

HOW TO SETUP DLINK ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.

Dynamic DNS support for EGI Federated cloud

Telnet/SSH Connecting to Hosts Internet Technology.

PuTTY Download Putty from:

CGS 3175: Internet Applications Fall 2009

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile

Overview Course Architecture Diagram Introducing Your “ccTLD” How to Connect to Your Network Practice Exercises 2

Course Architecture This architecture was designed to give each group of students a sample “registry” to secure, operate, and defend Each group of two students will be assigned one registry network. Each group will have a separate registry consisting of a Cisco Router, Name Server, and Network Operations Center server at a minimum Other servers and routers exist on the network to simulate an “Internet connected” registry and support course delivery All student “servers” are virtualized! 3

Course Architecture Connectivity – Each “ccTLD” is separated from the network by a gateway router – which is under YOUR control – Each “ccTLD” connects to the same “ISP” router which provides live Internet access (except during attack scenarios) and inter-connectivity – The ISP router also connects the instructor management servers and attack boxes – The Core Router provides Internet access and connects you to the ISP and your “ccTLD” 4

Course Architecture DNS Architecture – A “Root” name server is setup on which provides delegations to the ccTLD networks and to regular TLDs when connected live. – A “ISP” name server provides recursive services for _everyone_ on the network – Each “ccTLD” has an authoritative name server for their own networks (e.g..TLD1) 5 Root (.).MGMT.TLD1.TLD2….TLD8

Course Architecture Core Services – Course Support Server: – NTP:

Course Architecture 7

8 YOU ARE HERE!

Course Architecture 9 A “ccTLD” Network

Course Architecture 10 The Core Router

Course Architecture 11 The “ISP” Router

Course Architecture 12 The Management Network

Course Architecture 13 Your Laptop Internet Access

Course Architecture 14 ccTLD Internet Connectivity

Course Architecture 15 Backchannel Connection to ccTLD ISP Router

Course Architecture 16 “External Monitoring”

Course Architecture 17 “Attack” Path

Course Architecture 18 Here’s YOUR ccTLD Network

Introducing Your “ccTLD” 19 A “Cheat Sheet” is Available on the Wiki Recursive NameServer

Introducing Your “ccTLD” 20 A “Cheat Sheet” is Available on the Wiki Root NameServer

Introducing Your “ccTLD” 21 A “Cheat Sheet” is Available on the Wiki ISP Router

Introducing Your “ccTLD” 22 A “Cheat Sheet” is Available on the Wiki Your Router

Introducing Your “ccTLD” 23 A “Cheat Sheet” is Available on the Wiki Your Auth NameServer

Introducing Your “ccTLD” 24 A “Cheat Sheet” is Available on the Wiki Your NOC

Introducing Your “ccTLD” 25 A “Cheat Sheet” is Available on the Wiki Your “Office” Workstation

Connecting to Your “ccTLD” 26 This is Great But, How Do I Use It?!

Connecting to Your “ccTLD” A Word on Programs – SSH (Secure Shell) is the primary connection protocol used in this network. You must provide a username AND a identity key to login – You can use any ssh client you are familiar with, but we have Putty available for Windows users – To view web pages on your network (e.g. network monitoring from your NOC), use any browser you are comfortable with – To view GUI programs on your network (e.g. wireshark, a packet capture program), you must redirect X11 output via a SSH connection On Windows, this requires a X11 server; we suggest Xming On Linux, its easy, use the –X option with ssh Download links for Putty, XMing, and identity keys are available on the wiki… 27

Connecting to Your “ccTLD” Connecting to Your Router – SSH as ‘tldadmin’ user to X.1 – Password: tldadmin! – Enable Password: tldadmin! Example: ssh 28 Remember - A “Cheat Sheet” is Available on the Wiki X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your Router with Putty – IP Address: – Click “Open” 29 X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your Router with Putty – You will be doing this a lot! – Save connection information as a Session! – IP Address: – Session Name: TLD-Router – Click “Save” 30 X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your Nameserver – SSH as ‘tldadmin’, with tldadmin identity key to X.10 – Password: tldadmin! Example: ssh –i tldadmin 31 Remember - A “Cheat Sheet” is Available on the Wiki X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – IP Address: X.10 – Enter “TLD-NS1” in Saved Sessions Box 32 X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – Click Connection -> SSH -> Auth – Identity File: Path to tldadmin.ppk 33

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – Click Connection -> SSH -> X11 – Check “Enable X11 Forwarding” – Put Your Laptop IP Address Here e.g

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – Click Connection -> Data – Enter ‘tldadmin’ for Auto-login username 35

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – Click Session – Click “Save” 36

Connecting to Your “ccTLD” Connecting to Your Nameserver with Putty – Double Click the Session Name to Connect! 37

Connecting to Your “ccTLD” Connecting to Your NOC – SSH as ‘tldadmin’, with tldadmin identity key to X.30 – Password: tldadmin! Example: ssh –i tldadmin 38 Remember - A “Cheat Sheet” is Available on the Wiki X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – IP Address: X.30 – Enter “TLD-NOC” in Saved Sessions Box 39 X – your group number, 1-8

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – Click Connection -> SSH -> Auth – Identity File: Path to tldadmin.ppk 40

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – Click Connection -> SSH -> X11 – Check “Enable X11 Forwarding” – Put Your Laptop IP Address Here e.g

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – Click Connection -> Data – Enter ‘tldadmin’ for Auto-login username 42

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – Click Session – Click “Save” 43

Connecting to Your “ccTLD” Connecting to Your NOC with Putty – Double Click the Session Name to Connect! 44

Your “ccTLD” Cheat Sheet View Your Copy on the Course Wiki Usernames, Passwords, Keys, IPS, and sample command line instructions included 45

Your “ccTLD” Configuration Your Router Has Very Minor Security Precautions, No ACLs, and only allows SSH Your NOC is a base installation of Ubuntu 8.10 Desktop with OpenSSH server – We’ll be adding to this as we move through the course Your NS is a base installation of Ubuntu 8.10 Server with OpenSSH and BIND – We may make BIND configuration changes as we go 46

Ground Rules Please respect other student’s registries – while you have the power to do so, do not change them! Please respect the underlying servers running VMWare! Please don’t make any configuration changes except those presented in class – they may break attack scenarios! Please respect the course management servers, wiki and attack boxes – they are there to assist in course delivery! Do not conduct cyber attacks on others students or the instructors! 47

Practice Exercises View Exercises on Wiki 1.Login to your Nameserver by SSH 2.Login to your NOC by SSH 3.Run wireshark on your NOC with X11 Forwarding ** Be sure to save your SSH profiles to make connections easier – you’ll be doing a lot of this! 48 EX: Intro to Course Architecture

QUESTIONS ON YOUR “CCTLD”? 49 ?