Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Answer any 25 questions
1. Which is the run level when you login in Linux? Runlevel 3 – full multiuser mode Runlevel 5 – X11
2. When you install a system application where is it most likely to find the configuration files? /etc ; contains system configuration
3. What does the “..” in the directory structure mean in Linux?
4. What do you have to use to feed the output of one command to the input of another in Linux?
Pipes makes the output of the command to become the input for the next command
5. What do you have to use to read from the input and write to standard output in Linux?
Filters read from input and write to standard output
6. In the OSI model , list the end – to – end levels. Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Application Presentation Session Transport Network Datalink Physical
7. How does the TCP/IP stack differ from the OSI model. Applications Transport Internetwork Network Interface and hardware
8. Which is the most commonly used IP addressing mode today? Explain how does it work. IPv4 allows for 32bits to be used in determining the address of a system - 232 =4,294,967,296 addresses, - IP addresses are normally written as a sequence of four decimal numbers separated by periods. This notation is known as Dotted Quad Notation : 192.228.17.62. - The IP address may also be represented in HEX or in binary - Address consists of two portions - Network Address - Host Address - Hosts that share a network number can send local broadcasts to one another and communicate without a router. - Hosts with differing network numbers can communicate only via an IP router/gateway
9. What is a subnet? Subnetting is the process of allocating bits from the host portion as a network portion. A means of extending a larger natural netmask. Provides smaller manageable network chunks. Makes use of using some of the most significant (leftmost) host bits of the IP address as a means of extending the network portion. How many are used depends on the network mask or netmask Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
A subnet mask is a bitmask that encodes the prefix length in a form similar to an IP address - 32 bits, starting with a number of 1 bits equal to the prefix length, ending with 0 bits, and encoded in four-part dotted-decimal format A subnet mask encodes the same information as a prefix length, but predates the advent of CIDR.
10. How does CIDR work? CIDR is a bitwise, prefix-based standard for the interpretation of IP addresses was introduced in 1993 Increased flexibility when dividing ranges of IP addresses into separate networks More efficient use of IPv4 addresses Greater use of hierarchy in address assignments (prefix aggregation), lowering the overhead of the Internet-wide routing Easier routing - blocks of addresses can be grouped together into single routing table entries (CIDR blocks).
An IP address is part of a CIDR block, and is said to match the CIDR prefix if the initial N bits of the address and the CIDR prefix are the same
11. When using Linux, where do you have to look for network configuration files?
/etc/resolv.conf - host name resolver configuration file search name-of-domain.com - Name of your domain or ISP's domain if using their name server nameserver XXX.XXX.XXX.XXX - IP address of primary name server nameserver XXX.XXX.XXX.XXX - IP address of secondary name server /etc/hosts - locally resolve node names to IP addresses 127.0.0.1 your-node-name.your-domain.com localhost.localdomain localhost XXX.XXX.XXX.XXX node-name – enter the full qualified network name first then the alias /etc/nsswitch.conf - System Databases and Name Service Switch configuration file hosts: files dns nisplus nis It tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not found look to your DNS server as defined by /etc/resolv.conf and if not found there look to your NIS server /etc/sysconfig/network Red Hat network configuration file used by the system during the boot process. /etc/sysconfig/network-scripts/ifcfg-eth0 Configuration settings for your first ethernet port (0). Your second port is eth1. /etc/modules.conf Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
alias eth0 eepro100 Modules for other devices on the system will also be listed. This tells the kernel which device driver to use if configured as a loadable module.
12. You have to assign the network address 192.24.4.15 to network interface eth4 on your Linux server and activate it using the command line. Show your input.
ifconfig eth4 192.24.4.15 netmask 255.255.255.0 broadcast 192.24.4.255 ifup eth4
13. Add a route to the network in part 12 when the gateway address is 172.16.0.254. route add -net 172.16.0.0 netmask 255.255.255.0 gw 172.16.0.254 eth0 route add gw 172.16.0.254 dev eth0
14. Explain how to setup DNS in Linux? Most modern Linux distributions default to a "chrooted" installation. This technique runs the Bind name service with a view of the filesystem which changes the definition of the root directory "/" to a directory in which Bind will operate. i.e. /var/named/chroot. The latest Fedora bind updates run the named as user "named" to avoid a lot of earlier hacker exploits. To chroot the process is to create an even more secure environment by limiting the view of the system that the process can access. The process is limited to the chrooted directory assigned Directory: /var/named/chroot Configuration files: /var/named/chroot/etc devices used by bind: /var/named/chroot/dev /dev/null /dev/random /dev/zero Zone files and configuration information: /var/named/chroot/var
15. What are the functions of the following devices in a data center? Switches and routers
Firewalls and IDS
Load Balancers
SSL offloaders and caches Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Data centers are composed of devices that provide the following functions: Ensuring network connectivity, including switches and routers Providing network and server security, including firewalls and Intrusion Detection Systems (IDSs) Enhancing availability and scalability of applications, including load balancers, Secure Sockets Layer (SSL) offloaders and caches
16. Define: High Availability
Scalability
Simplicity
Security
High Availability—Avoiding a single point of failure and achieving fast and predictable convergence times Scalability—Allowing changes and additions without major changes to the infrastructure, easily adding new services, and providing support for hundreds dual- homed servers Simplicity—Providing predictable traffic paths in steady and failover states, with explicitly defined primary and backup traffic paths Security—Prevent flooding, avoid exchanging protocol information with rogue devices, and prevent unauthorized access to network devices
17. Which are the main requirements that determine the data center architecture?
The architecture of Enterprise Data Centers is determined by the business requirements, the application requirements, and the traffic load.
18. Identify the layers of the data center architecture shown in the figure below. Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
The layers of the architecture include: Aggregation Front-end Application Back-end Storage Metro Transport
19. List data center supported services. The Data Center is likely to support a number of services, which are the result of the application environment requirements. These services include: Infrastructure: Layer 2, Layer 3, Intelligent Network Services and Data Center Transport Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Application optimization services: content switching, caching, SSL offloading, And content transformation Storage: consolidation of local disks, Network Attached Storage, Storage Area Networks Security: access control lists, firewalls, and intrusion detection systems Management: Management devices applied to the elements of the architecture
20. List the security services offered in the data center? The security services offered in the data center include: access control lists (ACLs) Firewalls Intrusion detection systems (IDS, Host IDS) Authentication mechanism Authorization mechanism Accounting mechanisms a number of other services that increase security in the data center.
21. What does “best practices” mean? Best Practice is a management idea which asserts that there is a technique, method, process, activity, incentive or reward that is more effective at delivering a particular outcome than any other technique, method, process, etc. The idea is that with proper processes, checks, and testing, a project can be rolled out and completed with fewer problems and unforeseen complications.
22. Compare the two server farms shown in the figures below. Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011 Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
23. What is DMZ? Discus. In computer security terminology, a DMZ is a network area that sits between an organization's internal network and an external network, usually the Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers FTP servers SMTP (e-mail) servers DNS servers.
24. Define PAT Port Address Translation (PAT) is a feature of a network device that translates TCP or UDP communications made between a host and port on an outside network, and a host and port on an inside network. It allows a single IP address to be used for many internal hosts. PAT may allow one public IP address to handle communication for 65536 inside hosts.
25. Define NAT NAT translates IP addresses only. PAT translates ports only, but is always used with NAT - never alone.
26. Which are the drawbacks of NAT? Drawbacks: Hosts behind a NAT-enabled router do not have true end-to-end connectivity and cannot participate in some Internet protocols. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Use of NAT also complicates tunneling protocols such as IPsec because NAT modifies values in the headers which interfere with the integrity checks done by IPsec and other tunneling protocols
27. What is a firewall? A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
28. Classify the firewalls. There are three basic types of firewalls depending on: Whether the communication is being done between a single node and the network, or between two or more networks. Whether the communication is intercepted at the network layer, or at the application layer. Whether the communication state is being tracked at the firewall or not.
With regard to the scope of filtered communications there exist: Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist: Network layer firewalls. An example would be iptables. Application layer firewalls. An example would be TCP Wrappers. Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file
29. What is a proxy server? A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services.
30. List the proxy types. Web proxy Intercepting proxy Open proxy Reverse proxy Split proxy
31. What is an IDS? An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
data driven attacks on applications host based attacks such as privilege escalation, unauthorized logins and access to sensitive files malware (viruses, trojan horses, and worms).
32. Classify the IDS’s. Host based IDS Network based IDS Protocol based IDS Application protocol based IDS Hybrid IDS
Passive IDS Reactive IDS
33. Which are the components of an IDS? An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Solve Problem 5 and select 3 problems from the problems 1 through 4
Problem 1. Given the following network addresses for a computer specify the type of network the computer is connected to and the computer IP address: a. 10000100.10011010.00100000.10010011 = 132.154.32.147 = class B b. 11001001. 10010000.00010110.01111110 = 201.144.22.126 = class C c. 01110110.00100000.00000100.00110010 = 118.32.4.50 = class A d. 11100010. 11000110.10101011.00010010 = 226.198.171.18 = class E e. 10101100.01100101.11100011.10101010 = 172.101.227.170 = class B
Problem 2. Given the address 172.200.54.36, how many bits is the longest CIDR prefix needed such that it matches the address 172.198.32.46
172.200.54.36 = 10101100. 11001000.00110110.00100100 172.198.32.46 = 10101100. 11000110.00100000.00101110
The longest CIDR prefix to match the two addresses is 12.
Problem 3. How many /26 aligned networks can be aggregated together to give a /20 contiguous network. What class is the network obtained in this way?
64/26 aligned networks can be aggregated together to give a /20 contiguous network. It is a class B network.
Problem 4. Given a CIDR /24 what is the corresponding mask? What class network does it correspond to? Answer the same if the CIDR is /14.
For CIDR /24 network the corresponding mask is 11111111.11111111.11111111.00000000 = 255.255.255.0 Class C
For CIDR /14 network the corresponding mask is 11111111. 11111100.00000000.00000000 = 255.252.0.0 Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
Class A
Problem 5. You are a network administrator who has to setup a DNS server using BIND 9 for the domain incs.edu and has the address network 172.10.0.0. The domain server takes the first address in the range and the gateway takes the last address in the range. Presently, the network has only ten computers, not including the server and the gateway. The computer names follow the pattern comp1.incs.edu, comp2.incs.edu, …, comp10.incs.edu. Show how you would setup this DNS. What are the entries in the zone file?
Answer:
File: /etc/named.conf options { version "Bind"; - Don't disclose real version to hackers directory "/var/named"; allow-transfer { XXX.XXX.XXX.XXX; }; - IP address of secondary DNS recursion no; fetch-glue no; - Bind 8 only! Not used by version 9 }; zone "incs.edu"{ type master; file "incs.edu"; notify yes; }; zone "0.0.127.in-addr.arpa"{ type master; file "named.local"; allow-update { none; }; }; Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
File /var/named/chroot/var/named/company.com
$TTL 604800 - Bind 9 (and some of the later versions of Bind 8) requires $TTL statement. Measured in seconds. This value is 7 days. incs.edu. IN SOA server.incs.edu. hostmaster.incs.edu. ( 2000021600 ; serial - Many people use year+month+day+integer as a system. Never greater than 2147483647 for a 32 bit processor. 86400 ; refresh - How often secondary servers (in seconds) should check in for changes in serial number. (86400 sec = 24 hrs) 7200 ; retry - How long secondary server should wait for a retry if contact failed. 1209600 ; expire - Secondary server to purge info after this length of time. 604800 ) ; default_ttl - How long data is held in cache by remote servers. IN A 192.168.1.2 - Note that this is the default IP address of the domain. I put the web server IP address here so that company.com points to the same servers as www.company.com ; ; Name servers for the domain ; IN NS server.incs.edu. ; ; ; Nodes in domain ; server IN A 172.10.0.1 - Optional: For hosting your own primary name server. Note that this is the IP address of server gateway IN A 172.10.0.2 comp1 IN A 172.10.0.3 - Note that this is the IP address of workstation1 comp2 IN A 172.10.0.4 - Note that this is the IP address of workstation2 comp3 IN A 172.10.0.5 - Note that this is the IP address of workstation1 comp4 IN A 172.10.0.6 - Note that this is the IP address of workstation2 comp5 IN A 172.10.0.7 - Note that this is the IP address of workstation1 comp6 IN A 172.10.0.8 - Note that this is the IP address of workstation2 comp7 IN A 172.10.0.9 - Note that this is the IP address of workstation1 comp8 IN A 172.10.0.10 - Note that this is the IP address of workstation2 comp9 IN A 172.10.0.11 - Note that this is the IP address of workstation1 comp10 IN A 172.10.0.12 - Note that this is the IP address of workstation2 Student Name: ______
Student ID #: ______
INCS – 810 Midterm Examination Spring 2011
File /etc/hosts
127.0.0.1 localhost.localdomain localhost 172.10.0.1 server.incs.edu server server 172.10.0.2 gateway.incs.edu gateway 172.10.0.3 comp1.incs.edu comp1 172.10.0.4 comp2.incs.edu comp2 172.10.0.5 comp3.incs.edu comp3 172.10.0.6 comp4.incs.edu comp4 172.10.0.7 comp5.incs.edu comp5 172.10.0.8 comp6.incs.edu comp6 172.10.0.9 comp7.incs.edu comp7 172.10.0.10 comp8.incs.edu comp8 172.10.0.11 comp9.incs.edu comp9 172.10.0.12 comp10.incs.edu comp10
File /etc/resolv.conf search incs.edu nameserver 172.10.0.1