Competitor fills in. Expert fills in. Time: 6.75h 39 - IT Network Systems Administration Danny Meier, Florian Meier, Tobias Meier

Similar documents
Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

Packet Tracer - Skills Integration Challenge Topology

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

ABELDent Platform Setup Conventions

PL-2302 Mac OS Driver MAC/PC and PC/MAC Communication Software

CCNA Security v2.0 Chapter 2 Exam Answers

App Orchestration 2.6

Telkom VPN-Lite router setup User Manual Billion 800VGT

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

BMC Remedyforce Integration with Remote Support

Launching Xacta 360 Marketplace AMI Guide June 2017

CCNA 1 Chapter v5.1 Answers 100%

Telkom VPN-Lite router setup User Manual Billion 810VGTX

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

I. Introduction: About Firmware Files, Naming, Versions, and Formats

Service Level Agreement

CCNA Security v2.0 Chapter 9 Exam Answers

CCNA 1 Chapter v5.1 Answers 100%

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

ABELMed Platform Setup Conventions

These tasks can now be performed by a special program called FTP clients.

BMC Remedyforce Integration with Bomgar Remote Support

Repstor custodian. On Premise Pre-Requisites. Document Version 1.1 January 2017

Enterprise Installation

CCNA Security v2.0 Chapter 3 Exam Answers

Service Level Agreement

DIVAR IP 3000 Field Installation Guide

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

ADSS Server Evaluation Quick Guide

Exercise 1: Deploying Windows Server 2012

Max 8/16 and T1/E1 Gateway, Version FAQs

File Share Navigator Online

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

CaseWare Working Papers. Data Store user guide

Aras Innovator 8.1 Document #: Last Modified: 4/4/2007. Copyright 2007 Aras Corporation All Rights Reserved.

Please contact technical support if you have questions about the directory that your organization uses for user management.

Knowledge Exchange (KE) System Cyber Security Plan

Questions and Answers

OpenScape Business V2

1 Getting and Extracting the Upgrader

Admin Report Kit for Exchange Server

Virtual Office

Tips For Customising Configuration Wizards

CCNA Security v2.0 Chapter 10 Exam Answers

CCNA course contents:

Quick Installation Guide

INSTALLING CCRQINVOICE

BlackBerry Server Installation and Upgrade Service

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

Integrating QuickBooks with TimePro

Installing AX Server with PostgreSQL

Release Notes System Software

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

Upgrading Kaltura MediaSpace TM Enterprise 1.0 to Kaltura MediaSpace TM Enterprise 2.0

IT Essentials (ITE v6.0) Chapter 8 Exam Answers 100% 2016

econtrol 3.5 for Active Directory & Exchange Installation & Update Guide

2. What is the most cost-effective method of solving interface congestion that is caused by a high level of traffic between two switches?

TRAUMACAD 2.5 PREREQUISITES

I. Introduction: About Firmware Files, Naming, Versions, and Formats

Exosoft Backup Manager

Using Virtek CommBox over FleetBroadband

DataCore Deployment Wizard For vsphere User Guide. July 31, 2017

SafeDispatch SDR Gateway for MOTOROLA TETRA

UPGRADING TO DISCOVERY 2005

KNX integration for Project Designer

Dynamic Storage (ECS)

Establishing two-factor authentication with FortiGate and HOTPin authentication server from Celestix Networks

Dolby Conference Phone Support Frequently Asked Questions

Internet Explorer Configuration Reference

Interoperability between ProCurve WESM zl and HP ipaq Voice Messenger smartphone

FollowMe. FollowMe. Q-Server Quick Integration Guide. Revision: 5.4 Date: 11 th June Page 1 of 26

2. When logging is used, which severity level indicates that a device is unusable?

Getting Started with the SDAccel Environment on Nimbix Cloud

Managing Your Access To The Open Banking Directory How To Guide

Stoneware Inc. Citrix NFuse Configuration. Stoneware, Inc. Configuration Sheet Date: January 2005

Felix Rohrer. Lab 5.5.3: Troubleshooting Access Control Lists. Topology Diagram

Proficy* System Requirements

Cloud Storage Migration Suite 1.1.0

RISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)

CXD Citrix XenDesktop 5 Administration

Getting started. Roles of the Wireless Palette and the Access Point Setup Utilities

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

Manual for installation and usage of the module Secure-Connect

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

VMware EVO:RAIL Customer Release Notes

HW4 Software Version 3.4.1

Frequently Asked Questions

The VMs in the CIS VLab (Virtual Lab) We will be using a number of different Virtual Machines (VMs) in VLab for this course.

SANsymphony Installation and Getting Started Guide. November 7, 2016

IDEAL ADMINISTRATION 2018

Bitnami LAMP for Huawei Enterprise Cloud

Release Notes. Dell SonicWALL Security BETA

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

Wave IP 4.5. CRMLink Desktop User Guide

1 Getting and Extracting the Upgrader

Re-Flashing Your CDM-760 Advanced High-Speed Trunking Modem

Gemini Intercom Quick Start Guide

Transcription:

1/12 Time: 6.75h Trade: 39 - IT Netwrk Systems Administratin Experts: Danny Meier, Flrian Meier, Tbias Meier Cmpetitr fills in Name Date Signature Expert fills in Pints

2/12 Overview 1 EXAM... 3 1.1 CONTENTS... 3 1.2 INTRODUCTION... 3 1.3 DESCRIPTION OF PROJECT AND TASKS... 3 1.3.1 Client... 3 1.3.2 Server... 3 1.3.3 Netwrk... 3 1.3.4 Dcumentatin... 3 1.4 PART 1... 4 1.4.1 Windws 7 virtual machine... 4 1.5 PART 2... 5 1.5.1 Windws Server 2008 R2... 5 1.5.2 Debian Linux... 8 1.6 PART 3... 9 1.6.1 Ruter... 9 1.6.2 Switch... 9 1.6.3 Iptables Firewall... 10 2 APPENDIX... 11 2.1.1 NETWORK DIAGRAM... 12 2.2 INSTRUCTIONS... 12 2.2.1 INSTRUCTIONS TO THE COMPENTITOR... 12 2.2.2 EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED... 12

3/12 1 EXAM 1.1 CONTENTS This Exam Prject prpsal cnsists f the fllwing dcument/file: 1. SwissSkills_2014_Trade39_Exam.pdf 1.2 INTRODUCTION The cmpetitin has a fixed start and finish time. Yu must decide hw t best divide yur time. Nte: If the administratr r rt passwrd is set wrng n the devices and the right ne is nt dcumented smewhere, the judges will nt be able t mark yur wrk and yu will lse pints. Yu have t cnfirm each task f yur dings n the crrespnding cnfirmatin blck. This means if yu have prcessed the task check the apprpriate checkbx. Otherwise this task will nt be crrected and yu wn t get pints. If yu mark any task as dne but yu haven t dne anything yu get penalised! READ THROUGH THE ENTIRE SCRIPT BEFORE STARTING. AFTERWARDS YOU MAY WORK IN ANY ORDER. PLAN CAREFULLY! 1.3 DESCRIPTION OF PROJECT AND TASKS Yu will wrk fr the IT Department within a small technlgy cmpany which is called Black Mesa Inc.. Yur cmpany seat is cnnected thrugh a Private Line t the data centre which hsts all the necessary public services fr the cmpany. 1.3.1 Client The client is preinstalled with the cmpany default cnfiguratin. 1.3.2 Server The cmpany has ne Windws Server 2008 R2 in- huse which is respnsible fr data sharing, hsting the intranet web applicatin and ffers terminal services. The server acts als as infrastructure server based n an active directry service. On this server the cmpany needs additinal a research test VM. The utsurced Linux server is respnsible fr hsting the internet page, the address assignment and webcaching. This Server is cnnected thrugh a Private Line t the netwrk f Black Mesa. The internet page has t be published by the Linux firewall t the internet. 1.3.3 Netwrk Build the netwrk which is shwn in the Part 3. Use the same address and cnfiguratin infrmatin. 1.3.4 Dcumentatin All wrking steps must be dcumented n a sheet f paper. Chse the level f detail by yurself. Infrmatin such as usernames, passwrds, hstnames and IP addresses must be dcumented in all cases in a readable and structured way.

4/12 1.4 PART 1 Wrk Task Client Nte: Please use the default cnfiguratin if yu are nt given the details. 1.4.1 Windws 7 virtual machine Cnfigure the fllwing settings n the preinstalled Windws 7 virtual machine. Smething went wrng during the installatin prcess. N user is available fr lgn. Recver the user accunt. If yu can t recver the accunt ask the experts fr further instructins but yu will be penalised. D nt reinstall the system! Hstname is bm- vm Lcal Administratr passwrd is!blackmesa! Must be a dmain- member f the dmain int.blackmesa.rg Create a link t terminal server fr all users All dmain- users must be lcal administratr Enable remte desktp n perating system and allw all dmain users t cnnect ver netwrk level authenticatin remte desktp Cnfirmatin f tasks Have yu prcessed the fllwing tasks: 1.4.1 Yes N

5/12 1.5 PART 2 Wrk Task Server Nte: Please use the default cnfiguratin if yu are nt given the details. Install and cnfigure the servers related t the fllwing cncept. In case f undefined subtasks make a reasnable assumptin. 1.5.1 Windws Server 2008 R2 Use PC1 as the Windws Server 2008 R2. Set- up the Windws Server 2008 r2 Hstname: bm- 2k8r2 Administratr passwrd:!blackmesa! Cnfigure netwrk with BACS (n tls cd) fr vlaning Deactivate IE- ESC fr Users and Admins (Internet Explrer Enhanced Security) Remember: After changes in BACS (vlaning) windws needs a rebt. 1.5.1.1 Install the fllwing services 1.5.1.1.1 Active Directry Services Dmain name (AD): int.blackmesa.rg Netbis: blackmesa Use fr active directry recvery passwrd:!blackmesa! Save Active Directry unattended installatin script under C:\ad- install.ini Create security grup CEO and assign users frm OU CEO 1.5.1.1.2 Terminalservices Cnfigure terminal server access via prt 3389 (RDP) Make sure that nly users frm grup CEO can use the terminal server 1.5.1.1.3 IIS Install the given ASP.NET (.NET Framewrk 4.0) web applicatin https://intranet.blackmesa.rg 1.5.1.1.4 DNS Server Cnfigure it t wrk with the DHCP service fr dynamic updates Cnfigure reverse lkup znes fr all netwrks except the VLAN400 Internet Cnfigure a A Recrd/PTRs fr the Linux(blackmesa.rg) and Windws Server(int.blackmesa.rg) Cnfigure fllwing CNAMEs www.blackmesa.rg à Linux Server extranet.blackmesa.rg à Linux Server intranet.blackmesa.rg à Windws Server ftp.blackmesa.rg à Windws Server *.blackmesa.rg à Linux Server

6/12 1.5.1.1.5 FTP Publish a public directry under ftp.blackmesa.rg Allw read/write access fr everyne t the public directry Publish a restricted directry under intranet.blackmesa.rg Rt directry shuld be same as fr the webservices (intranet.blackmesa.rg) Make sure that nly ftpaccess user has access(rw) t the directry 1.5.1.1.6 Hypervisr Install the hypervisr sftware (VMware Wrkstatin) Activate Intel- VT in Bis Imprt the Windws 7 test machine Cnfigure the memry usage t 512 MB Ram The virtual machine shuld autmatically run after server rebt 1.5.1.2 Other tasks: Disable the C$ share Rename the Administratr t Admin 1.5.1.3 Dmain User Create the fllwing users in the active directry. (Hint: use a scripting language) Name Username Passwrd Organisatin Unit Directr1... Directr10 directr{1..10}!blackmesa! CEO Develper1... Develper15 develper{1..15}!blackmesa! DEV Salesman1... Salesman100 salesman{1..100}!blackmesa! SALE ftpaccess ftpaccess!swiss2011! nne 1.5.1.4 Organisatin Unit Create fllwing rganisatin units: CEO DEV SALE 1.5.1.5 Grup Plicies Fr all users: Cnfigure Internet Explrer t use Linux http and https prxy fr all addresses Users f the rganisatin unit CEO have the fllwing restrictins: N access t the registry Can t use the cmmand prmpt Set the default hmepage (Internet Explrer) t intranet.blackmesa.rg The default hmepage setting shuld nt be changeable Users f the rganisatin unit SALE have the fllwing restrictins: Cannt mdify the taskbar Cannt access t cntrl panel Set the default hmepage (Internet Explrer) t www.blackmesa.rg

7/12 Can start the Internet Explrer and Ntepad nly. N ther applicatins. Users f the rganisatin unit DEV have n special restrictins. Users f every rganisatin unit: Lg all lgin and lgut activities int the file C:\lgs\lgin_lgut.lg Make sure that ther clients can t verwrite parts f the existing lg file Hstname, date/time and the actual user is a part f each lg entry Cnfirmatin f tasks Have yu prcessed the fllwing tasks: 1.5.1.1 1.5.1.1.1 Yes N 1.5.1.1.2 Yes N 1.5.1.1.3 Yes N 1.5.1.1.4 Yes N 1.5.1.1.5 Yes N 1.5.1.1.6 Yes N 1.5.1.2 Yes N 1.5.1.3 Yes N 1.5.1.4 Yes N 1.5.1.5 Yes N

8/12 1.5.2 Debian Linux Use PC2 as the Linux server. Nte: Dn t use any graphical user interfaces! Otherwise yu will be penalised! Set- up the Debian Server Hstname: bm- lnx Rt passwrd:!blackmesa! Dmainname: extranet.blackmesa.rg 1.5.2.1 Install fllw services 1.5.2.1.1 Web server http://www.blackmesa.rg Shws yur name fllwed by the current timestamp n the start site http://extranet.blackmesa.rg Enable basic authenticatin. User: blackmesa Pass:!blackmesa! http://*.blackmesa.rg Redirects t http://www.blackmesa.rg/welcme Shws a message banner such as: Welcme t Black Mesa Inc. 1.5.2.1.2 DHCP Server Create scpe fr VLAN Client Use Range: 192.168.10.100-192.168.10.254 Gateway: 192.168.10.1 DNS 192.168.20.33 1.5.2.1.3 TFTP Server Install TFTP Server Use directry /srv/tftp 1.5.2.1.4 Prxy Hsts f the client VLAN get direct access t every website withut restrictins Hsts f the server VLAN need basic authenticatin. User: webaccess Pass:!swiss2011! Access t http://intranet.blackmesa.rg is prhibited fr the hsts f the server VLAN 1.5.2.1.5 DNS server Install DNS server and use the Windws Server 2008 R2 DNS server as master. Backup fllw znes: blackmesa.rg (Dn t backup int.blackmesa.rg!) Cnfirmatin f tasks Have yu prcessed the fllwing tasks: 1.5.2.1 1.5.2.1.1 Yes N 1.5.2.1.2 Yes N 1.5.2.1.3 Yes N 1.5.2.1.4 Yes N 1.5.2.1.5 Yes N

9/12 1.6 PART 3 Wrk Task Netwrk Nte: Please use the default cnfiguratin if yu are nt given the details. Attentin: Fr all Cisc devices use!blackmesa! as enable passwrd Please use the first usable IP address f netwrk segments fr the Iptables firewall and the secnd usable IP address fr the ruter if nt given! 1.6.1 Ruter Cnfigure the ruter t fit these requirements: Fa0/1 is used fr the private line, Fa0/0 is used fr the inside netwrk Dn t enable Telnet Enable SSH remte management services Create cisc with passwrd cisc fr ssh lgin Cnfigure RIP between the tw Cisc ruters On Ruter1 cnfigure a trunk with nly the Server, Management and Client VLAN Inter VLAN cmmunicatin must be dne by the firewall, s make sure that the ruter des nt rute the traffic between Server and Client VLAN! Enable DHCP Relay fr Client VLAN Save the startup- cnfiguratin frm Ruter1 t the tftp server 1.6.2 Switch Cnnect and cnfigure the fllwing prts: Prt Number VLAN Descriptin 1 Trunk- Prt Ruter 2 Trunk- Prt Iptables Firewall (Linux) 3 100 Client side 4 Trunk- Prt PC1 5 300 (Default) Management 6 - Shutdwn 7-8 400 Internet All ther prts - Shutdwn The passwrd was ging lst. D a passwrd recvery and write the current passwrd n a sheet f paper. If yu are nt able t recver the passwrd ask ne f the judges. But in this case yu will be penalised.

10/12 1.6.3 Iptables Firewall Cnfigure the Iptables Firewall t fit these requirements: Set- up the Debian Firewall Hstname: Firewall1 Rt passwrd:!blackmesa! Use eth0 as trunk t the switch Use 128.0.0.1 fr Internet IP Address (VLAN400) NAT ACLs Enable dynamic NAT (Masquerading) fr all VLANs use external IP address Create NAT fr accessing terminal services n the windws hst use IP address f the external interface (als create apprpriate ACLs) Create NAT fr access t the Linux webservices, use IP address: 128.0.0.20 (als create apprpriate ACLs) Enable access t the internet fr all VLANs Allw ICMP n and thrugh firewall Allw ICMP ping and tracerute n firewall Netwrks with the same Security- level are permitted t cmmunicate Netwrks with higher security levels are permitted t cmmunicate t lwer security level netwrks. Netwrk Security- Level Descriptin Client 100 VLAN100 Server 100 VLAN200 Remte Side 100 On Ruter 2 (Remte Side) MGMT 50 VLAN300 Internet 0 Internet Yu might want t use the given Firewall Builder applicatin n DVD- ROM which prvides a graphical user interface t build the rules. Cnfirmatin f tasks Have yu prcessed the fllwing tasks: 1.6.1 Yes N 1.6.2 Yes N 1.6.3 Yes N

11/12 2 APPENDIX

12/12 2.1.1 NETWORK DIAGRAM 2.2 INSTRUCTIONS 2.2.1 INSTRUCTIONS TO THE COMPENTITOR D nt bring any materials with yu t the cmpetitin. Mbile phnes are nt t be used. D nt disclse any cmpetitin material / infrmatin t any persn during each day s cmpetitin. Read the whle cmpetitin script prir yu start wrking. 2.2.2 EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED Server: PC with display (3x) Netwrk: Cisc Switch 2960 Serie (1x) Cisc Ruter 2811 Serie (2x) Additinal sftware: Linux Debian 6.0 engl. Versin Micrsft Windws 2008 Server R2 Micrsft Windws 7 (VMware Image) Cisc Packet Tracer Versin 5.3 Sftware CD (Adbe Reader 10, Hypervisr etc.) Firewall Builder applicatin (Supprts Iptables and Cisc ACL) Additinal equipment: Pwercables 2 Cnsle cables 1 crssed patchcabel r adapter Miscellaneus patch cable (2-4 m)

1/1 Year: 2014 These technlgies maybe used n the cmpetitin Active Directry Remte VPN (IPSEC/PPTP) Prt- Security Astar Firewall DNS Server DHCP Server FTP Server Terminal Services VMware vcenter Server PwerShell / Batch / Bash Scripts (autmatin) GPOs VMWare ESXi Apache2 NAT (Cisc IOS and Astar Firewall) HSRP Tagged Prts IP Ruting GRE Tunnels And sme mre

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback