Soal LKS Prov Bali 2014 Networking

SOK PINTAR NAMUN SESAT 05.30.00


TAHAP 1 - PILIH TERLEBIH DAHUKU OS YANG AKAN KITA JADIKAN SERVER


Di Bagian 1 - Installasi Untuk Os Server Yang Di Sediakan

1.   Kita Di Sini Menggunakan Debian 6 Dan Pada Saat Menginstall debian. jangan menginstall grafisnya. gnome, Kde Gui Dll
2.   Buatlah 2 Partisi  root:  50  GB  home:  10  GB 
3.   lalu berikan host id, password root, dan configurasi lainnya



Part 2 Laptop Client Operating System Installation

1.   Install Windows Operating System in Laptop client. Ensure that all components needed are correctly installed.
2.   Allow ICMP Packet Incoming and Outgoing
3.   Set Laptop client as follows:
-    Company name           : IT Service
-     Computer name          : Laptop-xx (xx is the competitor’s number, example: Laptop-01)
-    Set user name and password
Note: User name and password will be given during competition.

                                                                                                                                        
SECTION 2 CABLING AND ACCESS POINT

Part 3 Cabling

Make three straighthrough cable with length according to distance from PC Router and switch and PC Router to AP and make one Crossthrough Cable, then give  label   ST-xx  and  "XC-xx"  near  to  each  connector  (xx  is  competitor’s number) standard T568B.




Part 4 Wireless Access Point Configuration
Configure the Wireless Access Point as follows:
- Set WPA-PSK authentication.
- Set SSID.
- Set MAC address filtering to allow only Laptop client.

Note: The IP address, WPA-PSK authentication, and SSID will be given during competition.


SECTION 3 PC ROUTER CONFIGURATION

Part 5 PC Router Configuration

1.      Configure PC Router to allow Client conect Internet.

Asumsi :
Eth0 = ke pc admin ip: dhcp
Eth1 = ke AP : 172.16.x.w/29
Eth0 = ke Server IP: 192.168.x.z/28

Konfigurasi IP:
nano /etc/network/interfaces

edit sehingga terlihat seperti :
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
        address 192.168.7.1
        netmask 255.255.255.248
        network 192.168.7.0
        broadcast 192.168.7.7

auto eth2
iface eth2 inet static
        address 172.16.7.1
        netmask 255.255.255.240
        network 172.16.7.0
        broadcast 172.16.7.15


Restart konfigurasi network nya dengan mengetikan perintah:

service networking restart

Cek koneksi ke internet dengan melakukan ping ke 8.8.8.8




2.   Write the modification or configuration you have done in the paper given by
Judge.

Part 6 Network Installation

Setup networks according to the figure 1 below:



Figure 1. Network Topology


Part 7 DHCP Server Configuration

1.      Configure DHCP Server with valid available IP address which needed to connect to Laptop Client.

apt-get install dhcp3-server

edit konfigurasi:
nano /etc/dhcp/dhcpd.conf
sehingga:
subnet 172.16.7.0 netmask 255.255.255.240 {
  range 172.16.7.2 172.16.7.14;
  option domain-name-servers 192.168.7.2;
  option domain-name "ITService-07.co.id";
  option routers 172.16.7.1;
  option broadcast-address 172.16.7.15;
  default-lease-time 600;
  max-lease-time 7200;
}

                                    Cek IP client windows dengan konfigurasi auto ip address






2.   Write the modification or configuration you have done in the paper given by
Judge.


Part 8 Telnet Server Configuration

1.      Configure Telnet Server runs using inetd.
apt-get install telnetd

2.      Create Admin account as a duplicate Root account.
Adduser admin
Adduser admin sudo

3.   Disable Root login over network.


Part 9 Time Synchronization
1.      Set NTP server services. Use local clock as time server source.

dpkg-reconfigure tzdata
apt-get install ntp ntpdate
 nano /etc/ntp.conf
Tekan ctrl + w, lalu ketikkan kata kunci iburst
server id.pool.ntp.org iburst dynamic
#server 1.debian.pool.ntp.org iburst dynamic
#server 2.debian.pool.ntp.org iburst dynamic

Lalu tekan lagi ctrl + w dan cari kata kunci 123.0.
restrict 172.16.100.0 mask 255.255.255.0 nomodify notrap

2.   Synchronize Laptop client time with the NTP Server time in PC Server.


Part 10 SSH and FTP server
1.   Set SSH server  and use Client to remote
2.   Copy file from server to client with SSH
3.   FTP : Can be accessed for anonymous
4.   Set first directory that guest can upload to and download file from it
5.   Set second directory that guest can only download file from it



DESCRIPTION OF PROJECT AND TASKS

After years later, ITService want to create medium network. They want to have their own Web, Mail, FTP, and Proxy Server. The company ordered you to install the operating system and to build the network to connect those machines and setup several services. You’ve already received the specifications for the project.

SECTION 1 OPERATING SYSTEM INSTALLATION

Part 11 PC Server Operating System Installation

1.   Setup PC Server with the operating system same as operating system for PC Router.
2.   Set Host name, Root password, and IP address of network card.
Note: Host name, Root password, and IP address of network card will be given during competition.
3.   Create  2  formatted  partitions  :  C:  40  GB  -  D:  20  GB  -  Leave  the  rest  still unpartition

Part 12 Network Installation

Setup networks according to the figure 2 below:


 Figure 2. Network Topology
SECTION 2 PC ROUTER CONFIGURATION

Part 13 Firewall Configuration
1.   Configure Packet Filtering Firewall to allow DHCP, DNS, HTTP, HTTPS, SSH, SMTP, FTP, IMAP, POP, and Squid ports deny all other services
2.   Configure Circuit Level Firewall as follow:
a.   Allow Internet area connect to Server.
b.   Allow Local Network area connect to Internet and Server. c.   Deny Internet area connection to Local Network.
d.   Deny Server Farm area connection to Local Network area.
3.   Write the modification or configuration you have done in the paper given by
Judge.


SECTION 3 PC SERVER CONFIGURATION

Part 14 DNS Server Configuration

1.   Configure DNS Server with two domain:
a.   Itservice-xx.co.id b.   Lks-xx.co.id
2.   Each domain contain: www, mail, ftp, proxy services
Example:
-  www.itservice-xx.co.id
-  mail.itservice-xx.co.id
-  ftp.itservice-xx.co.id
- proxy.itservice-xx.co.id
-  www.lks-xx.co.id
-  mail.lks-xx.co.id
-  ftp.lks-xx.co.id
- proxy.lks-xx.co.id
Note: xx is the competitor’s number

Apt-get install bind9
Cd  /etc/bind/

root@ITService-07:/etc/bind# cp db.local db.itservice
root@ITService-07:/etc/bind# cp db.local db.lks
root@ITService-07:/etc/bind# cp db.127 db.192
root@ITService-07:/etc/bind# nano db.itservice

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     itservice-07.co.id. root.itservice-07.co.id. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      itservice-07.co.id.
@       IN      A       192.168.7.2
www     IN      A       192.168.7.2
mail    IN      A       192.168.7.2
ftp     IN      A       192.168.7.2
proxy   IN      A       192.168.7.2

root@ITService-07:/etc/bind# nano db.lks

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     lks-07.co.id. root.lks-07.co.id. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      lks-07.co.id.
@       IN      A       192.168.7.2
www     IN      A       192.168.7.2
mail    IN      A       192.168.7.2
ftp     IN      A       192.168.7.2
proxy   IN      A       192.168.7.2

root@ITService-07:/etc/bind# nano db.192

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     itservice-07.co.id. root.itsevice-07.co.id. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      itservice-07.co.id.
2.7.168 IN      PTR     itservice-07.co.id.


root@ITService-07:/etc/bind# nano named.conf.local


//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "itservice-07.co.id" {
        type master;
        file "/etc/bind/db.itservice";
};

zone "lks-07.co.id" {
        type master;
        file "/etc/bind/db.lks";
};

zone "192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.192";
};

root@ITService-07:/etc/bind# service bind9 restart

root@ITService-07:/etc/bind# nano /etc/resolv.conf

nameserver 192.168.7.2


3.   Write the modification or configuration you have done in the paper given by
Judge.

Part 15 HTTP Server Configuration

1.   Configure HTTP Server as follow : (install packet one by one)
-  Support html
-  Support php
-   Support apache and user directory ( .co.id/~direktory user)
2.   Create two website:
-  www.itservice-xx.co.id
Index.html: Welcome to IT Service Website (index.html has to be a valid html file)
-  www.lks-xx.co.id
Index.html: Welcome to LKS Website” (index.html has to be a valid html file)


3.   Write the modification or configuration you have done in the paper given by
Judge.


Part 16 Mail Server Configuration

1.   Configure Mail Server as follows:
- SMTP no relay
- Create user client
- Create e-mail address
- IMAP/POP
- Can send email to Internet mail
2.   Set quota 20 Mb for each user.
3.   Write the modification or configuration you have done in the paper given by
Judge.
Note: User name and password for user client, e-mail address, and Internet mail will be given during competition

Part 17 Web Mail Server Configuration

1.   Configure Web Mail Server as follows:
- Webmail Apps
- Domain is https://mail.itservice-xx.co.id/ (xx is the competitor’s number)
2.   Write the modification or configuration you have done in the paper given by
Judge.

Part 18 Proxy Server Configuration

1.   Configure Proxy Server to allow only whitelist accessed of website from Laptop client using ACL (access control list).
Note: List of websites will be given during competition

Apt-get install squid
Cd /etc/squid
Nano /etc/squid
Ctrl + w = acl localhost

Acl blok url_regex “/etc/squid/blok.txt”
http_access deny blok

ctrl+w = http_access deny all

http_access allow all


Apt-get install apache2-utils


                        Cd /etc/squid
Nano squid.conf

Tambahkan baris berikut
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users


touch passwd
chmod o+r passwd

#jalankan perintah ini untuk membuat user paling pertama
htpasswd -c passwd nama-user1

#kalau ingin menambahkan user lain jalankan perintah ini untuk membuat user kedua, ketiga dan selanjutnya
htpasswd passwd nama-user1

restart squid
service squid restart






2.   Configure Proxy Server to access Internet using username and password (non- transparent mode).
Note: Username and password will be given during competition
3.   Configure Proxy Server to limit bandwidth for download.
4.   Add web-based tool to monitor user proxy activity.
5.   Write the modification or configuration you have done in the paper given by
Judge.

Part 19 Monitoring System

1.   Set network traffic
2.   Monitor for CPU, Memory, Swap Memory

Part 20 Network File Sharing

1.   Set NFS Server to PC Server (/home/user)
2.   Set NFS Client to PC Router (/mnt)
3.   Automatic mount NFS system
Finish.



0 Komentar