Upload
darius-pitts
View
69
Download
3
Tags:
Embed Size (px)
DESCRIPTION
TAFE Trojans. http://trojans.virtualhost.com.au. Cert 4 Project. A Little About Ourselves. The Trojans… Nick: Security, firewalls, UNIX and switch management. Paul: Cable Runs, Hardware, web design/management and Documentation. - PowerPoint PPT Presentation
Citation preview
TAFE TrojansTAFE Trojanshttp://trojans.virtualhost.com.auhttp://trojans.virtualhost.com.au
Cert 4 ProjectCert 4 Project
A Little About OurselvesA Little About Ourselves
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
The Trojans…
Nick: Security, firewalls, UNIX and switch management.
Paul: Cable Runs, Hardware, web design/management and Documentation.
Kellie: Pricing, Documentation, Time Management and Project Analysis.
Ian: Research, tech support and Time Management.
The JobThe Job
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
As a part of the cert IV class, TAFE has asked us to address certain problems existing on the network.These issues are…
• 30 day secure channel problem
• PXE Workstation Imaging
• Internet control and filtering
• Network Speed to classroom C-312
What We Will DoWhat We Will Do
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
• 2 New Gigabit Switches for C-312 and C-block server room.
• Installation of Smoothwall School Guardian
• Implementation of PXE network boot imaging.
• 30 day secure channel problem.
What We Won’t DoWhat We Won’t Do
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
• System Backups.• Anti-Virus.• KVM-Switch for server room – Already a 4 Port in room.• USB Caddies.• Facility for storing Ghost images – Flash Already Sufficient.• Wireless Connectivity – Not important at the moment but a future possibility.• Domain Controller – IT.net is happy with their 2000 server at the moment.
Moving onto 30 day secure channel…
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
The Problem.
- after 30 days, the it.net computers can’t log onto goth because the secure channel password has changed.- typically a computer has its own individual name and account on the DC, and doesn’t suffer this problem.- unfortunately tafe’s computers all share the same name and therefore he same secure channel password and account.- this password identifies individual computers to the domain, and changes every 30 days.- for Tafe, once this password changes for one computer, the other computers can’t log on because they are using the old password with the same account. - this is where we found a fix
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
First attempt.
• The first registry key we found changed the amount of days till password expriry
• Allowed a potential of 1 000 000 days
• When the server restarted the registry value was reset
So we thought we could build a startup script or find a better solution.
We went for option 2 ….. We found another key.
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Second AttemptThe “new” key is at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE /System/CurrentControlSet/Services/NetLogon/Parameters/MaximumPasswordAge
Changing the key allows to enable/disable the maximum password age, rather than specify days.
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
These changes are illustrated thorough the following various pictures
The Registry Entry Before it was changed
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
These changes are illustrated thorough the following various pictures
The Registry Entry After it was changed
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
These changes are illustrated thorough the following various pictures
The Policy Editor Before it was changed
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
These changes are illustrated thorough the following various pictures
The Policy Editor After it was changed
30 day Secure Channel30 day Secure Channel
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Because of these changes through the registry, in effect it turns off the 30 day check.
Moving onto PXE…
PXEPXE
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Pre-boot Execution Environmentoverview
• A network boot enabled PC makes imaging a host computer very easy.
• Most computers today support network boot.
• Enabled through bios, select first boot device as network boot.
• Relies on a DHCP and TFTP server
• OS images are transferred via TFTP to the host computer.
• The option for a boot menu for user input is available.
• Replaces the need for individual boot floppies. (“Thank god” says Andy)
PXEPXE
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Pre-boot Execution Environmentprocess
• Firstly the network boot PC looks for a IP address through DHCP.
• The file dhcpd.conf on the DHCP server has a static entry for the workstation, and the bootfile to load.
• The Server responds with an IP and asks the client if network boot enabled.
• The workstation says “Yes” then gets an IP and is directed to the TFTP server.
PXEPXE
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Pre-boot Execution EnvironmentProcess (con’t)
• At the TFTP server the workstation requests the “filename”.img referred to in the dhcpd.conf file on the DHCP server and executes it.
• The boot image does the rest, maps drives, runs ghost and images the host computer
Moving on to Smoothwall…..
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Introduction to Smoothwall
• Linux based operating system.
• Simplified Linux Kernel
• We will be demonstrating the free version – Smoothwall Express
• Very powerful firewall and internet filter
• Very easy to install
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
System monitoring..
• Notices of available smoothwall updates
• System Uptime, Process status, Disk Usage
• Traffic graphs
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
This is the main Smoothwall front page.
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
This is the statistics area.
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Traffic Graphs
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Security..
Port Forwarding
• DMZ Pinholes
• Remote access
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Port Forwarding Interface
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
DMZ Pinholes Interface
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
More Security..
• IP Blocking
• Internet Connectivity (PPP)
• Log Viewer of all activity
• Settings - Backup
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Supporting Text
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
PPP Internet Connectivity
SmoothwallSmoothwall
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
Settings - Backup
BudgetBudget
We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…
RESISTANCE IS FUTILE
• 2 New switches for C3-12 and C-Block server room - $1310.78
• 100m of Cat 5e for 2 runs from C-Block server room to C3-12 - $450
• Smoothwall School Guardian 4 inc 70 concurrent licences - $2053.70
• Labour Cost for Tafe Trojans (Inc GST) - $2145.00
________Total (Inc GST) -
$5959.48