S1 2018

Week Topics toggle topics for , , or ) Total Marks 50
26 February
Introduction, Operating Systems
Zhiyi Huang
  • Introduction to the paper, and system and network administration
  • Overview/recap of operating systems.
Network Hardware
Zhiyi Huang
  • A quick tour of IEEE standards.
  • Ability to identify common network hardware, such as a network interface card, hub, switch, router; explain the purpose of each.
  • While we concentrate on IP and ethernet in this paper, the student should also have a little exposure to concepts such as serial connections (eg. DSL), and also high-speed interconnects such as InfiniBand or FibreChannel.
  • Be able to appreciate the difference between various bus interconnections, and why on-board NICs may give superior performance.
  • Understand how network traffic enters and leaves a machine, from a basic understanding of what a socket is, to a more thorough understanding of concepts of hardware interrupts, DMA, and performance issues such as zero-copy (scatter/gather I/O).
Introduction, Operating Systems
Marks: 2
  • Familiarisation with the VirtualBox-based lab environment and resources.
  • Develop your skills in the terminal shell to help you work faster and smarter.
5 March
IPv6 Bootcamp
Zhiyi Huang
  • Revise IPv6 addressing
  • Understand basic IPv6 mechanisms, such as stateless address autoconfiguration, neighbour discovery and router advertisements
  • Topics such as DNS are not talked about yet, that is covered in a later lecture.
  • Advanced topics such as Mobile IPv6 or IPSec are not encountered in this lecture.
  • Brief overview of transition mechanisms.
  • Security problems associated with IPv6.
  • Interface management in Linux.
Basic Interface Management
Marks: 3
  • View the status of Ethernet interfaces and the result of auto-negotiation.
  • Name interface logically when this is appropriate.
  • Practice the use of IPv4 configuration and query tools.
  • Practice the administration of IPv4 interface configuration in Ubuntu Linux.
Scripting Technique
Zhiyi Huang
  • Understand the concept, scope and benefits of applying the use of scripting solutions.
  • Learn the constructs used in developing Bourne shell scripts.
  • Learn a number of useful commands, as applied to example problems.
  • Spend a little time covering common uses of sed and awk.
IPv6 Bootcamp
Marks: 2
  • Practice enabling and disabling IPv6 on Linux, and how to control autoconfiguration etc.
  • Observe how IPv6 works with router advertisements.
  • Practice the use of IPv6 configuration and query tools.
  • Practice the administration of IPv6 interface configuration in Ubuntu Linux.
  • Practice the creation of tunnels and how this complicates things.
12 March
Zhiyi Huang
  • Be aware of the different types of hard-drive technologies, including ATA, SCSI and SATA, including the performance issues of each.
  • Understand how Unix (and to a lesser extent Windows) file-systems work, including concepts of inode, permissions, links, journalling and performance issues such as block size and fragmentation.
  • Have an understanding of other access-control mechanisms, such as access-control-lists (ACLs); the difference between discretionary and mandatory access-control.
  • Be able to identify different types of file-system objects found in the file-system, such as files, directories, symbolic links, named pipes etc.
  • Identify the common RAID levels.
Shell Scripting/vim
Marks: 2
  • Utilise best practices in creating UNIX shell scripts.
  • Practice the constructs covered in the lecture.
  • Create a script to generate a report about web-server utilisation.
Basic System/Network Administration
Zhiyi Huang
  • Learn about the available network configuration and diagnostic tools for IPv4.
  • Learn about the available network configuration and diagnostic tools for IPv6, especially stateless autoconfiguration.
Marks: 2
  • Create and manage file-system objects, assign permissions.
  • Use access-control-lists.
  • Use common archival tools.
  • Investigate a particular backup solution.
19 March
System Installation
Zhiyi Huang
  • Understand methods of which operating systems can be installed.
  • Understand the role virtualisation plays in a modern infrastructure.
  • Basic steps involved in installing any (esp. Linux) system.
  • Learn how a classical Linux/UNIX systems boots and how this is changing.
  • Managing security during installation.
  • Investigate some methods used to manage mass installations.
  • Learn about best practices in account management, and managing access to administrative privileges.
Marks: None
  • This lab session is dedicated to people who need to catch up. People who are up-to-date will have lower priority.
Zhiyi Huang
  • Basic user management.
  • Trim any unnecessary services to reduce security exposure.
  • Look at system-hardening methods, and sources of best practices.
  • Investigate the use of version management tools to manage configuration files.
  • Look at where services may be started, and how to manage inetd or xinetd.
System Installation
Marks: 2
  • Ubuntu Linux into a VirtualBox virtual machine.
  • Create appropriate set-up and configuration documentation for the system.
  • Perform any necessary security updates.
26 March
Wireless Networking
Zhiyi Huang
  • Develop a familiarity with wireless terminology and behaviour, including how signals behave and interference.
  • Develop a working knowledge of basic 802.11 wireless networking, sufficient to set up such a network using best practices.
  • Understand the motivation and basic structure of a Wireless Distribution System (WDS).
  • Understand the purpose and basic mechanisms of network authentication using 802.1x and RADIUS (WPA-Enterprise).
  • Familiarise students with the various types of antennas, and the typical coverage volumes and uses.
  • Understand the correct use of independent (ad-hoc) networks.
Post Installation
Marks: 2
  • Find out what services are running, evaluate the necessity of each, and stop or limit those that are not needed.
  • Configure inetd or xinetd to manage services used by those.
  • Use TCP Wrappers to limit access to services.
Scheduled Tasks and Log Management
Zhiyi Huang
  • Investigate possible uses, benefits and costs of scheduled tasks by administrators and users.
  • Look at how scheduled tasks can best be managed on a typical Linux system, what is lacking, and how it is changing.
  • Investigate risks associated with log management.
  • Identify desirable log-related properties.
  • Look at how logs can be rotated and archived (and the benefits and costs), and laws and regulations for log-keeping.
  • Learn about how logs can be filtered and monitored.
  • Remote logging; benefits and risks.
Marks: None
  • This lab session is dedicated to people who need to catch up. People who are up-to-date will have lower priority.
2 April
9 April
The Domain Name System (DNS)
Zhiyi Huang
  • Learn the configuration methods and elements for a DNS client.
  • Understand how DNS works.
  • Learn about best practices in DNS management.
  • Learn how DNS handles IPv6 and the problems that occur.
  • Find out what additional security features are available in DNS such as DNS-SEC and TSIG.
  • Look at current issues, including Internationalised Domain Names (IDNs.)
Scheduled Tasks and Log Management
Marks: 3
  • Look at how scheduled tasks are managed on an Ubuntu Linux system.
  • Manage scheduled tasks by adding a new task.
  • Modify log rotation and archive settings.
  • Filter log entries using simple regular expressions.
  • Enable remote syslog operation.
Address Assignment and the Rendezvous Problem (DHCP)
Zhiyi Huang
  • Learn about the development that lead up to DHCP.
  • Learn about the DHCPv6 and its relationship to router advertisements and stateless address auto-configuration.
  • Find out about problems faced by DHCP implementations, and best practices to manage them.
  • Investigate alternative ways of solving the problems addressed (and not addressed) by DHCP.
  • This should introduce concepts of directory services.
  • Look at how DHCP services can be made more reliable.
  • Look at how Dynamic DNS helps to solve the rendezvous problem.
  • Investigate how the rendezvous problem is solved in an ad-hoc network, by using link-local addresses, mDNS, and DNS-SD.
The Domain Name System (DNS)
Marks: 3
  • Practice using the available DNS querying and diagnostic tools.
  • Configure the BIND 9 DNS server using best practices for a small network environment.
  • Add IPv6 data to the DNS.
  • Add IDNA data to the DNS.
  • Audit and harden security settings.
16 April
Remote Terminal Services (SSH)
Zhiyi Huang
  • Understand the history of remote terminal services, and the problems associated with each.
  • Understand the problems that SSH solves.
  • Explore the various ways that ssh can be used.
  • Look at the development of GUI-based terminal services, including issues such as remote assistance, multiple logon, compression, ancillary services (file transfer, report gathering, command execution).
  • Look briefly at X11, VNC and Remote Desktop.
Address Assignment and the Rendezvous Problem
Marks: 3
  • Install and configure a DHCP server and provide basic services including static and dynamic address assignments.
  • Install and configure radvd, a IPv6 SLAAC daemon.
  • Install and configure a DHCPv6 server.
Electronic Mail
Zhiyi Huang
  • Understand the processes by which the electronic mail is sent on the Internet, including a reasonable understanding of the SMTP, POP and IMAP protocols.
  • Understand the problems solved by MIME.
  • Understand the problems of spam and viruses, and tools and techniques for combatting it.
  • Look at cryptographic tools available for protecting e-mail content, such as GPG, and the nature of such protections.
Remote Terminal Services
Marks: 3
  • Set up public key access using best practices.
  • Practice using SSH tools to explore major features.
  • Configure SSH services using best practices.
  • Identify security weakpoints introduced using SSH services.
  • Experience using X11 tunnelled over a SSH connection.
  • Experience accessing either VNC or Remote Desktop to access a remote machine (optional, at home activity)
23 April
Transaction Layer Security (TLS)
Zhiyi Huang
  • Cover basic cryptography concepts.
  • Look at the brief history of Transaction Layer Security (TLS) and Secure Sockets Layer (SSL).
  • Understand how certificate-based cryto-systems work.
  • Know what TLS can and cannot effectively guard against.
  • Consider the issues involving virtual-hosting and TLS, and why it is better to negotiate TLS (via a protocol command such as SMTPs STARTTLS) rather than use a separate port.
  • Look at the process of getting a certificate, and the cryptographic mechanisms behind having a certificate signed.
  • Demonstrate a simple example of using stunnel to show the essential configurations that are needed.
Electronic Mail
Marks: 3
  • Provide basic e-mail services to a small network, including a manually-managed mailing list.
  • Provide basic spam protection and filtering.
  • Use GPG to protect e-mail content.
World Wide Web (WWW)
Zhiyi Huang
  • Observe a HTTP request and identify important fields and their function.
  • Get an overview the mechanisms that can be used to generate content dynamically.
  • Look at the common security problems involved in building web applications, and how these risks can be mitigated.
  • Learn about the use of virtual hosting.
  • Learn about the use of virtual hosting.
  • Look at best practices in managing web servers.
  • Touch on issues of high performance and availability, such as load-balancing, clustering, fail-over techniques.
30 April
Network Security
Zhiyi Huang
  • Tie up loose ends.
  • Talk about Network Administration.
  • Learn about common security attack vectors to the system and network.
  • Recap of material covered so far, concentrating on the principles involved.
World Wide Web (Practical Test)
Marks: 5
  • Install and configure the Apache web server.
  • Enable the PHP pre-processor and create some simple content.
  • Configure name-based virtual domains.
  • Protect content using various forms of access control.
  • Harden the web server configuration using best practices.
Internal Routing
Zhiyi Huang
  • Understand routing issues, and the benefits and costs of dynamic routing.
  • Understand the differences between internal and external routing algorithms, and the different problems each must solve.
  • Understand basic RIP and the improvements that can be made of it.
  • Understand the differences between OSPF and RIP, and why OSPF is superior.
  • See how different routing domains can be integrated.
  • Investigate the security issues faced by dynamic routing.
  • Cover the common configuration mechanisms of routers.
Marks: None
  • This lab session is dedicated to people who need to catch up. People who are up-to-date will have lower priority.
7 May
Management Tools & Protocols
Zhiyi Huang
  • Understand the aims, uses, benefits and costs of monitoring systems for network elements.
  • Understand the structure of SNMP, and how it is used. Look briefly at alternatives.
  • Look at common ways of presenting or using the data.
  • Evaluate the usefulness of in-band and out-band monitoring and alerts.
  • Look at best practices in deploying a management solution.
  • Cover concepts such as Lights Out Management.
  • Briefly look at policy-based configuration using tools such as configd.
Virtual LANs & Internal Routing
Marks: 5
  • Learn about and configure virtual LANs.
  • Gain experience with the Vyatta OFR router platform.
  • Configure static routing.
  • Configure a network to use RIP.
  • Configure a network to use RIPng for IPv6.
Virtual Private Networks
Zhiyi Huang
  • New for 2018!
Virtual LANs & Internal Routing (cont.)
Marks: None
14 May
Network Accounting & Visibility
Zhiyi Huang
  • Understand the philosophical and technical issues regarding network accounting.
  • Explore ways we can observe what is happening on a network.
  • Observe the security benefits and costs of accounting, including how it pertains to visitor and wireless networks.
  • Understand what we can account for.
  • Learn about the common NetFlow protocol, and to what extent it meets the requirements.
  • Learn a little about RADIUS and the accountancy data it can provide.
  • Look at how network measurement and accounting can be integrated into a defence-in-depth strategy.
  • Cover best practices in network accounting.
Virtual Private Networks (VPN)
Marks: 3
  • Learn about and configure virtual private networks.
Zhiyi Huang
  • Understand where a firewall fits into a network infrastructure.
  • Survey the different firewall architectures available.
  • Trace the path of a packet through a firewall.
  • Find the types of traffic that firewalls should protect against.
  • Understand the benefits and costs of stateful packet inspection.
  • Look at best practices in firewall design and management.
  • Learn about common firewall-associated tasks, namely NAT.
Subnetting Tutorial
Marks: 2
  • Learn how to subnet a network and become comfortable working with IPv4 CIDR addressing.
  • Cover subnetting and addressing in IPv6.
21 May
Exterior Routing
Zhiyi Huang
  • Understand the issues relating to routing between autonomous systems, and how it is different to interior routing systems.
  • Understand the basics of Border Gateway Protocol (BGP).
  • Investigate Internet Management issues relating to routing.
  • Investigate the security issues and best practices in managing BGP.
Marks: 5
  • Implement a firewall based on a given policy.
  • Implement source and destination NAT.
Diagnostics & Ethics
Zhiyi Huang
  • Cover diagnostic techniques, and what to do in a crisis.
  • Look at fault-management procedures.
  • When to use scheduled and unscheduled outages.
  • Discuss ethical restraints the System/Network Administrators have to consider, and their legal/regulatory/moral responsibilities.
Firewalls (cont.)
Marks: None
28 May
Zhiyi Huang
  • Re-cap of the paper.
  • Exam preparation.
  • Questions and Answers
Marks: None
  • This lab session is dedicated to people who need to catch up. People who are up-to-date will have lower priority.
Guest Lecture: TBD
  • By a professional from industry
Final Lab
Marks: None