CIS4407 - 2008 Summer
Group Assignment 10
Journals Due Wednesday, July 30th, at the beginning of class.

Assignment: Security

Your objective is to improve security among your machines in preparation for the security exercise. To do this, you will first try out an stunnel between your s1 and mail machine; you will then set up IPsec among your machines. After that, you should look at your exposure to other machines in the lab.

You will need the stunnel and ipsec-tools rpms installed (while it is not too troublesome to install stunnel from source, I definitely don't recommend trying to set up IPsec except via an rpm.)

For the stunnel, please install squirrelmail on s1. Check that the packets are going across in the clear. Configure an stunnel for imap from s1 to your mail machine. Then reconfigure squirrelmail to use that stunnel to your mail machine. Watch the packet flow as you access email — you should see only the imap traffic across your stunnel.

Now take down the stunnel, and configure host-to-host IPsec among your and machines. You can do this via either the Network gui, or you can do it by hand. Both methods are documented in Redhat's Deployment Guide.

Then try to configure IPsec so that it works seamlessly among s1, s2, dns, and mail. Is this possible? If so, what's the most reasonable configuration for this? If not, what's the closest that you can get to providing IPsec among your physical and virtual machines? Explain your reasoning clearly in your writeup.

Now consider all of the services you provide on all of your machines (virtual and physical), and run nmap to see which services are actually running.

You must keep up all normal services between your physical and virtual machines that you have set up this semester; also, make sure that you can ssh between all of the machines.

However, you are allowed to shut down access from other machines in the lab except for these services: incoming email over port 25, http over port 80, and ssh over port 22. You must leave these three services generally available to all machines in the lab; we will test the availability of these occasionally over the next two weeks.

Failure to provide these services during these random checks will impact your grade in the final security exercise, so please make sure that everything stays up.

Finally, consider some of the material that we have discussed in class about improving security. Try to apply various ideas to your setup. Document what you do, and why.

A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please share the workload so that all team members get experience with all aspects of the work. Do not forget to assign your work percentages to yourself and your other teammates in your journal. Please turn in a printed copy of this assignment at the beginning of class on Wednesday, July 30th.