WorldSkills Competition 2011 Austrian Championship. IT Network Systems Administrator Day 1



Similar documents
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Competitor fills in. Expert fills in

WorldSkills Hong Kong Competition Test Project IT Network Systems Administration (Linux Module) English Version only 只 提 供 英 文 版 本

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

Using VDOMs to host two FortiOS instances on a single FortiGate unit

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS

Configuration Manual English version

Step-by-Step Configuration

Security. TestOut Modules

Quick Installation Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Agency Pre Migration Tasks

Installation of the On Site Server (OSS)

Digicom Remote Control for the SRT

AP6511 First Time Configuration Procedure

Wireless G Broadband quick install

EZblue BusinessServer The All - In - One Server For Your Home And Business

Lab Configuring Access Policies and DMZ Settings

Kerio Control. Step-by-Step Guide. Kerio Technologies

CDH installation & Application Test Report

Skills Assessment Student Training Exam

Course Venue :- Lab 302, IT Dept., Govt. Polytechnic Mumbai, Bandra (E)

Information Security Practice II. Installation and set-up of Web Server and FTP accounts

your Gateway Windows network installationguide b wireless series Router model WBR-100 Configuring Installing

DMH remote access. Table of Contents. Project : remote_access_dmh Date: 29/05/12 pg. 1

Chapter 4 Customizing Your Network Settings

Network Configuration Settings

Chapter 6 Using Network Monitoring Tools

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

Wifi Pan/Tilt IP Camera User Manual

Chapter 1 Configuring Internet Connectivity

Deploying Secure Internet Connectivity

Networking Basics for Automation Engineers

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

DSL-2600U. User Manual V 1.0

NEFSIS DEDICATED SERVER

IP Configuration Manual

How to configure your Thomson SpeedTouch 780WL for ADSL2+

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

CCT vs. CCENT Skill Set Comparison

Device Interface IP Address Subnet Mask Default Gateway

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Freshservice Discovery Probe User Guide

How To Check If Your Router Is Working Properly On A Nr854T Router (Wnr854) On A Pc Or Mac) On Your Computer Or Ipad (Netbook) On An Ipad Or Ipa (Networking

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Mobility System Software Quick Start Guide

SATO Network Interface Card Configuration Instructions

WISP 101. The DO s and DON T s of becoming a Wireless ISP

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Edgewater Routers User Guide

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Chapter 6 Using Network Monitoring Tools

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Lab Objectives & Turn In

FWS WiTDM Series KWA-O8800-I User Manual

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Lab Organizing CCENT Objectives by OSI Layer

Chapter 15: Advanced Networks

Lab Configure Basic AP Security through IOS CLI

Chapter 4 Management. Viewing the Activity Log

Avaya TM G700 Media Gateway Security. White Paper

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

Avaya G700 Media Gateway Security - Issue 1.0

CounterACT 7.0 Single CounterACT Appliance

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

COMPUTER NETWORK TECHNOLOGY (40)

Broadband Router ESG-103. User s Guide

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

Quick Installation Guide DAP Wireless N 300 Access Point & Router

GregSowell.com. Mikrotik Basics

VIA CONNECT PRO Deployment Guide

Motorola TEAM WSM - Cisco Unified Communications Manager Integration

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Getting Started with PRTG Network Monitor 2012 Paessler AG

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

LifeSize Transit Deployment Guide June 2011

This chapter describes how to set up and manage VPN service in Mac OS X Server.

ISERink Installation Guide

Edgewater Routers User Guide

How to Guide: StorageCraft Cloud Services VPN

User Manual. Page 2 of 38

VPN Lesson 2: VPN Implementation. Summary

V310 Support Note Version 1.0 November, 2011

Cisco Virtual Office Express

Chapter 3 LAN Configuration

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

UBIQUITI BRIDGE CONFIGURATION PROCEDURE (PowerStation & NanoStation Units ONLY)

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

BASIC INSTRUCTIONS TO CONFIGURE ZYXEL P8701T CPE USING THE WEB INTERFACE

Setting Up Scan to SMB on TaskALFA series MFP s.

F-Secure Messaging Security Gateway. Deployment Guide

Multi-Homing Security Gateway

1. Please login to the Own Web Now Support Portal ( with your address and a password.

Transcription:

WorldSkills Competition 2011 Austrian Championship IT Network Systems Administrator Day 1

INTRODUCTION Company A4All is a small company that wants you to setup their IT server infrastructure from scratch, consisting of network plan, a Windows domain controller and a Linux webserver. A small Windows XP Client for testing purposes is also available. Systems you will use Windows 7 (as host for virtualization) VM: Windows Server 2008 VM: Ubuntu Server Windows XP Client Cisco 2960 Switch Cisco 2811 Router Cisco Access Point Work Task 1: Network Plan Overview: IT Network Systems Administration Austria 2011 Page 2/7

A4All will use the following network: 10.#.96.0/20 where # is your candidate id. Assign subnets and VLAN numbers to the department and configure at least one switch port for these departments on the Cisco 2960 Switch. The switch should have a static IP address in the MGMT VLAN and one trunk link to the Cisco 2960 Router which should route between these VLANs. When a client is plugged in an access port on the switch, it should get an IP address automatically, but none that is reserved for static devices. Department Devices VLAN Switch Port Subnet OFFICE 300 IT 100 SERVER 10 PUBLIC 180 MGMT 10 Assign and document static IP addresses for the following systems: System VLAN IP Cisco Router Cisco Switch Windows Server Linux Server (Win 7 Host) OFFICE IT SERVER PUBLIC MGMT MGMT SERVER SERVER SERVER IT Network Systems Administration Austria 2011 Page 3/7

The Win 7 Host only needs a static IP if you don't use the Cisco router as DHCP server. Work Task 2: Windows Server Install VirtualBox on the Windows 7 system (install media will be provided to you) and create a virtual machine for Windows 2008 Server. This will be your domain controller. The virtual machine should connect via a bridged interface to the physical network. Use default settings where not otherwise specified. Setup a second partition (D:) called 'DATA' Use skills#.org as domain where # is your candidate id Install and configure the services: Active Directory Domain Name Service: 'www' should point to the Linux webserver 'tftp' should be an alias to 'www' 'file' should point to the Windows server Create the following 101 users on the windows server: Username notebook pc win1 win2 win3... Password windows windows windows windows windows... IT Network Systems Administration Austria 2011 Page 4/7

win98 win99 windows windows Shared folders Create shared folders on 'DATA' with name Users and Files Don t allow access to the folder D:\Files\notebook, except for user notebook The user profiles should be stored in D:\Users User settings All users should have the Linux webserver (www.) as startup page in Internet Explorer After logon, each user should have the Files share as network drive The users passwords must have a minimum length of 6 characters Connect the Windows XP Client machine to the MGMT VLAN, join the domain and use this PC to test your Windows domain. Work Task 3: Linux Server The Linux server will be primarily used as a web server. Later on, the website developers will connect and upload their website, but for now, it's your job to create a 'under construction' page. Install Ubuntu as a VM on the Windows 7 system Use any install settings you want, but leave space for one partition: Create a VG out of this partition called 'datavg' Create a LV in 'datavg' called 'wwwlv' and another called 'backuplv' Make wwwlv to automount on startup at /mnt/www Make backuplv to automount on startup at /mnt/backup Make sure remote logon is possible using SSH Create the following 100 users on the ubuntu-server: IT Network Systems Administration Austria 2011 Page 5/7

Username skills2011 ubuntu1 ubuntu2 ubuntu3... ubuntu98 ubuntu99 Password ubuntu ubuntu ubuntu ubuntu... ubuntu ubuntu The users ubuntu1 ubuntu99 should have no shell assigned Install a webserver (www.skillls#.org) DocumentRoot should be /mnt/www Create a index page that: Informs the user that the page is under construction Displays this information with a large and bold font using CSS Create a backup cronjob that Runs on every Sunday, 2am Creates a compressed tar archive of /mnt/www with the current day in it's name Stores the tar archive at /mnt/backup Removes backups old that 90 days from /mnt/backup A MySQL server will be required by the web developers. Use following settings for your installation: root password should be skills Create a database A4All Create a user tgmsql with password skill tgmsql should be only allowed to access database A4All tgmsql should have all privileges on database A4All To allowed access to the document root from windows systems, install a Samba server Share 'www' with directory /mnt/www IT Network Systems Administration Austria 2011 Page 6/7

Only user skills2011 should have access to this share (read + write) To secure the webserver, set following firewall rules for incoming traffic: Allow SSH, HTTP and HTTPS traffic from any device Allow ICMP packets from the router Block all other traffic by default Work Task 3: IOS Issues A colleague just brought you a Cisco 2960 switch. He says that something is wrong with the IOS and asks you to fix it Use the Linux webserver and install a TFTP daemon A working IOS image is located on the desktop of your Win 7 system Fix the IOS installation on the switch Work Task 4: WLAN extension A4All just bought a new WLAN AP and it's your job to set it up. Connect the AP to the OFFICE VLAN Use skills# for the SSID, with # as your candidate id. Configure the least possible transmission power on the AP device! Use the following wireless channels: Candidate ID Channel 1 Channel 1 2 Channel 7 3 Channel 13 4 Channel 1 5 Channel 7 Again, you can use the Windows XP Client machine for testing purposes. IT Network Systems Administration Austria 2011 Page 7/7

WorldSkills Competition 2011 Austrian Championship IT Network Systems Administrator Day 2

INTRODUCTION You've just got a new job as the network administrator for the financial services company CBL.com, located in Vienna, which currently faces hard times due to the world wide financial crisis. The company currently has some upcoming projects: A new datacenter in Salzburg A security audit done by an external company The government may take over the company due to heavy debts As your predecessor has already left the company, you don't have much information about the current network setup. To be honest, all you have is MAIL #1 Read the mail and get familiar with the current network environment. You've been working in your new job for a few days now... and you're doing well. Paul, the IT architect, just sent over MAIL #2 to inform you about the new datacenter in Salzburg. A few minutes later, Paul calls you and tells you about the urgent MAIL #3 regarding the security audit. You should also care about this. After you're finished, you can enjoy the your weekend... IT Network Systems Administration Austria 2011 Page 2/8

MAIL #1 ============================================================== From: Paul Pope <p.pope@cbl.com> To: The New One <newbie@cbl.com> Subject: Fw: Network Information Hi, As discussed, please find below the information I was supposed to give you... Best Regards, Paul ----- Paul Pope IT Architect CBL.com ------- Forwared by Paul Pope --------- From: The Old One <guru@cbl.com> To: Paul Pope <p.pope@cbl.com> Subject: Network Information Hi Paul, Please forward this to my successor: There's a plan to setup a second datacenter in Salzburg, but currently, the network consists only of the headquarter (primary working location) and the datacenter, both in Vienna. I've used class A networks: 10.1.1.0/24 for headquarter 10.1.2.0/24 for datacenter 10.1.4.0/24 for headquarter to datacenter connection Naming conventions are as follows: AAA-BB-C-DXX AAA city code Currently we're just using VIE for Vienna, but defined SZB for Salzburg already BB location code. HQ is headquarter and DC is datacenter C segment code. D C is core, A is access. Usually routers are C, switches and hosts are A. device code. R is router, S is switch, H is host (server or client) XX number code. two digit numbering, starting with 01 IT Network Systems Administration Austria 2011 Page 3/8

So VIE-HQ-C-R01, is the first core router in the headquarter in Vienna. And VIE-DC-A-S01 is the first access switch in the Vienna datacenter. Got it? Hope so... In HQ and DC we currently use just one VLAN, but when Salzburg comes, it will be your job to redesign the whole network an implement much more VLANs. The current network layout consists of two routers per location (one reserved for the future connection to Salzburg) and a virtual router instance, which is preconfigured (so you don't have to care about the virtual router). Back to the IPs... I've always given the virtual router the 3 rd IP of a subnet, so the physical routers should get the first and the second IP respectively. The next addresses (4 th, 5 th, etc.) are for the switches. This should always stay this way... So in Vienna HQ it looks like this: VIE-HQ-C-R01 10.1.1.1 VIE-HQ-C-R02 10.1.1.2 (planned for SZB connection) Virtual Router 10.1.1.3 VIE-HQ-A-S01-10.1.1.4 VIE-HQ-A-S02-10.1.1.5 There's one exception to this: There will be no virtual router in Salzburg, so.3 will be unassigned. Last, if users complain about the internet connection (and they will), you can test to ping the IP 212.212.212.212 this is the IP of our ISP gateway router which is located in Vienna. This should be always pingable. That's it... Have a nice time! Regards, Guru PS: I don't know why you've started working at a financial services company in these times, but I know why I've quit there :D ============================================================== IT Network Systems Administration Austria 2011 Page 4/8

MAIL #2 ============================================================== From: Paul Pope <p.pope@cbl.com> To: The New One <newbie@cbl.com> Subject: New DC in Salzburg Hi, Finally, the hardware has been installed in Salzburg. It's primarily a datacenter, but also provides a small office for regional sales people and their management. This completes the network loop VIE-HQ->VIE-DC->SZB-DC->VIE-HQ and should ensure that the communication stays up in case any core router fails (except for the virtual routers). I guess the best thing to do, is to implement some kind of automatic routing using OSPF. We have to change the whole company IP design/setup, so I've chosen following addressing scheme based on VLANs: As IP networks, I'd suggest: 10.1.<VLAN ID>.0/24 VLAN 99 Network Management Traffic VLAN 100 Server network Vienna VLAN 101 Vienna Sales Clients VLAN 102 Vienna Management Clients VLAN 103 Server network Salzburg VLAN 104 Salzburg Sales Clients VLAN 105 Salzburg Management Clients For VLAN 99, I'd suggest to subnet it into 3 networks. Each should host a maximum of 30 devices. Start with the lowest possible subnet and assign them in this order: Vienna HQ, Vienna DC and Salzburg DC. If I forgot some VLANs or address ranges, choose what you think would be the best... I've also talked to the server guys: they've set up new systems connected to VIE-DC-A-S02 with following IP addresses:.254 DNS server.253 DHCP for VLAN 101.252 DHCP for VLAN 102.251 TFTP.250 - HTTP So make sure that the clients in the VLANs can connect to the DHCP server and receive their IP addresses correctly. Please reconfigure all network devices for this network layout and set up the new devices in Salzburg analogous to the Vienna devices. After successful migration, please ensure that the old servers (those behind VIE-DC-A-S01) can't interfere with the rest of the network they will be shut down in the near future. IT Network Systems Administration Austria 2011 Page 5/8

Btw: for Salzburg, the server team plans to put following servers behind SZB-DC-A- S01:.254 DHCP for VLAN 104.253 DHCP for VLAN 105 Please do this all today, as the server guys need to do some migrations on the weekend where they need the new network. Best Regards, Paul ---- Paul Pope IT Architect CBL.com IT Network Systems Administration Austria 2011 Page 6/8

MAIL #3 ============================================================== From: Paul Pope <p.pope@cbl.com> To: The New One <newbie@cbl.com> Subject: Fw: Fw: Fw: Audit Results Hi, Please take a look at this... Can you do this as well on Friday?! Regarding Finding #3: I'd suggest to use 'admin' as username and 'skills2012' as password. Use the same password for the privileged operations. Best Regards, Paul ---- Paul Pope IT Architect CBL.com ------- Forwared by Paul Pope --------- From: John Smith <j.smith@cbl.com> To: Paul Pope <p.pope@cbl.com> Subject: Fw: Audit Results Paul, I'm awaiting immediate actions. We cannot afford to have such severe issues in these times. John ----- John Smith Chief Information Officer (CIO) CBL.com ------- Forwared by John Smith --------- From: The Sec Expert <expert@security.com> To: John Smith <j.smith@cbl.com> Subject: Audit Results Dear Mr. Smith, IT Network Systems Administration Austria 2011 Page 7/8

I hereby send you the results of the security audit done for CBL.com. The most important findings are: Finding #1: Every client computer has access to the network infrastructure components. We recommend to configure appropriate settings to prevent clients to access these devices. Finding #2: There is neither a logon password, nor a password for privileged operations on the network components. We recommend to use local user authentication and passwords for privileged operation modes. Finding #3: The network components store passwords unencrypted. We recommend to always store passwords in encrypted format Finding #4: On access components, employees are allowed to extend the network by plugging in additional switches. We recommend to only allow two devices to exist behind a switch access port. I hope we could help in further improve your business. Sincerely, Mr. Expert --------- Mr. Export IT Security Specialist Security.com IT Network Systems Administration Austria 2011 Page 8/8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information