Post on 29-Jul-2020
Center for Information System Training
Prepared by Group 3
System and Network Administrator
Virtual Company
Tutor: Kim B
Promotion: SNA2011B
Academic year: 2010
Virtual Company
Tutor: Kim Buntheoun
Supervisor:
1. Hy leapcheang 2. Meng Sreymom
Group:Company3
Center for Information System Training
CIST2011B
System and Network Administrator
Virtual Company
Promotion: SNA2011B
Academic year: 2010-2011
Virtual Company
Buntheoun
ng Meng Sreymom
Group:Company3
Group Members:
1. Prak Sonyta 2. Vat Ping 3. Ya Da 4. Nhep Phalleang5. Rous Sath 6. Pech Pratna
Center for Information System Training
12/19/2010
System and Network Administrator
Group Members:
Nhep Phalleang
2
Configure AD & DNS
1/ Install AD & DNS server .......................................................................................................................... 4
2/ Configure DNS ....................................................................................................................................... 12
3/ Configure AD ......................................................................................................................................... 19
Configure VPN on ISA
1. Definition ............................................................................................................................................ 27
2. Requirement to Install ISA and Configure VPN ................................................................................. 27
3. Structure .............................................................................................................................................. 28
4. Configure ............................................................................................................................................ 28
4.1. Configure on Window 2003 to install ISA ................................................................................. 28
4.2. Configure VPN on ISA ............................................................................................................... 37
5. testing .................................................................................................................................................. 45
Configure FTP Server
I. Introduction ......................................................................................................................................... 50
II. Install FTP using IIS .......................................................................................................................... 50
III. Configure FTP Site ......................................................................................................................... 52
Configure Web Server
� Definition : .......................................................................................................................................... 55
� Requirement: ..................................................................................................................................... 55
Install IIS ..................................................................................................................................................... 55
Install and Configure PHP ....................................................................................................................... 57
Configure PHP ............................................................................................................................................ 58
Configure IIS for PHP .............................................................................................................................. 61
Create a new website .................................................................................................................................. 62
Setting your permissions ............................................................................................................................. 69
Install and configure MySQL ..................................................................................................................... 75
Joomla Web Installer .................................................................................................................................. 85
Configure DHCP & File sharing in SUSE 11
3
I. Definition ............................................................................................................................................ 91
1/ DHCP Server: ..................................................................................................................................... 92
1/ File sharing ......................................................................................................................................... 97
Configure VLAN on Switch
I/How to configure VLAN on Switch ....................................................................................................... 105
II /How to configure inter-VLAN ............................................................................................................. 114
Configure NAT ON CISCO ROUTER
1. Configuration of NAT and ACL on Cisco Router ....................................................................... 119
4
Install and Configure AD & DNS server in window server 2003
1. Definition of AD & DNS server 2. Install AD & DNS server 3. Configure AD & DNS server 4. Create OU, GROUP and USERS
1/ Active Directory: is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
2/ DNS server: s a standard technology for managing the names of Web sites and other Internet domains. DNS technology allows you to type names into your Web browser like compnetworking.about.com and your computer to automatically find that address on the Internet. A key element of the DNS is a worldwide collection of DNS servers.
1/ Install AD & DNS server Run >dcpromo
Next>
5
Next
Select : Domain controller for a new domain
6
Select: Domain in a new forest
7
Type : the name of DNS name (company3.lan)
Next
8
Next
Next
9
Next
Next
10
Type: passwd of (********)
Next
11
Please, wail during it process
Finish: install active directory and DNS domain name System
12
2/ Configure DNS Start > Administrative Tools > DNS
13
Create Revers lookup zone (Right Click on Revers lookup zone Select New Zone…)
14
Select Primary Zone and then type next
Select: To all domain controllers in the Active Directory domain company3.lan
15
In Reverse lookup Zone name we should put IP of your Domain
Next
16
Finish
Create pointer by: select on ip then select New Pointer (PTR)
17
Browse
Start test by: Right Click on DNS Select Launch nslookup
18
The result of nslookup
Start ping Name (comapny3.lan)
19
3/ Configure AD
Create OU (Admin, IT, ERO, SLR, Selection, Training)
20
Add user to group
21
Create Group IT
22
23
24
25
26
27
1. Definition ISA (Internet Security and Acceleration service) is the product that provides a high-
level firewall, Security; furthermore, its feather such as VPN(virtual private network ) that provide security for Remote user from internet to our lan, DMZ (Demilitarized zone),Firewall, proxy ,Nat ,route…
VPN (virtual private Network) is computer network that uses a public telecommunication infrastructure such as internet that can allow client site can access resource in local when they don’t stay in local.
Advantage of ISA � Advanced protection:
o Multilayer packet inspection: Firewall o Application-layer filtering: Internet o Unified firewall and VPN sever: Firewall in VPN o Multi-networking: Filters
� Ease of use o Efficient management tools: Single interface o Network templates o Product integration: Third party software o Ease of use for clients: Authentication
� Enhanced performance o Optimized for performance: High performance o Integrated functionality: Firewall security, VPN, and Web cache o Scalability: Multiple ISA Server o Web caching: Bandwidth usage
Advantage of VPN:
o Reducing Costs o Improving Security o Increasing Performance o Providing greater access to remote users o Flexibility and Reliability
2. Requirement to Install ISA and Configure VPN
Hardware installation: · 300MHz or higher Pentium II compatible CPU, · 256 MB of RAM, · 2 GB hard-disk space on NTFS formatted partition, · 200 MB of available hard-disk space for installation. Software installation: Window 2003 that configure AD and DNS
28
Window 2003 for installing ISA server 2006 join domain with AD Window XP for testing ISA client
3. Structure This structure of VPN
4. Configure 4.1. Configure on Window 2003 to install ISA
We install software ISA 2006 in widow server 2003 and must join domain with AD and DNS server to take client or resource form AD and DNS
Click Install ISA Server 2006 for install ISA
29
30
It will appear like this you can click Next for continue install
31
After you want to continue Click I accept the terms in the license agreement� and click Next
32
33
This option show you if you want to install new ISA server � click Create a new ISA Server enterprise � and than click Next
34
35
36
Now we finish installation of ISA
37
4.2.Configure VPN on ISA
Note if you don ‘t create or assign ip for client VPN, we will see this messages
So , We must be enable VPN client and click option apply, but before enable we must create ip for client by static or dynamic if we have dhcp server.
38
Now we can enable service vpn server
39
We go to configure like bellow we want to set protocol for vpn client
40
This point we add user in AD that can access by vpn
41
Now we create role for client vpn can access to local
42
We add protocol for allow to client
43
We add source in role
44
We add destination in role
45
5. testing We test VPN Client by client site access VPN interface connection
46
47
\
48
Logon client in domain that allow to vpn
49
Now we can connection
50
FTP server and Web server on Server 2003 I. Introduction
1) Internet Information Services (IIS) – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the second most used web server behind Apache HTTP Server. As of March 2010, it served 22.7% of all websites on the Internet according to Netcraft.
2) FTP(File Transfer Protocol) is a standard network protocol used to copy a file from one host to another over a TCP/IP -based network, such as the Internet . FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.
II. Install FTP using IIS
1. Click Start, point to Control Panel, and then click Add or Remove
Programs
2. Click Add/Remove Windows Components
3. In the Windows Components list, click Application Server, but do not select check box ,click Detail
4.Select on Internet Information Service then click Detail
51
5. we
select like following then click Ok
52
III. Configure FTP Site
FTP sites �Defualt FTP Sites -� Propertiers
On FTP Site Tab
53
On tab Security Account Select Allow only anonymous connections
On tab Home Directory -�Select Browse to Browse document that we want to share, then click Ok
54
Lunch ftp://company3.lan
Test Download
The END
Install and Hosting Joomla on Window 2003 and IIS 6
55
� Definition : • Joomla helps in building powerful and easy to maintain
websites. It is a content management system or CMS that is one of the popular website development software. Joomla is an open source software which means that you don't have to purchase, it is free to use customize. Joomla runs on PHP and MYSQL which makes it easy to share, use and support.
� Requirement: • Joomla_1.0.14-RC1-Full_Package.tar • mysql-essential-5.1.53-win32 • mysql-gui-tools-5.0-r17-win32 • php-5.2.1-Win32
Install IIS
Go to control panel�Add or remove program�Window Component then -�Application server ,then select Detail
56
Select Internet Information Service(IIS) the select Detail
Select World Wide Web service then click Ok,OK then Click Next
57
Click Finish
Install and Configure PHP
Extract file PHP
58
Extract to path C:\php like below
Configure PHP Create the folder C:\php Unzip the contents of php-5.1.2-Win32.zip to c:\php Copy c:\php\php.ini-recommended to c:\php\php.ini Open de file c:\php\php.ini with notepad
59
Make the following changes in php.ini magic_quotes_gpc = On (line474) extension_dir = "C:\php\ext" (line 520) Uncomment extension=php_mysql.dll (line651) Or add it if it’s not there Add => extension=php_mysqli.dll (line 652) cgi.force_redirect = 0 (531) doc_root = "c:\inetpub\joomla" (or your document root) (line 513) display_errors = On (356) session.save_path = "c:\php\tmp"(line 1011) upload_tmp_dir = "c:\php\uploaddir" (line 570) Create the folders c:\php\tmp and c:\php\uploaddir
Add the PHP folder to your PATH variable. Right click My Computer => Properties =>Advanced=>Environment Variable
60
In the System variables window scroll down and select Path. Double click Path or click Edit
61
Add a new System variable by clicking on New Name the variable: PHPRC
give the value: c:\php This will help PHP find your php.ini
Configure IIS for PHP Start run type inetmgr it will display dialog like following then click on Web Service Extention�Add a new Web service extention
62
Click on Add a new Web service extension. Give this extension a name for example “PHP”. Click Add, browse to c:\php and select php5isapi.dll. Check Set extension status to Allowed
Create a new website You could use the Default Web Site but in this case we will create a new website. Create the folder c:\inetpub\wwwroot\joomla and extract the contents of Joomla to
63
this folder (c:\inetpub\wwwroot\joomla). We will take care of the permissions later. Important: Rename c:\inetpub\joomla\includes\database.php => c:\inetpub\joomla\includes\database.mysql.php Rename c:\inetpub\joomla\includes\database.mysqli.php => c:\inetpub\joomla\includes\database.php
In IIS Manager right click on Web Sites => New => Web Site
64
Name the new website Joomla and click Next
Give this website a host header. In my case joomla.domain.com (fake of course). If you have your own FQDN for your Joomla website you could use that. Click Next
65
Browse to or enter the path to your Joomla folder. Check Allow anonymous access to this Web site if it’s not already checked then click Next
Make sure Read and Run scripts are the only permissions checked then click Next
66
Click finish
Richt click on your new website and click Properties. Click on the Home Directory tab select Directory browsing and click on Configuration
67
Click on Add
Browse to c:\php and select php5isapi.dll Select Limit to and enter the following: GET,POST,HEAD Uncheck Verify that file exists, Click Ok, Click Ok
68
Go to the Documents tab, Click Add and type index.php, Click Ok
Select index.php and click a few times on Move Up until index.php is at the top Click Apply and exit IIS Manager
69
If you used a fake domain name as the host header you’ll have to edit your hosts file. Do this on the computer you will be using to setup Joomla trough the webinstall. Open Command prompt Type: cd %systemroot%\system32\drivers\etc Type: notepad hosts Insert a new line with your fake domain in the format: <ipaddress of your webserver><tab><domain name> For example: 192.168.200.196 joomla.company3.lan Click File and Save and exit notepad On the Command Prompt type: ping joomla.company3.lan See if you get a proper reply Now, to complete the configuration of PHP and IIS you should restart IIS. If you still have the command prompt open type: iisreset IIS will also read in the new settings from your php.ini (Always do a iisreset after you make changes in your php.ini) Type exit to close your command prompt
Setting your permissions Right click your joomla folder c:\inetpub\joomla and select properties. Go to the Security tab
70
Uncheck Allow Inheritable permissions from the parent to propagate
71
Click Copy ,Click OK
Remove all permissions except for Administrators
72
Click Add and type: IUSR_COMPUTERNAME Replace COMPUTERNAME with your computer name. In my case it’s IUSR_CIST, then Click OK
Default permissions for your c:\inetpub\joomla folder should be: For Administrators (Full Control) click Apply
For Internet Guest Account , Click Apply
73
According to Joomla the Following Folders in c:\inetpub\Joomla should be writeable administrator/backups/ Writeable administrator/components/ Writeable administrator/modules/ Writeable administrator/templates/ Writeable cache/ Writeable components/ Writeable images/ Writeable images/banners/ Writeable images/stories/ Writeable language/ Writeable mambots/ Writeable mambots/content/ Writeable mambots/editors/ Writeable mambots/editors-xtd/ Writeable mambots/search/ Writeable media/ Writeable modules/ Writeable templates/ Writeable Hold down the Control key and select all of the following folders
74
cache/ components/ images/ language/ mambots/ media/ modules/ templates/ Right click one of these selected folders and click Properties First, remove the inheritable permissions by clicking on Advanced and uncheck Allow Inheritable permissions from the parent to propagate…… Click Ok, Click on Copy Select the Internet Guest Account and check Modify
Open de Administrator folder and select the following folders administrator/backups/ administrator/components/ administrator/modules/
administrator/templates/ Give the Internet Guest Account Modify rights like you did for the previous (Also remove inheritable permissions first.Using the same method, Give the Internet Guest Account c:\php\tmp and the c:\php\uploaddir The Permissions to run Joomla are now set up right
Install and configure MySQLExtract the content mysqland click on setup.exe
Click Next
Give the Internet Guest Account Modify rights like you did for the previous (Also remove inheritable permissions first. Using the same method, Give the Internet Guest Account Modify rights to the
uploaddir folder The Permissions to run Joomla are now set up right
Install and configure MySQL Extract the content mysql-essential-5.1.53-win32 to temporary folder
75
Give the Internet Guest Account Modify rights like you did for the previous folders
rights to the
win32 to temporary folder
76
S elect Costume and Click Next
77
Click Install
Select Configure the MySQL server now Click Finish
78
Click Next
Select Detailed Configuration , then click Next
79
Decid what the best for you here
Select Multifunctional Database, then click Next
80
Click Next
Decide what is the best for you here , then click Next
81
Click Next
Click Next
82
Click Next
Create password for user root, then click Next
Click Execute
Install and start the MySQL Administrator
mysql-gui-tools-5.0-r17-win32stall
Install and start the MySQL Administrator
win32stall
83
Click Catalogs Rightclick and Create New Schema
Name your new database joomla You could also create a user under User Administration andgrant it rights to the joomla database, that’s
Rightclick and Create New Schema
joomla and click Ok You could also create a user under User Administration and grant it rights to the joomla database, that’s up to you
84
Joomla Web InstallerBefore install joomla somewhat confusing because even though a folder or file is not writable by the Internet Guest account it stillsays writable, so double check your permissions if you get any permissions errorlater on. Now, copy c:\Inetpub\joomlaRight click c:\Inetpub\joomlaSelect Internet Guest accountcheck Modify Click Ok
You have now installed everything Joomla configure Joomla through the webinstaller. Browse to your new joomla website, in my case http://joomla.company3.lan You should see the following webpage
Joomla Web Installer Before install joomla somewhat confusing because even though a folder or file is not writable by the Internet Guest account it still says writable, so double check your permissions if you get any permissions error
joomla\configuration.php-dist to configuration.phpjoomla\configuration.php => Properties => Security tab
Select Internet Guest account
You have now installed everything Joomla needs to run under IIS. Now it’s time to configure Joomla through the web installer. Browse to your new joomla website, in my case
You should see the following webpage
85
Before install joomla somewhat confusing because even though a folder or file is
says writable, so double check your permissions if you get any permissions errors
configuration.php => Properties => Security tab
needs to run under IIS. Now it’s time to
86
Open URL: http://yourdomain/installation/install1.php (my url: http://joomla.company3.lan/installation/install1.php
87
Fill in your details and click Next
Enter the name for your website, that’s the same name you used for host header and to open the joomla web installer Click Next
88
Check that the path and URL are ok, fill in an e-mail address and create a password for the admin user to login to your website later. Click Next
Congratulations! Joomla is installed Remove or rename the installation folder c:\Inetpub\joomla\installation Right click configuration.php => Properties => Security tab Select Internet Guest Account Remove Modify and Write If you need to make any changes under Global configuration in the Joomla backend later you will have to re-assign write permissions to c:\Inetpub\joomla\configuration.php
89
Click on Administrator and Login
90
Logged in to the Joomla Backend
91
Success to install web Joomla
I. Definition
92
1/Definitions of dhcp server
2/ Install service dhcp server
3/ Configure dhcp server
4/ Start testing client
1/ DHCP Server:
Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. And why we need to have dhcp server?
2/ Install service dhcp server:
Dhcp server need to install 2 service such as: dhcp server and dchp
Start in stall service: type: (yast>software>software Management)
93
Type: dhcp
Selecting the service (dhcp and dhcp-server)
94
2/ Configure dhcp server (vi /etc/dhcpd.conf
95
Vi /etc/sysconfig/dhcpd (change it to eth0)
Restart service (rcdhcpd restart)
4/ Start testing client:
96
97
File Sharing
1/ Definition of file sharing.
2/ Install service samba.
3/ Start join samba to domain server (AD in server 2003)
4/ Create folder (Administration, ERO, Internal document, IT, Student’s life, Student’s selection, public, Training) and in Internal document please create folder (Administration, ERO, Student’s selection, student’s life, Training)
5/ Set permission on file and user
6/ start testing Client.
1/ File sharing is the public or private sharing of computer data or space in a network with various levels of access privilege. While files can easily be shared outside a network, the term file sharing almost always means sharing files in a network.
2/ Install service samba:
Type: yast>software>software Management>(type: samba)
98
Selecting (samba, samba-client, samba-doc, samba-winbind use to combine samba with Active Director (AD).
Please wait during installation…
After install server samba you have to restart service(rcnmb restart, rcsmb restart)
3/ Start join samba to domain server (AD in server 2003)
99
Type: (yast>Network Services>Windows Domain Membership)
In Domain or Workgroup please type your domain (company3.lan)
Click ok
100
Type username and password of your domain
101
The result of join domain from samba to server 2003
Click Install
102
Click ok
After join domain (start type: nslookup company3.lan
103
4/ Create folder (Administration, ERO, Internal document, IT, Student’s life, Student’s selection, public, Training) and in Internal document please create folder (Administration, ERO, Student’s selection, student’s life, Training)
5/ Set permission
104
6/ Configure file sharing: (vi /etc/samba/smb.conf)
Restart service
105
Configure VlAN
I/How to configure VLAN on Switch First we have to know “why we need configure VLAN?”
� We configure VLAN because to: � Reduce the amount of switch � Improve Security � Easies to management network � Reduce collision domain
• The first step we have to reset password � Pleases following by step by step below:
106
107
• And then we type “boot”
108
• In here we have to wait for boot processing
109
• In this we have to press “enter”
• When we press enter, so no we are in privilege mode on switch
110
� To configure VLAN we have to type en for enable and then type configure terminal to into configuration mode. And now we are on configuration mode:
� Step 2 we need to create how many of VLAN that you need (Ex in my company I need 3 VLAN so I create VLAN 3)
• Command use for create VLAN: 1 .VLAN 10(10 is the number of VLAN) 2. Name Client (client is the name of VLAN 10)
111
• For this we want to add interface to be group for easier to assign it into each VLAN. Following by the step below:
112
113
• When we create VLAN already we can use command “sh vlan” to view the VLAN that we already create.
⇒ Step 3 we have to configure “trunk port” � We use trunk port for forward the packet from all VLAN on switch to router to
communicate with each • Other by on router it have encapsulation for translate and allow all VLAN on switch can
communicate. • On switch we have to observe one interface for configure trunk
114
• All of the configuration we have to copy from running to start up
II /How to configure inter-VLAN � Why we need to configure inter-VLAN We configuer inter-VLAN for allow all network or VLAN that already configure can communicate . And in all this picter show about how to configure inter-VLAN ⇒ But the first we have to reset password on router. ⇒ The second assign IP address on sub interface for each VLAN that we have
115
• Add assign IP for subinterface for each VLAN
116
117
• At the end of configuretion we have to save by use command copy from running to start up.
118
Then end
119
1. Configuration of NAT and ACL on Cisco Router
NAT (Network Access Translation) is a service or translator that converts private IP address to public IP address or public IP address to private IP address.
Generally, there are two types of NAT: - Dynamic NAT is used for allow LAN to access into WAN.
- Static NAT is used for allow WAN to access into a specific LAN
ACL (Access Control List) is a list of permission attach to user, system process
Configuration of NAT
Before configuring NAT, make sure that two or more router can communicate together by using some routing protocols like Static Route, Dynamic Route, Default Route, RIP, IGP, EIGP, BGP etc…
Step 1 Connect between router and computer by using console cable, enter Flash, power up and wait the router boot up and configure like below:
For Dynamic NAT
120
For Static NAT
121
Type show ip nat translations command to show the results of configuring NAT
122
Configuration of ACL
To get more security, we can configure ACL to block IP address, port and protocols.
Log into router to configure like above and then configure ACL like below
This configuration is allowing FTP server and Web server when outside user want to access its.
This configuration is allowing VPN server when outside want to access its
123
These are something that we have done during configuring
Router# show running-config
interface FastEthernet0/0
ip address 203.178.10.10 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
124
ip access-group 4 in
duplex auto
speed auto
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 172.16.0.1 255.255.192.0
ip access-group 5 in
ip helper-address 192.168.200.194
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.200.193 255.255.255.192
ip access-group 102 in
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.200.130 255.255.255.224
ip access-group 4 in
ip nat inside
ip virtual-reassembly
125
!
interface Serial0/0/0
no ip address
shutdown
clock rate 125000
!
interface Serial0/0/1
ip address 10.10.255.2 255.255.255.0
clock rate 125000
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.200.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 203.178.10.9
!
!
no ip http server
ip nat pool company3 203.178.10.10 203.178.10.10 netmask 255.255.255.252
ip nat inside source list 2 pool company3 overload
ip nat inside source static tcp 192.168.200.195 80 203.178.10.10 80 extendable
ip nat inside source static udp 192.168.200.195 80 203.178.10.10 80 extendable
ip nat inside source static tcp 192.168.200.131 1194 203.178.10.10 1194 extendable
126
ip nat inside source static udp 192.168.200.131 1194 203.178.10.10 1194 extendable
!
access-list 2 permit any
access-list 4 deny 172.16.0.0 0.0.63.255 log
access-list 101 permit ip 192.168.200.192 0.0.0.63 any
access-list 101 deny ip any any log
access-list 102 permit ip 192.168.200.192 0.0.0.63 any
access-list 102 deny ip any any log
access-list 103 permit ip 192.168.200.128 0.0.0.127 any
access-list 103 deny ip any any log
127