5/27/22, 11:55 PM FIT9137_S1_2022: Assignment 3 details 

 FIT9137 Introduction to computer architecture and networks - S1 2022 

Assignment 3 details Dashboard / My units / FIT9137_S1_2022 / Assessments / Assignment 3 details Return to Assessments Due date: Week-14 Friday 11:55 pm (Semester-1 2022 Week 14) Word/time limit: A report of +/- 1000 (no more than 1500) words plus configuration file Weighting: 40% Individual/Team: Individual After you have read this information, head over to Ed forum to ask any questions and see what your peers are saying about this assessment. Assessment overview For this assessment you will use a core network emulator to complete a series of tasks on an individualised core configuration file. You must write a report to explain the changes you make and the configuration you add to achieve the goals of each task and your reasons for each change/configuration as well as the tests you perform to check the task is accomplished. This assessment supports unit learning outcomes 1, 2, 3, 4 and 5. Assessment details Assignment will include the material covered in Weeks 7-10. In particular, the assignment will consist of questions related to network and transport layers, structures and functions of local area, backbone and wide area networks, and network security. The format of the student submission will be a written report and a network configuration. This is an individual assignment. By completing this Assignment, you will have an understanding of the learning outcomes 3, 4, & 5. You can use the feedback received from assignment 1 and 2 to help prepare the work for assignment 3. For this assessment, you will need to submit a: +/- 1000-word written report core configuration file The following steps outline how you should approach this assessment: Step 1: Download Individual CORE Network Emulation Files (IMN 59 KB) . This is your core configuration file. Step 2: Read the following information about your configuration file and the network that you will be focusing on for this assessment. Step 3: Your assessment requires you to complete tasks A, B and C. You will need to compose supporting documentation that outlines the fixes and changes that you have made to your configuration file (including screenshots) to complete each task. You will also need to offer insight into your reasoning for the choices you have made in completing each task. Your submitted core file will be marked by running the https://lms.monash.edu/mod/page/view.php?id=10019209 1/4 5/27/22, 11:55 PM FIT9137_S1_2022: Assignment 3 details configuration and testing that the tasks are completed. Note: Your supporting documentation will serve as a reference and may be checked during marking. However, if a test fails when running your submitted core file, you will receive no mark for that failed test (i.e. part of a task) regardless of your explanations. If tasks are similar you only need to explain your reasons once, and then just report the changes you make to individual services on each node. Background information Network structure The provided network is comprised of two organisations labelled Talos and Delos, a router named Internet playing the role of the internet, and a global DNS server named clio. The internal subnets of Talos are labelled Internal, and the public servers of the Talos network are placed in a separate subnet named DMZ. The internet-facing router of the Talos organisation, R3, is also its network firewall. The Delos network is divided into two subnets: (i) a subnet for the organisation clients and private servers and (ii) a subnet for its public servers. The public servers of Delos are named apollo, artemis, and demeter providing web, domain name, and mail services respectively. DNS setup The core file is configured to resolve the domain names between the two organisations, talos.edu and delos.edu. This is achieved through a global DNS server named clio. The server only resolves the names for the two domains in the configuration (talos.edu and delos.edu) by sending the request to the corresponding nameserver for each domain, and sending back the response to the requesting client. Each DNS server in aforementioned networks must have access to UDP port 53 of the server clio as the organisation DNS servers resolve the names on behalf of their respective clients. You do not need to make any changes to DNS servers; this section only explains the DNS setup. Important notes It is recommended to use tcpdump if you wish to capture traffic and to observe whether the packets reach their intended destination when trying to accomplish the tasks. To use tcpdump, you can right-click on a node and move the mouse to select tcpdump in the provided list, and then select the intended interface. You can also run tcpdump from the command line using the command tcpdump -l -i eth0 to print the summary of the captured packets from eth0 interface in the terminal. To write the captured packets to a file, use the command with the -w option followed by a filename. For instance, running the command tcpdump -w /home/muni/R3eth3.pcap -i eth3 on the node R3 will capture the traffic on its eth3 interface and store the frames in a file named R3- eth3.pcap under the /home/muni directory. You can then stop the capture with Control+C and use Wireshark to analyse the captured packets. Any changes you make to the nodes when the emulation is running will be lost when you stop the emulation. You can test the changes you want to make when the emulation is running, and once you have the correct commands then add them through the GUI in the proper service. For example, to add static routes to a router that persist and will be stored with the configuration file, you need to add ip route add commands to the StaticRoute service of that router. If you make changes to a core configuration file and then close the core window without saving the changes, you will not be warned and the changes will be lost. Hence, if you wish to keep the changes you have made, you must save before closing the core window. Make sure to keep a backup of your core file in the shared folder in case you encounter issues with your VM and you need to replace the VM so that you won't lose the work you have done. It is your responsibility to back up your work. You must not change the name of any node in the given configuration file. This assignment will allow you to practically demonstrate your understanding and application of the concepts learned in the unit. https://lms.monash.edu/mod/page/view.php?id=10019209 2/4 5/27/22, 11:55 PM FIT9137_S1_2022: Assignment 3 details Tasks Task A: Routing (35 + 10 = 45 marks) The routing tables of the routers in the provided network are not configured. The correct configuration of this task allows any host from any network to reach any other host in the entire network. You must satisfy the following requirements while completing this task: 1. All hosts inside the talos.edu network must be reachable from any other host within that network through an optimal path. You need to add static routes to routers R1, R2, R3, and R4 to accomplish this goal. You must explain your reasons for choosing a path in the report. The notation us for links represents the propagation delay in microseconds. You can assume that the processing delay is negligible. 2. The router R3 must be the default gateway of the talos.edu network. The router Internet must be the default gateway of R3 and minerva (the only router of Delos). You will lose marks if you create routing loops. Task B: DHCP server (8 + 2 = 10 marks) The clients of delos are configured with static IP addresses. Your task is to: 1. configure DHCP server on the node minerva to assign dynamic IP addresses and other required settings to the client machines in the client's subnet. You can use the DHCP server configuration on R1 as a reference to follow. 2. enable DHCP client service on clients of delos. Note: The node leto is a private local server in the client's subnet and must have a static IP address as assigned for the given configuration. Task C: Firewall (45 marks) The node R3 is the firewall for the talos network. Configure the Firewall service on this node to satisfy the following requirements: 1. Allow traffic from anywhere to DMZ for the provided service by each server. This must be limited to only the public service that a server provides: dns only DNS, web only HTTP, mail only SMTP. 2. Allow servers in DMZ to initiate a communication if it is required by the service the server provides and only for that service (stateful inspection: DMZ External). 3. Allow internal hosts to access all services provided by servers in the DMZ (stateful inspection: Internal DMZ). This includes all services that DMZ servers provide. You can be more permissive here and use address ranges and all IP traffic. All servers in DMZ run SSH service which you can use to test your rules for the internal subnets. 4. Allow internal hosts to reach other internal hosts (if the traffic passes through R3). All traffic is allowed if it is internal-to-internal. 5. Allow internal nodes to access external servers, however packets from external to internal are only allowed if they are responses to communications that were initiated from inside (stateful inspection: Internal External). . Allow the nodes in client's subnet of talos to ssh to node R3 (any host connected to the R1.eth0 subnet). 7. Allow the node R3 to send and receive ICMP echo messages to internal nodes and DMZ servers. . All other traffic must be dropped (see notes below). Important notes for Task C To successfully complete the requirements of the assignment, you must be able to practically demonstrate the required functionality working by including the required configurations into the provided configuration file, but also justify your understanding by supporting the defined configurations with a brief description pertaining to how and why they work. This justification needs to be included as part of your report and can be supplemented with snippets of the required configurations which are included in the configuration file for each of the outlined tasks and sub-tasks. (You may include references where applicable or necessary.) Submission details overview This assessment will be submitted through Moodle Submission link that is Turnitin enabled. You will find the relevant submission point on https://lms.monash.edu/mod/page/view.php?id=10019209 3/4 5/27/22, 11:55 PM FIT9137_S1_2022: Assignment 3 details Academic integrity Tools useful for this assignment Assessment criteria References Last modified: Thursday, 26 May 2022, 9:52 AM FIT9137 Quiz (Weight: 25%) Return to Assessments FIT9137 Assignment 3 Sem-1 2022 Specifications Jump to... the Assessment overview page. You will need to submit both your: report in PDF file format assigned Core Network Emulator configuration file containing the required changes to complete the assessed tasks Please allow a 24-hour turnaround for an originality turnitin report to be generated. https://lms.monash.edu/mod/page/view.php?id=10019209 4/4