Professional Documents
Culture Documents
Instructions
• All the necessary Virtual Machines are located at C:\VMs
• All the necessary Software are located at C:\ITNSA
• All the necessary ISO are located at C:\ITNSA\ISO
1
Pertandingan KvSKILLS 2018
ActiveDirectory
• Install and configure Active Directory Domain Service for KVSKILLS.MY
•
• Lecturer
• Student
• Manager
• Visitor
•
• KV-Admin
• KV-Mech
• KV-IT
• KV-Civil
• KV-Elect
• KV-Visitors
• KV-Managers
• Create the users by modifying the attached xlsx file on the Host Desktop and importing in Active Directory
• User Principal Names are defined by company policy to be “logon@KVSkills.my”
• All fields in the spreadsheet should be filled in for created user accounts
• All users should be enabled and the password should not be changed at first logon
• Add the users to the necessary groups
DNS
Install and configure DNS Service
• Create also a reverse zone for the internal subnet
• Create static A records for all servers
• Create an A-record for the NLS server
DHCP
Install and configure DHCP Service
• Range 10.0.0.150 – 10.0.0.180/24 (Clients)
• Default Gateway 10.0.0.1
• DNS Server 10.0.0.4
PKI
Install and configure Certificate Service
• Install only the “Certificate Authority”
• Create a template for Clients AND Servers
2
Pertandingan KvSKILLS 2018
• Name the template “KVSkills2018-ClientServerCert”
• Publish the template in Active Directory
• Set the subject name format to “common name”
GPO
Install and configure Policy Management
• Setup the following settings
• All users should receive a login banner that reads
• Title: “Welcome to KVSkills2018”
• Message: “Only authorized personnel allowed to
• Autoenrollment of the “KVSkills2018-ClientServerCert” Certificate to all clients and servers
• Include the KV-IT Users to the local Administrators group for all Windows 10 clients
• Disable the use of “cmd” and “run” for the KV-Visitor group
• disable "First Sign-in Animation" for all Windows 10 clients
• Hide all local drives for the KV-Visitor group
• Create a fine grained password policy required 7 character non-complex passwords for regular users, 8
characters complex password for members of the KV-IT User group
• Disable “enforce minimum password age”
• All Users (except KV-IT Users) in KVSkills should have the Registry editing utilities restricted
File Services
Configure user profile, home drives and shared folders
• Home folders
3
Pertandingan KvSKILLS 2018
• Create a Home folder for every user
• Local path on the server d:\users\homes\%username%
• Map the Home folder automatically to drive H: \\EDGE.KVSKILLS.MY\homes\%username%
• Set the quota for every home drive folder to 20MB
• Roaming profile
• Local path on the server d:\users\ profile\%username%
• Create roaming profile for all users \\EDGE.KVSKILLS.MY\profile\%username%
• Department shares
• Local path on the server
• d:\shares\Mech
• d:\shares\IT
• d:\shares\Civil
• d:\shares\Elect
• d:\shares\Admin
• All users should have READ permission on other department shares (except Admin), MODIFY for their
own department and FULLCONTROL for documents they create
• Only the Admin_Users should be able to see and access the Admin Share
• automatically map the department share (d:\shares) to drive S: \\EDGE.KVSKILLS.MY\department
• Prevent ONLY .exe and .cmd file on the department shares
PART 3 (CLIENT1)
NOTE: Please use the default configuration if you are not given the details
WorkTask CLIENT1
PART 4 (TM-USER)
NOTE: Please use the default configuration if you are not given the details
WorkTask TM-USER
• This client is already preinstalled (Windows 10 Enterprise Edition)
• Configure the client with the settings specified in the diagram at the end of the document
• Modify the default Firewall rules to allow ICMP (ping) traffic
• Set the local administrator password to Skills39
4
Pertandingan KvSKILLS 2018
• Enable the local Administrator account
• Set the power configuration so the client will never go to sleep while plugged in
• Install outlook/thunderbird and configure mailbox for bptv10
• Send email to bptv20
• Install FileZilla FTP client
• Install and Configure OpenVPN Client
PART 5 (TMNET-SRV)
NOTE: Please use the default configuration if you are not given the details
DNS
Install and configure DNS Service
• Create a forward and reverse zone : KVSKILLS.MY, BPTV.GOV.MY
• Create static A records for all servers
- 202.188.1.5/24
- 202.188.1.5/24
- 202.188.1.5/24
- 202.188.1.3/24
• Create DNS for Simulate Internet Access for Direct Access Client.
Configure the server with the hostname, domain and IP specified in the appendix
DNS
• Configure DNS for bptv.gov.my
• Add static records for ALL bptv.gov.my servers
WEB
• Webserver (Apache2)
• Install apache2 including php
• Show on both websites the website name (the fully qualified domain name) and the current date and time
(client time or server time)
• Enable HTTPS
• Use a certificate signed by DC.KVSKILLS.MY
• Make sure no certificate warning is shown
• Create websites “www.b
protected by authentication
• Allow users from “bptv10” to “bptv20”
• Show on both websites the website name (the fully qualified domain name) and the current date and time
(client time or server time)
5
Pertandingan KvSKILLS 2018
• As a basic security measure, make sure Apache2 doesn´t expose any protocol header and footer
information (e.g. version, OS).
VPN (OpenVPN)
• Configure VPN access to bptv.gov.my network. External clients should connect using 202.188.1.5/24
Make sure that VPN clients can access server bptv.gov.my
• Use address range 10.2.1.1 to 10.2.1.62 for VPN clients
• For login create a user “bptvpn” with password “Skills39”
DC.KVSKILLS.MY
MAIL
• Mail User can access webmail using https://mail.bptv.gov.my
• You may use any software for the mail server. Functional testing will be applied.
• Make sure bptv10 to bptv20 have access via IMAPS and SMTPS
• Use certificates signed by DC.KVSKILLS.MY for SSL/TLS encryption
• Use Client Certificate Authentication in addition for IMAP and SMTP services
FTP (proftpd)
• Enable FTPS
• Use a certificate signed by DC.KVSKILLS.MY
• Use implicit encryption
• Create a FTP user account for each website of the webserver
• User “WebAdmin” with password “Skills39”
• User “intranet” with password “Skills39”
• Make sure the users are jailed in their respective website document root directories.
• Make sure file transfer to the server is possible.
PART C: NETWORK
WORK TASK FW
-Configure OSPF Routing
-Configure NAT :
-www.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
-mail.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
-intranet.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
-connect.kvskills.my : 202.188.1.3/24 ->> 10.0.0.3
6
Pertandingan KvSKILLS 2018
HOSTNAME IP ADDRESS
-Dns
KVSKILLS.MY -IIS
-AD -Internet
TMNET-SRV
-DHCP
DC EDGE
-DNS -DA
-IIS -FILES 131.107.0.0/16
-NLS -IIS TM-RTR
-CA .254
.1
.4 .3 .1 -MAIL Client
-VPN Client
202.188.1.0/24
-FTP Client
FW .1
175.142.32.0/29
.254
1.1.1.0/24
DMZ-SW .1
.254 TM-USER
DMZ-RTR .254
G0/0.10 :10.0.0.1
172.16.1.0/24
G0/0.20 : 192.168.1.1
-WEB
.5 -MAIL
-DA Client
CLIENT -FILES Client -DNS
-AD Client -VPN
-FTP
LNX-SRV
BPTV.GOV.MY