Scribd Logo
Upload

Welcome to Scribd!

  • KV 2018

    Uploaded by

    AG Network Resources
    5 views7 pages

    Original Title

    kv2018

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views7 pages

    KV 2018

    Uploaded by

    AG Network Resources

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Pertandingan KvSKILLS 2018

    PERTANDINGAN KvSKILLS 2018


    ( IT NETWORKSYSTEM
    ADMINISTRATION )
    SOALAN PRAKTIKAL
    PERINGKAT AKHIR
    MASA : 10 JAM
    NAMA: _______________________________________

    No. KP: _______________________________________

    Bahagian Pendidikan Teknik dan Vokasional


    Kementerian Pendidikan Malaysia

    Instructions
    • All the necessary Virtual Machines are located at C:\VMs
    • All the necessary Software are located at C:\ITNSA
    • All the necessary ISO are located at C:\ITNSA\ISO

    Use Skills39 as default password on all Device

    1
    Pertandingan KvSKILLS 2018

    Description of project and tasks


    PART 1 (setup KVSKILLS.MY domain)
    NOTE: Please use the default configuration if you are not given the details WorkTask
    DC Server

    • This server is already preinstalled (Windows Server 2016 with GUI)


    • Configure the server with the settings specified in the diagram at the end of the document
    • Modify the default Firewall rules to allow ICMP (ping) traffic

    ActiveDirectory
    • Install and configure Active Directory Domain Service for KVSKILLS.MY

    • Lecturer
    • Student
    • Manager
    • Visitor


    • KV-Admin
    • KV-Mech
    • KV-IT
    • KV-Civil
    • KV-Elect
    • KV-Visitors
    • KV-Managers
    • Create the users by modifying the attached xlsx file on the Host Desktop and importing in Active Directory
    • User Principal Names are defined by company policy to be “logon@KVSkills.my”
    • All fields in the spreadsheet should be filled in for created user accounts
    • All users should be enabled and the password should not be changed at first logon
    • Add the users to the necessary groups

    DNS
    Install and configure DNS Service
    • Create also a reverse zone for the internal subnet
    • Create static A records for all servers
    • Create an A-record for the NLS server

    DHCP
    Install and configure DHCP Service
    • Range 10.0.0.150 – 10.0.0.180/24 (Clients)
    • Default Gateway 10.0.0.1
    • DNS Server 10.0.0.4

    PKI
    Install and configure Certificate Service
    • Install only the “Certificate Authority”
    • Create a template for Clients AND Servers

    2
    Pertandingan KvSKILLS 2018
    • Name the template “KVSkills2018-ClientServerCert”
    • Publish the template in Active Directory
    • Set the subject name format to “common name”

    GPO
    Install and configure Policy Management
    • Setup the following settings
    • All users should receive a login banner that reads
    • Title: “Welcome to KVSkills2018”
    • Message: “Only authorized personnel allowed to
    • Autoenrollment of the “KVSkills2018-ClientServerCert” Certificate to all clients and servers
    • Include the KV-IT Users to the local Administrators group for all Windows 10 clients
    • Disable the use of “cmd” and “run” for the KV-Visitor group
    • disable "First Sign-in Animation" for all Windows 10 clients
    • Hide all local drives for the KV-Visitor group
    • Create a fine grained password policy required 7 character non-complex passwords for regular users, 8
    characters complex password for members of the KV-IT User group
    • Disable “enforce minimum password age”
    • All Users (except KV-IT Users) in KVSkills should have the Registry editing utilities restricted

    1.1 PART 2 (setup Direct Access)


    NOTE: Please use the default configuration if you are not given the details
    WorkTask Edge Server
    • This server is already preinstalled (Windows Server 2016 Core no GUI)
    • Configure the server with the settings specified in the diagram at the end of the document
    • Modify the default Firewall rules to allow ICMP (ping) traffic
    • This server is to operate as a Windows Server 2016 CORE installation with no GUI

    Install and configure RAID 5


    • Add 3 new 5GB drives
    • Create 1 Raid 5 array with the remaining drives (d:\)
    • Size 10 GB
    Install and configure Remote Access Service
    • Setup Direct Access Server
    • Create an Active Directory Group “KV-DAClients” and add all Windows 10 domain clients to this group
    • Configure this group for enabling Direct Access clients
    • use DC.KVSKILLS.MY as the “Network Connectivity Assistant NCA”
    • set “KVSkills2018” as the Direct Access connection name
    • use connect.kvskills.my as the public name for Direct Access Clients to connect
    • Always use certificates from the Certificate Authority. Do NOT use self-signed certificates
    • use https://NLS.KVSKILLS.MY as the “Network Location Server NLS”
    • a client connected over Direct Access should have full access to all internal resources

    File Services
    Configure user profile, home drives and shared folders
    • Home folders

    3
    Pertandingan KvSKILLS 2018
    • Create a Home folder for every user
    • Local path on the server d:\users\homes\%username%
    • Map the Home folder automatically to drive H: \\EDGE.KVSKILLS.MY\homes\%username%
    • Set the quota for every home drive folder to 20MB
    • Roaming profile
    • Local path on the server d:\users\ profile\%username%
    • Create roaming profile for all users \\EDGE.KVSKILLS.MY\profile\%username%
    • Department shares
    • Local path on the server
    • d:\shares\Mech
    • d:\shares\IT
    • d:\shares\Civil
    • d:\shares\Elect
    • d:\shares\Admin
    • All users should have READ permission on other department shares (except Admin), MODIFY for their
    own department and FULLCONTROL for documents they create
    • Only the Admin_Users should be able to see and access the Admin Share
    • automatically map the department share (d:\shares) to drive S: \\EDGE.KVSKILLS.MY\department
    • Prevent ONLY .exe and .cmd file on the department shares

    PART 3 (CLIENT1)
    NOTE: Please use the default configuration if you are not given the details
    WorkTask CLIENT1

    • This client is already preinstalled (Windows 10 Enterprise Edition)


    • Configure the client with the settings specified in the diagram at the end of the document
    • Modify the default Firewall rules to allow ICMP (ping) traffic
    • Set the local administrator password to Skills39
    • Enable the local Administrator account
    • Join the computer to the KVSKILLS.MY domain
    • Set the power configuration so the client will never go to sleep while plugged in
    • Install outlook and configure mailbox for user30
    • Send email to user20
    • Install FileZilla FTP client
    • Connect the client to the Internet network
    • ck the access to all
    internal resources

    PART 4 (TM-USER)
    NOTE: Please use the default configuration if you are not given the details
    WorkTask TM-USER
    • This client is already preinstalled (Windows 10 Enterprise Edition)
    • Configure the client with the settings specified in the diagram at the end of the document
    • Modify the default Firewall rules to allow ICMP (ping) traffic
    • Set the local administrator password to Skills39

    4
    Pertandingan KvSKILLS 2018
    • Enable the local Administrator account
    • Set the power configuration so the client will never go to sleep while plugged in
    • Install outlook/thunderbird and configure mailbox for bptv10
    • Send email to bptv20
    • Install FileZilla FTP client
    • Install and Configure OpenVPN Client

    PART 5 (TMNET-SRV)
    NOTE: Please use the default configuration if you are not given the details

    DNS
    Install and configure DNS Service
    • Create a forward and reverse zone : KVSKILLS.MY, BPTV.GOV.MY
    • Create static A records for all servers
    - 202.188.1.5/24
    - 202.188.1.5/24
    - 202.188.1.5/24
    - 202.188.1.3/24
    • Create DNS for Simulate Internet Access for Direct Access Client.

    PART B: LINUX SERVER

    WORK TASK LNX


    Note: Please use the default configuration if you are not given the details. The
    base Debian OS has been set up on LINUX SERVER.

    Configure the server with the hostname, domain and IP specified in the appendix
    DNS
    • Configure DNS for bptv.gov.my
    • Add static records for ALL bptv.gov.my servers

    WEB
    • Webserver (Apache2)
    • Install apache2 including php
    • Show on both websites the website name (the fully qualified domain name) and the current date and time
    (client time or server time)
    • Enable HTTPS
    • Use a certificate signed by DC.KVSKILLS.MY
    • Make sure no certificate warning is shown
    • Create websites “www.b
    protected by authentication
    • Allow users from “bptv10” to “bptv20”
    • Show on both websites the website name (the fully qualified domain name) and the current date and time
    (client time or server time)

    5
    Pertandingan KvSKILLS 2018
    • As a basic security measure, make sure Apache2 doesn´t expose any protocol header and footer
    information (e.g. version, OS).

    VPN (OpenVPN)
    • Configure VPN access to bptv.gov.my network. External clients should connect using 202.188.1.5/24
    Make sure that VPN clients can access server bptv.gov.my
    • Use address range 10.2.1.1 to 10.2.1.62 for VPN clients
    • For login create a user “bptvpn” with password “Skills39”

    DC.KVSKILLS.MY

    MAIL
    • Mail User can access webmail using https://mail.bptv.gov.my
    • You may use any software for the mail server. Functional testing will be applied.
    • Make sure bptv10 to bptv20 have access via IMAPS and SMTPS
    • Use certificates signed by DC.KVSKILLS.MY for SSL/TLS encryption
    • Use Client Certificate Authentication in addition for IMAP and SMTP services

    FTP (proftpd)
    • Enable FTPS
    • Use a certificate signed by DC.KVSKILLS.MY
    • Use implicit encryption
    • Create a FTP user account for each website of the webserver
    • User “WebAdmin” with password “Skills39”
    • User “intranet” with password “Skills39”
    • Make sure the users are jailed in their respective website document root directories.
    • Make sure file transfer to the server is possible.

    PART C: NETWORK

    WORK TASK TMNET-RTR


    -Configure OSPF Routing
    -Configure DHCP for TM0User
    -Network range 175.142.32.2 - 6
    -Gateway 1725.142.32.1
    -DNS : 131.107.0.254

    WORK TASK FW
    -Configure OSPF Routing
    -Configure NAT :
    -www.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
    -mail.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
    -intranet.bptv.gov.my : 202.188.1.5/24 ->> 172.16.1.5
    -connect.kvskills.my : 202.188.1.3/24 ->> 10.0.0.3

    6
    Pertandingan KvSKILLS 2018

    WORK TASK DMZ-RTR


    -Configure OSPF Routing
    -Configure Inter-VLAN

    WORK TASK DMZ-SW


    - Configure vlan

    HOSTNAME IP ADDRESS

    FW G0/0 202.188.1.254 G0/1 1.1.1.254 G0/2 172.16.1.254


    TM-RTR G0/0 202.188.1.1 G0/1 131.107.0.1 G0/2 175.142.32.1
    DMZ-RTR G0/0.10 10.0.0.1 G0/0.20 192.168.1.1 G0/1 1.1.1.1

    DMZ-SW VLAN10 NAME:DMZ VLAN20 NAME:SRV


    G0/0 VLAN10 G0/1 VLAN20 G1/1 TRUNK
    DC ETH0 10.0.0.4
    EDGE ETH0 10.0.0.3
    LNX ENS33 172.16.1.5
    TMNET-SRV ETH0 131.107.0.254
    CLIENT ETH0 DHCP
    TM-USER ETH0 DHCP

    -Dns
    KVSKILLS.MY -IIS
    -AD -Internet
    TMNET-SRV
    -DHCP
    DC EDGE
    -DNS -DA
    -IIS -FILES 131.107.0.0/16
    -NLS -IIS TM-RTR
    -CA .254
    .1
    .4 .3 .1 -MAIL Client
    -VPN Client
    202.188.1.0/24
    -FTP Client
    FW .1
    175.142.32.0/29
    .254
    1.1.1.0/24
    DMZ-SW .1
    .254 TM-USER
    DMZ-RTR .254
    G0/0.10 :10.0.0.1
    172.16.1.0/24
    G0/0.20 : 192.168.1.1

    -WEB
    .5 -MAIL
    -DA Client
    CLIENT -FILES Client -DNS
    -AD Client -VPN
    -FTP
    LNX-SRV

    BPTV.GOV.MY

    You might also like