College of computing and informatics

Department of computer science

Network and System Administration
Individual Assignment
By Mikiyas Gizachew ID: 2435/12

Submitted to instructor: Mr Birhanu Gadissa

Haramaya, Ethiopia
May, 2023
1. Read the case study below. As a network administrator, explain what type of network
you would recommend for the situation. Say whether you would recommend a client-server
or peer-to-peer network, which topology you would use, and what hardware will be
required for your suggested solution. If you think you need more information about the
case study, state what information is required. Explain the reasons for your choices.
“A small printing and publishing company in Harar currently employs 9 staff: a manager,
three designers and 5 print operators. The manager and the designers each have their own
computer, and there are 3 computers shared by the print operators. The computers are
currently not networked. The company would like to network their computers so that the
print operators can access the designers’ work more easily, and also so that they can share
peripheral devices such as printers. The company expects to employ 5 new staff within the
next year. They have a moderate budget for purchasing the necessary equipment for
networking.”

Based on the given case study, I would recommend implementing a client-server network
for the small printing and publishing company in Harar.
Reasons for recommending a client-server network:

 Centralized control and management: A client-server network allows for centralized

control and management of resources. In this case, the manager can have better control
over the network and its resources, including printers and files, ensuring efficient
operations.
 Improved security: A client-server network provides better security compared to a peer-
to-peer network. Access to resources can be controlled through user authentication and
permissions, ensuring that sensitive data and files are protected.

 Scalability: The company expects to employ 5 new staff within the next year. A client-
server network can easily accommodate the addition of new users and devices without
significant disruptions. It allows for seamless expansion and the addition of new
resources as the company grows.
Topology:
For the given scenario, a star topology would be suitable. In a star topology, all devices are
connected to a central device, such as a switch or server. Each computer in the network would
have its own dedicated connection to the central device. This topology provides better
performance, easier troubleshooting, and allows for future expansion by simply adding more
connections to the central device.

1
Hardware requirements:

 Server: A dedicated server should be set up to centralize resources and manage user
access. The server can be a computer with sufficient processing power, storage capacity,
and network connectivity.

 Switch: A network switch is required to connect all the devices in the network. The
switch should have enough ports to accommodate the existing computers and future
expansion.

 Computers: The manager, designers, and print operators already have their own
computers. These computers can be connected to the network via Ethernet cables.

 Printers: The company wants to share printers among the staff. Network printers with
Ethernet connectivity can be used, allowing all users to access the printers over the
network.

 Cabling: Ethernet cables will be required to connect the computers, server, switch, and
printers. The length and quantity of cables will depend on the physical layout of the
office.
Additional Information:
The case study does not mention the expected network traffic, the required file sharing
capacity, or the budget constraints in detail. These factors would help determine the
specifications of the server, such as the storage capacity and processing power required. It would
also be beneficial to know the office layout to plan the placement of network cables and devices
effectively.

2. What Samba is All About and what are the steps to be followed to configure samba in
Linux?

Samba is an open-source software suite that enables file and print sharing between
computers running different operating systems, such as Linux and Windows. It allows Linux
servers to act as file and print servers for Windows clients, supporting the Server Message Block
(SMB) protocol used by Windows for sharing files, printers, and other resources over a network.

2
Here are the steps to configure Samba in Linux:

1. Install Samba:
2. Configure Samba:
 Open the Samba configuration file, usually located at /etc/samba/smb.conf, using a text
editor with root privileges.
 Backup the original configuration file before making any changes.
 Configure global settings, such as workgroup name, server description, and security
settings. These settings define the overall behavior of the Samba server.
 Configure shared directories by creating entries in the configuration file. Each entry
specifies the path to the directory, permissions, and access controls.

3. Set up samba users and passwords:

 Create Samba user accounts for the users who will access the shared resources. Samba
users can be different from system users.
4. Restart Samba:
After making the necessary configuration changes, restart the Samba service to apply the new
settings. The command to restart the service depends on your Linux distribution.
5. Configure firewall rules
6. Access shared resources

3. Describe the steps to be followed to configure the following common networking service.

a. Configuring a Linux Box for Networking

To configure a Linux box for networking, you need to perform several steps to set up
network interfaces, IP addresses, routing, and other networking parameters. Here is a general
outline of the steps involved:

3
 1. Network Interface Configuration:

 Identify the network interface(s) available on your Linux box using the “ ifconfig “or “ip
addr “command. Typically, the primary network interface is named "eth0" or "ensX"
(where X is a number).
 Edit the network interface configuration file, which is typically located at
/etc/network/interfaces or /etc/sysconfig/network-scripts/ifcfg-<interface>.
 Configure the interface with the desired IP address, netmask, gateway, and DNS servers

 Save the configuration file and restart the network service for the changes to take effect.
The command to restart the network service depends on your Linux distribution.

2. DNS Configuration:

 Edit the DNS configuration file, usually located at /etc/resolv.conf, using a text editor.

 Specify the IP addresses of the DNS servers you want to use

3 Hostname Configuration:
 Set the hostname of your Linux box by editing the /etc/hostname file and entering the
desired hostname.
 Edit the /etc/hosts file and add an entry for your hostname along with the corresponding
IP address.
4 Firewall Configuration:
If you have a firewall enabled on your Linux box (e.g., iptables, firewalld), configure it to
allow incoming and outgoing network traffic according to your requirements. Specific firewall
configuration steps depend on the firewall software you are using and the desired network
services.
5 Network Services Configuration:
Depending on your networking requirements, you may need to configure additional network
services such as DHCP, NTP, SSH, or VPN. Each service has its own configuration file(s) and
specific steps for configuration. Consult the documentation or online resources specific to the
service you want to configure for detailed instructions.

4
 6 Testing the Network Configuration:

Once you have completed the configuration steps, you can test the network connectivity by
pinging other devices on the network or accessing external resources using tools like ping or
curl.

b. Configuring a Linux Box as a Router

To configure a Linux box as a router, follow these steps:

1. Enable IP Forwarding:

 Edit the /etc/sysctl.conf file and uncomment the line net.ipv4.ip_forward=1 to enable IP
forwarding.
 Run the command sysctl -p to apply the changes.

2. Network Interface Configuration:

 Configure the network interfaces on the Linux box with appropriate IP addresses,
netmasks, and gateway settings.
 Enable packet forwarding between the interfaces by configuring routing tables.

3 Configure NAT (Network Address Translation):

 If the Linux box is connecting a private network to the internet, configure NAT to
translate private IP addresses to a public IP address.
 Use iptables or a similar firewall tool to set up NAT rules.

4 Enable IP Masquerading (optional):

 If you want to hide the internal network's IP addresses, enable IP masquerading to rewrite
source IP addresses of outgoing packets.

5
 5 Firewall Configuration:

 Configure the firewall on the Linux box to allow forwarding of network traffic between
interfaces.

 Set up appropriate firewall rules to permit desired inbound and outbound connections.

6 Testing the Router Configuration:

Test the router's connectivity by pinging devices on both the internal and external networks.
Ensure that devices on the internal network can access the internet through the Linux box.

c. Web Server (Apache)

 Install the Apache web server software using the package manager specific to your Linux
distribution (e.g., apt, yum).

 Configure Apache by editing the main configuration file located at

/etc/apache2/apache2.conf or /etc/httpd/httpd.conf.

 Customize settings such as server name, port, document root, virtual hosts, and access
control.

 Create and place your website files in the appropriate directory (e.g., /var/www/html).

 Restart the Apache service to apply the changes.

d. Mail Transfer Agents (Postfix)

 Install the Postfix mail server software using the package manager specific to
your Linux distribution.

 Configure Postfix by editing the main configuration file located at

/etc/postfix/main.cf.
6
  Set the domain name, relay settings, mailbox locations, and other parameters

 Restart the Postfix service to apply the changes.

e. Proxy Caches (Squid)

 Install the Squid proxy server software using the package manager specific to your Linux
distribution.

 Configure Squid by editing the main configuration file located at /etc/squid/squid.conf.

 Restart the Squid service to apply the changes.

 Specify cache settings, access control rules, ACLs (Access Control Lists), and other
options.

f. Network Time Services and Sharing Desktops with VNC

 Install the Network Time Protocol (NTP) server software using the package manager
specific to your Linux distribution.

 Configure the NTP server by editing the configuration file (e.g., /etc/ntp.conf).

 Specify NTP servers to synchronize with and configure authentication if necessary.

 Restart the NTP service to apply the changes.

 For sharing desktops with VNC, install a VNC server software (e.g., TigerVNC,
RealVNC) and configure it based on the specific software's documentation.

7
g. RPC-Based Services and INET Super Server.
1 RPC-Based Services:

 Identify the specific RPC-based service you want to configure (e.g., NFS, NIS,
RPCBind).

 Install the necessary packages for the chosen service using the package manager
specific to your Linux distribution.

 Edit the configuration file associated with the service. The location and name of
the configuration file may vary depending on the service and your Linux
distribution.Configure the necessary options in the configuration file. This
typically includes specifying shared directories, access control rules,
authentication settings, and other service-specific parameters.

 Enable the service by starting the corresponding daemon or service using the
appropriate command. This command varies depending on your Linux
distribution. For example, on Ubuntu, you can use systemctl start <service-
name>.
 Configure the service to start automatically at boot time if desired. Use the
appropriate command to enable the service on system startup. For example, on
Ubuntu, you can use systemctl enable <service-name>.

2 INET Super Server (xinetd):

 Install the xinetd package using the package manager specific to your Linux
distribution.

 Edit the configuration file for xinetd, typically located at /etc/xinetd.conf or in the
/etc/xinetd.d/ directory.

 Configure the services you want to manage using xinetd. Each service has its own
configuration file within the /etc/xinetd.d/ directory, named after the service. Edit
the respective configuration file for the desired service.

8
  Set the options specific to the service in its configuration file. This includes
specifying the port, protocol, executable path, and any additional parameters.

 Restart the xinetd service to apply the changes. Use the appropriate command for
your Linux distribution. For example, on Ubuntu, you can use service xinetd
restart or systemctl restart xinetd.

 Test the configured services by connecting to the respective ports to ensure they
are functioning as intended.

4. Assume you are working in a certain organization as a system administrator and if your
manager has asked you to limit specific user from accessing control panel setting of his/her
computer, what would be your solution?

To limit a specific user from accessing the Control Panel settings on their computer, you can
follow these steps:

1 Create a New User Account:

 Create a new user account for the user who should be restricted from accessing Control
Panel settings. Make sure this account has standard user privileges rather than
administrator privileges.

2 Modify User Account Control (UAC) Settings:

 User Account Control is a feature in Windows that helps prevent unauthorized changes to
the computer. Adjust the UAC settings to require administrator approval when making
changes to system settings.

 Open the Control Panel and search for "User Account Control" or go to "Security and
Maintenance" and select "Change User Account Control settings."

 Slide the UAC slider to a higher level (e.g., "Always notify") to prompt for administrator
approval whenever system settings are changed. This will affect all users on the
computer.

9
3 Group Policy Settings:

 Group Policy allows you to manage the configuration of user accounts and computer
settings on a Windows domain network.

 Open the Group Policy Management Console (GPMC) by typing "gpedit.msc" in the Run
dialog (Win + R).

 Navigate to "User Configuration" > "Administrative Templates" > "Control Panel" and
locate the policies related to Control Panel settings.

 Enable the policies that restrict access to specific Control Panel settings, such as "Prohibit
access to Control Panel and PC settings" or "Hide specified Control Panel items."

 Apply these policies to the user account you want to restrict.

4 Registry Editor (Optional):

 If more granular control is required, you can use the Registry Editor to modify specific
registry keys related to Control Panel settings.

 Open the Registry Editor by typing "regedit" in the Run dialog (Win + R).

 Navigate to the relevant registry keys associated with Control Panel settings. For
example, you can restrict access to specific Control Panel applets or disable the Control
Panel entirely for the user.

 Modify the values or permissions of the registry keys to achieve the desired restrictions.
Be cautious when editing the registry, as incorrect changes can cause system issues.

5 Test the Restrictions:

 Log in to the restricted user account and verify that the Control Panel settings are
inaccessible or limited as intended.
 Ensure that the user can perform their necessary tasks without access to Control Panel
settings.

10
5. Write the difference between FAT, FAT32, and NTFS with the detail
explanation?

FAT (File Allocation Table), FAT32, and NTFS (New Technology File System) are file
systems used in various operating systems, including Windows. Here's a detailed explanation of
the differences between these file systems:

1, FAT (File Allocation Table):

 FAT is an older file system used in MS-DOS and early versions of Windows. It has
limited features and lacks some advanced functionality compared to newer file systems.

 File and directory names in FAT have a maximum length of 8 characters for the filename
and 3 characters for the extension (8.3 format).

 File and directory names in FAT have a maximum length of 8 characters for the filename
and 3 characters for the extension (8.3 format).

 FAT uses a File Allocation Table to track file clusters on the storage device. This table
keeps track of which clusters are used and available.

 FAT has a maximum file size limit of 4GB and a maximum partition size limit of 2TB
(depending on the version).

 It lacks built-in support for file and folder permissions, encryption, compression, and
other advanced features.

2 FAT32:

 FAT32 is an extension of the FAT file system and was introduced with Windows 95
OSR2. It offers some improvements over FAT.

 File and directory names in FAT32 follow the same 8.3 format, but it also supports
longer file names using a secondary directory entry.

11
  FAT32 uses a File Allocation Table similar to FAT but with more efficient disk space
utilization compared to FAT.

 FAT32 allows for larger partition sizes and supports a maximum file size of 4GB (limited
by the file system).

 It still lacks built-in support for advanced features like file and folder permissions,
encryption, and disk quotas.

3 NTFS (New Technology File System):

 NTFS is a modern file system introduced with Windows NT and is the default file system
for Windows operating systems.

 NTFS supports advanced features not available in FAT or FAT32, making it more secure
and robust.
 File and directory names in NTFS can be up to 255 characters long and include Unicode
characters.

 NTFS provides file and folder permissions, allowing for granular control over access
rights and security.

 It supports built-in encryption, compression, disk quotas, disk mirroring, and file system
journaling for improved reliability.

 NTFS has larger partition size limits and file size limits compared to FAT and FAT32. It
can handle partition sizes up to 256TB and file sizes up to 16TB (depending on the
operating system version).

6. Write the most important window port numbers?

FAT (File Allocation Table), FAT32, and NTFS (New Technology File System) are file systems
used in various operating systems, including Windows. Here's a detailed explanation of the
differences between these file systems:

12
FAT (File Allocation Table):

FAT is an older file system used in MS-DOS and early versions of Windows. It has limited
features and lacks some advanced functionality compared to newer file systems.
File and directory names in FAT have a maximum length of 8 characters for the filename and 3
characters for the extension (8.3 format).
FAT uses a File Allocation Table to track file clusters on the storage device. This table keeps
track of which clusters are used and available.
FAT has a maximum file size limit of 4GB and a maximum partition size limit of 2TB
(depending on the version).
It lacks built-in support for file and folder permissions, encryption, compression, and other
advanced features.
FAT32:

FAT32 is an extension of the FAT file system and was introduced with Windows 95 OSR2. It
offers some improvements over FAT.
File and directory names in FAT32 follow the same 8.3 format, but it also supports longer file
names using a secondary directory entry.
FAT32 uses a File Allocation Table similar to FAT but with more efficient disk space utilization
compared to FAT.
FAT32 allows for larger partition sizes and supports a maximum file size of 4GB (limited by the
file system).
It still lacks built-in support for advanced features like file and folder permissions, encryption,
and disk quotas.
NTFS (New Technology File System):

NTFS is a modern file system introduced with Windows NT and is the default file system for
Windows operating systems.
NTFS supports advanced features not available in FAT or FAT32, making it more secure and
robust.

13
File and directory names in NTFS can be up to 255 characters long and include Unicode
characters.
NTFS provides file and folder permissions, allowing for granular control over access rights and
security.
It supports built-in encryption, compression, disk quotas, disk mirroring, and file system
journaling for improved reliability.
NTFS has larger partition size limits and file size limits compared to FAT and FAT32. It can
handle partition sizes up to 256TB and file sizes up to 16TB (depending on the operating system
version).

6. Write the most important window port numbers?

Port 80: Hypertext Transfer Protocol (HTTP)

Port 80 is used for regular HTTP communication, allowing web browsers to access websites. It is
the default port for unencrypted web traffic.
Port 443: Hypertext Transfer Protocol Secure (HTTPS)

Port 443 is used for encrypted HTTP communication using SSL/TLS. It is the default port for
secure web traffic, ensuring data confidentiality and integrity.
Port 25: Simple Mail Transfer Protocol (SMTP)
Port 25 is used for outgoing mail delivery. It allows email clients or mail servers to send emails
to other mail servers for further distribution.

Port 110: Post Office Protocol version 3 (POP3)

Port 110 is used for retrieving emails from a mail server. It allows email clients to download
messages from the server to the user's device.

14
Port 143: Internet Message Access Protocol (IMAP)
Port 143 is another protocol used for retrieving emails. It provides more advanced features
compared to POP3, such as managing folders on the mail server.

Port 3389: Remote Desktop Protocol (RDP)

Port 3389 is used for remote desktop access. It allows users to connect to a remote Windows-
based computer and control it as if they were physically present.

Port 137-139: NetBIOS and Server Message Block (SMB)

Ports 137-139 are used for NetBIOS communication and the older version of SMB. They are
commonly used for file and printer sharing, as well as network browsing.

Port 445: Server Message Block (SMB)

Port 445 is the newer version of SMB used for file and printer sharing over a network. It
provides more secure and efficient communication compared to the older ports 137-139.

Port 21: File Transfer Protocol (FTP)

Port 21 is used for FTP communication. It enables file transfers between a client and a server,
allowing users to upload and download files over a network.

7. What is computer security? Give at least five attacking mechanisms and explain the
mechanism they used to attack a certain system or organization.

Computer security refers to the protection of computer systems and data from
unauthorized access, use, disclosure, disruption, modification, or destruction. It involves
implementing various measures and techniques to safeguard computers, networks, and
information against potential threats and attacks.

15
Here are five common attacking mechanisms used to compromise computer systems or
organizations:

1 Phishing Attacks: Phishing attacks involve tricking users into revealing sensitive information
such as passwords, credit card details, or other personal data. Attackers often impersonate
legitimate entities, such as banks or online services, through emails, websites, or messages. They
typically create a sense of urgency or fear to manipulate users into clicking on malicious links or
providing their credentials, which are then used to gain unauthorized access to the system.

2 Malware: Malware, short for malicious software, refers to any software designed to harm or
exploit computer systems. This includes viruses, worms, Trojans, ransomware, and spyware.
Malware can be introduced into a system through various means, such as email attachments,
infected websites, or removable media. Once installed, it can perform actions like data theft,
system hijacking, or unauthorized access, compromising the security and integrity of the system.

3 Denial-of-Service (DoS) Attacks: In a DoS attack, the attacker overwhelms a target system or
network with a flood of requests, rendering it unavailable to legitimate users. The attack can be
achieved through techniques such as flooding the target with excessive traffic, exploiting
vulnerabilities in network protocols, or conducting distributed attacks using a network of
compromised computers (DDoS). By disrupting the availability of the system or network,
attackers can cause significant financial losses or disrupt critical services.
4 SQL Injection: SQL injection attacks target web applications that use databases. Attackers
exploit vulnerabilities in the application's input validation mechanisms to inject malicious SQL
code into database queries. This allows them to bypass authentication, retrieve sensitive
information, modify or delete data, or even gain control of the entire database. SQL injection
attacks can be prevented by implementing proper input validation, parameterized queries, and
least privilege access controls.
5 Social Engineering: Social engineering attacks exploit human psychology to manipulate
individuals into divulging confidential information or performing certain actions. Attackers often
impersonate trusted individuals or use psychological tactics to deceive and manipulate their
targets. Examples include pretexting (creating a false scenario to extract information), baiting
(leaving malware-infected media or devices in strategic places), or tailgating (gaining physical
access to restricted areas by following authorized personnel). Social engineering attacks rely on
human vulnerabilities and lack of awareness, making user education and awareness crucial for
prevention.

16