Professional Documents
Culture Documents
Mikiyas - NSA Assignment
Mikiyas - NSA Assignment
Haramaya, Ethiopia
May, 2023
1. Read the case study below. As a network administrator, explain what type of network
you would recommend for the situation. Say whether you would recommend a client-server
or peer-to-peer network, which topology you would use, and what hardware will be
required for your suggested solution. If you think you need more information about the
case study, state what information is required. Explain the reasons for your choices.
“A small printing and publishing company in Harar currently employs 9 staff: a manager,
three designers and 5 print operators. The manager and the designers each have their own
computer, and there are 3 computers shared by the print operators. The computers are
currently not networked. The company would like to network their computers so that the
print operators can access the designers’ work more easily, and also so that they can share
peripheral devices such as printers. The company expects to employ 5 new staff within the
next year. They have a moderate budget for purchasing the necessary equipment for
networking.”
Based on the given case study, I would recommend implementing a client-server network
for the small printing and publishing company in Harar.
Reasons for recommending a client-server network:
Scalability: The company expects to employ 5 new staff within the next year. A client-
server network can easily accommodate the addition of new users and devices without
significant disruptions. It allows for seamless expansion and the addition of new
resources as the company grows.
Topology:
For the given scenario, a star topology would be suitable. In a star topology, all devices are
connected to a central device, such as a switch or server. Each computer in the network would
have its own dedicated connection to the central device. This topology provides better
performance, easier troubleshooting, and allows for future expansion by simply adding more
connections to the central device.
1
Hardware requirements:
Server: A dedicated server should be set up to centralize resources and manage user
access. The server can be a computer with sufficient processing power, storage capacity,
and network connectivity.
Switch: A network switch is required to connect all the devices in the network. The
switch should have enough ports to accommodate the existing computers and future
expansion.
Computers: The manager, designers, and print operators already have their own
computers. These computers can be connected to the network via Ethernet cables.
Printers: The company wants to share printers among the staff. Network printers with
Ethernet connectivity can be used, allowing all users to access the printers over the
network.
Cabling: Ethernet cables will be required to connect the computers, server, switch, and
printers. The length and quantity of cables will depend on the physical layout of the
office.
Additional Information:
The case study does not mention the expected network traffic, the required file sharing
capacity, or the budget constraints in detail. These factors would help determine the
specifications of the server, such as the storage capacity and processing power required. It would
also be beneficial to know the office layout to plan the placement of network cables and devices
effectively.
2. What Samba is All About and what are the steps to be followed to configure samba in
Linux?
Samba is an open-source software suite that enables file and print sharing between
computers running different operating systems, such as Linux and Windows. It allows Linux
servers to act as file and print servers for Windows clients, supporting the Server Message Block
(SMB) protocol used by Windows for sharing files, printers, and other resources over a network.
2
Here are the steps to configure Samba in Linux:
1. Install Samba:
2. Configure Samba:
Open the Samba configuration file, usually located at /etc/samba/smb.conf, using a text
editor with root privileges.
Backup the original configuration file before making any changes.
Configure global settings, such as workgroup name, server description, and security
settings. These settings define the overall behavior of the Samba server.
Configure shared directories by creating entries in the configuration file. Each entry
specifies the path to the directory, permissions, and access controls.
3. Describe the steps to be followed to configure the following common networking service.
3
1. Network Interface Configuration:
Identify the network interface(s) available on your Linux box using the “ ifconfig “or “ip
addr “command. Typically, the primary network interface is named "eth0" or "ensX"
(where X is a number).
Edit the network interface configuration file, which is typically located at
/etc/network/interfaces or /etc/sysconfig/network-scripts/ifcfg-<interface>.
Configure the interface with the desired IP address, netmask, gateway, and DNS servers
Save the configuration file and restart the network service for the changes to take effect.
The command to restart the network service depends on your Linux distribution.
2. DNS Configuration:
Edit the DNS configuration file, usually located at /etc/resolv.conf, using a text editor.
3 Hostname Configuration:
Set the hostname of your Linux box by editing the /etc/hostname file and entering the
desired hostname.
Edit the /etc/hosts file and add an entry for your hostname along with the corresponding
IP address.
4 Firewall Configuration:
If you have a firewall enabled on your Linux box (e.g., iptables, firewalld), configure it to
allow incoming and outgoing network traffic according to your requirements. Specific firewall
configuration steps depend on the firewall software you are using and the desired network
services.
5 Network Services Configuration:
Depending on your networking requirements, you may need to configure additional network
services such as DHCP, NTP, SSH, or VPN. Each service has its own configuration file(s) and
specific steps for configuration. Consult the documentation or online resources specific to the
service you want to configure for detailed instructions.
4
6 Testing the Network Configuration:
Once you have completed the configuration steps, you can test the network connectivity by
pinging other devices on the network or accessing external resources using tools like ping or
curl.
1. Enable IP Forwarding:
Edit the /etc/sysctl.conf file and uncomment the line net.ipv4.ip_forward=1 to enable IP
forwarding.
Run the command sysctl -p to apply the changes.
If the Linux box is connecting a private network to the internet, configure NAT to
translate private IP addresses to a public IP address.
Use iptables or a similar firewall tool to set up NAT rules.
If you want to hide the internal network's IP addresses, enable IP masquerading to rewrite
source IP addresses of outgoing packets.
5
5 Firewall Configuration:
Configure the firewall on the Linux box to allow forwarding of network traffic between
interfaces.
Set up appropriate firewall rules to permit desired inbound and outbound connections.
Install the Apache web server software using the package manager specific to your Linux
distribution (e.g., apt, yum).
Customize settings such as server name, port, document root, virtual hosts, and access
control.
Create and place your website files in the appropriate directory (e.g., /var/www/html).
Install the Postfix mail server software using the package manager specific to
your Linux distribution.
Install the Squid proxy server software using the package manager specific to your Linux
distribution.
Specify cache settings, access control rules, ACLs (Access Control Lists), and other
options.
Install the Network Time Protocol (NTP) server software using the package manager
specific to your Linux distribution.
Configure the NTP server by editing the configuration file (e.g., /etc/ntp.conf).
For sharing desktops with VNC, install a VNC server software (e.g., TigerVNC,
RealVNC) and configure it based on the specific software's documentation.
7
g. RPC-Based Services and INET Super Server.
1 RPC-Based Services:
Identify the specific RPC-based service you want to configure (e.g., NFS, NIS,
RPCBind).
Install the necessary packages for the chosen service using the package manager
specific to your Linux distribution.
Edit the configuration file associated with the service. The location and name of
the configuration file may vary depending on the service and your Linux
distribution.Configure the necessary options in the configuration file. This
typically includes specifying shared directories, access control rules,
authentication settings, and other service-specific parameters.
Enable the service by starting the corresponding daemon or service using the
appropriate command. This command varies depending on your Linux
distribution. For example, on Ubuntu, you can use systemctl start <service-
name>.
Configure the service to start automatically at boot time if desired. Use the
appropriate command to enable the service on system startup. For example, on
Ubuntu, you can use systemctl enable <service-name>.
Install the xinetd package using the package manager specific to your Linux
distribution.
Edit the configuration file for xinetd, typically located at /etc/xinetd.conf or in the
/etc/xinetd.d/ directory.
Configure the services you want to manage using xinetd. Each service has its own
configuration file within the /etc/xinetd.d/ directory, named after the service. Edit
the respective configuration file for the desired service.
8
Set the options specific to the service in its configuration file. This includes
specifying the port, protocol, executable path, and any additional parameters.
Restart the xinetd service to apply the changes. Use the appropriate command for
your Linux distribution. For example, on Ubuntu, you can use service xinetd
restart or systemctl restart xinetd.
Test the configured services by connecting to the respective ports to ensure they
are functioning as intended.
4. Assume you are working in a certain organization as a system administrator and if your
manager has asked you to limit specific user from accessing control panel setting of his/her
computer, what would be your solution?
To limit a specific user from accessing the Control Panel settings on their computer, you can
follow these steps:
User Account Control is a feature in Windows that helps prevent unauthorized changes to
the computer. Adjust the UAC settings to require administrator approval when making
changes to system settings.
Open the Control Panel and search for "User Account Control" or go to "Security and
Maintenance" and select "Change User Account Control settings."
Slide the UAC slider to a higher level (e.g., "Always notify") to prompt for administrator
approval whenever system settings are changed. This will affect all users on the
computer.
9
3 Group Policy Settings:
Group Policy allows you to manage the configuration of user accounts and computer
settings on a Windows domain network.
Open the Group Policy Management Console (GPMC) by typing "gpedit.msc" in the Run
dialog (Win + R).
Navigate to "User Configuration" > "Administrative Templates" > "Control Panel" and
locate the policies related to Control Panel settings.
Enable the policies that restrict access to specific Control Panel settings, such as "Prohibit
access to Control Panel and PC settings" or "Hide specified Control Panel items."
If more granular control is required, you can use the Registry Editor to modify specific
registry keys related to Control Panel settings.
Open the Registry Editor by typing "regedit" in the Run dialog (Win + R).
Navigate to the relevant registry keys associated with Control Panel settings. For
example, you can restrict access to specific Control Panel applets or disable the Control
Panel entirely for the user.
Modify the values or permissions of the registry keys to achieve the desired restrictions.
Be cautious when editing the registry, as incorrect changes can cause system issues.
10
5. Write the difference between FAT, FAT32, and NTFS with the detail
explanation?
FAT (File Allocation Table), FAT32, and NTFS (New Technology File System) are file
systems used in various operating systems, including Windows. Here's a detailed explanation of
the differences between these file systems:
FAT is an older file system used in MS-DOS and early versions of Windows. It has
limited features and lacks some advanced functionality compared to newer file systems.
File and directory names in FAT have a maximum length of 8 characters for the filename
and 3 characters for the extension (8.3 format).
File and directory names in FAT have a maximum length of 8 characters for the filename
and 3 characters for the extension (8.3 format).
FAT uses a File Allocation Table to track file clusters on the storage device. This table
keeps track of which clusters are used and available.
FAT has a maximum file size limit of 4GB and a maximum partition size limit of 2TB
(depending on the version).
It lacks built-in support for file and folder permissions, encryption, compression, and
other advanced features.
2 FAT32:
FAT32 is an extension of the FAT file system and was introduced with Windows 95
OSR2. It offers some improvements over FAT.
File and directory names in FAT32 follow the same 8.3 format, but it also supports
longer file names using a secondary directory entry.
11
FAT32 uses a File Allocation Table similar to FAT but with more efficient disk space
utilization compared to FAT.
FAT32 allows for larger partition sizes and supports a maximum file size of 4GB (limited
by the file system).
It still lacks built-in support for advanced features like file and folder permissions,
encryption, and disk quotas.
NTFS is a modern file system introduced with Windows NT and is the default file system
for Windows operating systems.
NTFS supports advanced features not available in FAT or FAT32, making it more secure
and robust.
File and directory names in NTFS can be up to 255 characters long and include Unicode
characters.
NTFS provides file and folder permissions, allowing for granular control over access
rights and security.
It supports built-in encryption, compression, disk quotas, disk mirroring, and file system
journaling for improved reliability.
NTFS has larger partition size limits and file size limits compared to FAT and FAT32. It
can handle partition sizes up to 256TB and file sizes up to 16TB (depending on the
operating system version).
FAT (File Allocation Table), FAT32, and NTFS (New Technology File System) are file systems
used in various operating systems, including Windows. Here's a detailed explanation of the
differences between these file systems:
12
FAT (File Allocation Table):
FAT is an older file system used in MS-DOS and early versions of Windows. It has limited
features and lacks some advanced functionality compared to newer file systems.
File and directory names in FAT have a maximum length of 8 characters for the filename and 3
characters for the extension (8.3 format).
FAT uses a File Allocation Table to track file clusters on the storage device. This table keeps
track of which clusters are used and available.
FAT has a maximum file size limit of 4GB and a maximum partition size limit of 2TB
(depending on the version).
It lacks built-in support for file and folder permissions, encryption, compression, and other
advanced features.
FAT32:
FAT32 is an extension of the FAT file system and was introduced with Windows 95 OSR2. It
offers some improvements over FAT.
File and directory names in FAT32 follow the same 8.3 format, but it also supports longer file
names using a secondary directory entry.
FAT32 uses a File Allocation Table similar to FAT but with more efficient disk space utilization
compared to FAT.
FAT32 allows for larger partition sizes and supports a maximum file size of 4GB (limited by the
file system).
It still lacks built-in support for advanced features like file and folder permissions, encryption,
and disk quotas.
NTFS (New Technology File System):
NTFS is a modern file system introduced with Windows NT and is the default file system for
Windows operating systems.
NTFS supports advanced features not available in FAT or FAT32, making it more secure and
robust.
13
File and directory names in NTFS can be up to 255 characters long and include Unicode
characters.
NTFS provides file and folder permissions, allowing for granular control over access rights and
security.
It supports built-in encryption, compression, disk quotas, disk mirroring, and file system
journaling for improved reliability.
NTFS has larger partition size limits and file size limits compared to FAT and FAT32. It can
handle partition sizes up to 256TB and file sizes up to 16TB (depending on the operating system
version).
Port 443 is used for encrypted HTTP communication using SSL/TLS. It is the default port for
secure web traffic, ensuring data confidentiality and integrity.
Port 25: Simple Mail Transfer Protocol (SMTP)
Port 25 is used for outgoing mail delivery. It allows email clients or mail servers to send emails
to other mail servers for further distribution.
14
Port 143: Internet Message Access Protocol (IMAP)
Port 143 is another protocol used for retrieving emails. It provides more advanced features
compared to POP3, such as managing folders on the mail server.
7. What is computer security? Give at least five attacking mechanisms and explain the
mechanism they used to attack a certain system or organization.
Computer security refers to the protection of computer systems and data from
unauthorized access, use, disclosure, disruption, modification, or destruction. It involves
implementing various measures and techniques to safeguard computers, networks, and
information against potential threats and attacks.
15
Here are five common attacking mechanisms used to compromise computer systems or
organizations:
1 Phishing Attacks: Phishing attacks involve tricking users into revealing sensitive information
such as passwords, credit card details, or other personal data. Attackers often impersonate
legitimate entities, such as banks or online services, through emails, websites, or messages. They
typically create a sense of urgency or fear to manipulate users into clicking on malicious links or
providing their credentials, which are then used to gain unauthorized access to the system.
2 Malware: Malware, short for malicious software, refers to any software designed to harm or
exploit computer systems. This includes viruses, worms, Trojans, ransomware, and spyware.
Malware can be introduced into a system through various means, such as email attachments,
infected websites, or removable media. Once installed, it can perform actions like data theft,
system hijacking, or unauthorized access, compromising the security and integrity of the system.
3 Denial-of-Service (DoS) Attacks: In a DoS attack, the attacker overwhelms a target system or
network with a flood of requests, rendering it unavailable to legitimate users. The attack can be
achieved through techniques such as flooding the target with excessive traffic, exploiting
vulnerabilities in network protocols, or conducting distributed attacks using a network of
compromised computers (DDoS). By disrupting the availability of the system or network,
attackers can cause significant financial losses or disrupt critical services.
4 SQL Injection: SQL injection attacks target web applications that use databases. Attackers
exploit vulnerabilities in the application's input validation mechanisms to inject malicious SQL
code into database queries. This allows them to bypass authentication, retrieve sensitive
information, modify or delete data, or even gain control of the entire database. SQL injection
attacks can be prevented by implementing proper input validation, parameterized queries, and
least privilege access controls.
5 Social Engineering: Social engineering attacks exploit human psychology to manipulate
individuals into divulging confidential information or performing certain actions. Attackers often
impersonate trusted individuals or use psychological tactics to deceive and manipulate their
targets. Examples include pretexting (creating a false scenario to extract information), baiting
(leaving malware-infected media or devices in strategic places), or tailgating (gaining physical
access to restricted areas by following authorized personnel). Social engineering attacks rely on
human vulnerabilities and lack of awareness, making user education and awareness crucial for
prevention.
16