tafe trojans

TAFE TrojansTAFE Trojanshttp://trojans.virtualhost.com.auhttp://trojans.virtualhost.com.au

Cert 4 ProjectCert 4 Project

A Little About OurselvesA Little About Ourselves

We Are The Trojans, You will be Assimilated, Your Biological and Technological Distinctiveness will be added to our own…

RESISTANCE IS FUTILE

The Trojans…

Nick: Security, firewalls, UNIX and switch management.

Paul: Cable Runs, Hardware, web design/management and Documentation.

Kellie: Pricing, Documentation, Time Management and Project Analysis.

Ian: Research, tech support and Time Management.

The JobThe Job



As a part of the cert IV class, TAFE has asked us to address certain problems existing on the network.These issues are…

• 30 day secure channel problem

• PXE Workstation Imaging

• Internet control and filtering

• Network Speed to classroom C-312

What We Will DoWhat We Will Do



• 2 New Gigabit Switches for C-312 and C-block server room.

• Installation of Smoothwall School Guardian

• Implementation of PXE network boot imaging.

• 30 day secure channel problem.

What We Won’t DoWhat We Won’t Do



• System Backups.• Anti-Virus.• KVM-Switch for server room – Already a 4 Port in room.• USB Caddies.• Facility for storing Ghost images – Flash Already Sufficient.• Wireless Connectivity – Not important at the moment but a future possibility.• Domain Controller – IT.net is happy with their 2000 server at the moment.

Moving onto 30 day secure channel…

30 day Secure Channel30 day Secure Channel



The Problem.

- after 30 days, the it.net computers can’t log onto goth because the secure channel password has changed.- typically a computer has its own individual name and account on the DC, and doesn’t suffer this problem.- unfortunately tafe’s computers all share the same name and therefore he same secure channel password and account.- this password identifies individual computers to the domain, and changes every 30 days.- for Tafe, once this password changes for one computer, the other computers can’t log on because they are using the old password with the same account. - this is where we found a fix




First attempt.

• The first registry key we found changed the amount of days till password expriry

• Allowed a potential of 1 000 000 days

• When the server restarted the registry value was reset

So we thought we could build a startup script or find a better solution.

We went for option 2 ….. We found another key.




Second AttemptThe “new” key is at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE /System/CurrentControlSet/Services/NetLogon/Parameters/MaximumPasswordAge

Changing the key allows to enable/disable the maximum password age, rather than specify days.




These changes are illustrated thorough the following various pictures

The Registry Entry Before it was changed





The Registry Entry After it was changed





The Policy Editor Before it was changed





The Policy Editor After it was changed




Because of these changes through the registry, in effect it turns off the 30 day check.

Moving onto PXE…

PXEPXE



Pre-boot Execution Environmentoverview

• A network boot enabled PC makes imaging a host computer very easy.

• Most computers today support network boot.

• Enabled through bios, select first boot device as network boot.

• Relies on a DHCP and TFTP server

• OS images are transferred via TFTP to the host computer.

• The option for a boot menu for user input is available.

• Replaces the need for individual boot floppies. (“Thank god” says Andy)

PXEPXE



Pre-boot Execution Environmentprocess

• Firstly the network boot PC looks for a IP address through DHCP.

• The file dhcpd.conf on the DHCP server has a static entry for the workstation, and the bootfile to load.

• The Server responds with an IP and asks the client if network boot enabled.

• The workstation says “Yes” then gets an IP and is directed to the TFTP server.

PXEPXE



Pre-boot Execution EnvironmentProcess (con’t)

• At the TFTP server the workstation requests the “filename”.img referred to in the dhcpd.conf file on the DHCP server and executes it.

• The boot image does the rest, maps drives, runs ghost and images the host computer

Moving on to Smoothwall…..

SmoothwallSmoothwall



Introduction to Smoothwall

• Linux based operating system.

• Simplified Linux Kernel

• We will be demonstrating the free version – Smoothwall Express

• Very powerful firewall and internet filter

• Very easy to install




System monitoring..

• Notices of available smoothwall updates

• System Uptime, Process status, Disk Usage

• Traffic graphs




This is the main Smoothwall front page.




This is the statistics area.




Traffic Graphs




Security..

Port Forwarding

• DMZ Pinholes

• Remote access




Port Forwarding Interface




DMZ Pinholes Interface




More Security..

• IP Blocking

• Internet Connectivity (PPP)

• Log Viewer of all activity

• Settings - Backup




Supporting Text




PPP Internet Connectivity




Settings - Backup

BudgetBudget



• 2 New switches for C3-12 and C-Block server room - $1310.78

• 100m of Cat 5e for 2 runs from C-Block server room to C3-12 - $450

• Smoothwall School Guardian 4 inc 70 concurrent licences - $2053.70

• Labour Cost for Tafe Trojans (Inc GST) - $2145.00

________Total (Inc GST) -

$5959.48

tafe trojans

Documents

technological distinctiveness

secure channel password

fix30 day secure channelwe

password changes

password expriry

old password

futilethe problem

individual computers