Sunday, September 13, 2009

ICAA5140A Design a server

The sole purpose of a server is to provide supporting function to business processes. Most business processes rely on the server to store, manage and manipulate important business data and information. If the server is unavailable, it usually means the organisation is not working at full capacity and as such losing profits. Therefore, it is important to design a server that is robust, recoverable and redundant. Servers provide many different resources and services, from database management to email delivery and storage.

This unit (ICAA5140A) will give you the knowledge and skills to implement and manage security on an operational system. You will learn how to do the following:

* Choose server application
* Choose network operating system
* Select server components
* Design the server

1. Choose server application
In this topic you will learn how to determine the design of the server by analysing business and technical requirements. You will learn to design a server and select business applications that meet requirements. You will also learn how to validate the selection against requirements and procure the relevant materials.

2. Choose network operating system
In this topic you will learn how to identify the network operating system features with reference to the required server solution. Review and research an available network operating system based on technical specifications and capability and requirements. Analyse the most suitable network operating system with reference to identified requirements and current and projected needs and choose the most suitable network operating system based on technical and business requirements.

3. Select server components
In this topic you will learn how to identify server components with reference to required server application and server features, identify product specifications and limitations, and identify and analyse system interdependencies, including hardware prior to selection.

4. Design a server
In this topic you will learn how to design and document a server, validate the design, build and test a server, and identify and resolve defects and problems.

1. Choose server application

Activity 1.1 - Research available email applications

This activity is intended to help you identify examples of server applications. If you already have an idea about what application you would like to use, you can visit the vendor’s website. Using the Internet and your favourite search engine, compile a list of email server software.

One of the most common software applications an organisation uses is email. Using the Internet and your favourite search engine, compile a list of email server software that is compatible with Microsoft Outlook, Lotus notes and has web-based email capabilities. Indicate whether the available applications are commercial or non-commercial products.

A: Following table is shows some example of email server applications

Table 1: Some example of email server applications

Activity 1.2 – Match application features to requirements

Q: This matching activity requires you to match application features to requirements

A: This table bellowing is show the answer to match application features with the requirements

Activity 1.3 – Create evaluation matrix

This activity is intended to help you create an evaluation matrix based on a case study from a sample organisation, Australian Assurance Group (AAG).

AAG has completed gathering high level requirements for the web-based customer service project. The objectives of the project are to reduce the number of systems and applications accessed by customer service representatives when dealing with clients. Currently, there are 6 different systems that need to be accessed to register a new customer and their products. AAG have a mixed UNIX and Windows architecture.

The high level requirements for the web server application are

  • Consolidate multiple websites into one portal
  • Support wireless access
  • Conform to current architecture.

Lower level mandatory requirements are

  • Compliant with Java 2 Platform Enterprise Edition
  • Easily expandable with support for clustering
  • Administer web services from remote locations
  • Encrypt network communications
  • Support external scripting
  • LDAP Authentication
  • Support Oracle 11g RDBMS
  • Support for future versions of IP.

Q: Your task is to use Word or Excel to create an evaluation matrix to critique web server applications.

A:

Activity 1.4 – Application procurement

Flaxtons is a medium-sized enterprise with 140 employees, experiencing slow but steady growth. They have a main office in the capital city and three branch offices around the state. They have a large sales force that travel around the country. Email is an important communication tool used by nearly everyone, especially the travelling sales personnel. Travelling sales personnel have a laptop and desktop machine and need to have a consistent view of emails over both systems

Their main IT project this year is to upgrade the email system to meet increased email demand and add ease of access. They are currently using Microsoft Exchange Server 5.0 running on a Pentium II platform with 512MB of RAM. They have a Wintel desktop environment consisting of Windows 2000 and XP workstations. The workstations use Microsoft Outlook 2003 for managing emails. They have two multi-purpose Windows 2000 domain controllers; three Windows file servers, and an IBM DB2 database running on an IBM iSeries mainframe platform.

Q: Your task is to develop an outline for the specification document.

A: Outline for the specification document:

Introduction

A medium-sized company is name "Flaxtons" that have a main office in the capital city as well as three branch offices around the state. They have a large sales force which travel around the country. Almost worker in a compyny use Email as an important communication tool, especially the travelling sales personnel that have a laptop and desktop machine and need to have a consistent view of emails over both systems.

These specifications outline the requirements of upgrading the Flaxtons’ email system. The specifications detail the server architecture and the hardware and software environment.

Scope

Flaxtons has been experiencing substantial growth for the last 5 years. The organisation uses its email system extensively to keep in contact with clients throughout Australia. Email is used by remote agents to communicate with both company and clients.

Requirements

The email system must provide remote access to users’ email via the Internet.

The email system must deliver emails to users connected to the network at a minimum of 5 minutes intervals.

The email system must be compatible with Microsoft Outlook 2003.

The email system must be IMAP compliant.

The email system must be able to process 500 emails a minute.

The email system must be available 99.99% of the time.

The email system must be compatible with Windows 2003 server.

2. Choose network operating system

Activity 2.1 – Identify network operating system features

Q: Complete the matching activity by matching requirements to operating system features

A:

Activity 2.2 – Technical requirements brief

Q: Create a technical requirements brief for one of the following operating systems:

  • Microsoft Windows Vista
  • Red Hat Enterprise Linux AS
  • Sun Solaris 10
  • HP UX 11i
  • Apple Mac OS X server
A: Windows Home Server Technical Brief for Home Computer Backup and Restore
Brief Description
This technical brief provides an in-depth look at the features and functionality of Windows Home Server Home Computer Backup and Restore.

Quick Details
File Name:Windows_Home_Server_Technical_Brief_-_Home_Computer_Backup_and_Restore.docx
Version:1.0
Date Published:9/16/2008
Language:English
Download Size:1000 KB
Estimated Download Time:
3 min

Overview

Windows® Home Server will automatically backup your home computers to the home server and allow you to easily restore the entire computer or an individual file or folder to a previous point in time. The Windows Home Server Backup solution backs up only the data that has not already been backed up. Even if you have several copies of the same data on different computers, the data is backed up only once on your home server and your home server keeps track of what data was stored on each home computer on each day. This makes it efficient in the time it takes for backups to complete and the amount of space that is used on your home server.

System Requirements

  • Supported Operating Systems: Windows Vista; Windows Vista Home Basic; Windows Vista Home Premium; Windows Vista Ultimate; Windows XP; Windows XP Home Edition ; Windows XP Professional Edition

Instructions

To install this download:
  • Download the file by clicking the Download button (above) and saving the file to your hard disk.
Instructions for use

To remove this download:
  • Delete this document from your computer.

Activity 3 – Select network operating system

BlancoBar is an international car parts manufacturer specialising in electrical and mechanical components. They have representatives in 20 countries and employ 17,000 people worldwide. They have a very large and complex information technology system built around a global SAP implementation running on HP-UX. They are not happy with the performance of the 1.7TB Informix database backend and are considering upgrading to IBM DB2 or Oracle database. BlancoBar are pleased with the current environment of SAP with HP-UX.

Q: Which operating system would you recommend BlancoBar implement? Why?

A: BlancoBar should keep using the HP-UX environment as they are currently happy with the performance and stability of the operating system. Changing the operating environment would be a major project for such a large organisation, costing millions of dollars.

3. Select server components

Activity 3.1 – Identify server components

Your services have been engaged as a contractor for Walkabout Meter Readings. Walkabout is an SME that provides water, gas, and electrical meter reading for large utility suppliers. They have 30 employees that record customer meter readings. This is done on Personal Data Assistants (PDAs). Once the customers’ data is collected, it is relayed via the 3G network to Walkabout’s headquarters for batch processing. Business has been expanding quickly, and Walkabout are looking to expand their server infrastructure. The current system uses Oracle8i Release 2 (Version 8.1.6) running on SuSE 6.3 OS. They have slowly upgraded hardware components to meet increased demands of the organisation. An overview of the server hardware is shown in the table below:

Table 1: Walkabout’s technical requirements

Q: Your task is to create a list of server components needed to upgrade the server, including software, hardware and peripheral devices.
Table 2: Walkabout’s technical requirements

4. Design a server

Activity 4.1 – Server benchmarking tools

In this activity you are going to use your web surfing skills to find more information about computer benchmarking. Create a blog, wiki or clipmarks that can be used to share your findings with the class. Record information about the following:

Q: What the benchmark is measuring. For example, is it an I/O, kernel, or software application measurement?

A: benchmark is the act of running a computer program, a set of programs, or other operations, in order to assess the relative performance of an object, normally by running a number of standard tests and trials against it. The term 'benchmark' is also mostly utilized for the purposes of elaborately-designed benchmarking programs themselves. Benchmarking is usually associated with assessing performance characteristics of computer hardware, for example, the floating point operation performance of a CPU, but there are circumstances when the technique is also applicable to software. Software benchmarks are, for example, run against compliers or database management systems. Another type of test program, namely test suites or validation suites, are intended to assess the correctness of software.

Benchmarks provide a method of comparing the performance of various subsystems across different chip/system architectures.

Benchmarks seldom measure real world performance of mixed workloads — running multiple applications concurrently in a business context. For example, IBM's mainframe servers (System z9) excel at mixed workload, but industry-standard benchmarks don't tend to measure the strong I/O and large/fast memory design such servers require. (Most other server architectures dictate fixed function/single purpose deployments, e.g. "database servers" and "Web application servers" and "file servers," and measure only that.

Q: Which organisations support the benchmarking tool and what does that reveal about their products?

A: Vendor benchmarks tend to ignore requirements for test and QA computing capacity. Vendors only like to report what might be narrowly required for production capacity in order to make their initial acquisition price seem as low as possible. Benchmarks are having trouble adapting to widely distributed servers, particularly those with extra sensitivity to network topologies. The emergence of grid computing, in particular, complicates benchmarking since some workloads are "grid friendly", while others are not.

Q: Which one do you think is the fairest and most accurate? Why?

A: Users can have very different perceptions of performance than benchmarks may suggest. In particular, users appreciate predictability. Servers that always meet or exceed service level agreements. Benchmarks tend to emphasize mean scores (IT perspective) rather than low standard deviations (user perspective). Many server architectures degrade dramatically at high (near 100%) levels of usage "fall off a cliff" and benchmarks should (but often do not) take that factor into account. Vendors, in particular, tend to publish server benchmarks at continuous at about 80% usage an unrealistic situation and do not document what happens to the overall system when demand spikes beyond that level. Benchmarking institutions often disregard or do not follow basic scientific method. This includes, but is not limited to: small sample size, lack of variable control, and the limited repeatability of results

Q: Which computer system is rated as the fastest for each benchmark tool?

A: In (2008) Intel unveiled the brand new processor called Core I7 (previously called : Nehalem) , the successor of the Core 2 Duo CPU series. Then again in 2009 Intel introduced new Core I7 based on a new socket 1156 based motherboard and a new processor series called I5 and Core I7 . Then again in 2010 there is a new Core I7 designed for the laptop and Notebook market. Despite the expectation, not all Core I7 Notebook chips are quad Core processors.

Q: What one would you recommend using?

A: I recommend to use Core I7 Motherboards have more than one PCI Express 16 slots. It may take a while for somebody to bring a simple and economical motherboard. (Not much people want to use 2 or 3 PCI Express 16 slots)
Core I7 Motherboard .
Image from Tomshardware.com web site 		Core I7 Motherboard Foxconns
It is expected that you get about 30% performance improvement from Core I7 compared with the Core 2 Extreme series You can see some bench mark figure at the sites listed on right side
Benchmark performance of Core I7 fastest computer system for Games It is almost 30% faster than the fastest Phenom II X4 940 (as at 2009 June) . Still this is the lower end of the Core I7 processor.

There are faster Core I7 on the market, if you have the money to burn. But until there is a significant price reduction, the Core I7 920 seems to be the best value for money for the demanding user.
Benchmark performance of Core I7 computer system for Adobe Photoshop

Even at a low GHz speed Core I7 Can out-perform the Core 2 Quad and the MD Phenom II X4 955 running at 3.2 GHz .... intel_coreI7 benchmark and performance comparision

Activity 4.2 – Run test

For this activity you will need to set up and capture performance data on a Windows 2003 server. This activity can be done in a lab, in your workplace or at home using the virtual PC image on DVD available from your teacher. Set up a performance log for a file server that captures data about key file server sub-systems. Let the log run for 24 hours, then analyse the data.

  • Memory
  • Available Mbytes – shows the available number of physical memory in Megabytes.
  • Pages Output/sec –shows the number of pages written to disk per second to free up physical memory space. A high rate of page output indicates a memory shortage
  • Pages Input/sec – shows the number of pages read from disk to resolve hard page faults. Hard page faults are when a process refers to a page in virtual memory which must be retrieved from the hard disk. The system then reads multiple continuous pages into physical memory to increase efficiency.
  • Processor
  • % Interrupt Time – shows the percentage of time that the processor spent servicing hardware interrupts. It indicates the activity of devices generating interrupts.
  • % Processor Time – shows the non idle thread process time.
  • Physical Disk
  • shows the percentage of elapsed time that the selected disk drive was busy servicing read or write requests.
  • Avg Disk Bytes/Transfer – shows the average number of bytes that were transferred to or from the disk during write or read operations.
  • Avg Disk Queue Length – shows the average number of both read and write requests that were queued for the selected disk during the sample interval.
  • Avg Disk Sec/Transfer – shows the average time, in seconds, of a disk transfer.
  • Disk Transfers/Sec – shows the rate, in incidents per second, at which read and write operations were performed on the disk.
  • Network Interface
  • Bytes Total/sec – is the sum of the values of bytes received per second and bytes sent per second
  • Packets/Sec – is the sum of packets sent and received per second
Activity 4.3 – Review results

For this activity, refer to the case study Gungley Industral Machines-Heavy Plant Sales System (HPPS)

Summarise test results:

Examine the test log HPSS-RL2. Analyse the test results and determine the following:

  • test completeness
  • problems encountered during testing
  • defects and their severity.
A: Test results

Posted by at No comments:

ICAS5192A Configure an internet gateway

Unit contents

An internet gateway is a device that connects internal private networks to the outside world via the Internet. It translates and converts messages from one protocol to another. The Internet gateway is also there to protect the internal private network from harm. It is at the battle front, protecting important data and information from attack, be it by email, viruses or worms, and hackers. An internet gateway can also provide proxy services, which is a means of reducing network costs by caching internet pages. Without internet gateways, you would not be able to send emails, look at Web Pages or use any web services.

This unit (ICAS5192A) will give you the knowledge and skills to implement and manage security on an operational system. You will learn how to do the following:

  • confirm client requirements and network equipment
  • review security issues relating to Internet connectivity
  • install and configure a gateway
  • configure and test node to use gateway.
Unit topics

The topics for this unit are as follows:

1. Confirm client requirements and network equipment

2. Review security issues

3. Install and configure gateway products and equipment

4. Configure and test node

In this topic you will learn how to assign nodes to a specific gateway, determine the connection type and configure with reference to network architecture and ensure node software and/or hardware is configured.

1. Confirm client requirements and network equipment

In this topic you will learn how to confirm and validate client requirements, determine the scope of Internet services with reference to the client requirements, and finally, identify and verify the gateway equipment specification and product availability.

Activity 1.1 Confirming client’s requirements

A friend wants you to make a recommendation on what can be done to allow easy access to the Internet from both of the family’s home computers. Read up on Microsoft’s Home and Small Office Network Topologies at http://search.technet.microsoft.com/search/default.aspx?siteId=1&tab=0&query=network+topologies and determine the appropriate options for your friend. Set out the considerations you make for the various requirements that your friend may have.

onsider under what circumstances you would recommend the following solutions:
  • residential gateway
  • using a host computer with ICS (Internet connection sharing)
  • using a host computer with another Internet sharing program
  • individual dial-up connections for each computer.
A: Some of the requirements to consider include
  • operating systems used
  • connection method to the Internet (broadband, dial-up, wireless broadband)
  • common times of use
  • location of computers to each other
  • phone and network connections.
This can be best represented in a table.

Table 3: Considerations and recommendations

Of course, every situation is different. Some may require a greater investment in infrastructure in order to provide the services required. Also, there is no reason to prevent a residential gateway from being used with a dial-up connection as long as the device is able to support a serial port for a modem or ISDN terminal adapter such as various mainstream routers and the Open Networks (http://www.opennw.com/index.php) OPEN524R router. These devices use the serial port as a backup WAN connection in place of a failed broadband link, but can be used without broadband at all for ISDN dial-up connections.

Activity 1.2 Examining high-end enterprise appliances

To gain an insight into the variety of devices available for larger business and enterprise situations, have a look at the following demonstration from Cisco about their ASA (adaptive security appliance) product range at http://www.cisco.com/cdc_content_elements/flash/asa/flash.html(Cisco ASA demo)

This demo requires Macromedia Software Flash to be installed and will take approximately seven minutes for the Introduction section to download on a dial-up connection. It will take longer if other downloads are also being processed. If the demo is unavailable you might try http://www.cisco.com/go/asa for more information.

A: From the demonstration, you can see that products such as Cisco ASA range have a multipurpose capability that allows them to be distributed as a solution to many different needs in an organisation. A key feature for enterprise use is the central control of remote devices and automatic product updates.

Similar products are available from McAfee and Symantec, to name a few. Virtually all network infrastructure manufacturers will have a range of products to perform gateway functions of some level. Some examples are http://www.mcafee.com/au/products/mcafee/antivirus/internet_gateway/ws_appliances_3000.htm (McAfee – Webshield 3000 Series Appliances)

http://www.mcafee.com/us/products/tools/demos/ws_appliance/ws_appliance.asp (Macromedia Flash demo)

http://www.symantec.com/enterprise/products/allproducts.jsp (Symantec – Gateway Security 5400 Series. Click on the Symantec Gateway Security 5400 Series link.)


Activity 1.3 Validating client requirements

This scenario applies to Activity 3 and Activity 4. Read the scenario and answer the questions that follow.

Compstat is an SME that provides market research to over 100 clients Australia-wide. Compstat’s head office is located in Perth and has three remote offices located in Sydney, Melbourne and Brisbane. Currently, remote sites are connected to the head office via ISDN links. They are looking to upgrade their network to utilise new applications that have improved data-gathering
methods. Currently, market research participants fill in a paper-based form that is then transferred into electronic format by data entry personnel. Compstat wants to change this paper-based system to a computer-based system that utilises web technologies. This will allow the
collection and storage of research data in one step instead of many, saving time and money.

Compstat wants to be able to provide a computer kiosk system where the participant completes the questionnaire online in a remote area like a shopping centre. They want to use wireless broadband technologies to connect the kiosk computers to the Compstat web servers anywhere and anytime wireless broadband access is available. This environment will need to be safe and secure.

Q: Are the client’s requirements valid? Can they be fulfilled? Refer to the following document: Client Requirements - Sample Validating Client Requirements (23 KB 2821_reading1.xls)

A: Yes, the client’s requirements are valid. They can be filled using a range of multiple mobile technologies.


Activity 1.4 Scope of Internet services required

Q: To practise determining the scope of Internet services required, refer back to the scenario in Activity 3 and fill in the document Client Requirements - Sample Scope of Internet Services

(1.21 MB 2821_reading2.xls)

A: The level of detail in this tool is still incomplete? As I learn about other existing and new technologies, I still need to modify the tool in order to effectively record a client’s requirements for an Internet gateway.


Activity 1.5 Identify suitable components

Make a comparison of the specifications of the following products and identify what Internet gateway services they are suitable for.

Download the product specification sheets, datasheets and/or user guides or manuals for these products:

Home and small business components

TP-Link – TL-460 multifunction router http://www.tp-link.com/. Click on the Cable/DSL Routers image then click on the TL-460 image.

MSI – Residential Gateway http://www.msicomputer.com.au/. Search for RG54GS and select the appropriate result link.

Billion – BiPAC 5200 ADSL2+ Modem/Router http://www.billion.com/product/adsl.htm. Click on the BiPAC 5200 image.

Enterprise components

Cisco – ASA http://www.cisco.com/go/asa. Scroll down to related documents and click Datasheets. Click on the ASA Platform and Module datasheet link, then download the PDF or read the web page.

Symantec – Gateway Security 5400 Series http://www.symantec.com/enterprise/products/allproducts.jsp Click on the Symantec Gateway Security 5400 Series link.

A: Comparing these devices, I see that the specifications concerning what can be done from an Internet gateway or router point of view is very similar across the board from home and small business up to enterprise level. However, the data speeds and the few additional processing functions of the enterprise appliances set them apart. The additional capacity of some enterprise appliances to actively detect worms and viruses and other threats makes these devices come at a price and may not be justifiable to a home or small business client.

2. Review security issues

In this topic you will learn how to assess security features of Internet gateways with reference to architecture and the security plan and review security measures with the Internet service provider with reference to firewalls and other measures. You will also learn how to brief users on the security plan with reference to Internet use and hazard possibilities.

Activity 2.1 Assess Internet security for home or organisation

Examine the security features of an Internet connection you have access to by researching and answering the following questions:

  • What do you use to share Internet access at your home or business?
  • Is there a network administrator or ‘computer person’ that you can ask some information from at work?
  • What services are provided from your side of the Internet link?
  • Are there open ports for special programs?

You might also find the following sites helpful in making your decision:
http://www.cert.org/tech_tips/home_networks.html (CERT – Home Network Security)
http://www.webcamsoft.com/en/faq/firewall.html (Configure for DMZ servers)
http://www.haxial.com/faq/routerconfig (Port forwarding examples)
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00801162eb.html (Configuring PIX firewall)
http://www.portforward.com/help/porttrigger.htm (Explanation of ports, NAT and port forwarding)
http://www.portforward.com/help.htm (Basic help and definitions)
http://www.irchelp.org/irchelp/security/fwfaq.html (Firewall FAQ)

A: Were you able to determine the aspects of your Internet security provision at home or work? There are many answers to the creation of Internet security. Perhaps you have one or parts of several of the following solutions:
  • MS Windows system on a dial-up connection with a software firewall
  • Internet connection sharing (ICS) through a dial-up connection with firewalls on every system
  • broadband connection with a router with NAT enabled
  • broadband modem connected to one system with a software firewall and ICS running
  • broadband connection with NAT router and firewall device routed through a server providing DNS and anti-virus checking of the network traffic.
Activity 2.2 Access ISP security information

Check for information about the security arrangements provided by your ISP. Look for FAQs, information pages, connection details and similar pages in order to find out what security measures are in place at the ISP premises that could potentially affect you or your client.

  • What does your ISP do for you?
  • Do they provide virus scanning of emails?
  • Are any ports blocked at their premises such as port 25 or others? Do they explain why they have done this?
  • Do they provide static IP addresses?

A: Were you able to find the information? Some ISPs don’t advertise the fact that they block anything. You can determine if your ISP blocks port 25 by running the Telnet program and trying to connect to another ISP’s email server using port 25. For example in Windows you would do the following:

  • click on Start -Run then type cmd into the command area and click OK. (or command on Windows 95, 98 or ME)
  • in the command window type telnet mail.dodo.com.au 25 and press Enter.
  • An unsuccessful connection will time out and show something like the following:
Telnet output shows that the mail.dodo.com.au mail server is not reachable using port 25 from this computer.
A successful connection will show something like the following:Telnet output shows a connection has been established with the mail.bigpond.com.au mail server on port 25

The images above show that access is possible to the mail server mail.bigpond.com.au but not to the mail server at mail.dodo.com.au.

Bigpond definitely blocks port 25, but you have to search for the information. Try the following to get the information: http://www.bigpond.com/ Type block ports into Search Bigpond and read the article on ‘Why does Bigpond manage the use of port 25


Activity 2. 3 Notifying users of Internet security measures

What is the best way to get the information across? You will provide different formats for the security measures depending on your method of deployment of the information. Have a look at the following sites and see the range of information you may need to be providing:

Search Google for technology acceptable-use policy within Australia:

For the different methods listed in the Reading notes, describe how you may get this information across.

These methods were
  • induction packages for employees
  • seminars
  • emails
  • log-on notices
  • messages of the day
  • default home page.
Q: Write your answers below:

A: There could be various answers here. Some will be more effective than others depending on the audience as well as the content. Here are a few ideas:

Table: Methods of delivery and information formats

3. Install and configure gateway products and equipment

In this topic you will learn how install and configure gateway products as required by technical guidelines, plan and execute tests, and analyse error reports and make changes to the gateway.

Activity 3.1 Terminology used to set configuration of devices

Q: The following link is for a manufacturer of a proprietary Internet phone system. Their software requires routers or firewalls to be configured to allow the service to be accessed from the Internet on their client’s computers. The feature that allows this is often called port forwarding.

  • Click on the link provided below and scroll down to the bottom of the page where you will find links for a variety of routers and firewalls.
  • Click on each of these links in turn (use the Back button in between) and assess the differences in terminology and the logical grouping of services in the various menu systems used in these routers and firewalls.
  • Specifically, identify the port forwarding references and create a table with the alternative naming, description and grouping for each of the router and firewall products and devices listed.
A: The pages for the different routers and firewalls show various options for port forwarding to be configured, such as those shown in the next table.

Table: Devices and terminology


Activity 3.2 Exploring Linux gateways

Q: Research some of the Linux gateway solutions shown in the Reading notes. Click on each of the links and investigate the features and licensing for the various products offered. Produce a table with a basic summary of your findings.

A: Each of the products has differing requirements in both the knowledge needed to install them and the ongoing support given. Generally, if a payment and annual fee is required, then support will be more dependable. (You get what you pay for.) The free products are not necessarily inferior to the commercial offerings—often they only differ in the support offered.

Activity 3.3 Enterprise appliances

Q: Research some of the enterprise appliances available from the following manufacturers. Find information on the firewall and VPN throughput and the maximum number of connections.

  • Cisco Systems: http://www.cisco.com – search for “Adaptive Security Appliances Models Comparison” and follow the resulting links to locate detailed specifications on an ASA product.
Table: Cisco Adaptive Security Appliance – ASA 5510 specifications

  • Symantec Systems: http://www.symantec.com – search for "Symantec Security Appliances Comparison Chart" and follow the resulting links to locate detailed specifications on an appliance product and get the actual comparison chart from the resources list at the bottom of the page.
Table: Symantec Gateway Security – SGS 5420 specifications


Activity 3.4 Plan and execute tests

Q: Download and open the Test Plan – Sample Workbook and try the test links while your Internet connection is open. Test Plan - Sample Workbook (19 KB Test Plan_Sample Workbook.xls)

  • Practise filling in the workbook as you perform the tests.
  • Do all the tests work?
  • What other tests would be helpful in this test tool?
A: Practise filling in the workbook by
  • saving the sample test plan with a new file name
  • changing the date heading to reflect the date when you performed the tests
  • filling in either Pass or Fail in the results column under the date you just entered.
  • trial downloading of various file types – ZIP, EXE, COM
  • trial using of different communications programs – MSN Messenger, ICQ, SSH, Telnet, BitTorrent.

4. Configure and test node

In this topic you will learn how to assign nodes to a specific gateway, determine the connection type and configure with reference to network architecture and ensure node software and/or hardware is configured.

Activity 4.1 Determine the IP configuration method

In order to determine how the IP configuration is obtained on a Microsoft Windows XP system we first have to log in as an unrestricted or administrative level user.

Once you have logged in

  • go to Start -Control Panel
  • from the control panel list, open the Network Connections option. This will open a window with a Dial-up section and/or a LAN or High-Speed Internet section.

Note: If control panel displays in Category View, you will have an additional step of opening the Internet and Network Connections option before opening the Network Connections option.

Part 1 – Dynamic IP settings

Most dial-up connections are configured as dynamically-allocated IP addresses, so if you have a Dial-up section with a connection present

  • right-click on a connection and select Properties from the pop-up menu
  • select the Networking tab from the dialog then open the Internet Protocol (TCP/IP) by selecting it from the list and clicking on the Properties button.

In most cases this Properties dialog will show that the options Obtain an IP address automatically and Obtain DNS server address automatically are selected.

Important: Leave these settings as they are by clicking the Cancel buttons until the Network Connections list is displayed again!

A: In Part 1 you should have moved through and displayed the TCP/IP Properties dialog for a Dial-up connection and obtained a dialog similar to the following:

Part 2 – Static IP settings

The IP address configuration can be statically (or manually) allocated.

  • If you have a connection in the LAN or High-Speed Internet section, then right-click on a connection and select Properties from the pop-up menu.
  • Select the Networking tab from the dialog then open the Internet Protocol (TCP/IP) by selecting it from the list and clicking on the Properties button.

In many cases, this Properties dialog will show that the options Obtain an IP address automatically and Obtain DNS server address automatically are selected.

Change the selected options to the following:

  • Use the following IP address and use the following DNS server addresses. Notice that the IP address fields become available to take the static IP address information including the IP address, Sub-network mask, default gateway address and the Preferred DNS server address.

Important: Leave these settings as they are by clicking the Cancel buttons until the Network Connections list is displayed again!

A: In Part 2 you should have moved through and displayed the TCP/IP Properties dialog for a LAN or High Speed Internet connection. By selecting the options Use the following IP address and Use the following DNS server addresses, you should have obtained a dialog similar to the following:


Part 3 - Current values

In order to determine the current values being used by the system, a command line tool is available.

Open a command prompt window by doing the following:

  • Start, Run, type cmd in the Open field and click on the OK button. This brings up a black command prompt window.
  • at the flashing prompt, type ipconfig /all and the current values will all be displayed.
A: In Part 3, the IP settings should be displayed in the command prompt window similar to the following:

Activity 4.2 Configuring Internet Explorer to use a proxy server

Internet Explorer is integrated into the Windows operating system to the degree that you do not need to open Internet Explorer to set parameters. To set the proxy server settings for Internet Explorer on a Microsoft Windows XP system you should

  • log in as an Unrestricted or Administrative level user
  • go to Start then Control Panel
  • from the Control Panel list, open Internet Options and select the Connections tab.

Note: If Control Panel displays in Category View, you will have an additional step of opening the Internet and Network Connections option before opening Internet Options.

This will open a dialog with a Dial-up and Virtual Private Network settings section and a Local Area Network (LAN) settings section. For this activity you can choose an available Dial-up setting and click on the Settings button or click on the LAN Settings button. The difference between the two dialogs is in the Dial-up including fields for the User name and Password for the connection.

To activate the use of a proxy server

  • click on the check box under Proxy server beside the instruction Use a proxy server for this connection
  • this activates the fields that allow you to enter the IP Address and the Port number for the HTTP proxy server
  • you can also activate to bypass the proxy server for local addresses by clicking on the Advanced button. You can configure different server addresses and ports for the different protocols displayed.

Important: Leave these settings as they are by clicking the Cancel buttons until the Control Panel is displayed again.

A: There are a number of different ways to open the proxy settings dialogs. Each connection can be configured with a different set of parameters. Most DHCP servers cannot be used to supply this information to a DHCP client. You should have obtained a dialog for the proxy settings similar to the following:


Activity 4.3 Testing completed node capabilities

The testing tool that you created in order to test the operation of the gateway can be used in the testing of each node as well. Download and open

Practice filling in the workbook as you perform the tests.

  • Do all the tests work?
  • What other tests would be helpful in this test tool?
A: Practice filling in the workbook by
  • saving the Sample Test Plan with a new file name
  • changing the date heading to reflect the date on which you perform the tests
  • fill in either Pass or Fail in the results column under the date you just entered.
  • trial downloading various file types – ZIP, EXE, COM
  • trial using different communications programs – MSN Messenger, ICQ, SSH, Telnet, BitTorrent.
Posted by at 1 comment:
Subscribe to: Posts (Atom)