LKS2017_ITNSA_MODUL1 Page 1

LOMBA KETERAMPILAN SISWA SEKOLAH MENENGAH KEJURUAN

TINGKAT PROVINSI BALI

TAHUN 2017

MODUL 1

SYSTEM INTEGRATION ISLAND

IT NETWORK SYSTEMS

ADMINISTRATION LKS2017_ITNSA_MODUL1

KEMENTERIAN PENDIDIKAN DAN KEBUDAYAAN

DIREKTORAT JENDERAL PENDIDIKAN MENENGAH

DIREKTORAT PEMBINAAN SEKOLAH MENENGAH KEJURUAN

NETWORK SPECIFICATION

LKS2017_ITNSA_MODUL1 Page 2

SPECIFICATIONS

WINSRV

Server name: WINSRV

Operating System MS Windows 2012 R2

Domain Name: inaskills.net Administrator User name: Administrator Administrator password: Bali2017

IP address: 10.202.178.2/29 (bridge)

Domain NetBIOS Name: INASKILLS

LNXSRV

IP 10.202.178.3/29 (bridge)

Hostname LNXSRV

User name root

Admin Password Bali2017

LNXRO

External IP (eth0) 172.20.200.65/27 (LAN segmen)

Internal IP (eth1) 10.202.178.1/29 (bridge) Hostname LNXRO

User name root

Admin Password Bali2017

WINCLT

Computer name: WINCLT

Operating System MS Windows 8.1 User name: User Password: Bali2017 Domain name: inaskills.net

IP address: DHCP

WINSRV DOMAIN USER LIST Group Members Password

IT itXX (01 – 50) Bali2017

Marketing mktXX (01 – 50) Bali2017

Visitors vtrXX (01 - 30) Bali2017

Employees IT, Marketing

LNXSRV (autentication) User Password

user11 to user20 Bali2017 LNXSRV (user directory)

User Password

User01 to user20 Bali2017

NETWORK SPECIFICATION

LKS2017_ITNSA_MODUL1 Page 3

LNXSRV (user mail) User Password

budi Bali2017

ani Bali2017

LNXSRV (SSH) User Password

remote Bali2017

LNXSRV (Cacti) User Password

master Bali2017

NETWORK SPECIFICATION

LKS2017_ITNSA_MODUL1 Page 4

NETWORK DIAGRAM

MODUL 1 INTEGRATION ISLAND

Windows 8.1 Hostmachine (PC 1)

Virtual Windows Server Virtual Linux Server

Windows Server 2012 WINSRV

LNXSRV

eth0:

eth0:

10.202.178.2/29 10.202.178.3/29

Windows 8.1 Hostmachine (PC 2)

Virtual Linux Router Virtual Windows Client

LNXRO WINCLT

eth1:

eth0:

10.202.178.1/29

DHCP Client

eth0:

172.20.200.65/27

System Functions: System Functions: - Join Domain - DHCP Client

Windows Client pre install

- Routing - Reverse Proxy - Firewall - DHCP Server

System Functions: System Functions:

- Active Directory - DNS - GPO

- RAID - CA

- HTTP & HTTPs

- FTP & FTPs

Windows Server pre install

- Mail, Web Mail - SSH - System Monitoring (Cacti)

ISLAND 1 – SYSTEM INTEGRATION ISLAND

LKS2017_ITNSA_MODUL1 Page 5

CONTENTS

This Test Project proposal consists of the following document/file:

LKS2016_ITNSA_MODUL1.pdf

INTRODUCTION

The competition has a fixed start and finish time. You must decide how to best divide your

time.

Please carefully read the following instructions!

When the competition time ends, please leave your station in a running state.

Please do not touch the VMware configuration as well as the configuration of the VM

itself except the CD-ROM / HDD drives

PHYSICAL MACHINE (HOST)

FOLDER PATHS

Virtual Machine : C:\Virtual Machine

ISO Images : C:\Apps WORK TASK CABLING Create Straighthrought cable with standard T568B

LKS2017_ITNSA_MODUL1 Page 6

WORK TASK INSTALLATION (WINSRV, LNXSRV, LNXRO) Note: Please use the default configuration if you are not given the details.

WORK TASK SERVER WINSRV

Configure the server with the hostname, domain and IP specified in the appendix.

o Modify the default Firewall rules to allow ICMP (ping) traffic

o Install Active Directory Domain Services for inaskills.net.

Create a new Organization Unit named InaSkills2017. All new users and groups must

be created in this OU.

Create the user and security global group with members as indicated in the table in

Appendix. Use Bali2017 as the password for all user accounts.

o DNS

Create a forward zone called “inaskills.net”

Create a reverse zone for the IP range.

Create 4 subdomain:

- router.inaskills.net LNXRO

- mail.inaskills.net LNXSRV

- internal.inaskills.net LNXSRV

- modul.inaskills.net LNXSRV

- info.inaskills.net LNXSRV

o GPO – Password Policies

Ensure the company user password must meet the following criteria:

- Domain passwords will be at least 6 characters.

- Strong passwords need not be enforced.

- Passwords will not be stored with reversible encryption.

- Passwords will be changed exactly every 90 days.

- Accounts will be locked out for 30 minutes after three invalid logon attempts.

The password of the users in IT group must meet the following criteria:

- Domain passwords will be at least 10 characters.

- Strong passwords will be enforced.

- Passwords will not be stored with reversible encryption.

- Passwords will be changed exactly every 30 days.

- Accounts will be locked out for 15 minutes after two invalid logon attempts.

o GPO – Security Policies

At logon on WINCLT, users should see this message before logging in: Message Title:

“Welcome to InaSkills2017” with Message Text “Only authorized personnel allowed to

access.” and prohibit this message on all servers.

All users, except the IT group, are not allowed to access the display settings on the

Control Panel.

disable "First Sign-in Animation" for all Windows 8.1 clients

disable the use of “cmd” and “run” for the Visitor group

hide all local drives for the Visitor group

o Windows server pre install without network configuration

LKS2017_ITNSA_MODUL1 Page 7

WORK TASK SERVER LNXSRV Note: Please use the default configuration if you are not given the details.

Configure the server with the hostname, domain and IP specified in the appendix

o Configure the disk and partitions Add 3 disks with 5 GB of each disk.

Use the three virtual disks to create a software RAID 5.

Mount it as /data

o Install the services: 1. CA (openssl)

Configure as CA

CA attributes should be set as follows

- Country code is set to ID - Organization is set to LKS2017

Create a root CA certificate

Store the certificate in directory /cert

2. Web Server (apache2 including php5)

Create info.php in the http://info.inaskills.net/info.php to check the php version

installed. Use the following code for info.php

<?php

phpinfo();

?>

Create website “http://internal.inaskills.net” and “http://modul.inaskills.net”

- Use the following code for index.html in the http://internal.inaskills.net

<html>

<h1>Welcome in the internal inaskills</h1>

</html>

- Use the following code for index.html in the http://modul.inaskills.net

<html>

<h1>Welcome in the Modul inaskills</h1>

</html>

Make sure “http://internal.inaskills.net” is protected by authentication

- Allow users from “user11” to “user20”

Enable HTTPs for both sites

- Use a certificate signed by CA

- Make sure no certificate warning is shown.

Create virtual webpages for user01 to user20

- Ex. http://internal.inaskills.net/~user09

3. FTP (proftpd)

Enable FTPS

- Use a certificate signed by CA

LKS2017_ITNSA_MODUL1 Page 8

Each user (user01 to user20) will have a home directory. User must have access to

update their own virtual webpage via FTP

Make sure the user are jailed in their respective website document root directories.

Make sure file transfer to the server is possible.

4. Mail and Webmail (Squirrelmail)

Create users budi and ani

Make sure they have access via POP3, IMAP and SMTP

Before you finish your project make sure you send an email message from budi to ani

and another message from ani to budi

Do not delete these email messages.

5. SSH Server

Install SSH Server

Root account is not allowed to login.

Create user “remote”with password “Bali2017”. That has the same permission as

root account.

Change SSH port default to 2017

6. Monitoring Server (Cacti)

Install Cacti

Create an admin-user “master” with password “Bali2017”

Create a graph showing the statistics of the CPU, Memory and interfaces traffic of the LNXSRV and LNXRO

WORK TASK SERVER LNXRO Configure the server with the hostname, domain and IP specified in the appendix

o Install the services:

1. Routing

- Enable routing

2. Firewall (iptables)

- Block the ICMP packet from external network to the LNXRO

- Ensure the external network can access any service on LNXSRV

3. DHCP

Range : 172.20.200.71 – 172.20.200.80

Netmask : /27

Gateway : 172.20.200.65

DNS : 10.202.178.2

4. Proxy (nginx)

Configure a reverse proxy for http://router.inaskills.net website, which is hosted by LNXSRV

WORK TASK INSTALLATION WINCLT

LKS2017_ITNSA_MODUL1 Page 9

Note:

o Windows client pre install without network configuration

o Please use the default configuration if you are not given the details.

WORK TASK WINCLT Note: Please use the default configuration if you are not given the details.

o Join the client to the domain inaskills.net

LKS2017_ITNSA_MODUL1 Page 10