T8G1-Skylab

About

This site presents the internal services and their configurations provided by T8G1-Skylab group, the cluster’s network topology and documentation for users and administrators along with the security implemented within the network. [See the public repository for this site here]

Tasks

On group VM:
1. Install Docker on Group VM and move squid into docker
  See Docker in section: Group-vm
2. Make it possible that all traffic originating from GroupVM should pass through squid and firewall is adjusted accordingly See Squid in section: Group-vm
3. Analyze the pros/cons of using proxy for all traffic originating from individual VMs in the group and decide on it. Document your resons and choice and do the needful depending on the decision. See Proxy in section: Group-vm
4. Make it possible for all individual members of the group to be able to share documents in a common folder where they will update logs of what change they have made to the Group VM and only the owner of the file is able to modify/delete the file. Rest should be able to read all information in the file. So, each member should have his own file See NFS in section: #2: Group-vm
5. ~~[optional] place log files in a container separate container. How does it affect security~~
6. Install a service in docker of your choosing as group which you think will need to share amongst the group, for example authentication server, DNS server etc. Create a DMZ(a separate subnet –maybe a 10 subnet with your group number as subnet such as t1g1 is 10.11 and t1g2 is 10.12 and so on ) See Custom ingress in section: Group-vm
7. Update the firewall to allow limited traffic from DMZ only to be able to use that service See Mad docker in section: Group-vm
In your individual VM
1. Setup & Configure the LXD or docker See Host cards in section: T8G1-Skylab
2. ~~[optional] get ip address for LXD or Docker from dhcp server on groupVM~~
3. Setup security for your individual server and the containers you will run See Security in section: nikolaj-vm
4. Discuss the security and other networking considerations for keeping containers isolated from local network and making them available over the local network See Security in section: nikolaj-vm
Design a network topology (not configure) for the whole group
1. ~~Database server (mysql, mongo,postgres)~~
2. Webserver (nginx,apache, caddy) See Topology in section: Topology
3. ~~Real time communication server (jitsi, matrix)~~
4. ~~Git server~~
5. Any other type of container you think will be relevant See Topology in section: Topology
6. File server (Seafile, owncloud,nextcloud) See Topology in section: Topology
Decide where in the topology will you place the various servers. Setting up lxd on GroupVM is not a trivial task so anything there has to docker but in the documentation you can argue if you would rather used lxd and why? See Containers in section: Topology
Which virtualization technology between docker and lxd will you use for the particular server and why? See Containers in section: Topology
You should setup minimum of two docker container or lxd container on your individual VM See Host cards in section: T8G1-Skylab
~~[optional] you can configure both docker and LXD and make them work together~~
Reasonable firewall and other security measures should be implemented and documented for the groupVM and the individual VM See Mad docker in section: group-vm & Security in section: nikolaj-vm
Setup and discuss the security for each server(container) individually and for the setup as a whole See Mad docker in section: group-vm & Security in section: nikolaj-vm
1. ~~What do you think the security is for your setup~~
2. ~~Talk about strength and vulnerabilities of your infrastructure~~
~~Launch attacks like DDOS on other servers, use various tools to check~~ vulnerabilities in the server setup of other groups
1. ~~You can reconfigure your switch(just add the vlan of the group so that you can get ip from their dhcp) to access other groups local network in the class~~
2. ~~Then you can run these vulnerability scanners like nmap and nikto to find out more about their network, services etc.~~
3. ~~Document your findings, vulnerabilities and suggest way to protect/attack the vulnerabilities~~