Академический Документы
Профессиональный Документы
Культура Документы
A THESIS
Submitted in partial fulfillment of the requirements for the award of the degree of
Master of Technology
In
COMPUTER SCIENCE AND ENGINEERING
(CYBER SECURITY)
BY
ORUGANTI SRINIVASU
1
CERTIFICATE
I hereby certify that the work which is being presented in the M.Tech. Thesis entitled
“DISTRIBUTED FILE SYSTEM”, in partial fulfillment of the requirements for the award of
the Master of Technology in Cyber Security and submitted to the Department of Computer
Science and Engineering of JNTU College of Engineering, KAKINADA, AP, is an authentic
record of my own work carried out during a period from DEC 2017 under the supervision of Mr.
S. CHANDRA SEKHAR, Assistant Professor, CSE Department.
Signature of Candidate
ORUGANTI SRINIVASU
Regd No. 17021D2613
This is to certify that the above statement made by the candidate is correct to the best of
my knowledge.
Signature of Supervisor
Mr. S. CHANDRA SEKHAR M.TECH(PH.D)
2
ACKNOWLEDGEMENT
Satisfaction and euphoria that accompany the successful completion of any task would be
incomplete without the mention of people who made it possible, whose constant guidance and
encouragement crowned the efforts with success.
The first person I would like to thanks is my Project Guide Mr. S. CHANDRA SEKHAR,
Assistant Professor, Department of Computer Science and Engineering, who had given
continuous critical suggestions and extension of proper working atmosphere abiding interest that
has finally evolved into this research work.
3
ABSTRACT
Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-
available access to files, load sharing, and WAN-friendly replication. In the Windows
Server® 2012 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly
called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in,
and introduced the new DFS Replication feature. In the Windows Server® 2012 operating
system, Microsoft added the Windows Server 2012 mode of domain-based namespaces and
added a number of usability and performance improvements.
4
TABLE OF CONTENTS
1. Introduction
4. Concept of RIP
5
1. Introduction
6
receives the data sent by the sender and the attacker then either
modifies or generates false data and sends to the receiver. The
receiver receives the data assuming that it is being sent by the
original Sender.
This threat occurs when an attacker or a security violator, poses as a
genuine person and accesses the resources or communicates with
other genuine users.
7
Routers operate at the OSI Reference Model Layer 3, Network
layer. Therefore, they are sometimes referred to as Layer 3 devices.
Routers join subnets together to form larger networks and join
networks together over extended distances or WANs.
As larger networks are formed, there may be multiple pathways to
get from one place to another. As WAN traffic travels multiple
routes, the router chooses the fastest or cheapest route between the
source and destination, while sometimes taking consideration of the
current load.
Routing can also be performed by a layer 3 switch. Layer 2
switches (which operate at the layer 2 OSI model) are used to
connect a host to a network by performing packet switching that
allows traffic to be sent only to where it needs to be sent based on
mapping MAC addresses of local devices. Layer 3 switches can
perform layer 2 switching, but also perform routing based on IP
addresses within an organization. Different from a router, layer 3
switches cannot be used for directly connecting WAN connections.
A server running Windows can have multiple network cards, each
network card can be connected to a different subnet. To allow
packets to be sent from one subnet to another subnet through the
server, you need to configure routing on the server.
Routing Table
8
hop count of 16 is considered infinite distance and
therefore, it is considered nonreachable.
o RIP was improved with RIP version 2 (RIPv2) by using
multicasts to send the entire routing table to all adjacent
routers at the address of 224.0.0.9 instead of using
broadcast. It also incorporates classless routing, which
includes the network mask to allow classless routing
advertisement. Finally, RIPv2 uses authentication to ensure
that routes being distributed throughout the network are
coming from authorized sources.
9
4. Concept of RIP
Use of RIP
10
5. Way to configure RIP
When configuring any routing protocol for IPv4, you need to use a
specific prompt. Specifically, we use the router configuration
command to enter the Router (config-router)# prompt. We use the
“router” command to enter the configuration portion specific to a
given routing protocol. Since we are working with RIP, we need to
type router rip in order to configure this protocol.
11
6. Understanding network address translation (NAT)
12
could have 4,294,967,296 unique addresses (232). The actual
number of available addresses is smaller (somewhere between 3.2
and 3.3 billion) because of the way that the addresses are separated
into classes, and because some addresses are set aside for
multicasting, testing or other special uses.
With the explosion of the Internet and the increase in home
networks and business networks, the number of available IP
addresses is simply not enough. The obvious solution is to redesign
the address format to allow for more possible addresses. This is
being developed (called IPv6), but will take several years to
implement because it requires modification of the entire
infrastructure of the Internet.
Working of NAT
13
7. Way to configure network address translation in windows
server 2012
In the RRAS MMC snap-in, expand Your Server Name. If you are
using Server Manager, expand Routing and Remote Access.
Expand IPv4, right-click NAT, and then click Properties.
If you do not have a DHCP server on the private network, then you
can use the RRAS server to respond to DHCP address requests. To
do this, on the Address Assignment tab, select the automatically
assign IP addresses by using the DHCP allocator check box.
To allocate addresses to clients on the private network by acting as
a DHCP server, in IP address and Mask, configure a subnet address
from which the addresses are assigned. For example, if you
enter 192.168.0.0 and a subnet mask of 255.255.255.0, then the
RRAS server responds to DHCP requests with address assignments
from 192.168.0.1 through 192.168.0.254.
(Optional) To exclude addresses in the configured network range
from being assigned to DHCP clients on the private network,
click Exclude, click Add, and then configure the addresses.
To add the public interface to the NAT configuration, right-
click NAT, and then click New Interface. Select the interface
connected to the public network, and then click OK.
On the NAT tab, click Public interface connected to the
Internet and Enable NAT on this interface, and then click OK.
If you want to add additional public addresses assigned to this
interface or configure service and port mappings to computers on
the private network.
To add the private interface to the NAT configuration, right-
click NAT, and then click New Interface. Select the interface
connected to the private network, and then click OK.
On the NAT tab, click Private interface connected to private
network, and then click OK.
14
8. Concept of remote access server,
15
9. Configure remote access server
16
To deploy Remote Access, you need to configure the server that
will act as the Remote Access server with the following:
Correct network adapters
A public URL for the Remote Access server to which client
computers can connect (the Connect to address)
An IP-HTTPS certificate with a subject that matches the Connect
To address
IPv6 settings
Client computer authentication
17
o In Type the public name or IPv4 address used by clients to
connect to the Remote Access server,
o Enter the public name for the deployment (this name
matches the subject name of the IP-HTTPS certificate, for
example, edge1.contoso.com), and then click Next.
o Network adapters for the networks in your deployment. If
the wizard does not detect the correct network adapters,
manually select the correct adapters.
o IP-HTTPS certificate. This is based on the public name for
the deployment that you set during the previous step of the
wizard. If the wizard does not detect the correct IP-HTTPS
certificate, click Browse to manually select the correct
certificate.
o Click Next.
o On the Prefix Configuration page (this page is only visible
if IPv6 is detected in the internal network), the wizard
automatically detects the IPv6 settings that are used on the
internal network. If your deployment requires additional
prefixes, configure the IPv6 prefixes for the internal
network, an IPv6 prefix to assign to Direct Access client
computers, and an IPv6 prefix to assign to VPN client
computers.
18
On the Authentication page:
o For multisite and two-factor authentication deployments,
you must use computer certificate authentication. Select
the Use computer certificates check box to use computer
certificate authentication and select the IPsec root
certificate.
o To enable client computers running Windows 7 to connect
via Direct Access, select the Enable Windows 7 client
computers to connect via Direct Access check box. You
must also use computer certificate authentication in this
type of deployment.
o Click Finish.
19
10. Main purpose of VPN and its security
VPN Security
20
data while on the computer and a VPN protects your data on
the web.
o VPNs use advanced encryption protocols and secure
tunneling techniques to encapsulate all online data transfers.
Setting up a VPN
21
o All major operating systems can configure PPTP VPN
connections. OpenVPN and L2TP/IPsec protocols require a
small open source application (OpenVPN) and certificate
download respectively.
VPN Protocols
22
o SSL is a mature encryption protocol, and OpenVPN can run
on a single UDP or TCP port, making it extremely flexible.
23
o Multicast support using Internet Group Messaging Protocol
(IGMP)
o IP routing
o Installation of the DHCP Relay Agent component
24
However, PPTP is also subject to serious security
vulnerabilities. Its underlying authentication protocols,
usually MS-CHAP-v1/v2, are fundamentally insecure, and
have been repeatedly cracked in security analyses since it
was first introduced.
25
12. Configure VPN PPTP:
26
For more information about configuring a multi-homed
Windows server, click here.
The server does not have to be joined to a domain, but it is
recommended to streamline the authentication process for
VPN clients and to provide better management and security
for the server.
Many of the steps here are identical to those you would
perform if you were building a secure SSTP VPN on
Windows Server 2012
If the VPN server is to be deployed in a load-balanced
cluster, IP addresses must be assigned to clients manually.
The VPN server can authenticate users itself, or forward
authentication requests to an internal RADIUS server.
For the scope of this article, native Windows authentication
using RRAS will be configured.
And you chose not to use Anywhere Access to do it. The
Anywhere Access wizard makes building a secure SSTP
VPN almost effortless. The old fashioned way is a little
more difficult, but not much.
The SSTP VPN adds additional work, compared to PPTP, in
the area of Active Directory Certificate Services (AD CS).
27
The steps required to configure a Windows PC as a client
are posted elsewhere. Client PCs do not need to be in a
domain. Many vendors offer the ability to make PPTP VPN
servers,
but all configure exactly the same at the client PC
end. Therefore, to be concise and avoid redundancy, I
posted the client PC set-up instructions here (toward the
bottom), along with a serious warning about the security
issues inherent in PPTP.
28
29