Question

1. Briefly explain how virtualization of Linux Servers may be used in the enterprise to provide an infrastructure base capable of overcoming component failures.

2.There are different types of firewalls in LINUX.

a. What are the key differences between a proxy firewall, state full firewall and packet filter?

b. Which would you use if you wanted to do deep inspection of the underlying protocol?

3. A system administrator has been given a new domain foobar.com. Assuming the domain has not been delegated, what steps would be taken by the system administration to ensure an A record with the value of www.foobar.com resolves? When addressing the question consider the register , server and client ?

Answer 1

1. Virtualization is technology that allows you to create multiple simulated environments or dedicated resources from a single, physical hardware system. Software called a hypervisor connects directly to that hardware and allows you to split 1 system into separate, distinct, and secure environments known as virtual machines (VMs). These VMs rely on the hypervisor’s ability to separate the machine’s resources from the hardware and distribute them appropriately. Virtualization helps you get the most value from previous investments.

Virtualizing resources lets administrators pool their physical resources, so their hardware can truly be commoditized. So the legacy infrastructure that's expensive to maintain, but supports important apps, can be virtualized for optimal use.

Administrators no longer have to wait for every app to be certified on new hardware; just set up the environment, migrate the VM, and everything works as before. During regression tests, a testbed can be created or copied easily, eliminating the need for dedicated testing hardware or redundant development servers. With the right training and knowledge, these environments can be further optimized to gain greater capabilities and density.

Imagine working at a large hotel, where you’re not only responsible for solving major maintenance issues but also have to make sure the lights are off, doors are locked, and water isn’t left running in each room. These are simple tasks that can become really, really time consuming. It's a situation that leaves you with 2 choices:

1. Check the empty rooms, leaving you little time to solve larger problems
2. Solve the larger problems, leaving you little time to check empty rooms

What if outlets, faucets, and locks were synced to an app that automatically turned the lights off, locked the doors, and checked pipe flow in empty rooms after guests checked out? It would save you from climbing every step, traversing every long hallway, and opening every door just to perform a few simple tasks—freeing you to solve major maintenance issues that can’t be automated.

In this analogy, every room is a VM. When simple maintenance tasks are spread across hundreds of instances, it becomes unwieldy. Management software can take some of that burden off IT professionals’ shoulders so they can solve big, enterprise-wide problems.

2. a. Stateful packet inspection firewalls (generally referred to as stateful firewalls) function on the same general principle as packet filtering firewalls, but they are able to keep track of the traffic at a granular level. While a packet filtering firewall only examines an individual packet out of context, a stateful firewall is able to watch the traffic over a given connection, generally defined by the source and destination IP addresses, the ports being used, and the already existing network traffic. A stateful firewall uses what is called a state table to keep track of the connection state and will only allow traffic through that is part of a new or already established connection. Most stateful firewalls can also function as a packet filtering firewall, often combining the two forms of filtering. For example, this type of firewall can identify and track the traffic related to a particular user-initiated connection to a Web site, and knows when the connection has been closed and further traffic should not legitimately be present.

2.b. Deep packet inspection, which is also known as DPI, information extraction, IX, or complete packet inspection, is a type of network packet filtering. Deep packet inspection evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point.

Deep packet inspection is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection's application layer.Deep packet inspection evaluates the contents of a packet that is going through a checkpoint. Using rules that are assigned by you, your Internet service provider, or the network or systems administrator, deep packet inspection determines what to do with these packets in real time.

Deep packet inspection is able to check the contents of these packets and then figure out where it came from, such as the service or application that sent it. In addition, it can work with filters in order to find and redirect network traffic from an online service, such as Twitter or Facebook, or from a particular IP address.

3. If you’re looking to register a domain, it’s not enough to simply record your own contact details on the Whois database: you also need to name an administrator and a technician. These are referred to as Admin-C and Tech-C. Additionally, if a name server is delegated for the registered domain, then the respective contracting authority (the registry) also requires the contact information for a zone administrator (known as Zone-C). We’ll take you through the tasks that these different roles have as well as their rights and responsibilities.

After the domain owner has been listed, you’ll need to name a real person as the administrative point of contact for the domain. This Admin-C is appointed by the domain owner and receives full access rights to the domain. This means that the admin is entitled to control of the domain operation and granted the corresponding responsibility to decide matters without needing permission from the domain owner. In cases of private domain registration, it’s quite typical for the domain owner to also take on the role of Admin-C as well. But other companies may choose to leave this task to a specialized service operator, allowing an expert to handle their domain administration. The required information for registering an Admin-C on the Whois database is exactly the same as is needed for registration of a domain owner: a registered address, a contact number, and an e-mail address.

As the domain holder, you reserve the right to change the Admin-C for your domain. To make this change, you simply have to contact the internet service provider with whom you registered the domain. They’ll usually have a form available for this, which you can simply fill out. In some cases, charges for processing this information may apply. In cases of an Admin-C change, it’s only the administrative contact that needs to be altered and rewritten. The ownership of the domain can be left unchanged.

• Local DNS server (“default name server”) –Usually near the endhosts that use it –Local hosts configured with local server (e.g., /etc/resolv.conf) or learn server via DHCP

• Client application –Extract server name (e.g., from the URL) –Do gethostbyname() to trigger resolver code

• Server application –Extract client IP address from socket –Optional gethostbyaddr() to translate into name