【ACW66】Secure Digital Infrastructure

al Machine Configuration

A leading Japanese Biotech company has recently acquired some virtual machine resources to begin deployment of their research data management system and to additionally facilitate in-house research and development. You have been given a freshly created Virtual Machine which will need configuring appropriately. Your role as administrator for this company is to configure these systems and maintain them.

Task:

1. Secure, with justification, the root user account
2. Setup administrative users for yourself and another one for the module leader (Ahmd Moustafa)
3. Setup and correctly configure the SSH server, taking into account all user account
4. Create accounts where needed for the following persons:
   1. Katsuhide Fujita - Head of R&D
   2. Naoko Yamaguchi - Lead Scientist
   3. Kai Yoshino- Is an intern (Kun) with the company and is being closely supervised by Naoko. He will require access to materials which Naoko will place in a folder in /srv/ for him to access as part of his
   4. Shota Suzuki – Media Manager, requiring access to /srv/http to see, and put any promotional material. Shota is not familiar withCLI, and only requires SFTP access infrequently.
   5. Daiki Setoguchi & Makoto Hagiwara - Company research engineers who need access to dedicated project materials for on-going These also reside in /srv/.
   6. Yuya Kondo - Quality Manager responsible for verifying that developed work conforms to company standards and works

Store, and secure access to, a research project data directory (under /srv/) for research engineers to have access to. Research engineers should have full access to the research projects’ folders; however, the quality managers should not be able to change the 

1. research data, only check the experimentation data for compliance and whether they follow the quality guidelines. Senior members of the company such as the Lead Scientist and the Head of R&D should be able to oversee any company research project/asset. On occasion, they will contribute to research projects developed by Daiki and Makoto.
2. Conduct a comprehensive security assessment and audit of the configured system. Identify potential security risks, vulnerabilities, and areas of improvement. Propose and justify strategies for managing and mitigating these risks. Include steps for responding to security incidents and maintaining an updated security posture.  

Critical reflection section: reflecting on the process of learning these tools, and of configuring the VM to this specification. This can include challenges faced (such as error messages) and how you solved them, as well as personal reflections on the process as a whole. 

As Kai has just started, Naoko does not yet have any materials tosend him; however, she still requires a place to put these when ready.

Kai has been told he should normally use private keys; however, he asks if he can login with password only from the following host on the local network: (150.237.92.8 ); Everywhere else he has private keys to login.

 

First Steps

Follow the vSphere access instructions, including VPN access.

Each VM has internet connection for downloading any packages you may need. Each of your VMs is also in a subnetwork, therefore enabling communication between your colleagues for testing purposes. Note: Any abuse of this will be dealt with severely.

 

You should request a reset of your Virtual Machine when you are ready to attempt this assignment task, as it will require documenting your progression. See the “What if things go wrong / needs resetting” section below for details on resetting back to the template.

 

What if things go wrong / needs resetting?

It is possible for you to misconfigure your machine which will result in your being locked out. In some cases, even using the vSphere login web console might not be possible. If you have fully locked yourself out, and a snapshot isn’t available to roll-back to, then you may request your VM be reset back to the template by opening a Virtual Machine ticket on support.hull.ac.uk putting “For the attention of Andrew Hancock” at the top.

Please ensure you include your 6-digit ADIR number so your response can be dealt with promptly.

 

This WILL wipe your VM back to the original workshop starting point, and will require you to reinstall many packages which you may be familiar with from workshops.

 

Also note, it may take time for these to be reset depending on the current workload of ICTD, therefore consider this a warning against last minute VM configurations close to the deadline.

 

Deliverable

A PDF report ( Minimum 4 pages; Maximum 8 pages ) detailing the steps from the initial machine given to you, towards the goal of configuring to the above specification. You should provide clear and justified rationale for decisions made.

You should include steps taken to verify that changes implemented are working as intended. You may utilise additional software which is required to be installed via pacman; however, these must be justified and fit-for-purpose.

 

Cover page, table of contents page, appendices, and references sections do not count towards the page limit.

 

Note: Your VM will NOT be inspected for being awarded marks. Therefore you should ensure that your documented progress sufficiently shows the steps taken. It is expected that when performing configuration steps that these are done optimally and with consideration of security of the system such as proper root and non-root administrative account use