661982 Secure Digital Infrastructure

Module Number: 661982 Trimester: 1
Module Title: Secure Digital Infrastructure
Lecturer: Dr. Ahmed Moustafa
COURSEWORK DETAILS:
Assessment Number: 1 of 2
Title of Assessment:
Format: Report
Method of Working: Individual
Workload Guidance: Typically, you should
expect to spend between

Feedback should be provided no later than 4 ‘teaching weeks’ after the submission date.

You are advised to read the NOTES regarding late penalties, over-length assignments, academic
misconduct and quality assurance in your student handbook, which is available on Canvas.
Student Name Marking will be by:
661982 Secure Digital Infrastructure ACW

Assignment
Please read the below sub-sections carefully. The report needs to be submitted on the
module page on Canvas.
661982 Secure Digital Infrastructure ACW

Virtual Machine Configuration
A leading Japanese Biotech company has recently acquired some virtual machine resources
to begin deployment of their research data management system and to additionally facilitate
in-house research and development.

You have been given a freshly created Virtual Machine which will need configuring
appropriately. Your role as administrator for this company is to configure these systems and
maintain them.

Task:
1. Secure, with justification, the root user account
2. Setup administrative users for yourself and another one for the module leader
(Ahmd Moustafa)
3. Set-up and correctly configure the SSH server, taking into account all user account
requirements.
4. Create accounts where needed for the following persons:
a. Katsuhide Fujita - Head of R&D
b. Naoko Yamaguchi - Lead Scientist
c. Kai Yoshino- Is an intern (Kun) with the company and is being closely
supervised by Naoko. He will require access to materials which Naoko will
place in a folder in /srv/ for him to access as part of his training.
d. Shota Suzuki – Media Manager, requiring access to
/srv/http to see, and put any promotional material. Shota is not familiar withCLI,
and only requires SFTP access infrequently.
e. Daiki Setoguchi & Makoto Hagiwara - Company research engineers who
need access to dedicated project materials for on-going development.
These also reside in /srv/.
f. Yuya Kondo - Quality Manager responsible for verifying that developed work
conforms to company standards and works appropriately.
5. Store, and secure access to, a research project data directory (under /srv/) for
research engineers to have access to. Research engineers should have full access
to the research projects’ folders; however, the quality managers should not be able
to change the research data, only check the experimentation data for compliance
and whether they follow the quality guidelines. Senior members of the company
such as the Lead Scientist and the Head of R&D should be able to oversee any
company research project/asset. On occasion they will contribute to research
projects developed by Daiki and Makoto.
6. Conduct a comprehensive security assessment and audit of the configured system.
Identify potential security risks, vulnerabilities, and areas of improvement. Propose
and justify strategies for managing and mitigating these risks. Include steps for
responding to security incidents and maintaining an updated security posture.
7. Critical reflection section: reflecting on the process of learning these tools, and of
configuring the VM to this specification. This can include challenges faced (such as
error messages) and how you solved them, as well as personal reflections on the
process as a whole.
661982 Secure Digital Infrastructure ACW

As Kai has just started, Naoko does not yet have any materials to send him; however,
she still requires a place to put these when ready.

Kai has been told he should normally use private keys; however, he asks if he can login
with password only from the following host on the local network: (150.237.92.8 );
Everywhere else he has private keys to login.

First Steps
Follow the vSphere access instructions, including VPN access.

Each VM has internet connection for downloading any packages you may need. Each of
your VMs is also in a subnetwork, therefore enabling communication between your
colleagues for testing purposes. Note: Any abuse of this will be dealt with severely.

You should request a reset of your Virtual Machine when you are ready to attempt this
assignment task, as it will require documenting your progression. See the “What if
things go wrong / needs resetting” section below for details on resetting back to the
template.

What if things go wrong / needs resetting?
It is possible for you to misconfigure your machine which will result in your being locked out.
In some cases, even using the vSphere login web console might not be possible. If you have
fully locked yourself out, and a snapshot isn’t available to roll-back to, then you may request
your VM be reset back to the template by opening a Virtual Machine ticket on
support.hull.ac.uk putting “For the attention of Andrew Hancock” at the top.
Please ensure you include your 6-digit ADIR number so your response can be dealt with
promptly.

This WILL wipe your VM back to the original workshop starting point, and will require you to
reinstall many packages which you may be familiar with from workshops.

Also note, it may take time for these to be reset depending on the current workload of ICTD,
therefore consider this a warning against last minute VM configurations close to the
deadline.
661982 Secure Digital Infrastructure ACW

Deliverable
A PDF report ( Minimum 4 pages; Maximum 8 pages ) detailing the steps from the initial
machine given to you, towards the goal of configuring to the above specification. You should
provide clear and justified rationale for decisions made.
You should include steps taken to verify that changes implemented are working as intended.
You may utilise additional software which is required to be installed via pacman; however,
these must be justified and fit-for-purpose.

Cover page, table of contents page, appendices, and references sections do not count
towards the page limit.

Note: Your VM will NOT be inspected for being awarded marks. Therefore you should
ensure that your documented progress sufficiently shows the steps taken. It is expected that
when performing configuration steps that these are done optimally and with consideration of
security of the system such as proper root and non-root administrative account use
wechat codinghelp