Start tp1

architectures-infrastructures-entreprise/tp1/Makefile

@@ -0,0 +1,16 @@
+filename=$(shell basename $(shell pwd))
+timestamp=$(shell date +%Y-%m-%d_%H:%M)
+
+all: snapshot
+
+snapshot: main.tex
+	@latexmk -pdf main.tex
+	@if ! cmp --silent build/main.pdf ${filename}_*.pdf; then \
+		touch ${filename}_tmp.pdf; \
+		rm ${filename}*.pdf; \
+		cp build/main.pdf ${filename}_${timestamp}.pdf; \
+		echo "Updated"; \
+	fi
+
+clean:
+	@rm -rf build 2>/dev/null

architectures-infrastructures-entreprise/tp1/main.tex

@@ -0,0 +1,270 @@
+\documentclass[a4paper,french,12pt]{article}
+
+\title{Architectures et infrastructures sécurisées \\ TP1 \\ ACL}
+\author{Alexandre Chen, Tunui Franken, Thomas Jubault}
+\date{Dernière compilation~: \today{} à \currenttime}
+
+\usepackage{styles}
+\usepackage{enumitem}
+
+\begin{document}
+
+\maketitle
+\clearpage
+\tableofcontents
+
+\clearpage
+
+\section{Standard ACLs}
+
+\includegraphics[width=\linewidth]{./img/architecture-1.png}
+
+\begin{enumerate}
+
+    \item Reproduisez cette architecture en utilisant Packet Tracer.
+
+    \item Configurer les adresses IP comme dans la figure.
+
+        \begin{lstlisting}[gobble=12]
+            R1(config)#interface GigabitEthernet0/1
+            R1(config-if)#ip address 172.16.2.254 255.255.255.0
+            R1(config-if)#no shutdown
+            ...
+        \end{lstlisting}
+
+    \item Configurer le routage statique pour permettre aux PCs et aux serveurs de se pinguer entre eux.
+
+        \begin{lstlisting}[gobble=12]
+            R1(config)#ip route 192.168.1.0 255.255.255.0 203.0.113.2
+            R1(config)#ip route 192.168.2.0 255.255.255.0 203.0.113.2
+            R2(config)#ip route 172.16.1.0 255.255.255.0 203.0.113.1
+            R2(config)#ip route 172.16.2.0 255.255.255.0 203.0.113.1
+        \end{lstlisting}
+
+    \item Pinguer entre les PCs et les serveurs.
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping 192.168.1.100
+
+            Pinging 192.168.1.100 with 32 bytes of data:
+
+            Reply from 192.168.1.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time=1ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time<1ms TTL=126
+
+            Ping statistics for 192.168.1.100:
+                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
+            Approximate round trip times in milli-seconds:
+                Minimum = 0ms, Maximum = 1ms, Average = 0ms
+        \end{lstlisting}
+
+    \item Configurer OSPF dans R1 et R2.
+
+        \begin{lstlisting}[gobble=12]
+            R1(config)#router ospf 1
+            R1(config-router)#network 172.16.1.0 0.0.0.255 area 0
+            R1(config-router)#network 172.16.2.0 0.0.0.255 area 0
+            R1(config-router)#network 203.0.113.0 0.0.0.3 area 0
+            R2(config)#router ospf 1
+            R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
+            R2(config-router)#network 192.168.2.0 0.0.0.255 area 0
+            R2(config-router)#network 203.0.113.0 0.0.0.3 area 0
+
+            R1#show ip ospf neighbor
+
+            Neighbor ID     Pri   State           Dead Time   Address         Interface
+            203.0.113.2       1   FULL/DR         00:00:32    203.0.113.2     GigabitEthernet0/2
+        \end{lstlisting}
+
+    \item Quel algorithme de routage sera utilisé~?
+
+        OSPF utilise l'algorithme de Dijkstra mais il ne sera pas utilisé.
+        Les routes statiques seront utilisées car leur distance administrative est plus faible que OSPF\@.
+
+    \item Faites le nécessaire pour que R1 et R2 utilisent OSPF\@.
+
+        \begin{lstlisting}[gobble=12]
+            R1(config)#no ip route 192.168.1.0 255.255.255.0 203.0.113.2
+            R1(config)#no ip route 192.168.2.0 255.255.255.0 203.0.113.2
+            R2(config)#no ip route 172.16.1.0 255.255.255.0 203.0.113.1
+            R2(config)#no ip route 172.16.2.0 255.255.255.0 203.0.113.1
+        \end{lstlisting}
+
+    \item Configurez des ACL nnumérotées standard sur R1 et des ACL nommées standard sur R2 afin de respecter les stratégies réseau suivantes~:
+
+        \begin{enumerate}
+
+            \item Seuls PC1 et PC3 peuvent accéder à 192.168.1.0/24.
+
+                \begin{lstlisting}[gobble=20]
+                    R2(config)#ip access-list standard rule_A
+                    R2(config-std-nacl)#permit 172.16.1.1
+                    R2(config-std-nacl)#permit 172.16.2.1
+                    R2(config-std-nacl)#deny any
+                    R2(config-std-nacl)#int g0/0
+                    R2(config-if)#ip access-group rule_A out
+                \end{lstlisting}
+
+            \item Les hôtes de 172.16.2.0/24 ne peuvent pas accéder à 192.168.2.0/24.
+
+                \begin{lstlisting}[gobble=20]
+                    R2(config)#ip access-list standard rule_B
+                    R2(config-std-nacl)#deny 172.16.2.0 0.0.0.255
+                    R2(config-std-nacl)#permit any
+                    R2(config-std-nacl)#int g0/1
+                    R2(config-if)#ip access-group rule_B out
+                \end{lstlisting}
+
+            \item 172.16.1.0/24 ne peut pas accéder à 172.16.2.0/24.
+
+                \begin{lstlisting}[gobble=20]
+                    R1(config)#ip access-list standard 1
+                    R1(config-std-nacl)#deny 172.16.1.0 0.0.0.255
+                    R1(config-std-nacl)#permit any
+                    R1(config-std-nacl)#int g0/1
+                    R1(config-if)#ip access-group 1 out
+                \end{lstlisting}
+
+            \item 172.16.2.0/24 ne peut pas accéder à 172.16.1.0/24.
+
+                \begin{lstlisting}[gobble=20]
+                    R1(config)#ip access-list standard 2
+                    R1(config-std-nacl)#deny 172.16.2.0 0.0.0.255
+                    R1(config-std-nacl)#permit any
+                    R1(config-std-nacl)#int g0/0
+                    R1(config-if)#ip access-group 2 out
+                \end{lstlisting}
+
+        \end{enumerate}
+
+    \item Testez votre configuration.
+
+        Depuis PC1~:
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping 192.168.1.100
+
+            Pinging 192.168.1.100 with 32 bytes of data:
+
+            Reply from 192.168.1.100: bytes=32 time=12ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.1.100: bytes=32 time=39ms TTL=126
+
+            Ping statistics for 192.168.1.100:
+                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
+            Approximate round trip times in milli-seconds:
+                Minimum = 0ms, Maximum = 39ms, Average = 12ms
+        \end{lstlisting}
+
+        Depuis PC2~:
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping 192.168.1.100
+
+            Pinging 192.168.1.100 with 32 bytes of data:
+
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+
+            Ping statistics for 192.168.1.100:
+                Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
+        \end{lstlisting}
+
+        Depuis 172.16.2.0~:
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping 192.168.1.100
+
+            Pinging 192.168.1.100 with 32 bytes of data:
+
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+            Reply from 203.0.113.2: Destination host unreachable.
+
+            Ping statistics for 192.168.1.100:
+                Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
+        \end{lstlisting}
+
+        Depuis 172.16.2.0~:
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping 172.16.1.2
+
+            Pinging 172.16.1.2 with 32 bytes of data:
+
+            Reply from 172.16.2.254: Destination host unreachable.
+            Reply from 172.16.2.254: Destination host unreachable.
+            Reply from 172.16.2.254: Destination host unreachable.
+            Reply from 172.16.2.254: Destination host unreachable.
+
+            Ping statistics for 172.16.1.2:
+                Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
+        \end{lstlisting}
+
+    \item Analyser le résultat de la commande \texttt{show access-lists}.
+
+        \begin{lstlisting}[gobble=12]
+            R1#show access-lists
+            Standard IP access list 1
+                10 deny 172.16.1.0 0.0.0.255 (4 match(es))
+                20 permit any
+            Standard IP access list 2
+                10 deny 172.16.2.0 0.0.0.255 (2 match(es))
+                20 permit any
+
+            R2#show access-lists
+            Standard IP access list rule_A
+                10 permit host 172.16.1.1 (4 match(es))
+                20 permit host 172.16.2.1 (1 match(es))
+                30 deny any (4 match(es))
+            Standard IP access list rule_B
+                10 deny 172.16.2.0 0.0.0.255 (3 match(es))
+                20 permit any (2 match(es))
+        \end{lstlisting}
+
+        Les règles ont bien été rajoutées, et on peut voir des matches correspondants aux tentatives de ping.
+
+\end{enumerate}
+
+\section{Extended ACLs}
+
+\includegraphics[width=\linewidth]{./img/architecture-2.png}
+
+\begin{enumerate}
+
+    \item On va reprendre la même topologie de l'exercice 1.
+
+    \item Configurer le service DNS sur SRV1.
+
+        \includegraphics[width=\linewidth]{./img/dns.png}
+
+    \item Configurer un serveur WEB sur SRV2.
+
+        \includegraphics[width=\linewidth]{./img/web.png}
+
+    \item Pinguer entre les PCs et SRV1 en utilisant l'adresse IP puis le hostname.
+
+        \begin{lstlisting}[gobble=12]
+            C:\>ping efrei.com
+
+            Pinging 192.168.2.100 with 32 bytes of data:
+
+            Reply from 192.168.2.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.2.100: bytes=32 time=14ms TTL=126
+            Reply from 192.168.2.100: bytes=32 time<1ms TTL=126
+            Reply from 192.168.2.100: bytes=32 time=1ms TTL=126
+
+            Ping statistics for 192.168.2.100:
+                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
+            Approximate round trip times in milli-seconds:
+                Minimum = 0ms, Maximum = 14ms, Average = 3ms
+        \end{lstlisting}
+
+\end{enumerate}
+
+\end{document}

architectures-infrastructures-entreprise/tp1/styles.sty

@@ -0,0 +1,102 @@
+\ProvidesPackage{styles}
+
+\usepackage[
+    %showframe,
+    a4paper,includeheadfoot,margin=2cm,top=1cm,bottom=1cm
+]{geometry}
+
+\setcounter{tocdepth}{2}
+
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{babel}
+
+\usepackage{datetime}
+
+\usepackage{color}
+\usepackage{xcolor,colortbl}
+
+\usepackage{amsmath}
+\usepackage{amsfonts}
+\everymath{\displaystyle}
+\newcommand*\dif{\mathop{}\!\mathrm{d}}
+\usepackage{xfrac}
+
+\usepackage{booktabs}
+\usepackage{tabularx}
+\newcolumntype{Y}{>{\centering\arraybackslash}X}
+\definecolor{Red}{rgb}{1,0.2,0.2}
+\newcolumntype{r}{>{\columncolor{Red}}Y}
+\usepackage{multicol}
+\usepackage{multirow}
+\usepackage{makecell}
+\usepackage{parskip}
+\usepackage{microtype}
+\usepackage{enumitem}
+
+\usepackage{listingsutf8}
+\lstset{%
+    inputencoding=utf8/latin1,
+    basicstyle=\small\ttfamily,
+    columns=flexible,
+    breaklines=true,
+    extendedchars=true,
+    literate=
+    {á}{{\'a}}1 {é}{{\'e}}1 {í}{{\'\i}}1 {ó}{{\'o}}1 {ú}{{\'u}}1
+    {Á}{{\'A}}1 {É}{{\'E}}1 {Í}{{\'I}}1 {Ó}{{\'O}}1 {Ú}{{\'U}}1
+    {à}{{\`a}}1 {è}{{\`e}}1 {ì}{{\`\i}}1 {ò}{{\`o}}1 {ù}{{\`u}}1
+    {À}{{\`A}}1 {È}{{\`E}}1 {Ì}{{\`I}}1 {Ò}{{\`O}}1 {Ù}{{\`U}}1
+    {ä}{{\"a}}1 {ë}{{\"e}}1 {ï}{{\"\i}}1 {ö}{{\"o}}1 {ü}{{\"u}}1
+    {Ä}{{\"A}}1 {Ë}{{\"E}}1 {Ï}{{\"I}}1 {Ö}{{\"O}}1 {Ü}{{\"U}}1
+    {â}{{\^a}}1 {ê}{{\^e}}1 {î}{{\^\i}}1 {ô}{{\^o}}1 {û}{{\^u}}1
+    {Â}{{\^A}}1 {Ê}{{\^E}}1 {Î}{{\^I}}1 {Ô}{{\^O}}1 {Û}{{\^U}}1
+    {Ã}{{\~A}}1 {ã}{{\~a}}1 {Õ}{{\~O}}1 {õ}{{\~o}}1 {œ}{{\oe}}1
+    {Œ}{{\OE}}1 {æ}{{\ae}}1 {Æ}{{\AE}}1 {ß}{{\ss}}1 {ű}{{\H{u}}}1
+    {Ű}{{\H{U}}}1 {ő}{{\H{o}}}1 {Ő}{{\H{O}}}1 {ç}{{\c c}}1
+    {Ç}{{\c C}}1 {ø}{{\o}}1 {å}{{\r a}}1 {Å}{{\r A}}1
+    {€}{{\euro}}1 {£}{{\pounds}}1 {«}{{\guillemotleft}}1
+    {»}{{\guillemotright}}1 {ñ}{{\~n}}1 {Ñ}{{\~N}}1 {¿}{{?`}}1
+}
+\let\oldlstinputlisting\lstinputlisting
+% make \lstinputlisting always have frame
+\renewcommand{\lstinputlisting}[2][]{\oldlstinputlisting[frame=single,#1]{#2}}
+
+\lstnewenvironment{console}[1][]{%
+    \lstset{%
+        inputencoding=utf8/latin1,
+        basicstyle=\small\ttfamily\color{white},
+        columns=flexible,
+        breaklines=true,
+        extendedchars=true,
+        literate=
+        {á}{{\'a}}1 {é}{{\'e}}1 {í}{{\'\i}}1 {ó}{{\'o}}1 {ú}{{\'u}}1
+        {Á}{{\'A}}1 {É}{{\'E}}1 {Í}{{\'I}}1 {Ó}{{\'O}}1 {Ú}{{\'U}}1
+        {à}{{\`a}}1 {è}{{\`e}}1 {ì}{{\`\i}}1 {ò}{{\`o}}1 {ù}{{\`u}}1
+        {À}{{\`A}}1 {È}{{\`E}}1 {Ì}{{\`I}}1 {Ò}{{\`O}}1 {Ù}{{\`U}}1
+        {ä}{{\"a}}1 {ë}{{\"e}}1 {ï}{{\"\i}}1 {ö}{{\"o}}1 {ü}{{\"u}}1
+        {Ä}{{\"A}}1 {Ë}{{\"E}}1 {Ï}{{\"I}}1 {Ö}{{\"O}}1 {Ü}{{\"U}}1
+        {â}{{\^a}}1 {ê}{{\^e}}1 {î}{{\^\i}}1 {ô}{{\^o}}1 {û}{{\^u}}1
+        {Â}{{\^A}}1 {Ê}{{\^E}}1 {Î}{{\^I}}1 {Ô}{{\^O}}1 {Û}{{\^U}}1
+        {Ã}{{\~A}}1 {ã}{{\~a}}1 {Õ}{{\~O}}1 {õ}{{\~o}}1 {œ}{{\oe}}1
+        {Œ}{{\OE}}1 {æ}{{\ae}}1 {Æ}{{\AE}}1 {ß}{{\ss}}1 {ű}{{\H{u}}}1
+        {Ű}{{\H{U}}}1 {ő}{{\H{o}}}1 {Ő}{{\H{O}}}1 {ç}{{\c c}}1
+        {Ç}{{\c C}}1 {ø}{{\o}}1 {å}{{\r a}}1 {Å}{{\r A}}1
+        {€}{{\euro}}1 {£}{{\pounds}}1 {«}{{\guillemotleft}}1
+        {»}{{\guillemotright}}1 {ñ}{{\~n}}1 {Ñ}{{\~N}}1 {¿}{{?`}}1,
+        backgroundcolor=\color{black}, #1
+    }%
+}{}
+
+\usepackage{graphicx}
+
+\usepackage[hyphens]{url}
+\usepackage[colorlinks,hidelinks]{hyperref}
+
+\usepackage{tikz}
+\usetikzlibrary{shapes}
+
+\usepackage{letltxmacro}
+\LetLtxMacro{\normalparagraph}{\paragraph}
+\renewcommand{\paragraph}[1]{\normalparagraph{#1}\mbox{}}
+
+\sloppy