DISTRIBUTED FILE SYSTEM

A THESIS
Submitted in partial fulfillment of the requirements for the award of the degree of
Master of Technology
In
COMPUTER SCIENCE AND ENGINEERING
(CYBER SECURITY)

BY
ORUGANTI SRINIVASU

Under the Guidance of

Mr. S.CHANDRA SEKHAR M.Tech, (Ph.D)
Assistant Professor

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

UNIVERSITY COLLEGE OF ENGINEERING
KAKINADA-533003, AP (INDIA)

1
 CERTIFICATE

I hereby certify that the work which is being presented in the M.Tech. Thesis entitled
“DISTRIBUTED FILE SYSTEM”, in partial fulfillment of the requirements for the award of
the Master of Technology in Cyber Security and submitted to the Department of Computer
Science and Engineering of JNTU College of Engineering, KAKINADA, AP, is an authentic
record of my own work carried out during a period from DEC 2017 under the supervision of Mr.
S. CHANDRA SEKHAR, Assistant Professor, CSE Department.

Signature of Candidate

ORUGANTI SRINIVASU
Regd No. 17021D2613

This is to certify that the above statement made by the candidate is correct to the best of
my knowledge.

Signature of Supervisor
Mr. S. CHANDRA SEKHAR M.TECH(PH.D)

2
 ACKNOWLEDGEMENT

Satisfaction and euphoria that accompany the successful completion of any task would be
incomplete without the mention of people who made it possible, whose constant guidance and
encouragement crowned the efforts with success.

The first person I would like to thanks is my Project Guide Mr. S. CHANDRA SEKHAR,
Assistant Professor, Department of Computer Science and Engineering, who had given
continuous critical suggestions and extension of proper working atmosphere abiding interest that
has finally evolved into this research work.

3
 ABSTRACT

Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-
available access to files, load sharing, and WAN-friendly replication. In the Windows
Server® 2012 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly
called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in,
and introduced the new DFS Replication feature. In the Windows Server® 2012 operating
system, Microsoft added the Windows Server 2012 mode of domain-based namespaces and
added a number of usability and performance improvements.

4
 TABLE OF CONTENTS

1. Introduction

2. Main concept of routing

3. Way to configure routing in windows server 2012

4. Concept of RIP

5. Way to configure RIP

6. Understanding network address translation(NAT)

7. Way to configure network address translation in windows server 2012

8. Concept of remote access server

9. Configure remote access server

10. Main purpose of VPN and its security

11. Overview of PPTP

12. Configure VPN PPTP

5
1. Introduction

 Modern world scenario is ever changing. Data Communication and

network have changed the way business and other daily affair
works. Now, they highly rely on computer networks and
internetwork.
 A set of devices often mentioned as nodes connected by media link
is called a Network.
 A node can be a device which is capable of sending or receiving
data generated by other nodes on the network like a computer,
printer etc. These links connecting the devices are
called Communication channels.
 Computer network is a telecommunication channel using which we
can share data with other computers or devices, connected to the
same network. It is also called Data Network. The best example of
computer network is Internet.
 Computer network does not mean a system with one Control Unit
connected to multiple other systems as its slave. That is Distributed
system, not Computer Network.
 During initial days of internet, its use was limited to military and
universities for research and development purpose. Later when all
networks merged together and formed internet, the data used to
travel through public transit network. Common people may send
the data that can be highly sensitive such as their bank credentials,
username and passwords, personal documents, online shopping
details, or confidential documents.
 All security threats are intentional i.e. they occur only if
intentionally triggered. Security threats can be divided into the
following categories:
 Interruption is a security threat in which availability of resources is
attacked. For example, a user is unable to access its web-server or
the web-server is hijacked.
 In this threat, the privacy of a user is compromised. Someone, who
is not the authorized person is accessing or intercepting data sent or
received by the original authenticated user.
 This type of threat includes any alteration or modification in the
original context of communication. The attacker intercepts and

6
 receives the data sent by the sender and the attacker then either
modifies or generates false data and sends to the receiver. The
receiver receives the data assuming that it is being sent by the
original Sender.
 This threat occurs when an attacker or a security violator, poses as a
genuine person and accesses the resources or communicates with
other genuine users.

2. Main concept of routing

 In internetworking, the process of moving a packet of data

from source to destination. Routing is usually performed by a
dedicated device called a router. Routing is a key feature of
the Internet because it enables messages to pass from one computer
to another and eventually reach the target machine. Each
intermediary computer performs routing by passing along the
message to the next computer. Part of this process involves
analyzing a routing table to determine the best path.
 Routing is often confused with bridging, which performs a similar
function. The principal difference between the two is that bridging
occurs at a lower level and is therefore more of a hardware function
whereas routing occurs at a higher level where
the software component is more important. And because routing
occurs at a higher level, it can perform more complex analysis to
determine the optimal path for the packet.
 Routing is the process of selecting paths in a network where data
will be sent. Configuring Routing required to send traffic from one
subnet to another within an organization, and it is required to send
traffic from one organization to another. A computer running
Windows can act as a router and include its own routing table, so
that you can specify which direction data is sent toward its final
destination.

7
 Routers operate at the OSI Reference Model Layer 3, Network
layer. Therefore, they are sometimes referred to as Layer 3 devices.
Routers join subnets together to form larger networks and join
networks together over extended distances or WANs.
 As larger networks are formed, there may be multiple pathways to
get from one place to another. As WAN traffic travels multiple
routes, the router chooses the fastest or cheapest route between the
source and destination, while sometimes taking consideration of the
current load.
 Routing can also be performed by a layer 3 switch. Layer 2
switches (which operate at the layer 2 OSI model) are used to
connect a host to a network by performing packet switching that
allows traffic to be sent only to where it needs to be sent based on
mapping MAC addresses of local devices. Layer 3 switches can
perform layer 2 switching, but also perform routing based on IP
addresses within an organization. Different from a router, layer 3
switches cannot be used for directly connecting WAN connections.
 A server running Windows can have multiple network cards, each
network card can be connected to a different subnet. To allow
packets to be sent from one subnet to another subnet through the
server, you need to configure routing on the server.

Routing Table

o A routing table is a data table that is stored in a router or

networked computer that lists the routes of particular
network distances and the associated metrics or distances
associated with those routes. The routing tables are
manually created with static routes, or are dynamically
created with routing protocols such as Routing Information
Protocol (RIP), based on the current routing topology.
Microsoft Windows supports the Routing Information
Protocol through RRAS.
o RIP has been a popular distance-vector routing protocol for
small organizations. RIP uses broadcasts where the entire
routing table is sent to the other routers within the network.
To determine the distance or cost between networks, RIP
uses the metric of hop count, which is the count of routers.
The maximum number of hops allowed for RIP is 15. The

8
 hop count of 16 is considered infinite distance and
therefore, it is considered nonreachable.
o RIP was improved with RIP version 2 (RIPv2) by using
multicasts to send the entire routing table to all adjacent
routers at the address of 224.0.0.9 instead of using
broadcast. It also incorporates classless routing, which
includes the network mask to allow classless routing
advertisement. Finally, RIPv2 uses authentication to ensure
that routes being distributed throughout the network are
coming from authorized sources.

 Routing can be enabled using RRAS. You will use RRAS to

configure RIP or define static routes. You can also define static
routes using the Route command.

3. Way to configure routing in windows server 2012:

 Open Server Manager.

 Click Tools > Routing and Remote Access.
 Right-click the server and select Configure and Enable Routing and
Remote Access.
 When the Routing and Remote Access Server Setup Wizard opens,
click Next.
 On the Configuration page, select Custom configuration and click
Next.
 On the Custom Configuration page, select LAN routing and click
Next.
 On the Completing the Routing and Remote Access Server Setup
Wizard page,click Finish.
 When the Routing and Remote Access service is ready to use, click
the Start service button.

9
4. Concept of RIP

 The Routing Information Protocol (RIP) was the first dynamic

routing protocol to be used in an internetwork, so it was created and
used primarily with UNIX hosts for the purpose of sharing routing
information.

Use of RIP

o So why do we use RIP at all? Well, we probably shouldn't.

But sadly, there are some routers that don't run anything but
RIP (or OSPF), so we're not always left with a choice.
Maybe lurking somewhere in your network is an old legacy
router, say, a UNIX router. That being the case, you just
might be stuck supporting RIP on the network so this old
horse can participate in the routing updates.

10
5. Way to configure RIP

 When configuring any routing protocol for IPv4, you need to use a
specific prompt. Specifically, we use the router configuration
command to enter the Router (config-router)# prompt. We use the
“router” command to enter the configuration portion specific to a
given routing protocol. Since we are working with RIP, we need to
type router rip in order to configure this protocol.

11
6. Understanding network address translation (NAT)

 Network Address Translation (NAT) is designed for IP address

conservation. It enables private IP networks that use unregistered IP
addresses to connect to the Internet. NAT operates on a router,
usually connecting two networks together, and translates the private
(not globally unique) addresses in the internal network into legal
addresses, before packets are forwarded to another network.
 As part of this capability, NAT can be configured to advertise only
one address for the entire network to the outside world. This
provides additional security by effectively hiding the entire internal
network behind that address. NAT offers the dual functions of
security and address conservation and is typically implemented in
remote-access environments.
 For a computer to communicate with other computers and Web
servers on the Internet, it must have an IP address. An IP
address (IP stands for Internet Protocol) is a unique 32-bit number
that identifies the location of your computer on a network.
Basically, it works like your street address -- as a way to find out
exactly where you are and deliver information to you.
 When IP addressing first came out, everyone thought that there
were plenty of addresses to cover any need. Theoretically, you

12
 could have 4,294,967,296 unique addresses (232). The actual
number of available addresses is smaller (somewhere between 3.2
and 3.3 billion) because of the way that the addresses are separated
into classes, and because some addresses are set aside for
multicasting, testing or other special uses.
 With the explosion of the Internet and the increase in home
networks and business networks, the number of available IP
addresses is simply not enough. The obvious solution is to redesign
the address format to allow for more possible addresses. This is
being developed (called IPv6), but will take several years to
implement because it requires modification of the entire
infrastructure of the Internet.

Working of NAT

o Basically, NAT allows a single device, such as a router, to

act as an agent between the Internet (or public network) and
a local network (or private network), which means that only
a single unique IP address is required to represent an entire
group of computers to anything outside their network

13
7. Way to configure network address translation in windows
server 2012

 In the RRAS MMC snap-in, expand Your Server Name. If you are
using Server Manager, expand Routing and Remote Access.
 Expand IPv4, right-click NAT, and then click Properties.
 If you do not have a DHCP server on the private network, then you
can use the RRAS server to respond to DHCP address requests. To
do this, on the Address Assignment tab, select the automatically
assign IP addresses by using the DHCP allocator check box.
 To allocate addresses to clients on the private network by acting as
a DHCP server, in IP address and Mask, configure a subnet address
from which the addresses are assigned. For example, if you
enter 192.168.0.0 and a subnet mask of 255.255.255.0, then the
RRAS server responds to DHCP requests with address assignments
from 192.168.0.1 through 192.168.0.254.
 (Optional) To exclude addresses in the configured network range
from being assigned to DHCP clients on the private network,
click Exclude, click Add, and then configure the addresses.
 To add the public interface to the NAT configuration, right-
click NAT, and then click New Interface. Select the interface
connected to the public network, and then click OK.
 On the NAT tab, click Public interface connected to the
Internet and Enable NAT on this interface, and then click OK.
 If you want to add additional public addresses assigned to this
interface or configure service and port mappings to computers on
the private network.
 To add the private interface to the NAT configuration, right-
click NAT, and then click New Interface. Select the interface
connected to the private network, and then click OK.
 On the NAT tab, click Private interface connected to private
network, and then click OK.

14
8. Concept of remote access server,

 A remote access server (RAS) is a type of server that provides a

suite of services to remotely connected users over a network or the
Internet.
 It operates as a remote gateway or central server that connects
remote users with an organization's internal local area network
(LAN).
 A RAS includes specialized server software used for remote
connectivity. This software is designed to provide authentication,
connectivity and resource access services to connecting users.
 A RAS is deployed within an organization and directly connected
with the organization internal network and systems.
 Once connected with a RAS, a user can access his or her data,
desktop, application, print and/or other supported services.

15
9. Configure remote access server

To install the Remote Access role on Direct Access servers

o On the Direct Access server, in the Server Manager console,
in the Dashboard, click Add roles and features.
o Click Next three times to get to the server role selection
screen.
o On the Select Server Roles dialog, select Remote Access,
and then click Next.
o Click Next three times.
o On the Select role services dialog, select Direct Access and
VPN (RAS) and then click Add Features.
o Select Routing, select Web Application Proxy, click Add
Features, and then click Next.
o Click Next, and then click Install.
o On the Installation progress dialog, verify that the
installation was successful, and then click Close.

16
 To deploy Remote Access, you need to configure the server that
will act as the Remote Access server with the following:
 Correct network adapters
 A public URL for the Remote Access server to which client
computers can connect (the Connect to address)
 An IP-HTTPS certificate with a subject that matches the Connect
To address
 IPv6 settings
 Client computer authentication

To configure the Remote Access server

o In the middle pane of the Remote Access Management
console, in the Step 2 Remote Access Server area,
click Configure.
o In the Remote Access Server Setup Wizard, on the Network
Topology page, click the deployment topology that will be
used in your organization.

17
o In Type the public name or IPv4 address used by clients to
connect to the Remote Access server,
o Enter the public name for the deployment (this name
matches the subject name of the IP-HTTPS certificate, for
example, edge1.contoso.com), and then click Next.
o Network adapters for the networks in your deployment. If
the wizard does not detect the correct network adapters,
manually select the correct adapters.
o IP-HTTPS certificate. This is based on the public name for
the deployment that you set during the previous step of the
wizard. If the wizard does not detect the correct IP-HTTPS
certificate, click Browse to manually select the correct
certificate.
o Click Next.
o On the Prefix Configuration page (this page is only visible
if IPv6 is detected in the internal network), the wizard
automatically detects the IPv6 settings that are used on the
internal network. If your deployment requires additional
prefixes, configure the IPv6 prefixes for the internal
network, an IPv6 prefix to assign to Direct Access client
computers, and an IPv6 prefix to assign to VPN client
computers.

18
 On the Authentication page:
o For multisite and two-factor authentication deployments,
you must use computer certificate authentication. Select
the Use computer certificates check box to use computer
certificate authentication and select the IPsec root
certificate.
o To enable client computers running Windows 7 to connect
via Direct Access, select the Enable Windows 7 client
computers to connect via Direct Access check box. You
must also use computer certificate authentication in this
type of deployment.
o Click Finish.

19
10. Main purpose of VPN and its security

 A VPN or Virtual Private Network is a method used to add

security and privacy to private and public networks, like
WiFi Hotspots and the Internet. VPNs are most often used
by corporations to protect sensitive data.
 However, using a personal VPN is increasingly becoming
more popular as more interactions that were previously
face-to-face transition to the Internet.
 Privacy is increased with a VPN because the user's initial IP
address is replaced with one from the VPN provider. This
method allows subscribers to attain an IP address from any
gateway city the VPN service provides.
 For instance, you may live in San Francisco, but with a
VPN, you can appear to live in Amsterdam, New York, or
any number of gateway cities.

VPN Security

o Security is the main reason why corporations have used

VPNs for years. There are increasingly simple methods to
intercept data traveling to a network.
o WiFi spoofing and Firesheep are two easy ways to hack
information. A useful analogy is that a firewall protects your

20
 data while on the computer and a VPN protects your data on
the web.
o VPNs use advanced encryption protocols and secure
tunneling techniques to encapsulate all online data transfers.

o Most savvy computer users wouldn't dream of connecting to

the Internet without a firewall and up-to-date antivirus.
Evolving security threats and ever increasing reliance on the
Internet make a VPN an essential part of well-rounded
security.
o Integrity checks ensure that no data is lost and that the
connection has not been hijacked. Since all traffic is
protected, this method is preferred to proxies.

Setting up a VPN

o Setting up a VPN is a straightforward process. It's often as

simple as entering a username and sever address. The
dominant smartphones can configure VPNs using PPTP and
L2TP/IPsec protocols.

21
 o All major operating systems can configure PPTP VPN
connections. OpenVPN and L2TP/IPsec protocols require a
small open source application (OpenVPN) and certificate
download respectively.

VPN Protocols

o The number of protocols and available security features

continue to grow with time. The most common protocols
are:
o PPTP - PPTP has been around since the days of Windows
95. The main selling point of PPTP is that it can be simply
setup on every major OS. In short, PPTP tunnels a point-to-
point connection over the GRE protocol. Unfortunately, the
security of the PPTP protocol has been called into question
in recent years. It is still strong, but not the most secure.
o L2TP/IPsec - L2TP over IPsec is more secure than PPTP
and offers more features. L2TP/IPsec is a way of
implementing two protocols together in order to gain the
best features of each.
o In this case, the L2TP protocol is used to create a tunnel and
IPsec provides a secure channel. This makes for an
impressively secure package.

o Open VPN - OpenVPN is an SSL-based VPN that

continues to gain popularity. The software used is open
source and freely available.

22
 o SSL is a mature encryption protocol, and OpenVPN can run
on a single UDP or TCP port, making it extremely flexible.

Configuring VPN server

o You can configure your VPN server by running the Routing

and Remote Access Server Setup Wizard. You can use the
wizard to configure the following settings:
o The method by which the VPN server assigns IP addresses
to remote access clients (either using addresses that the
VPN server obtains from a DHCP server or by using
addresses from a specified range of addresses that you
configure).
o Forwarding of authorization and authentication messages to
a Remote Authentication Dial-In User Service (RADIUS)
server (configuration of the VPN server as a RADIUS
client).
o After you run the Routing and Remote Access Server Setup
Wizard, these RRAS settings are automatically configured:
o Network interfaces
o IKEv2, SSTP, PPTP, and L2TP ports (5 or 128 of each,
depending on your choices when running the wizard)

23
 o Multicast support using Internet Group Messaging Protocol
(IGMP)
o IP routing
o Installation of the DHCP Relay Agent component

11. Overview of PPTP

 PPTP stands for Point-to-Point Tunneling Protocol. PPTP,
operating on TCP port 1723, is one of the oldest VPN
protocols still in use, having been around since Windows 95
and standard on all versions of Windows since.
 PPTP was developed by a Microsoft initiative to
encapsulate another protocol called PPP (Point-to-Point
Protocol).
 Out of all the VPN protocols, PPTP is one of the most
common, easiest to set up, and computationally fastest. For
that reason, PPTP is useful for applications in which speed
is paramount, like audio or video streaming, and on older,
slower devices with more limited processors.

24
 However, PPTP is also subject to serious security
vulnerabilities. Its underlying authentication protocols,
usually MS-CHAP-v1/v2, are fundamentally insecure, and
have been repeatedly cracked in security analyses since it
was first introduced.

 For this reason, PPTP is NOT recommended except in

cases where security is absolutely non-essential.

25
12. Configure VPN PPTP:

 Many vendors offer customers the ability to build they very

own PPTP VPN. You probably shouldn’t since they are no
longer consider to be secure,
 But there’s no law that says you can’t. Microsoft Windows
Server 2012 and earlier version are no different. With only a
little effort, you can use Windows Server 2012 to make your
very own PPTP VPN server.
 The VPN server should be configured with two network
interfaces; one internal and one external.
 This configuration allows for a better security posture, as
the external network interface can have a more restrictive
firewall profile than the internal interface.
 A server with two network interfaces requires special
attention to the network configuration.
 Only the external network interface is configured with a
default gateway.
 Without a default gateway on the internal network interface,
static routes will have to be configured on the server to
allow communication to any remote internal subnets.

26
 For more information about configuring a multi-homed
Windows server, click here.
 The server does not have to be joined to a domain, but it is
recommended to streamline the authentication process for
VPN clients and to provide better management and security
for the server.
 Many of the steps here are identical to those you would
perform if you were building a secure SSTP VPN on
Windows Server 2012
 If the VPN server is to be deployed in a load-balanced
cluster, IP addresses must be assigned to clients manually.
 The VPN server can authenticate users itself, or forward
authentication requests to an internal RADIUS server.
 For the scope of this article, native Windows authentication
using RRAS will be configured.
 And you chose not to use Anywhere Access to do it. The
Anywhere Access wizard makes building a secure SSTP
VPN almost effortless. The old fashioned way is a little
more difficult, but not much.
 The SSTP VPN adds additional work, compared to PPTP, in
the area of Active Directory Certificate Services (AD CS).

27
 The steps required to configure a Windows PC as a client
are posted elsewhere. Client PCs do not need to be in a
domain. Many vendors offer the ability to make PPTP VPN
servers,
 but all configure exactly the same at the client PC
end. Therefore, to be concise and avoid redundancy, I
posted the client PC set-up instructions here (toward the
bottom), along with a serious warning about the security
issues inherent in PPTP.

28
29