Test Reviewfor final
Download
Report
Transcript Test Reviewfor final
Web Server Administration
Chapter 1
The Basics of Server and Web
Server Administration
1
Overview
The Internet and the World Wide Web
Server administration
Web server administration
Common tasks and services performed
by administrators
Networking building blocks
Web server platforms
2
Establishing Access Control
What is Access control?
What is a roaming profile?
What are some of the standard groups
in a Windows 2003 Server
environment?
3
Understanding the Server
Environment
With Windows computers, servers and
users’ computers can be organized into
domains in order to centralize control
How do domains work in Windows?
4
Understanding Web server
Administration
Web server administrators focus on
resource access via the Internet
What type of services are distributed
over the web?
5
Understanding Web server
Administration
What are some of the tasks of a Web
Administrator?
Web page development
Database design
Programming
E-mail administration
Security
6
Selecting Programs and
Databases
Web server administrators need to
install programming languages
Name three programming languages
Active Server Pages (ASP)
ASP.Net
Original language from Microsoft
A newer environment that includes many
languages
Java Server Pages (JSP)
7
Selecting Programs and
Databases
Examples of popular Non-Microsoft
languages…
Perl – one of the first and still popular
PHP – easy to use
Java Server Pages (JSP)
Macromedia ColdFusion
8
Dynamic content
What is dynamic content and what do
you need to produce it?
9
Selecting Programs and
Databases
A database management system (DBMS) is
used to store data used with Web pages
Microsoft Access is appropriate for small sites
Microsoft SQL Server, Oracle 9i, and MySQL are
sophisticated DBMSs for larger sites
Standard Query Language (SQL) is the
language used to communicate with the
DBMS
10
Applications you need to
understand
Email
Firewall
FTP
DNS
11
TCP/IP Protocols
Hypertext Transfer Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP)
Web servers implement this protocol
Used by e-mail servers (and sometimes
Web servers) to send e-mail
Post Office Protocol Version 3 (POP3)
Used to retrieve e-mail
12
TCP/IP Protocols
File Transfer Protocol (FTP)
Domain Name Service (DNS)
Transfers files to and from server
Translates host names to IP addresses and
IP addresses to host names
Transmission Control Protocol (TCP)
Creates a reliable connection between two
computers
13
TCP/IP Protocols
User Datagram Protocol (UDP)
Internet Protocol (IP)
Does not establish a connection, just sends
messages
Provides addressing scheme
Internet Control Message Protocol
(ICMP)
Provides error messages
14
Common Carrier Connections
What are some of the common
connection types to ISPs?
What are the speeds?
How do WAN speeds compare to LAN
speeds?
15
Ways to Connect to the
Internet
T Lines (T1, T3)
Integrated services digital network (ISDN)
Digital Subscriber Line (DSL)
Dial-up access
Basic Rate Interface (BRI) up to 128 Kbps
Primary Rate Interface (PRI) up to 1.544 Mbps
Often differing speeds for uploads and downloads
Depending on type, up to 6.1 Mbps for downloads and 1.544
Mbps for uploads
Cable Modem
Shared access cable provided by cable TV company
16
So?
Why does the speed of your connection
to the ISP matter?
What factors determine your bandwidth
needs?
17
Web Hosting Solutions
Standard hosting
Dedicated server
Co-location
What’s the difference?
18
Web Server PlatformsMicrosoft
Name two
19
True/False
Indicate whether the sentence or statement is
true or false.
The Internet is centrally
controlled.
20
True/False
Indicate whether the sentence or statement is
true or false.
Peering agreements are
always free.
21
True/False
Indicate whether the sentence or statement is
true or false.
A backbone is used for highspeed user connections.
22
True/False
Indicate whether the sentence or statement is
true or false.
A roaming profile resides on
each user’s computer.
23
True/False
Indicate whether the sentence or statement is
true or false.
Web server administrators
need to be good programmers.
24
True/False
Indicate whether the sentence or statement is
true or false.
XML allows developers to
create text files containing tags
that define information.
25
True/False
Indicate whether the sentence or statement is
true or false.
Microsoft Access is a more
complex DBMS than SQL Server
2000.
26
True/False
Indicate whether the sentence or statement is
true or false.
One of the advantages of e-mail
servers is that they are very secure
and prevent anything harmful from
entering the system.
27
True/False
Indicate whether the sentence or statement is
true or false.
Software patches and
enhancements have been known
to cause problems.
28
True/False
Indicate whether the sentence or statement is
true or false.
In a LAN environment, the most
common network technology in
use today is Ethernet.
29
True/False
Indicate whether the sentence or statement is
true or false.
T-Carrier connections offer
the most growth potential.
30
True/False
Indicate whether the sentence or statement is
true or false.
Cable modems do not share
access with other users in the
same area.
31
True/False
Indicate whether the sentence or statement is
true or false.
In standard hosting, your site
resides on the same computer
with many other sites.
32
True/False
Indicate whether the sentence or statement is
true or false.
You cannot run a Web server on a
Windows client operating system, such
as Windows 2000 Professional or
Windows XP.
33
Modified True/False
Indicate whether the sentence or statement is
true or false. If false, change the identified
word or phrase to make the sentence or
statement true.
Active Server Pages are compiled.
34
True/False
Indicate whether the sentence or statement is
true or false.
You cannot use Microsoft Exchange on
a Microsoft client product, such as
Windows 2000 Professional or
Windows XP.
35
True/False
Indicate whether the sentence or statement is
true or false.
Bandwidth is expressed in bytes
per second.
36
True/False
Indicate whether the sentence or statement is
true or false.
DSL connections can have
differing upload and download
speeds.
37
True/False
Indicate whether the sentence or statement is
true or false.
ISDN is a dial-up service.
38
Web Server Administration
Chapter 2
Preparing For Server Installation
39
Identifying Server Categories-File
Servers and Application Servers
There is a difference between a file server
and an application server
40
Evaluating Server ComponentsSelecting a NIC
NIC Type
Speed
Media
Use
Standard
Ethernet
10 Mbps
Twisted pair
(sometimes fiber)
Workstations
Fast
Ethernet
100 Mbps
Twisted pair
(sometimes fiber)
Workstations and
small to medium
servers
Gigabit
Ethernet
1,000 Mbps
Fiber (sometimes
twisted pair)
High-end servers
10-Gigabit
Ethernet
10,000 Mbps
Fiber
Backbone
connections
ATM
25 Mbps – 622+
Mbps
Fiber
Workstations and
servers (rare)
41
Disk Redundancy through
RAID
RAID 1 (mirroring)
RAID 5 (most common)
42
Setting Up Backup Systems
Full – all data is backed up
Differential – backs up all files that are new
or changed since last full backup
Incremental – backs up all files that are
new or changed since the last incremental
backup
43
Evaluating Network
Components
Hubs should be avoided in a server
environment - Why?
Switches can come close to the
appearance of a dedicated circuit
between servers
Routers connect one network to
another
44
Setting Up IP Addressing
IP addresses are
divided into the
network portion and
the host portion
The subnet mask
distinguishes the
two portions
45
Common IP Classes
Class
First number
Subnet mask
Number of
networks
Number of
hosts
Class A
1 – 127
255.0.0.0
126
>16,000,000
Class B
128 – 191
255.255.0.0
> 16,000
>65,000
Class C
192 – 223
255.255.255.0
> 2,000,000
254
46
Network Address Translation
(NAT)
NAT allows an IP address from one
network to be translated into another
address on an internal network
You can also use NAT to translate a
single IP address valid on the Internet
into multiple internal addresses
Useful if your ISP gives you a single IP
address, yet you have multiple servers and
users on the internal network
47
Web Server Administration
Chapter 3
Installing the Server
48
The Installation ProcessPartitioning the Hard Disk
A partition is a logical division of the hard disk
A system boots from the primary partition
You can create an extended partition
Gives you more logical drives in Windows
Gives you more Linux partitions
It is best to isolate the operating system from
applications
If the application partition fills and the operating system
is on the same partition, the OS stops
49
The Installation ProcessSelecting a File System
A file system determines how files are stored
on a hard disk
Windows has two file systems
FAT is based on the original DOS file system and
has no security
NTFS has security which is critical for a server
The default user file system in Red Hat Linux
8 is ext3, which offers some performance
improvements over ext2
50
Configuring TCP/IP in Windows
To determine TCP/IP configuration, type
ipconfig at a command prompt
51
To Change the IP Address in
Windows
From the Local Area Status dialog box,
click Properties
Select Internet Protocol (TCP/IP), then
click Properties
Now you can change the IP address
The Advanced button allows you to add
multiple IP addresses for a single NIC
52
Web Server Administration
Chapter 4
Name Resolution
53
Understanding the DNS
What is DNS?
54
Domain Namespaces
The root level domain is ?
Top-level domains include ?
Second-level domains are often owned by
companies and individuals. Examples?
What is a subdomain is a further division of a
second-level domain? Where are they
commonly used today?
55
How DNS Works
56
DNS Components
Name server
Name resolver (client)
57
Caching and Forwarding Servers
58
Zones
What is a DNS zone?
59
Zones
Zones must be contiguous
admin.devry.edu can be combined with devry.edu
admin.devry.edu cannot be combined with
student.devry.edu
There must be one primary DNS server in
each zone (plus a secondary server)
Each zone can have multiple secondary DNS
servers
60
Zone File Configuration
Forward Lookup
These zones contain entries that map
names to IP addresses
Reverse Lookup
These zones contain entries that map IP
addresses to names
61
Common DNS Records
DNS record
Function
Address (A)
Associates a host to an IP address.
Canonical name
(CNAME)
Creates an alias for a specified host.
Internet (IN)
Identifies Internet records; precedes most DNS record
entries.
Mail Exchanger
(MX)
Identifies a server used for processing and delivering e-mail
for the domain.
Name server (NS)
Identifies DNS servers for the DNS domain.
Pointer (PTR)
Performs reverse DNS lookups. Resolves an IP address to a
host name.
Start of Authority
(SOA)
Identifies the DNS server with the most current information for
the DNS domain.
62
Finished DNS Configuration in
Windows
63
Troubleshooting DNS
ping
ping displays name resolution even if the computer cannot be contacted
64
Troubleshooting DNS
nslookup
nslookup can display information from the DNS server
65
Web Server Administration
Chapter 5
Managing a Server
66
Microsoft LAN Networking ModelsWorkgroup
Peer to peer
Client – Server
What’s the difference?
67
Microsoft LAN Networking ModelsWorkgroup (Peer to Peer0
How many users max?
Disadvantages
Most users do not want to administer
resources on their computer
Need user names and passwords of users
who need resources
Difficult to keep track of changing
passwords
68
Microsoft LAN Networking ModelsDomain
One or more servers centralize control
Computers are part of a domain
Single, centralized logon
Single point of control
Users can be given access to resources
anywhere in the domain
69
Client/Server Networking
Model
Client represents a program such as a
browser or an e-mail client
Server has a corresponding program
that communicates with the client
70
Authenticating Users
Process of determining a user's true
identity
Three basic methods
What you know – user name and
passwords
What you have – entry card
Who you are – biometrics
71
Implementing an
Authentication System
NTLM
Kerberos
72
Managing Users and Groups
Users need accounts to access
resources on a server. On a Web server
there is a restricted account that is used
on behalf of Internet users
What is that account?
In a LAN, users with common resource
needs are put in a group, and the group
is given access to the resource
73
Managing Users and Groups in
Windows
Windows has an account called system
It represents the operating system and it
has many of the same privileges of the
administrator
Often needed by server programs
74
Users and Groups in Windows
Local accounts exist on a single computer and
can be used to control resources only on that
computer
Domain accounts can be used to control
resources on all the computers that are part
of the domain
Active Directory (AD) allows domains to be
grouped into a forest
Microsoft Exchange requires AD
75
File System Permissions
Permission allow you to control access
to the resources on a computer such as
a Web page, a document, or a program
In Windows, the NTFS file system is
required in order to assign permissions
All Linux file systems incorporate
permissions
76
File System Permissions in
Windows
Permission
Description
Full Control
Full Control includes all other permissions and allows you to take
ownership of the file or folder and change the attributes of a file
Modify
Allows read, write, and delete
Read
With this permission, you can read files but cannot execute them
Write
When set on a file, this permission allows you to write to files; when
set on a folder, you can write to the folder
Read & Execute
Read files and run programs
List Folder Contents
This permission allows you to view the contents of a folder
Special Permissions
(Windows 2003
only)
This is not a specific permission; under the list of permissions for
users, when this permission is checked, it means that this user
has one or more of the 14 individual permissions set
77
Sharing Resources in a
Windows Network
Shared folders require permissions
When comparing share permissions and
NTFS permissions, the most restrictive
permission takes precedence
Permission
Description
Full Control
Allow files to be added, deleted, changed, and read
Change
Allow existing files to be written to
Read
Can only read files
78
Enforcing Network Policies
You can control a number of policies in
both Windows and Linux
Windows has many more policies but
the majority are appropriate for LANs
A common policy involves passwords
Number of days before change allowed
Number of days before change required
79
Web Server Administration
Chapter 6
Configuring a Web Server
80
How a Web Server Works
HTTP (Hypertext Transfer Protocol)
defines how information is passed
between a browser and a Web server
The two most popular Web servers are?
Almost two-thirds of all Web servers use
Apache
81
How a Web Server Works
As is true with other servers such as
DNS, Web servers listen for
communication at a port
The default port is 80
You can also create Web servers at port
numbers greater than 1023
Each Web server has a root, which is
where you store the HTML documents
82
Features in IIS 5.0
Web Distributed Authoring and Versioning
(WebDAV)
Named virtual hosting
Multiple Web sites can share a single IP address
Per Web site bandwidth throttling
Allows a server to share Web-based files
Control bandwidth by Web site
Kerberos authentication
Secure Sockets Layer 3.0
Encrypted communication
83
Features in IIS 6.0
Increased security
Expanded language support
Default permits only HTML documents
Can use XML and SOAP
Support for IPv6
Increased dependability
Kernel-mode HTTP service
Self-healing mechanism
84
Default Web Site Properties in
IIS
85
Hosting Multiple Web Sites
by Port Number
Associate each new Web site with a
port above 1023
To retrieve a Web page from a site at
port 8080
www.technowidgets.com:8080/prod.htm
Because it requires a user to add the
port number, it is not a popular method
86
Hosting Multiple Web Sites
by IP Address
You can create multiple IP addresses on a
single NIC
Referred to as virtual IP addresses
Useful for flexibility because if each domain
has its own unique IP address, you can easily
move the domain to a different Web server
It is getting more expensive to get multiple IP
addresses from an ISP
87
Hosting Multiple Web Sites
by Host Name
Multiple host names can be associated
with a single IP address
Getting a single IP address from your ISP
is relatively inexpensive
You can host an almost unlimited number
of domains with a single IP address
It is the most common method of hosting
88
Web Server Administration
Chapter 7
Installing and Testing a
Programming Environment
89
The Need for Programming
Languages
What is a static web page?
Pages that contain programming
statements allow changes and they are
called dynamic pages
Programming languages can also be
used to update databases and
communicate with other systems
90
Database Management
Systems (DBMSs)
The purpose of a DBMS is to store data
in an organized manner for further
processing
Structured Query Language (SQL) is the
language used to define and manipulate
the data
Most databases are relational and
organize data into tables
91
Web-based Programming
Environment
What is a Cookie?
Text that a Web site stores on your disk
92
Web Server Administration
Chapter 8
Providing E-mail Services
93
Understanding the E-mail
Environment
E-mail evolved from a variety of proprietary
systems
In the 1980s and 1990s, people often had email addresses on a number of systems
Even as late as 1997, Exchange 5.5 was not
designed to take advantage of Internet e-mail
An add-on gave Exchange the ability to send and
receive e-mail over the Internet
94
Exchange 2000 Goes Beyond
E-mail Basics
Instant messaging
Unified messaging platform
Chat service
URL addressing
Single inbox for e-mail, voicemail, fax
Use a single URL to access stored data
Audio and video conferencing
95
Role of DNS in E-mail Systems
A domain name, such as
technowidgets.com, needs to be
associated with two IP addresses.
Explain.
To associate a domain name, or any other
host name, with the IP address of an email server, you need an ____ record?
96
E-mail System Terminology
MTA (Mail Transfer Agent)
MUA (Mail User Agent)
Accepts e-mail from clients and sends e-mail to
another MTA for storage
Exchange 2000, sendmail
E-mail client
Outlook, KMail
MDA (Mail Delivery Agent)
Delivers e-mail from server to MUA
Exchange 2000, imap-2001
97
E-mail Protocols
SMTP (Simple Mail Transfer Protocol)
POP3 (Post Office Protocol)
To send e-mail messages
To retrieve e-mail
Typically, all messages are downloaded to a client
IMAP4 (Internet Mail Access Protocol)
To retrieve e-mail
E-mail stays on the server
You can create folders on server to store e-mail
98
Installing Microsoft Exchange
2000
SMTP is part of IIS, not Exchange, and needs
to be installed
NNTP (Network News Transport Protocol)
needs to be installed before Exchange and is
also part of IIS
Active Directory is required for Exchange
Once the above are installed, the Exchange
wizard guides you through a simple
installation
To use Exchange 2000 on Windows Server
2003, Exchange 2000 Service Pack 3 is
required
99
Web Server Administration
Chapter 9
Extending the Web Environment
100
Web Server Administration
Chapter 9
Extending the Web Environment
101
Understanding FTP Services
FTP is used to transfer files from a server to a
client (download) and transfer files from a
client to a server (upload)
FTP client is the browser
Also command-line and GUI clients
FTP servers can operate as anonymous
servers or they can require a valid logon
Typically, they are anonymous
FTP servers are not secure; user names and
passwords are not sent encrypted
102
Understanding FTP Services
The client connects to port 21 (control
port)
Port 20 (data port) is used to tell the
client which unprivileged port to use for
data transfer
The above describes passive mode FTP,
the most common type
103
Web Server Administration
Chapter 10
Securing the Web Environment
104
Vulnerabilities of DNS
Historically DNS has had security
problems
105
Vulnerabilities in Operating
Systems
Operating systems are large and complex
which means that there are more
opportunities for attack
Although Windows has had its share of
problems, often inattentive administrators
often fail to implement patches when
available
Some attacks, such as buffer overruns, can
allow the attacker to take over the computer
106
Vulnerabilities in Web servers
Static HTML pages pose virtually no
problem
Programming environments and
databases add complexity that a hacker
can exploit
Programmers often do not have time to
focus on security
107
Vulnerabilities of E-mail
Servers
By design, e-mail servers are open
E-mail servers can be harmed by a series of
very large e-mail messages
Sending an overwhelming number of
messages at the same time can prevent valid
users from accessing the server
Viruses can be sent to e-mail users
Retrieving e-mail over the Internet often
involves sending your user name and
password as clear text
108
Digital communication
Closed and secure (national defense,
VPN)
Open and secure (SSL)
Open and non-secure (PKI)
109
What Is PKI?
A PKI is an asymmetric cryptography
security environment that supports the
transmission, delivery, and receipt of
digital communications over a nonsecure communications channel.
110
PKI a ‘hot technology”
E-Commerce
E-Governance
State of Illinois
111
What Does PKI Do?
Authenticates sender of digital
communications
Protects integrity of digital communications
Key Pair
Private
Public
Trusted third party
112
Securing Data Transmission
To secure data on a network that is
accessible to others, you need to
encrypt the data
SSL is the most common method of
encrypting data between a browser and
Web server
Secure Shell (SSH) is a secure
replacement for Telnet
113
Secure Sockets Layer (SSL)
A digital certificate issued by a certification
authority (CA) identifies an organization
The public key infrastructure (PKI) defines
the system of CAs and certificates
Public key cryptography depends on two keys
A public key is shared with everyone
The public key can be used to encrypt data
Only the owner of the public key has the
corresponding private key which is needed to
decrypt the data
114
Securing the Operating
System
Use the server for only necessary tasks
Minimize user accounts
Disable services that are not needed
Make sure that you have a secure password
In addition to using upper case, lower case
numbers and symbols, hold down the ALT key on
a number (on the numeric keypad) from 1 to 255
Check a table of ALT values to avoid common
characters
The use of the ALT key will thwart most hackers
115
Securing Windows
There are many services that are not needed in
Windows for most Internet-based server applications
Alerter
Computer browser
DHCP client
DNS client
Messenger
Server
Workstation
Also, the registry can be used to alter the
configuration to make it more secure such as
disabling short file names
116
Securing the Web Server
Enable the minimum features
If you don't need a programming
language, do not enable it
Make sure programmers understand
security issues
Implement SSL where appropriate
117
Good Luck!
118