IT Applications Theory Slideshows
Download
Report
Transcript IT Applications Theory Slideshows
VCE IT Theory Slideshows
Web servers
and related hardware and
software
By Mark Kelly
[email protected]
Vceit.com
Contents
•
•
•
•
•
Operating systems
Web server software
Protocols
Security
Proxy servers
Operating systems
Choices:
• Windows
• Linux, Unix, FreeBSD
Windows OS
• Smoothly integrates with MS apps like Access,
MS SQL, Frontpage
• Less stable under heavy web traffic
• Can be more vulnerable to viruses, hackers
• Good if you run ASP
*nix
• Stable, even under heavy web traffic load
• Can run Frontpage extensions if you use
Frontpage to develop the site
• Cheaper than Windows
• Preferred if using PHP and MySQL
Web server software
• Handles the processing of HTTP protocol web
page requests
• Delivers web pages to visitors
• Hosts application software e.g. wiki, blog,
forum, CMS, databases.
Web server software
Choices:
• Apache – the most popular. Free. Open
source. Runs under Windows, Mac OS X or
*nix.
• Microsoft IIS (only runs under Windows)
• Dozens of other small and large, free &
proprietary packages
From Wikipedia
Vendor
Product
Web Sites Hosted
Percent
Apache
Apache
148,085,963
59.36%
Microsoft
IIS
56,637,980
22.70%
Not just for websites
• Can even be embedded in devices e.g. routers,
printers, NAS devices to act as control panels
• E.g. to control your home router, do you go to
10.1.1.1 or 192.168.1.1?
• If so, the device has a little web server
embedded in it!
• No software except a browser needed on
client PCs to administer the device.
Web server functionality
• Decode requests for webpages
• Map a URL (uniform resource locator) to
either:
– a static HTML file in the local file system
– Software to handle the request for dynamic
content (e.g. PHP, ASP, SSI, CGI)
• E.g. http://www.example.com/path/file.html is
mapped to //server2//home/www/path/file.html
• Deliver webpages to clients
Functionality
• Virtual hosting – many websites can be served
from a single server with a single IP address
• Bandwidth control – to limit upload speeds to
prevent clients hogging bandwidth, and share
bandwidth with many clients
• Server-side scripting – to generate dynamic
websites without interfering with the web
server software
Web Server Protocols
• TCP/IP, of course to get files between
browsers and the web server
• Web servers must run HTTP
• File transfer – FTP – to upload pages to the
web server
Web Server Protocols
• May also need mail – SMTP Simple Mail
Transfer Protocol) to send/receive mail.
• Client mail apps use SMTP to send mail, and
POP or IMAP to download mail from a server.
• SSL (Secure Socket Layer) or the newer TLS
(Transport Layer Security) to encrypt outgoing
web traffic and decrypt incoming data.
Other Web Server Protocols
•
•
•
•
telnet protocol to remotely control a server
NNTP - to send Usenet news posts
RIP – a dynamic routing protocol
NTP – network time protocol, to synchronise
clocks of computers and servers
• RTP - Real-time Transport Protocol, delivers
audio & video, and is foundation for VoIP
Web Server Security
• Protecting yourself: The moment you install a
Web server at your site, you've opened a
window into your local network that the
entire Internet can peer through.
• Protecting the site: Unauthorised access can
lead to damaged or stolen data
Create a written Security Policy
Lays down your organisation's policies about:
• who is allowed to use the system
• when they are allowed to use it
• what they are allowed to do (different groups may be
granted different levels of access)
• procedures for granting access to the system
• procedures for revoking access (e.g. when an employee
leaves)
• what is acceptable use of the system
• remote and local login methods
• system monitoring procedures
• protocols for responding to suspected security
breaches
Benefits of a security policy
• You will understand what is and is not permitted on
the system. If you don't have a clear picture of what
is permitted, you can never be sure when a violation
has occurred.
• Others in your organisation will understand what is
allowed. People can’t claim ignorance of the rules
when they misbehave.
• A written policy raises the level of security
consciousness.
• The security policy serves as a requirements
document to guide later equipment purchases, rule
changes etc. (Thanks to w3.org)
Web server security
• Put the server in a secure location (e.g. data
centre)
• Environmental control, flood & fire prevention
• Uninterruptible power supply, including
backup generators
• Backup servers & redundant data feeds
• Effective firewall
• Secured operating system, with
patches up to date
• Don’t do application
testing on working servers:
bad software can make
systems vulnerable to
attack or crashing.
• Monitor and audit the
server regularly, looking for
suspicious activity in the
logs.
• Disable idle accounts
Security
Web server security
• Disable unnecessary services e.g. remote
access.
• Secure remote access with encryption and
strong passwords, limit user privileges, use
single-use sign-ons.
• Tight control over administrator passwords
and permissions
• Disable unnecessary anonymous access (e.g.
FTP without needing a login)
Web server security
• Don’t store sensitive corporate or financial
data on web servers.
Proxy servers
• Proxy server is hardware or software that sits
between a web server and its users
• E.g. at an ISP, in large LANs
• Stores recent downloads
• Filters new download requests
• If a user requests content that’s stored in the
proxy, a caching proxy delivers a copy from its
store
Proxy advantages
• Faster access to resources – the original data
does not have to be downloaded again from
the source.
• Cheaper – on bandwidth.
• Gives control over local internet usage
Proxy power
• Proxy servers can also be used to:
• Keep machines behind it anonymous
(for security).
• Block undesired sites
• Filter out undesired content.
• To log / audit usage, i.e. record who
downloads what via user authentication and
access logs.
• Rewrite requests (e.g. if the named server is
overloaded it can use an idle server instead)
Proxy power
• To bypass security/ parental controls using an
open proxy.
• To scan content for malware before delivery.
• To scan outbound content, e.g. to detect and
prevent the leaking of sensitive data.
• To circumvent regional restrictions.
Proxy Problems
• Since all data flow goes through a
proxy, operators can eavesdrop on
the data-flow between client
machines and the web: including
passwords and account numbers.
• Is vital that passwords to online
services (e.g. webmail and banking)
should always be exchanged using
SSL or TLS.
Resources
• wikipedia.org/wiki/Web_server
• w3.org
• www.ibm.com/developerworks/linux/library/s
-wssec.html
• www.acunetix.com/websitesecurity/webserve
r-security.htm
VCE IT THEORY SLIDESHOWS
By Mark Kelly
[email protected]
vceit.com
These slideshows may be freely used, modified or distributed by teachers and students
anywhere on the planet (but not elsewhere).
They may NOT be sold.
They must NOT be redistributed if you modify them.