Transcript Internet System Management

Internet System
Management
Lesson 1:
IT Systems and
Services Overview
Objectives



List the services offered by IT departments
Identify backbone and mission-critical
services offered by IT departments
Discuss the concepts of system
maintenance
Common IT
Tasks and Services






System and service installation
Web server configuration
FTP server configuration and management
Name resolution configuration
E-mail server installation and support
E-commerce server installation and
support
Common IT Tasks
and Services (cont’d)






Database server installation and support
User management
Server monitoring and optimization
File backup
Routing
Establishing and managing shares
Backbone
Services





Naming services
Address
management
Directory services
Central logon
Routing
Mission-Critical Services



Mission-critical services are highly visible
Users rely on mission-critical services
Examples
- Mail servers
- Web servers
- FTP servers
- Middleware
System
Configuration




Binding protocols
to the network
interface card


Protocol
management
Addressing
Gateways

Name resolution
configuration
Service and
application
installation and
management
IP addressing
User
Management








Adding and removing users
Using applications
Managing permissions
Group membership
Password aging
Account lockout
Password history
Controlled access
System
Performance





Bandwidth and access rate issues
System I/O performance
Hard drive access statistics
CPU usage
RAM usage
Backup




Archiving user-created files
Keeping copies of entire operating
systems
Storing changes to databases and other
data stores
Off-site storage
Maintenance





Upgrading operating systems
Installing service packs and hot fixes
Upgrading services, including Web and
e-mail servers
Scanning hard drives for errors
Upgrading hard drives to provide more
storage capacity
Summary
 List the services offered by IT departments
 Identify backbone and mission-critical
services offered by IT departments
 Discuss the concepts of system
maintenance
Lesson 2:
Internet System Installation
and Configuration Issues
Objectives






Identify common hardware platforms
Describe capabilities of various platform
components
Define bandwidth and throughput
Identify common network operating
systems
Determine the ideal operating system for a
given environment
Discuss system installation issues
System
Elements





Bus speed
System I/O
NIC
Hard drive
RAM
Bandwidth


The total amount of information a network
connection can carry
Network connections
- T1
- Fractional T1
- T2
- T3
- ISDN
- DSL
Calculating
Throughput


A percentage of bandwidth; the amount a
network connection is being used
Throughput elements
- Connection speed
-
Amount of information
Time available for transfer
Internetworking
Operating Systems






Microsoft Windows
UNIX
Linux
System V
Novell
X Windows
Operating
System Issues

Ease of use

Platform stability

Available talent pool

Available technical support
Operating System
Issues (cont’d)

Cost

Hardware costs

Availability of services and applications

Purpose for the server
Installing Network
Operating Systems




Single-boot and dual-boot machines
Local and network installation
Hardware considerations
Listing system components
Summary
 Identify common hardware platforms
 Describe capabilities of various platform
components
 Define bandwidth and throughput
 Identify common network operating
systems
 Determine the ideal operating system for a
given environment
 Discuss system installation issues
Lesson 3:
Configuring
the System
Objectives





List key TCP/IP configuration parameters
Add NICs in Windows 2000 and Linux
Configure Windows 2000 with static IP
addresses
Configure Linux with static IP addresses
Describe how DHCP works
TCP/IP
Configuration Parameters







Computer name
IP address
Subnet mask
Default gateway
DNS information
DHCP client information
WINS
Adapters



Adding network adapter device drivers in UNIX/Linux
Adding network adapter device drivers in Windows
2000
Binding device drivers to protocols in Windows 2000
Device Drivers (NIC)
Static
Addressing
Linux
Windows 2000








ifconfig
ifup
ifdown
linuxconf
netcfg
dmesg
grep
ipconfig
Additional TCP/IP
Issues and Commands




netstat
traceroute
router
arp
Dynamic
Addressing
DHCP lease process
D is c o v e r
O f fe r
R e q u e s t
A c k n o w le d g m e n t
Summary
 List key TCP/IP configuration parameters
 Add NICs in Windows 2000 and Linux
 Configure Windows 2000 with static IP
addresses
 Configure Linux with static IP addresses
 Describe how DHCP works
Lesson 4:
User Management
Essentials
Objectives




Define authentication
Explain the share-level and user-level
access security models
Identify the purposes and functions of
logon accounts, groups and passwords
Create a network password policy using
standard practices and procedures
Objectives




(cont’d)
Discuss permissions issues
Describe the relationship between
permissions and user profiles
Use administrative utilities for specific
networks and operating systems
Identify the permissions needed to add,
delete or modify user accounts
Authentication



What you know
What you have
Who you are
Security Models
and Authentication
P e e r-le v e l
Access
text
U s e r-le v e l
Access
Peer-Level Access
A th en a
A p h ro d it e
H e rm es
Prin t er
A p o llo
A re s
User-Level Access
A th en a
A p h r o d ite
H erm es
Pr in ter B
Pr in ter A
U ser A cco u n ts
D atab ase
A p o llo
A r es
Peer-Level
vs. User-Level
Peer-level
User-level







Less expensive
Easier to
implement
Less secure
Less control over
file and resource
management
Not scalable



Increased security
Supports larger
number of users
Increased control
Offers system logs
Grows with
organizational
needs
Creating
User Accounts





User name
Password
Group associations
Permissions
Additional options
Permissions




P rint
S erver
Read
Write
P rint
W rite
Execute
R ead
Print
P rint
S erver
W rite
E xec.
U ser A ccounts
D atabase
P rinter
Windows 2000
Permissions




Full control
Change
Read
No access
UNIX
Permissions
Access Value Bit








Access Value Bit Meaning
7
Read, write and execute
6
Read and write
5
Read and execute
4
Read only
3
Write and execute
2
Write
1
Execute
0
No mode bits (access absent)
Novell
Rights





Supervisor
Read
Write
Erase
Modify




Create
File scan
Access control
No access
Additional Logon
Account Terms




Logon scripts
Home directories
Local profiles
Roaming profiles
Administrative
Privileges

UNIX =
(including System
V, Solaris, Free
BSD and all Linux
variants)
Root (full privilege)

Windows =

Administrator (full
privilege)
Novell =
Supervisor (full
privilege)
Standard
Password Practices


Create strong password
- At least six characters
- Both uppercase and lowercase letters
- At least one Arabic numeral
- At least one symbol
Implement password policy
- Plan and create a balanced policy
- Write and publish policy
- Train users
Network
Security Policies







Password aging
Password length
Password history
Account lockout
Share creation
User creation
Local logon
Standard
Operating Procedures





Vendors for operating systems and
software
Upgrading, replacing and maintaining
hardware
Upgrading software (including operating
systems and applications)
Responding to power outages, building
evacuation and hacker intrusion
Acceptable use policy
Summary
 Define authentication
 Explain the share-level and user-level
access security models
 Identify the purposes and functions of
logon accounts, groups and passwords
 Create a network password policy using
standard practices and procedures
Summary (cont’d)
 Discuss permissions issues
 Describe the relationship between
permissions and user profiles
 Use administrative utilities for specific
networks and operating systems
 Identify the permissions needed to add,
delete or modify user accounts
Lesson 5:
Managing Users
in Windows 2000
Objectives






Identify the purpose of the Windows 2000
Security Accounts Manager
Administer remote Windows 2000 systems
and users
Enforce systemwide policies
Convert a FAT drive to NTFS
Enable auditing in Windows 2000 Server
View local and remote events in Event
Viewer
Objectives (cont’d)




Manage file and directory ownership
Manage user rights
Enable custom user settings
Identify accounts used by Windows 2000
services
The Security
Accounts Manager

Sam
- A collection of processes and files used
by Windows 2000 to authenticate users
- Located at C:\winnt\system32\config
The Computer
Management Snap-in

Managing users on a remote system
Local
Security Settings

Start | Programs | Administrative Tools |
Local Security Policy
- Configure account policies
- Establish auditing
- Change default user-rights settings
- Alter default settings for system
peripherals and auditing options
- Determine public-key encryption and IP
security policies
Auditing,
Ownership and Rights

Audit policy

User rights

Security options
Editing and
Customizing User Accounts



Groups
User environment
(home directory,
logon scripts, user
profiles)
Dial-in options
Windows 2000
Services and User Accounts




IIS
Remote Management
Terminal Services
NetShow Video Server
Summary
 Identify the purpose of the Windows 2000
Security Accounts Manager
 Administer remote Windows 2000 systems
and users
 Enforce systemwide policies
 Convert a FAT drive to NTFS
 Enable auditing in Windows 2000 Server
 View local and remote events in Event
Viewer
Summary
(cont’d)
 Manage file and directory ownership
 Manage user rights
 Enable custom user settings
 Identify accounts used by Windows 2000
services
Lesson 6:
Managing
Users in Linux
Objectives






Create new accounts on Linux systems
Set password aging policies on Linux
systems
Set account policies in Linux
View user accounts used by system
daemons
Explain run levels
Use ntsysv and chkconfig
Manually
Adding Users
File
Purpose






/etc/passwd
/etc/shadow
/etc/logon.defs
Public user database
Shadow password file
Contains default values
Manually
Adding Users (cont’d)
File
Purpose






/etc/default/useradd
/etc/skel
/etc/group
Contains default values
Contains default values
Group file
Linux
User Accounts

Entry of the new
account into a
database

Creation of the
resources the new
account will need
Linux User
Account Properties






User name
User ID number
Primary group ID number
Home directory
Shell program
Password
Pluggable
Authentication Modules





The password file
The shadow password file
Creating and preparing home
directories
Account creation utility
linuxconf
Password Management
and Account Policies


Password
aging
Password
checking
Groups
Mechanisms for managing access to
files and processes
Linux
System Accounts


Different
subsystems should
run under different
accounts
File protections
should be used to
prevent one
subsystem from
interfering with
resources belonging
to another
Run Levels,
ntsysv and chkconfig




The /etc/inittab file
The /etc/rc.d/ directory
The ntsysv command
The chkconfig command
Summary
 Create new accounts on Linux systems
 Set password aging policies on Linux
systems
 Set account policies in Linux
 View user accounts used by system
daemons
 Explain run levels
 Use ntsysv and chkconfig
Lesson 7:
Name Resolution
in LANs with DNS
Objectives







Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Implement DNS in Windows 2000 and
Linux
Deploy DDNS
Use nslookup
The Domain
Name System
Internet service that
converts common host names
into their corresponding
IP addresses
The Domain
Name Space

DNS consists of three levels
-
Root
Root
Top
Second
TOP
Second
Second
Accessing Hosts
by DNS Name
The .ciwcertified domain
Possible
resolution to a
top-level
domain, such as
.com
www
host1
www.ciwcertified.com
host1.ciwcertified.com
.research
.research
.sales
research1
research2
research2
research.ciwcertified.com
.dnsresearch
dns1
sales1
sales2
dns2
dnsresearch.research.ciwcertified.com
sales.ciwcertified.com
DNS
Server Types





Root server
Master (or primary) server
Slave (or secondary) server
Caching-only server
Forwarding server
Common
DNS Records







Internet (IN)
Name Server (NS)
Start of Authority (SOA)
Address (A)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Setting Up DNS



Server
Zone file
DNS record
Probing DNS
with Nslookup






Locate name servers
Locate IP addresses
Locate host names
Review various record types
Change servers
List domains
Configuring DNS
in Windows 2000




Dynamic DNS
- DNS record aging and scavenging
SOA field
WINS
Zone transfers
Understanding BIND



BIND 4
BIND 8.x
BIND 9.x
Setting Up
DNS in Linux





The named.conf file (BIND versions 8 and
9)
The named.ca file
The named.local file
The forward zone file
The reverse zone file
Troubleshooting DNS




DNS Professional
CyberKit
Professional
Ping Plotter
WS_FTP Ping
ProPack
Summary
 Explain the DNS
 Identify DNS components
 List the common DNS record types
 Define reverse DNS lookup
 Implement DNS in Windows 2000 and
Linux
 Deploy DDNS
 Use nslookup
Lesson 8:
Name Resolution
with WINS and Samba
Objectives






Explain the basics of NetBIOS
Identify additional name resolution options
for LANs and WANs
Implement and manage WINS
Use Samba to create a WINS server in UNIX
Configure Samba systems to use Windows
2000 authentication
Create and manage shares using Samba
NetBIOS
over TCP/IP
NetBIOS runs over TCP/IP much the
same way that SMB runs over TCP/IP
The NetBIOS
Naming Convention

NetBIOS services use UDP ports 137
and 138 and TCP port 139
- 137 supports the NetBIOS name
service
- 138 carries the NetBIOS datagram
service
- 139 carries the NetBIOS session
layer
Windows Internet
Naming Service


Handles queries regarding NetBIOS names
and corresponding IP addresses
Uses UDP ports 137 and 138
NetBIOS computer name
(Instructor1)
IP address for
(Instructor1)
Managing WINS

Scavenging and backup
- Scheduling queue
Static
Mapping
Static mapping creates entries in the WINS
database that allow non-WINS clients
 Entries include
 Unique
 Group
 Domain name
 Internet group
 Multihomed
Replication
-
Push
partner
-
Pull
partner
Configuring
DNS and WINS

DNS and WINS can work together to
allow DNS to retrieve the dynamically
assigned IP address associated with a
particular name
Samba

Samba allows UNIX systems to
participate in Windows networks
- Establishes shares on UNIX hosts
that are accessible to Windows
systems
- Shares printers
- Makes a UNIX system a WINS server
- Makes a UNIX system a WINS client
SWAT

Samba configuration tool
- Home
- Globals
- Shares
- Printers
- Status
- View
- Password
Samba
and WINS


Creating a WINS client
Troubleshooting WINS in UNIX systems
Samba
Share Clients


Windows
- Network Neighborhood applet
- Windows Explorer Map Network Drive
utility
Linux
- The smbclient program
- The smbmount program
Interoperability Issues

Encrypting Samba passwords
- The smb.conf file
- The smbadduser command
- The smbpasswd command
- Registry changes
Summary
 Explain the basics of NetBIOS
 Identify additional name resolution options
for LANs and WANs
 Implement and manage WINS
 Use Samba to create a WINS server in UNIX
 Configure Samba systems to use Windows
2000 authentication
 Create and manage shares using Samba
Lesson 9:
Implementing
Internet Services
Objectives





Deploy user-level and anonymous FTP
access in Windows 2000 and Linux
Describe standard and passive FTP
Configure Telnet for Windows 2000 and
Linux
Configure finger in Linux
Control access to Linux services
File Transfer
Protocol Servers




Application-layer protocol
Uses two ports
- TCP/20
- TCP/21
Passive mode
Normal mode
Anonymous
Accounts



Anonymous accounts in Windows NT
Anonymous accounts in UNIX
Account considerations
Implementing
Microsoft FTP

Microsoft Internet Information Server
(IIS) is the primary way to implement
FTP in Windows FTP
Managing
FTP in IIS




Security Accounts tab
Messages tab
Home Directory tab
Directory Security tab
Creating
Virtual FTP Servers



Dedicated virtual FTP servers
Simple virtual FTP servers
Shared virtual FTP servers
Anonymous
Access in IIS




Analyzing and configuring anonymous
FTP
Controlling access to your FTP site
Customizing your IIS FTP server
Configuring anonymous FTP on UNIX
Telnet


Controls a system from a remote location
Operates on port 23
Xinetd





FTP
Telnet
Finger
SWAT
TFTP





Chargen
Daytime
POP3
BOOTP
Echo
Finger

Accesses information about local and
remote users
- Daytime
- Echo
- Chargen
The hosts.allow and
hosts.deny Files

Controls access to
UNIX services
Summary
 Deploy user-level and anonymous FTP
access in Windows NT and UNIX
 Install and configure Telnet for Windows
2000 and UNIX
 Configure finger in UNIX
 Control access to UNIX services
Internet
System Management
 IT Systems and Services Overview
 Internet System Installation and
Configuration Issues
 Configuring the System
 User Management Essentials
 Managing Users in Windows 2000
Internet
System Management
 Managing Users in Linux
 Name Resolution in LANs with DNS
 Name Resolution with WINS and Samba
 Implementing Internet Services