Internet System Management
Download
Report
Transcript Internet System Management
Advanced Internet
System Management
Lesson 1:
Mission-Critical Services
Objectives
Identify foundational services, including
DNS, WINS and Samba
List mission-critical services
Discuss system maintenance and logging
Describe performance monitoring and
server optimization issues
Identify the importance of implementing
security features for your servers
Foundational
Services
Domain Name System
Windows Internet Naming Service
Samba
Server Message Blocks
NetBIOS over TCP/IP
Network File System
Mission-Critical Services
HTTP servers
Streaming media servers
Database servers
E-commerce servers
News servers
E-mail servers
Security services
Performance Monitoring
and Server Optimization
Logging
services
Auditing
services
Performance
Monitor
Fault
Tolerance
The ability for a
host or network
to recover from
an error or
system failure
Load
Balancing
Reading available resources
Reduced network latency
Centralized administration
Scalability
Backup
Backup considerations
-
Backup of critical host operating
systems and files
-
Off-site file storage
UNIX and NT backup programs
Backup devices
Backup tapes
Summary
Identify foundational services, including
DNS, WINS and Samba
List mission-critical services
Discuss system maintenance and logging
Describe performance monitoring and
server optimization issues
Identify the importance of implementing
security features for your servers
Lesson 2:
Installing and
Configuring a Web Server
Objectives
Identify the basic functions of a Web
server
Explain how a Web server identifies file
types
Customize the server root directories
Redirect URLs and add default
document types
Objectives
(cont’d)
Enable user-based authentication for the
Web server
Control access to a Web server based on
IP address
Enable HTML administration for IIS 4.0
Create virtual servers and directories in
IIS and Apache Server
Web Server
Root Directory
W e b s e rv e r
W e b s e rv e r ro o t:
C :\in e tp u b \w w w ro o t
N o rm a lly , a ll d o c u m e n ts
is s u e d b y th e s e rv e r
m u s t re s id e b e n e a th th e
ro o t d ire c to ry
Common
Web Servers
Netscape Enterprise Server
Microsoft IIS for Windows NT
Apache Server for UNIX
CERN httpd
NCSA httpd
Microsoft IIS and
the Option Pack
Microsoft IIS 4.0
Transaction Server
Index Server
Certificate Server
Data Access
Components
Site Server
Express
Message Queue
Server
Internet Connection
Services for RAS
IIS administration
aids
Aids for developing
Web sites
IIS and
the MMC
Configuring the Web server
- The Home Directory tab
- The Documents tab
- The Directory Security tab
- Controlling access by computer
account
- Controlling access by IP address
- The Performance and Custom Error
tabs
Virtual
Servers
Dedicated virtual servers
Simple virtual servers
Shared virtual servers
Apache
Server
Location of Apache Server files
File placement
Apache Server RPM files
Administering
Apache Server
Apache Server processes
Stopping and starting httpd
Configuring Apache Server
Summary
Identify the basic functions of a Web
server
Explain how a Web server identifies file
types
Customize the server root directories
Redirect URLs and add default document
types
Summary
(cont’d)
Enable user-based authentication for the
Web server
Control access to a Web server based on
IP address
Enable HTML administration for IIS 4.0
Create virtual servers and directories in IIS
and Apache Server
Lesson 3:
Advanced Web
Server Configuration
Objectives
Implement common e-commerce elements
Identify key HTTP error messages
Create a custom HTTP error message in IIS
Explain how Web servers and clients use
MIME
Objectives
(cont’d)
Describe how Web applications work with
IIS 4.0
Execute ASP and CGI scripts in an
e-commerce setting
Connect a Web site to a database using a
Web application
Install, configure and test a streaming
media server
HTTP
Application-layer protocol
HTTP requests and replies
- Command/Status
- Headers
- Body
HTTP Version 1.1
Commands
Options
Get
Head
Post
Put
Delete
Trace
Web Applications
and E-Commerce
Web application types
- Client-side applications
- Server-side applications
Web Applications
and MIME
MIME identifies the different types of
documents and applications that Internet
services manage
MIME and labeling
MIME and file extensions
- Hard-wired
- Configurable
E-Commerce Web
Servers and Perl
Perl for CGI is an almost-universal way to
attach Web servers to databases
Enabling Script
Execution in IIS 4.0
Script
- Allows execution of ASP applications
Execute (including script)
- Allows execution of CGI scripts
Apache Server
and Perl
Placing a CGI script
in Apache Server
Troubleshooting a
Perl installation in
Linux 6.1
E-Commerce Web
Servers and Gateways
Gateways
Performance
Databases
Active
Server Pages
Microsoft
technology that
implements Web
applications
ODBC, Web Gateways
and E-Commerce
Registering a database with Windows NT
Implementing a gateway in IIS using ASP
Enabling ASP execution in IIS 4.0
Accessing the Forum ASP site
Streaming
Media Servers
Streaming media server standard
Streaming server hardware and software
requirements
On-demand versus live streaming
URLs and port numbers
RealServer mount points
Summary
Implement common e-commerce
elements
Identify key HTTP error messages
Create a custom HTTP error message in
IIS
Explain how Web servers and clients
use MIME
Summary
(cont’d)
Describe how Web applications work
with IIS 4.0
Execute ASP and CGI scripts in an
e-commerce setting
Connect a Web site to a database using
a Web application
Install, configure and test a streaming
media server
Lesson 4:
Enabling Secure
Sockets Layer
Objectives
Describe the functions of SSL
Identify the SSL handshake process
Configure IIS 4.0 to use SSL
Secure
Sockets Layer (SSL)
The Web server and the client browser
exchange and negotiate a secure
communications link
SSL
Architecture
C lient M achine
Server M achine
A pplication L ayer
(T elnet,FT P,H T T P,N FS,N IS)
SSL
UDP
A pplication L ayer
T raffic
Secure
E ncrypted
A pplication L ayer
(T elnet,FT P,H T T P,N FS,N IS)
SSL
UDP
T ransport L ayer (T C P)
T ransport L ayer (T C P)
N etw ork L ayer
N etw ork L ayer
SSL and
Channel Security
The channel is
private
The channel is
authenticated
The channel is
reliable
SSL
Handshake
Hello phase
Key Exchange
phase
Session Key
Production phase
Server Verify
phase
Client
Authentication
phase
Finished phase
Applying
SSL Encryption
40-bit key
128-bit key
Requesting and
Installing a Certificate
Certificate types
The X.509v3 standard
Revocation
Certificate benefits
Certificate shortcomings
Certificate
Concerns
Password-protected text file
Binding
CA security
Data sniffing and tampering
Summary
Describe the functions of SSL
Identify the SSL handshake process
Configure IIS 4.0 to use SSL
Lesson 5:
Configuring and
Managing a News Server
Objectives
Discuss the benefits of the IIS 4.0
NNTP service
Create a newsgroup
Configure newsgroup expiration
policies
Enable user-based authentication
Control access to a news server
NNTP
Service
Usenet newsgroups
Newsgroup
expiration policies
Newsgroup access
policies
Summary
Discuss the benefits of the IIS 4.0 NNTP
service
Create a newsgroup
Configure newsgroup expiration policies
Enable user-based authentication
Control access to a news server
Lesson 6:
E-Mail Server
Essentials
Objectives
Describe the process of sending an
e-mail message
Explain key e-mail server concepts
Describe the functions of e-mail
protocols
Sending and
Delivering E-Mail
SMTP Server
End User
The Internet
E-mail
account
End User
E-Mail
Agents
Mail transfer agent
Mail delivery agent
Mail user agent
E-Mail Server
Terminology
Masquerading
Aliasing
Relaying
Simple Mail
Transfer Protocol
SMTP commands
- helo
- ehlo
- mail from
- rcpt to
- data
- quit
Post Office
Protocol 3
POP3 commands
- user
- pass
- list
- retr
- dele
- quit
IMAP
and LDAP
Lightweight Directory Access Protocol
IMAP and e-mail clients
Web
Mail
E-mail servers:
- Create a Web interface
- Provide Web-based access
Summary
Describe the process of sending an
e-mail message
Explain key e-mail server concepts
Describe the functions of e-mail
protocols
Lesson 7:
Configuring an
E-Mail Server
Objectives
Identify the purpose and usefulness of
MX records
Discuss DNS as it applies to e-mail
servers
Configure an e-mail server in
Windows NT
MX Records
and E-Mail Servers
MX records inform the DNS server
where to direct e-mail messages
- Intradomain e-mail
- Interdomain e-mail
Intradomain
E-Mail
DNS Server
james.ciwcertifed.com
E-Mail Server
Patrick.ciwcertifed.com
Interdomain
E-Mail
DNS Server
stanger.com
E-Mail Server
james.stanger.com
mail.stanger.com
lane.com
E-Mail Server
mail.lane.com
patrick.lane.com
Mail Exchange
Record Fields
Domain name
IN
MX
Numerical value
Server name
Summary
Identify the purpose and usefulness of
MX records
Discuss DNS as it applies to e-mail
servers
Configure an e-mail server in
Windows NT
Lesson 8:
Proxy
Servers
Objectives
List the benefits of a proxy server
Define network address translation
Differentiate between public and private
IP addresses
Install and configure Web-based and
SMTP-based proxy servers
Proxy
Servers
Network address translation
Connecting to a proxy server
Modifying clients
Connecting to a
Proxy Server
E thernet
Internet
C lient
P rox y
W eb S erv er
Proxy Server
Considerations
Advanced users may try to bypass the
proxy server
You need a license that allows enough
connections for all employees
Summary
List the benefits of a proxy server
Define network address translation
Differentiate between public and private
IP addresses
Install and configure Web-based and
SMTP-based proxy servers
Lesson 9:
Logging
Activity
Objectives
Describe the need for logging activity
generated by your servers and services
Configure Web server logs in IIS,
Apache Server and ftpd
View information from a Web server log
file using commercial log analysis
software
Logging
Information
Server efficiency
Usage rate
Revenue generation
Security
Setting
Priorities
Mission criticality
Service type
Server location
Recent
installations
Evaluating Logs
Peak usage rates
Error messages
Failed logon attempts
HTTP
Log Files
Server log
Access log
Error log
Referrer log
Agent log
FTP
Log Files
FTP log files contain the following
information
- IP address of the client connecting to
your server
- Client’s user name
- Date and time the connection was made
- IP address of the server
- Commands issued
Commercial File
Analysis Software
Access Watch
WebTrends
Third-party organizations can log user
activity
Summary
Describe the need for logging activity
generated by your servers and
services
Configure Web server logs in IIS,
Apache Server and ftpd
View information from a Web server
log file using commercial log analysis
software
Lesson 10:
Monitoring and
Optimizing Internet Services
Objectives
Identify the need for server monitoring
and optimization
List tools to use when monitoring and
optimizing servers
Identify key Internet server elements to
monitor
Adjust Internet server settings to meet
expected workload
Analyzing
Server Performance
Server and service log files
Protocol analyzers (packet sniffers)
System performance tools
Queues and
Bottlenecks
Queue
- Sequence of
requests for
services
Bottleneck
- Number of
incoming
requests
exceeds that rate
at which the
system can
service them
Correcting
Bottlenecks
Speed up the component causing the
bottleneck by upgrading or replacing it
Replicate the component causing the
bottleneck by distributing the demand
for a service across multiple servers
Increase the capacity of the queues in
the system to tolerate more requests
Hardware
Concerns
Web servers
Web applications and session state
Summary
Identify the need for server monitoring
and optimization
List tools to use when monitoring and
optimizing servers
Identify key Internet server elements to
monitor
Adjust Internet server settings to meet
expected workload
Lesson 11:
Fault Tolerance and
System Backup
Objectives
Identify ways to create fault tolerance in a
network host
Explain the concept of off-site storage
Implement procedures for disaster
assessment
Implement a data recovery strategy
Implement recovery procedures to repair
corrupted data
Fault
Tolerance
The ability of a
system or
application to
recover lost
information due
to a hardware or
software failure
RAID
Level 0: disk striping
Level 1: disk mirroring
Level 4: disk striping with large blocks
Level 5: disk striping with parity
Additional Data
Protection Options
Uninterruptible power supply
Folder replication
Off-site storage and site mirroring
Removable media
Site
Redirection
Helps recover
from system
outages and
denial-of-service
attacks by
redirecting
Internet services
and sites
Removable Media
Floppy disks
Zip disks
CD-ROMs
Tapes
Planning a
Backup Strategy
Determining which files to back up
Choosing local or network backup types
Selecting a backup method
Planning and practicing restoration
procedures
Common
Backup Software
Backup
Cpio
Dump and restore
WinZip
Tar
Compress and uncompress
Gzip and gunzip
Disaster Assessment
and Recovery
Emergency boot disks
Windows NT emergency repair disks
Last Known Good Boot option
Linux boot disks
Summary
Identify ways to create fault tolerance in a
network host
Explain the concept of off-site storage
Implement procedures for disaster
assessment
Implement a data recovery strategy
Implement recovery procedures to repair
corrupted data
Lesson 12:
Security
Overview
Overview
Identify vulnerabilities commonly found in
various operating systems
List the steps to counteract operating
system weaknesses
Define firewall and intrusion detection
concepts
Discuss the impact of security measures
on employees and system hosts
Recognize and communicate security
breaches
Server
Vulnerabilities
Users and group permissions
Multiple partitions
Policies
System defaults
System bugs
This
System is
Secure!
Enhancing
Server Security
Securing the registry in Windows NT
Enabling shadow passwords
Removing unnecessary system services
Firewalls
Create a perimeter that protects your
private network from other public
networks
Firewall
Functions
Enhance logging and authentication
Encrypt transmissions between hosts
and/or networks
Provide enhanced security
Default to one of two types of behavior
- Reject all traffic unless explicitly
permitted
- Allow all traffic unless explicitly denied
Firewall Types
Packet filter
Application-level gateway
Circuit-level gateway
Firewall
Terminology
Internal interfaces
External interfaces
Demilitarized zone
Rule
Bastion host
Intrusion
Detection Systems
Network-based IDS
Host-based IDS
Hybrid IDS
Security
Tradeoffs
Complexity
Host performance
degradation
Unintended denial
of service
Recognizing
Security Breaches
Failed logins
Unexplained or common system
shutdowns and restarts
Changes in user privileges
Added or removed accounts
System processes that have been shut
down, activated or restarted
Changes in file permissions
Summary
Identify vulnerabilities commonly found
in various operating systems
List the steps to counteract operating
system weaknesses
Define firewall and intrusion detection
concepts
Discuss the impact of security measures
on employees and system hosts
Recognize and communicate security
breaches
Advanced Internet
System Management
Mission-Critical Services
Installing and Configuring a Web Server
Advanced Web Server Configuration
Enabling Secure Sockets Layer
Configuring and Managing a News Server
E-Mail Server Essentials
Advanced Internet
System Management
Configuring an E-Mail Server
Proxy Servers
Logging Activity
Monitoring and Optimizing Internet
Servers
Fault Tolerance and System Backup
Security Overview