Internet System Management
Download
Report
Transcript Internet System Management
Internet System
Management
Lesson 1:
System and
Services Review
Objectives
List the services offered by IT departments
Identify backbone and mission-critical
services offered by IT departments
Discuss the concepts of system
maintenance
Common IT
Tasks and Services
System and service installation
Web server configuration
FTP server configuration and management
Name resolution configuration
E-mail server installation and support
E-commerce server installation and
support
Common IT Tasks
and Services (cont’d)
Database server installation and support
User management
Server monitoring and optimization
File backup
Routing
Establishing and managing shares
Backbone Services
Naming services
Directory services
Central login
Routing
Mission-Critical Services
Mission-critical services are highly visible
Users rely on mission-critical services
Examples
- Mail servers
- Web servers
- FTP servers
- Middleware
System
Configuration
Binding protocols
to the Network
Interface Card
Protocol
management
Addressing
Gateways
Name resolution
configuration
Service and
application
installation and
management
IP addressing
User
Management
Adding and deleting users
Using applications
Managing permissions
Password aging
Account lockout
Password history
Controlled access
System
Performance
Bandwidth and access rate issues
System I/O performance
Hard drive access statistics
CPU usage
RAM usage
Backup
Archiving user-created files
Keeping copies of entire operating
systems, including customized
configurations
Storing changes to databases and other
data stores
Off-site storage
Maintenance
Upgrading operating systems
Installing service packs and hot fixes
Upgrading services, including Web and
e-mail servers
Scanning hard drives for errors
Upgrading hard drives to provide more
storage capacity
Summary
List the services offered by IT departments
Identify backbone and mission-critical
services offered by IT departments
Discuss the concepts of system
maintenance
Lesson 2:
Internet System Installation
and Configuration Issues
Objectives
Identify common hardware platforms
Describe capabilities of various platform
strategies
Identify common operating systems
Determine the ideal operating system for a
given environment
Discuss system installation issues
System
Elements
Bus speed
System I/O
NIC
Hard drive
RAM
Bandwidth
The total amount of information a network
connection can carry
Network connections
- T1
- Fractional T1
- T2
- T3
- ISDN
- DSL
Calculating
Throughput
A percentage of bandwidth; the amount a
network connection is being used
Throughput elements
- Connection speed
-
Amount of information
Time available for transfer
Internetworking
Operating Systems
Microsoft Windows
NT
UNIX
Linux
Novell
Operating
System Issues
Ease of use
Platform stability
Available talent pool
Available technical support
Operating System
Issues (cont’d)
Cost of operating system
Hardware costs
Availability of services and applications
Purpose of the server
Installing
Systems
Single and dual boot machines
Local and network installation
Hardware considerations
Listing system components
Summary
Identify common hardware platforms
Describe capabilities of various platform
strategies
Identify common operating systems
Determine the ideal operating system for a
given environment
Discuss system installation issues
Lesson 3:
Configuring
the System
Objectives
List key TCP/IP configuration parameters
Add NICs in Windows NT and Linux
Configure Windows NT with static IP
addresses
Configure Linux with static IP addresses
Describe DHCP
TCP/IP Configuration
Parameters
Computer name
IP address
Subnet mask
Default gateway
DNS information
DHCP client information
WINS
Adapters
Adding network adapter device drivers in
UNIX
Adding network adapter device drivers in NT
Binding device drivers to protocols in NT
Device Drivers (NIC)
Static
Addressing
Linux
Windows NT
ifconfig
ipconfig
ifup
ifdown
Windows 95/98
linuxconf
netcfg
dmesg
grep
winipcfg
Additional TCP/IP
Issues and Commands
netstat
traceroute
router
arp
Dynamic
Addressing
DHCP
D is c o v e r
O f fe r
R e q u e s t
A c k n o w le d g m e n t
Summary
List key TCP/IP configuration parameters
Add NICs in Windows NT and Linux
Configure Windows NT with static IP
addresses
Configure Linux with static IP addresses
Describe DHCP
Lesson 4:
User Management
Essentials
Objectives
Define authentication
Explain the share-level and user-level
access security models
Identify the purposes and functions of
logon accounts, groups and passwords
Create a network password policy using
standard practices and procedures
Objectives
(cont’d)
Discuss permissions issues
Describe the relationship between
permissions and user profiles
Use administrative utilities for specific
networks and operating systems
Identify the permissions needed to add,
delete or modify user accounts
Authentication
What you know
What you have
Who you are
Security Models
and Authentication
P e e r-le v e l
Access
text
U s e r-le v e l
Access
Peer-Level Access
A th en a
A p h ro d it e
H e rm es
Prin t er
A p o llo
A re s
User-Level Access
A th en a
A p h r o d ite
H erm es
Pr in ter B
Pr in ter A
U ser A cco u n ts
D atab ase
A p o llo
A r es
Peer-Level
vs. User-Level
Peer-level
User-level
Less expensive
Easier to
implement
Less secure
Less control over
file and resource
management
Not scalable
Increased security
Supports larger
number of users
Increased control
Offers system logs
Grows with
organizational
needs
Creating
User Accounts
User name
Password
Group associations
Permissions
Additional options
Universal
Permissions
P rint
S erver
Read
Write
P rint
W rite
Execute
R ead
Print
P rint
S erver
W rite
E xec.
U ser A ccounts
D atabase
P rinter
Windows NT Server and
Workstation Permissions
Full control
Change
Read
No access
NT File System
Permissions
Read
Write
Execute
Delete
Change permission
Take ownership
UNIX
Permissions
Access Value Bit
Access Value Bit Meaning
7
Read, write and execute
6
Read and write
5
Read and execute
4
Read only
3
Write and execute
2
Write
1
Execute
0
No mode bits (access absent)
Novell
Rights
Supervisor
Read
Write
Erase
Modify
Create
File scan
Access control
No access
Additional Logon
Account Terms
Logon scripts
Home directories
Local profiles
Roaming profiles
Administrative
Privileges
UNIX =
(including System
V, Solaris, Free
BSD and all Linux
variants)
Root (full privilege)
Windows NT =
Administrator (full
privilege)
Novell =
Supervisor (full
privilege)
Standard
Password Practices
Create strong password
- At least six characters
- Both uppercase and lowercase letters
- At least one Arabic numeral
- At least one symbol
Implement password policy
- Plan and create a balanced policy
- Write and publish policy
- Train users
Network
Policies
Password aging
Password length
Password history
Account lockout
Share creation
User creation
Local logon
Standard
Operating Procedures
Vendors for operating systems and
software
Upgrading, replacing and maintaining
hardware
Upgrading software (including operating
systems and applications)
Responding to power outages, building
evacuation and hacker intrusion
Acceptable use policy
Summary
Define authentication
Explain the share-level and user-level
access security models
Identify the purposes and functions of
logon accounts, groups and passwords
Create a network password policy using
standard practices and procedures
Summary (cont’d)
Discuss permissions issues
Describe the relationship between
permissions and user profiles
Use administrative utilities for specific
networks and operating systems
Identify the permissions needed to add,
delete or modify user accounts
Lesson 5:
Managing Users
in Windows NT
Objectives
Identify the purpose of the Security
Accounts Manager and explain basic
Windows NT domain terminology
Administer users remotely
Enforce system-wide policies
Manage user rights
Create custom user settings
Objectives (cont’d)
View events in event viewer
Establish and manage remote shares
using Server Manager
Convert a FAT drive to NTFS
Enable auditing in Windows NT Server
4.0
Identify accounts used by NT services
The Security
Accounts Manager
Windows NT
domain structure
- Workgroup
- Domain
Windows NT domains
- Primary domain
controller
- Backup domain
controller
-
Member server
User Manager
Features
User menu
- Selects users to administer
- Administers users remotely
Policies menu
- Determines how all accounts on a
domain will behave
User Manager
Features (cont’d)
User rights menu
- Manages user rights
Audit menu
- Logon and logoff
- File and object access
- Use of user rights
- User and group management
- Security policy changes
- Restart, shutdown and system
- Process tracking
Viewing Audit Logs
with Event Viewer
System logs
Security logs
Application logs
Editing and
Customizing User Accounts
Groups
User environment
(home directory,
logon scripts, user
profiles)
Dial-in options
Server
Manager
Monitors users connected to your system
Creates and monitor shares
Establishes alerts
Selects domains and systems to manage
Monitors running services
Monitors, stops and starts services
NTFS vs. FAT
NTFS
FAT and FAT32
User-level and filelevel security on
local and remote
shares
Enhanced auditing
More stability
Requires larger hard
disk formats
Directory-level
security on local
shares
Password-protected
shares
Requires smaller
partition size
Windows NT
Service Accounts
Internet Information Server
Remote Management
Additional accounts may exist,
depending on the services
installed
Summary
Identify the purpose of the Security
Accounts Manager and explain basic
Windows NT domain terminology
Administer users remotely
Enforce system-wide policies
Manage user rights
Create custom user settings
Summary
View events in event viewer
Establish and manage remote shares using
Server Manager
Convert a FAT drive to NTFS
Enable auditing in Windows NT Server 4.0
Identify accounts used by NT services
Lesson 6:
Managing
Users in Linux
Objectives
Create new accounts on Linux systems
Set password aging policies on Linux
systems
Set up groups for delegation and shared
work
Set account policies in Linux
Manually
Adding Users
File
Purpose
/etc/passwd
/etc/shadow
/etc/logon.defs
Public user database
Shadow password file
Contains default values
Manually
Adding Users (cont’d)
File
Purpose
/etc/default/useradd
/etc/skel
/etc/group
Contains default values
Contains default values
Group file
Linux
User Accounts
Entry of the new
account into a
database
Creation of the
resources the new
account will need
Linux User
Account Properties
User name
User ID number
Primary group ID number
Home directory
Shell program
Password
Automated
Account Creation Tools
Account creation utility
Set of rules that describe default
choices
linuxconf
Password Management
and Account Policies
Password
aging
Password
checking
Groups
Mechanisms for managing access to
files and processes
Linux
System Accounts
Different
subsystems should
run under different
accounts
File protections
should be used to
prevent one
subsystem from
interfering with
resources belonging
to another
Summary
Create new accounts on Linux systems
Set password aging policies on Linux
systems
Set up groups for delegation and shared
work
Set account policies in Linux
Lesson 7:
Name Resolution
in the LAN with DNS
Objectives
Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Use nslookup
Implement DNS in Windows NT Server 4.0
Implement DNS in Linux
Domain
Name System
Internet service that
converts common host names
into their corresponding
IP addresses
Domain
Name Space
DNS consists of three levels
-
Root
Root
Top
Second
TOP
Second
Second
Accessing Hosts
by DNS Name
The .ciwcertified domain
Possible
resolution to a
top-level
domain, such as
.com
www
host1
www.ciwcertified.com
host1.ciwcertified.com
.research
.research
.sales
research1
research2
research2
research.ciwcertified.com
.dnsresearch
dns1
sales1
sales2
dns2
dnsresearch.research.ciwcertified.com
sales.ciwcertified.com
DNS
Server Types
Root server
Master server
Primary server
Secondary server
Caching and caching-only server
Forwarding server
Slave server
Common
DNS Records
Internet (IN)
Name Server (NS)
Start of Authority (SOA)
Address (A)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Setting Up DNS
Server
Zone file
DNS record
Probing DNS
with Nslookup
Locate name servers
Locate IP addresses
Locate host names
Review various record types
Change servers
List domains
Setting Up DNS
in Windows NT
Installing a master server in Windows NT
Creating a primary DNS server
Creating DNS records for the forward zone
on the primary server
Configuring a Windows NT client
Creating a reverse lookup DNS zone and
associated records for the primary server
Setting Up DNS
in Windows NT (cont’d)
Creating a reverse lookup zone and record
for the primary server loopback address
Configuring an NT DNS server as a
forwarder
Creating a secondary DNS server in NT
Creating reverse lookup zone records on a
Microsoft secondary DNS server
Creating reverse lookup records for the
secondary DNS server loopback address
Making Changes from the
Primary to Secondary Server
Modifying zone transfer frequency
in Windows NT
Implementing the primary DNS server
Notification option on Windows NT
Changing the
Boot Method Option
Boot from registry
Boot from boot file
Named.boot contents
domain
directory
primary (3)
cache
Windows NT 2000
Server and DNS
Relies on DNS as primary name resolution
option
Offers either Standard DNS or
Dynamic DNS (DDNS)
Is compatible with many other systems
Setting Up
DNS in Linux
Creating DNS configuration files
Configuring a primary DNS server in
Linux
Configuring a Linux system as a DNS
client
Configuring a secondary DNS server on
Linux
Windows
Troubleshooting Utilities
DNS Professional
CyberKit
Professional
Ping Plotter
WS_FTP Ping
ProPack
UNIX
Troubleshooting Utilities
Nslookup
Ping
Traceroute
Dig
Host
Dnswalk
Summary
Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Use nslookup
Implement DNS in Windows NT Server 4.0
Implement DNS in Linux
Lesson 8:
Name Resolution
with WINS and Samba
Objectives
Explain the basics of NetBIOS
Identify additional name resolution options
for LANs and WANs
Implement and manage WINS
Use Samba
Server
Message Blocks
Communicate across networks and
protocols
Establish file and print shares
Execute commands
Perform name resolution
Provide common application programming
interface between server types
NetBIOS
over TCP/IP
NetBIOS runs over TCP/IP much the
same way that SMB runs over TCP/IP
The NetBIOS
Naming Convention
NetBIOS services use UDP ports 137,
138 and TCP port 139
- 137 supports the NetBIOS name
service
- 138 carries the NetBIOS datagram
service
- 139 carries the NetBIOS session
layer
Windows Internet
Naming Service
Handles queries regarding NetBIOS names
and corresponding IP addresses
Uses UDP ports 137 and 138
NetBIOS computer name
(Instructor1)
IP address for
(Instructor1)
Managing WINS
Review and edit entries
Work with local and remote WINS servers
View and sort mappings
Scavenge and backup databases
Edit renewal times
Configure logging
Static
Mapping
Static mapping creates entries in the WINS
database that allow non-WINS clients
Entries include:
Unique
Group
Domain name
Internet group
Multihomed
Replication
-
Push
partner
-
Pull
partner
Configuring
DNS and WINS
DNS and WINS can work together to
allow DNS to retrieve the dynamically
assigned IP address associated with a
particular name
Samba
Samba allows UNIX systems to
participate in Windows networks
- Establishes shares on UNIX hosts
that are accessible to Windows
systems
- Shares printers
- Makes a UNIX system a WINS server
- Makes a UNIX system a WINS client
SWAT
Samba configuration tool
- Home
- Globals
- Shares
- Printers
- Status
- View
- Password
Levels of
Access in Samba
Share-level access
User-level access
Public-level access
- Read-only
- Full access
Summary
Explain the basics of NetBIOS
Identify additional name resolution options
for LANs and WANs
Implement and manage WINS
Use Samba
Lesson 9:
Implementing
Internet Services
Objectives
Deploy user-level and anonymous FTP
access in Windows NT and UNIX
Install and configure Telnet for Windows
NT and UNIX
Configure finger in UNIX
Control access to UNIX services
File Transfer
Protocol Servers
Application-layer protocol
Uses two ports
- TCP/20
- TCP/21
Passive mode
Normal mode
Anonymous
Accounts
Anonymous accounts in Windows NT
Anonymous accounts in UNIX
Account considerations
Implementing
Microsoft FTP
Microsoft Internet Information Server
(IIS) is the primary way to implement
FTP in Windows FTP
Managing
FTP in IIS
Security Accounts tab
Messages tab
Home Directory tab
Directory Security tab
Creating
Virtual FTP Servers
Dedicated virtual FTP servers
Simple virtual FTP servers
Shared virtual FTP servers
Anonymous
Access in IIS
Analyzing and configuring anonymous
FTP
Controlling access to your FTP site
Customizing your IIS FTP server
Configuring anonymous FTP on UNIX
Telnet
Controls a system from a remote location
Operates on port 23
The inetd
Command
FTP
Telnet
Finger
SWAT
TFTP
Chargen
Daytime
POP3
BOOTP
Echo
Finger
Accesses information about local and
remote users
- Daytime
- Echo
- Chargen
The hosts.allow and
hosts.deny Files
Controls access to
UNIX services
Summary
Deploy user-level and anonymous FTP
access in Windows NT and UNIX
Install and configure Telnet for Windows
NT and UNIX
Configure finger in UNIX
Control access to UNIX services
Internet
System Management
Systems and Services Review
Internet System Installation and
Configuration Issues
Configuring the System
User Management Essentials
Managing Users in Windows NT
Internet
System Management
Managing Users in Linux
Name Resolution in the LAN with DNS
Name Resolution with WINS and Samba
Implementing Internet Services