Internet System Management

Download Report

Transcript Internet System Management

Internet System
Management
Lesson 1:
System and
Services Review
Objectives



List the services offered by IT departments
Identify backbone and mission-critical
services offered by IT departments
Discuss the concepts of system
maintenance
Common IT
Tasks and Services






System and service installation
Web server configuration
FTP server configuration and management
Name resolution configuration
E-mail server installation and support
E-commerce server installation and
support
Common IT Tasks
and Services (cont’d)






Database server installation and support
User management
Server monitoring and optimization
File backup
Routing
Establishing and managing shares
Backbone Services




Naming services
Directory services
Central login
Routing
Mission-Critical Services



Mission-critical services are highly visible
Users rely on mission-critical services
Examples
- Mail servers
- Web servers
- FTP servers
- Middleware
System
Configuration




Binding protocols
to the Network
Interface Card


Protocol
management
Addressing
Gateways

Name resolution
configuration
Service and
application
installation and
management
IP addressing
User
Management







Adding and deleting users
Using applications
Managing permissions
Password aging
Account lockout
Password history
Controlled access
System
Performance





Bandwidth and access rate issues
System I/O performance
Hard drive access statistics
CPU usage
RAM usage
Backup




Archiving user-created files
Keeping copies of entire operating
systems, including customized
configurations
Storing changes to databases and other
data stores
Off-site storage
Maintenance





Upgrading operating systems
Installing service packs and hot fixes
Upgrading services, including Web and
e-mail servers
Scanning hard drives for errors
Upgrading hard drives to provide more
storage capacity
Summary
 List the services offered by IT departments
 Identify backbone and mission-critical
services offered by IT departments
 Discuss the concepts of system
maintenance
Lesson 2:
Internet System Installation
and Configuration Issues
Objectives





Identify common hardware platforms
Describe capabilities of various platform
strategies
Identify common operating systems
Determine the ideal operating system for a
given environment
Discuss system installation issues
System
Elements





Bus speed
System I/O
NIC
Hard drive
RAM
Bandwidth


The total amount of information a network
connection can carry
Network connections
- T1
- Fractional T1
- T2
- T3
- ISDN
- DSL
Calculating
Throughput


A percentage of bandwidth; the amount a
network connection is being used
Throughput elements
- Connection speed
-
Amount of information
Time available for transfer
Internetworking
Operating Systems




Microsoft Windows
NT
UNIX
Linux
Novell
Operating
System Issues

Ease of use

Platform stability

Available talent pool

Available technical support
Operating System
Issues (cont’d)

Cost of operating system

Hardware costs

Availability of services and applications

Purpose of the server
Installing
Systems




Single and dual boot machines
Local and network installation
Hardware considerations
Listing system components
Summary
 Identify common hardware platforms
 Describe capabilities of various platform
strategies
 Identify common operating systems
 Determine the ideal operating system for a
given environment
 Discuss system installation issues
Lesson 3:
Configuring
the System
Objectives





List key TCP/IP configuration parameters
Add NICs in Windows NT and Linux
Configure Windows NT with static IP
addresses
Configure Linux with static IP addresses
Describe DHCP
TCP/IP Configuration
Parameters







Computer name
IP address
Subnet mask
Default gateway
DNS information
DHCP client information
WINS
Adapters



Adding network adapter device drivers in
UNIX
Adding network adapter device drivers in NT
Binding device drivers to protocols in NT
Device Drivers (NIC)
Static
Addressing
Linux
Windows NT








ifconfig
ipconfig
ifup
ifdown
Windows 95/98
linuxconf

netcfg
dmesg
grep
winipcfg
Additional TCP/IP
Issues and Commands




netstat
traceroute
router
arp
Dynamic
Addressing

DHCP
D is c o v e r
O f fe r
R e q u e s t
A c k n o w le d g m e n t
Summary
 List key TCP/IP configuration parameters
 Add NICs in Windows NT and Linux
 Configure Windows NT with static IP
addresses
 Configure Linux with static IP addresses
 Describe DHCP
Lesson 4:
User Management
Essentials
Objectives




Define authentication
Explain the share-level and user-level
access security models
Identify the purposes and functions of
logon accounts, groups and passwords
Create a network password policy using
standard practices and procedures
Objectives




(cont’d)
Discuss permissions issues
Describe the relationship between
permissions and user profiles
Use administrative utilities for specific
networks and operating systems
Identify the permissions needed to add,
delete or modify user accounts
Authentication



What you know
What you have
Who you are
Security Models
and Authentication
P e e r-le v e l
Access
text
U s e r-le v e l
Access
Peer-Level Access
A th en a
A p h ro d it e
H e rm es
Prin t er
A p o llo
A re s
User-Level Access
A th en a
A p h r o d ite
H erm es
Pr in ter B
Pr in ter A
U ser A cco u n ts
D atab ase
A p o llo
A r es
Peer-Level
vs. User-Level
Peer-level
User-level







Less expensive
Easier to
implement
Less secure
Less control over
file and resource
management
Not scalable



Increased security
Supports larger
number of users
Increased control
Offers system logs
Grows with
organizational
needs
Creating
User Accounts





User name
Password
Group associations
Permissions
Additional options
Universal
Permissions




P rint
S erver
Read
Write
P rint
W rite
Execute
R ead
Print
P rint
S erver
W rite
E xec.
U ser A ccounts
D atabase
P rinter
Windows NT Server and
Workstation Permissions




Full control
Change
Read
No access
NT File System
Permissions






Read
Write
Execute
Delete
Change permission
Take ownership
UNIX
Permissions
Access Value Bit








Access Value Bit Meaning
7
Read, write and execute
6
Read and write
5
Read and execute
4
Read only
3
Write and execute
2
Write
1
Execute
0
No mode bits (access absent)
Novell
Rights





Supervisor
Read
Write
Erase
Modify




Create
File scan
Access control
No access
Additional Logon
Account Terms




Logon scripts
Home directories
Local profiles
Roaming profiles
Administrative
Privileges

UNIX =
(including System
V, Solaris, Free
BSD and all Linux
variants)
Root (full privilege)

Windows NT =

Administrator (full
privilege)
Novell =
Supervisor (full
privilege)
Standard
Password Practices


Create strong password
- At least six characters
- Both uppercase and lowercase letters
- At least one Arabic numeral
- At least one symbol
Implement password policy
- Plan and create a balanced policy
- Write and publish policy
- Train users
Network
Policies







Password aging
Password length
Password history
Account lockout
Share creation
User creation
Local logon
Standard
Operating Procedures





Vendors for operating systems and
software
Upgrading, replacing and maintaining
hardware
Upgrading software (including operating
systems and applications)
Responding to power outages, building
evacuation and hacker intrusion
Acceptable use policy
Summary
 Define authentication
 Explain the share-level and user-level
access security models
 Identify the purposes and functions of
logon accounts, groups and passwords
 Create a network password policy using
standard practices and procedures
Summary (cont’d)
 Discuss permissions issues
 Describe the relationship between
permissions and user profiles
 Use administrative utilities for specific
networks and operating systems
 Identify the permissions needed to add,
delete or modify user accounts
Lesson 5:
Managing Users
in Windows NT
Objectives





Identify the purpose of the Security
Accounts Manager and explain basic
Windows NT domain terminology
Administer users remotely
Enforce system-wide policies
Manage user rights
Create custom user settings
Objectives (cont’d)





View events in event viewer
Establish and manage remote shares
using Server Manager
Convert a FAT drive to NTFS
Enable auditing in Windows NT Server
4.0
Identify accounts used by NT services
The Security
Accounts Manager

Windows NT
domain structure
- Workgroup
- Domain

Windows NT domains
- Primary domain
controller
- Backup domain
controller
-
Member server
User Manager
Features


User menu
- Selects users to administer
- Administers users remotely
Policies menu
- Determines how all accounts on a
domain will behave
User Manager
Features (cont’d)


User rights menu
- Manages user rights
Audit menu
- Logon and logoff
- File and object access
- Use of user rights
- User and group management
- Security policy changes
- Restart, shutdown and system
- Process tracking
Viewing Audit Logs
with Event Viewer

System logs

Security logs

Application logs
Editing and
Customizing User Accounts



Groups
User environment
(home directory,
logon scripts, user
profiles)
Dial-in options
Server
Manager






Monitors users connected to your system
Creates and monitor shares
Establishes alerts
Selects domains and systems to manage
Monitors running services
Monitors, stops and starts services
NTFS vs. FAT
NTFS
FAT and FAT32





User-level and filelevel security on
local and remote
shares

Enhanced auditing
More stability
Requires larger hard
disk formats

Directory-level
security on local
shares
Password-protected
shares
Requires smaller
partition size
Windows NT
Service Accounts



Internet Information Server
Remote Management
Additional accounts may exist,
depending on the services
installed
Summary
 Identify the purpose of the Security
Accounts Manager and explain basic
Windows NT domain terminology
 Administer users remotely
 Enforce system-wide policies
 Manage user rights
 Create custom user settings
Summary
 View events in event viewer
 Establish and manage remote shares using
Server Manager
 Convert a FAT drive to NTFS
 Enable auditing in Windows NT Server 4.0
 Identify accounts used by NT services
Lesson 6:
Managing
Users in Linux
Objectives




Create new accounts on Linux systems
Set password aging policies on Linux
systems
Set up groups for delegation and shared
work
Set account policies in Linux
Manually
Adding Users
File
Purpose






/etc/passwd
/etc/shadow
/etc/logon.defs
Public user database
Shadow password file
Contains default values
Manually
Adding Users (cont’d)
File
Purpose






/etc/default/useradd
/etc/skel
/etc/group
Contains default values
Contains default values
Group file
Linux
User Accounts

Entry of the new
account into a
database

Creation of the
resources the new
account will need
Linux User
Account Properties






User name
User ID number
Primary group ID number
Home directory
Shell program
Password
Automated
Account Creation Tools



Account creation utility
Set of rules that describe default
choices
linuxconf
Password Management
and Account Policies


Password
aging
Password
checking
Groups
Mechanisms for managing access to
files and processes
Linux
System Accounts


Different
subsystems should
run under different
accounts
File protections
should be used to
prevent one
subsystem from
interfering with
resources belonging
to another
Summary
 Create new accounts on Linux systems
 Set password aging policies on Linux
systems
 Set up groups for delegation and shared
work
 Set account policies in Linux
Lesson 7:
Name Resolution
in the LAN with DNS
Objectives







Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Use nslookup
Implement DNS in Windows NT Server 4.0
Implement DNS in Linux
Domain
Name System
Internet service that
converts common host names
into their corresponding
IP addresses
Domain
Name Space

DNS consists of three levels
-
Root
Root
Top
Second
TOP
Second
Second
Accessing Hosts
by DNS Name
The .ciwcertified domain
Possible
resolution to a
top-level
domain, such as
.com
www
host1
www.ciwcertified.com
host1.ciwcertified.com
.research
.research
.sales
research1
research2
research2
research.ciwcertified.com
.dnsresearch
dns1
sales1
sales2
dns2
dnsresearch.research.ciwcertified.com
sales.ciwcertified.com
DNS
Server Types







Root server
Master server
Primary server
Secondary server
Caching and caching-only server
Forwarding server
Slave server
Common
DNS Records







Internet (IN)
Name Server (NS)
Start of Authority (SOA)
Address (A)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Setting Up DNS



Server
Zone file
DNS record
Probing DNS
with Nslookup






Locate name servers
Locate IP addresses
Locate host names
Review various record types
Change servers
List domains
Setting Up DNS
in Windows NT





Installing a master server in Windows NT
Creating a primary DNS server
Creating DNS records for the forward zone
on the primary server
Configuring a Windows NT client
Creating a reverse lookup DNS zone and
associated records for the primary server
Setting Up DNS
in Windows NT (cont’d)





Creating a reverse lookup zone and record
for the primary server loopback address
Configuring an NT DNS server as a
forwarder
Creating a secondary DNS server in NT
Creating reverse lookup zone records on a
Microsoft secondary DNS server
Creating reverse lookup records for the
secondary DNS server loopback address
Making Changes from the
Primary to Secondary Server


Modifying zone transfer frequency
in Windows NT
Implementing the primary DNS server
Notification option on Windows NT
Changing the
Boot Method Option


Boot from registry
Boot from boot file
Named.boot contents
 domain
 directory
 primary (3)
 cache
Windows NT 2000
Server and DNS



Relies on DNS as primary name resolution
option
Offers either Standard DNS or
Dynamic DNS (DDNS)
Is compatible with many other systems
Setting Up
DNS in Linux




Creating DNS configuration files
Configuring a primary DNS server in
Linux
Configuring a Linux system as a DNS
client
Configuring a secondary DNS server on
Linux
Windows
Troubleshooting Utilities




DNS Professional
CyberKit
Professional
Ping Plotter
WS_FTP Ping
ProPack
UNIX
Troubleshooting Utilities






Nslookup
Ping
Traceroute
Dig
Host
Dnswalk
Summary
 Explain the DNS
 Identify DNS components
 List the common DNS record types
 Define reverse DNS lookup
 Use nslookup
 Implement DNS in Windows NT Server 4.0
 Implement DNS in Linux
Lesson 8:
Name Resolution
with WINS and Samba
Objectives




Explain the basics of NetBIOS
Identify additional name resolution options
for LANs and WANs
Implement and manage WINS
Use Samba
Server
Message Blocks





Communicate across networks and
protocols
Establish file and print shares
Execute commands
Perform name resolution
Provide common application programming
interface between server types
NetBIOS
over TCP/IP
NetBIOS runs over TCP/IP much the
same way that SMB runs over TCP/IP
The NetBIOS
Naming Convention

NetBIOS services use UDP ports 137,
138 and TCP port 139
- 137 supports the NetBIOS name
service
- 138 carries the NetBIOS datagram
service
- 139 carries the NetBIOS session
layer
Windows Internet
Naming Service


Handles queries regarding NetBIOS names
and corresponding IP addresses
Uses UDP ports 137 and 138
NetBIOS computer name
(Instructor1)
IP address for
(Instructor1)
Managing WINS






Review and edit entries
Work with local and remote WINS servers
View and sort mappings
Scavenge and backup databases
Edit renewal times
Configure logging
Static
Mapping
Static mapping creates entries in the WINS
database that allow non-WINS clients
 Entries include:
 Unique
 Group
 Domain name
 Internet group
 Multihomed
Replication
-
Push
partner
-
Pull
partner
Configuring
DNS and WINS

DNS and WINS can work together to
allow DNS to retrieve the dynamically
assigned IP address associated with a
particular name
Samba

Samba allows UNIX systems to
participate in Windows networks
- Establishes shares on UNIX hosts
that are accessible to Windows
systems
- Shares printers
- Makes a UNIX system a WINS server
- Makes a UNIX system a WINS client
SWAT

Samba configuration tool
- Home
- Globals
- Shares
- Printers
- Status
- View
- Password
Levels of
Access in Samba



Share-level access
User-level access
Public-level access
- Read-only
- Full access
Summary
 Explain the basics of NetBIOS
 Identify additional name resolution options
for LANs and WANs
 Implement and manage WINS
 Use Samba
Lesson 9:
Implementing
Internet Services
Objectives




Deploy user-level and anonymous FTP
access in Windows NT and UNIX
Install and configure Telnet for Windows
NT and UNIX
Configure finger in UNIX
Control access to UNIX services
File Transfer
Protocol Servers




Application-layer protocol
Uses two ports
- TCP/20
- TCP/21
Passive mode
Normal mode
Anonymous
Accounts



Anonymous accounts in Windows NT
Anonymous accounts in UNIX
Account considerations
Implementing
Microsoft FTP

Microsoft Internet Information Server
(IIS) is the primary way to implement
FTP in Windows FTP
Managing
FTP in IIS




Security Accounts tab
Messages tab
Home Directory tab
Directory Security tab
Creating
Virtual FTP Servers



Dedicated virtual FTP servers
Simple virtual FTP servers
Shared virtual FTP servers
Anonymous
Access in IIS




Analyzing and configuring anonymous
FTP
Controlling access to your FTP site
Customizing your IIS FTP server
Configuring anonymous FTP on UNIX
Telnet


Controls a system from a remote location
Operates on port 23
The inetd
Command





FTP
Telnet
Finger
SWAT
TFTP





Chargen
Daytime
POP3
BOOTP
Echo
Finger

Accesses information about local and
remote users
- Daytime
- Echo
- Chargen
The hosts.allow and
hosts.deny Files

Controls access to
UNIX services
Summary
 Deploy user-level and anonymous FTP
access in Windows NT and UNIX
 Install and configure Telnet for Windows
NT and UNIX
 Configure finger in UNIX
 Control access to UNIX services
Internet
System Management
 Systems and Services Review
 Internet System Installation and
Configuration Issues
 Configuring the System
 User Management Essentials
 Managing Users in Windows NT
Internet
System Management
 Managing Users in Linux
 Name Resolution in the LAN with DNS
 Name Resolution with WINS and Samba
 Implementing Internet Services