Linux Networking and Security
Download
Report
Transcript Linux Networking and Security
Linux Networking and
Security
Chapter 3
1
Configuring Client Services
Configure DNS name resolution
Configure dial-up network access using PPP
Understand client services such as DHCP and LDAP
Use remote graphical applications and remote dial-up
authentication
Use common client tools such as Linux Web browsers
and email clients
2
Setting Up Name Resolution
The domain name service (DNS) is implemented by a
domain name server
The term domain name refers to the name of multiple hosts on
the Internet that are collectively referred to
The most widely known top-level domain is .com
Within a top-level domain, an organization has its own domain or
domains
Network hosts are given names called hostnames
A fully qualified domain name (FQDN) combines a hostname
with the name of its domain
3
Setting Up Name Resolution
4
Configuring the DNS Resolver
Manually
The resolver is the client part of DNS
It makes requests to a DNS server so that other workstation
programs can use the IP address of a given server to make a
network connection
The resolver is configured by a single file in Linux:
/etc/resolv.conf
Configure the resolver by storing the IP address of one or more
DNS servers in the resolv.conf file, proceeded by the keyword
nameserver
5
The hosts File
Another way to convert an IP address to a domain name
is store the IP address and corresponding domain
names in a text file called /etc/hosts on your host
The /etc/hosts.conf or /etc/nsswitch.conf files determine
the order in which the resolver looks to various sources
to resolve IP addresses
6
Configuring the DNS Resolver
Graphically
7
Configuring the DNS Resolver
Graphically
8
Configuring the DNS Resolver
Graphically
9
Configuring the DNS Resolver
Graphically
10
Dial-up Network Access
Using PPP
PPP is widely used to connect to the Internet via modem
PPP includes feature that make it more secure, flexible, and
dependable than terminal emulation
In reality, PPP was not very secure and was challenging to
configure and manage
Two advances improve PPP security:
Password Authentication Protocol (PAP) stores user data in a file
that only the root user accesses
Challenge Handshake Authentication Protocol (CHAP) is the
most secure PPP option
11
PPP Connections
Text-mode utility wvdial is designed to ease the difficulty
of working with PPP
Red Hat Linux uses a utility called rp3
Used from a command line on a server
This is a wizard-driven graphical utility
The Linux KDE graphical environment uses a utility
called KPPP
diald automates PPP
difficult to use and challenging to set up
12
PPP Connections
13
PPP Connections
14
Using DHCP
Dynamic Host Configuration Protocol (DHCP) allows the
configuration of a service that hands out IP addresses to
network clients
DHCP can drastically reduce the administration needs of a
network
The DHCP server is installed by default on many Linux systems
Configuration of DHCP involves creating an /etc/dhcpd.conf file
15
Using DHCP
16
Understanding LDAP
The Lightweight Directory Access Protocol (LDAP)
provides a directory service that lets users query a
database of network resource information
LDAP directories are organized as inverted trees of information
To use a directory, client software allows traversal of the tree,
looking for the needed data
Objects in the tree are referred to using a formalized set of
identifiers
17
Understanding LDAP
18
Understanding LDAP
19
Running Applications Remotely
20
Running Applications Remotely
Before an X client can display its windows on a remote
host, the remote host must be configured to allow others
to use its X server
To use xhost Authentication, include the hostname of the
computer that will be allowed to display
xauth Authentication is more secure than xhost since it employs
the use of a cookie
XDMCP for Remote Graphical Terminals
lets users on remote X servers obtain a graphical login screen
and begin using X clients on Linux
21
Running Applications Remotely
Using r-Utilities for Remote Execution
Allow a user to learn about or execute a program on another
host
The r-utilities are not secure
Using UUCP for Remote Access
Provides transfer of email over modem between multiple email
servers
22
Running Applications Remotely
23
Web and Mail Clients
Popular Linux Browsers
Lynx is a text-based browser that is installed by default on many
popular Linux distributions
Netscape Communicator on Linux is similar to Netscape on
Windows
Mozilla is included as the default on Red Hat Linux on the
Gnome desktop
Other browsers: Opera, dillo, Galeon, SkipStone
24
Popular Linux Browsers
25
Understanding Email
Email is transferred on the Internet via the Simple Mail
Transport Protocol (SMTP)
Email-related programs are divided into three categories:
Mail Transfer Agent (MTA) - moves email messages from one
server to another
Mail Delivery Agent (MDA) - places email in a user’s mailbox
Mail User Agent (MUA) - displays and manages email messages
for a user
26
Understanding Email
On every Linux system, user accounts have associated
email accounts and email is placed in the /var/spool/mail
directory
Email is typically retrieved using a MUA in one of three
ways:
Post Office Protocol (POP3) - via a POP3 server downloads
messages to the computer
Internet Mail Access Protocol (IMAP) - views messages on the
remote server
Web browser
27
Understanding Email
Using an Email Filter: Procmail
Procmail is a special MDA acts as a filter and processes email
based on user-defined criteria
Difficult to configure, but worth the effort if a large number of
incoming messages are regularly received
Is installed by default on many Linux systems
Checks for both a system-wide configuration file /etc/procmailrc
and per-user .procmailrc
These files can contain recipes, or formulas for examining email
messages and taking an action
28
Linux Email Clients
29
Linux Email Clients
30
Chapter Summary
The client portion of the domain name service is called a
resolver
A fully qualified domain name (FQDN) consists of a hostname
plus the domain of which the host is part
PPP is a popular method of making network connections via
modem
PPP security is provided by the Password Authentication (PAP)
and Challenge Handshake Authentication (CHAP) protocols
The wvdial utility can configure and manage a PPP connection
from the command line
31
Chapter Summary
The diald program automates use of a dial-up connection via
PPP, automatically connecting and disconnecting based on
traffic
The Dynamic Host Configuration Protocol (DHCP) allows clients
to configure IP networking automatically by receiving network
address information from a DHCP server
Most versions of Linux include the dhcpd server and at least one
of the three common DHCP clients
The Lightweight Directory Access Protocol (LDAP) provides a
directory service that lets users query a worldwide database for
information on resources
32
Chapter Summary
The OpenLDAP server is provided with most Linux distributions
X can execute graphical programs remotely by referring to the
DISPLAY variable or the --display command line option
XDMCP lets users on remote X servers obtain a graphical login
screen and begin using X clients on Linux without first logging
into Linux via Telnet
The r-utilities provide a convenient way to execute commands
on, or copy files between, remote hosts when working in a
trusted network environment
33
Chapter Summary
The Unix to Unix Copy (UUCP) protocol was designed to
facilitate inexpensive transfers of email messages between
servers in the days before Internet connectivity was widespread
Many Web browsers are available for Linux, with the most
popular being the text-mode browser Lynx and graphical
browsers Mozilla and Netscape
Internet email relies on a Mail Transfer Agent (MTA) to move
messages between hosts; a Mail Delivery Agent (MDA) may
process mail as it is delivered to a user’s mailbox; and a Mail
User Agent MUA is relied upon in order for a user to read and
send messages
34
Chapter Summary
MUAs can either read local mail files, or can use the POP3 or
IMAP protocols to retrieve messages from a central server
The Procmail program processes email messages using recipes
which provide automatic message management
Many other Linux email clients are popular: elm and pine,
fetchmail, Kmail and Balsa
35