(IN) Name Server

Download Report

Transcript (IN) Name Server

Internet System
Management
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:
IT Systems and
Services Overview
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• List the services offered by IT departments
• Identify backbone and mission-critical
services offered by IT departments
• Discuss the concepts of system maintenance
Common IT
Tasks and Services
•
•
•
•
•
•
System and service installation
Web server configuration
FTP server configuration and management
Name resolution configuration
E-mail server installation and support
E-commerce server installation and support
Common IT Tasks
and Services (cont’d)
•
•
•
•
•
•
Database server installation and support
User management
Server monitoring and optimization
File backup
Routing
Establishing and managing shares
Backbone
Services
•
•
•
•
•
Naming services
Address management
Directory services
Central logon
Routing
Mission-Critical Services
• Mission-critical services are highly visible
• Users rely on mission-critical services
• Examples
– Mail servers
– Web servers
– FTP servers
– Middleware
System
Configuration
• Binding protocols
to the network
interface card
• Protocol
management
• Addressing
• Gateways
• Name resolution
configuration
• Service and
application
installation and
management
• IP addressing
User
Management
•
•
•
•
•
•
•
•
Adding and removing users
Using applications
Managing permissions
Group membership
Password aging
Account lockout
Password history
Controlled access
System
Performance
•
•
•
•
•
Bandwidth and access rate issues
System I/O performance
Hard drive access statistics
CPU usage
RAM usage
Backup
• Archiving user-created files
• Keeping copies of entire operating systems
• Storing changes to databases and other data
stores
• Off-site storage
Maintenance
• Upgrading operating systems
• Installing service packs and hot fixes
• Upgrading services, including Web and
e-mail servers
• Scanning hard drives for errors
• Upgrading hard drives to provide more
storage capacity
Summary
 List the services offered by IT departments
 Identify backbone and mission-critical
services offered by IT departments
 Discuss the concepts of system maintenance
Lesson 2:
Internet System Installation
and Configuration Issues
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Identify common hardware platforms
• Describe capabilities of various platform
components
• Define bandwidth and throughput
• Identify common network operating systems
• Determine the ideal operating system for a
given environment
• Discuss system installation issues
System
Elements
•
•
•
•
•
Bus speed
System I/O
NIC
Hard drive
RAM
Bandwidth
• The total amount of information a network
connection can carry
• Network connections
– T1
– Fractional T1
– T2
– T3
– ISDN
– DSL
Calculating
Throughput
• A percentage of bandwidth; the amount a
network connection is being used
• Throughput elements
– Connection speed
– Amount of information
– Time available for transfer
Internetworking
Operating Systems
•
•
•
•
•
•
Microsoft Windows
UNIX
Linux
System V
Novell
X-Window
Operating
System Issues
• Ease of use
• Platform stability
• Available talent pool
• Available technical support
Operating
System Issues (cont’d)
• Cost
• Hardware costs
• Availability of services and applications
• Purpose for the server
Installing Network
Operating Systems
•
•
•
•
Single-boot and dual-boot machines
Local and network installation
Hardware considerations
Listing system components
Summary
 Identify common hardware platforms
 Describe capabilities of various platform
components
 Define bandwidth and throughput
 Identify common network operating systems
 Determine the ideal operating system for a
given environment
 Discuss system installation issues
Lesson 3:
Configuring
the System
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• List key TCP/IP configuration parameters
• Add NICs in Windows 2000 and Linux
• Configure Windows 2000 with static IP
addresses
• Configure Linux with static IP addresses
• Describe how DHCP works
TCP/IP
Configuration Parameters
•
•
•
•
•
•
•
Computer name
IP address
Subnet mask
Default gateway
DNS information
DHCP client information
WINS
Adapters
• Adding network adapter device drivers in UNIX/Linux
• Adding network adapter device drivers in Windows
2000
• Binding device drivers to protocols in Windows 2000
Device Drivers (NIC)
Static
Addressing
Linux
• ifconfig
• ifup
• ifdown
• linuxconf
• netcfg
• dmesg
• grep
Windows 2000
• ipconfig
Additional TCP/IP
Issues and Commands
•
•
•
•
netstat
traceroute
router
arp
Dynamic
Addressing
DHCP lease process
D is c o v e r
O f fe r
Request
A c k n o w le d g m e n t
Summary
 List key TCP/IP configuration parameters
 Add NICs in Windows 2000 and Linux
 Configure Windows 2000 with static IP
addresses
 Configure Linux with static IP addresses
 Describe how DHCP works
Lesson 4:
User
Management Essentials
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Define authentication
• Explain the share-level and user-level access
security models
• Identify the purposes and functions of logon
accounts, groups and passwords
• Create a network password policy using
standard practices and procedures
Objectives
(cont’d)
• Discuss permissions issues
• Describe the relationship between
permissions and user profiles
• Use administrative utilities for specific
networks and operating systems
• Identify the permissions needed to add, delete
or modify user accounts
Authentication
• What you know
• What you have
• Who you are
Security Models
and Authentication
Peer-level
Access
text
User-level
Access
Peer-Level Access
Athena
Aphrodite
Hermes
Printer
Apollo
Ares
User-Level Access
Athena
Aphrodite
Hermes
Printer B
Printer A
User Accounts
Database
Apollo
Ares
Peer-Level
vs. User-Level
Peer-level
• Less expensive
• Easier to implement
• Less secure
• Less control over
file and resource
management
• Not scalable
User-level
• Increased security
• Supports larger
number of users
• Increased control
• Offers system logs
• Grows with
organizational needs
Creating
User Accounts
•
•
•
•
•
User name
Password
Group associations
Permissions
Additional options
Permissions
•
•
•
•
Read
Write
Execute
Print
Print
Server
Print
Write
Read
Print
Server
Write
Exec.
User Accounts
Database
Printer
Windows 2000
Permissions
•
•
•
•
Full control
Change
Read
No access
UNIX
Permissions
Access Value Bit
• 7
• 6
• 5
• 4
• 3
• 2
• 1
• 0
Access Value Bit Meaning
Read, write and execute
Read and write
Read and execute
Read only
Write and execute
Write
Execute
No mode bits (access absent)
Novell
Rights
• Supervisor
• Create
• Read
• File scan
• Write
• Access control
• Erase
• No access
• Modify
Additional Logon
Account Terms
•
•
•
•
Logon scripts
Home directories
Local profiles
Roaming profiles
Administrative
Privileges
• UNIX =
(including System V,
Solaris, Free BSD
and all Linux
variants)
Root (full privilege)
• Windows =
Administrator (full
privilege)
Supervisor (full
privilege)
• Novell =
Standard
Password Practices
• Create strong password
– At least six characters
– Both uppercase and lowercase letters
– At least one Arabic numeral
– At least one symbol
• Implement password policy
– Plan and create a balanced policy
– Write and publish policy
– Train users
Network
Security Policies
•
•
•
•
•
•
•
Password aging
Password length
Password history
Account lockout
Share creation
User creation
Local logon
Standard
Operating Procedures
• Vendors for operating systems and software
• Upgrading, replacing and maintaining
hardware
• Upgrading software (including operating
systems and applications)
• Responding to power outages, building
evacuation and hacker intrusion
• Acceptable use policy
Summary
 Define authentication
 Explain the share-level and user-level access
security models
 Identify the purposes and functions of logon
accounts, groups and passwords
 Create a network password policy using
standard practices and procedures
Summary (cont’d)
 Discuss permissions issues
 Describe the relationship between
permissions and user profiles
 Use administrative utilities for specific
networks and operating systems
 Identify the permissions needed to add, delete
or modify user accounts
Lesson 5:
Managing Users
in Windows 2000
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Identify the purpose of the Windows 2000
Security Accounts Manager
• Administer remote Windows 2000 systems
and users
• Enforce systemwide policies
• Convert a FAT drive to NTFS
• Enable auditing in Windows 2000 Server
• View local and remote events in Event Viewer
Objectives (cont’d)
•
•
•
•
Manage file and directory ownership
Manage user rights
Enable custom user settings
Identify accounts used by Windows 2000
services
The Security
Accounts Manager
• Sam
– A collection of processes and files used by
Windows 2000 to authenticate users
– Located at C:\winnt\system32\config
The Computer
Management Snap-in
• Managing users on a remote system
Local
Security Settings
• Start | Programs | Administrative Tools |
Local Security Policy
– Configure account policies
– Establish auditing
– Change default user-rights settings
– Alter default settings for system
peripherals and auditing options
– Determine public-key encryption and IP
security policies
Auditing,
Ownership and Rights
• Audit policy
• User rights
• Security options
Editing and
Customizing User Accounts
• Groups
• User environment
(home directory,
logon scripts, user
profiles)
• Dial-in options
Windows 2000
Services and User Accounts
•
•
•
•
IIS
Remote Management
Terminal Services
NetShow Video Server
Summary
 Identify the purpose of the Windows 2000
Security Accounts Manager
 Administer remote Windows 2000 systems
and users
 Enforce systemwide policies
 Convert a FAT drive to NTFS
 Enable auditing in Windows 2000 Server
 View local and remote events in Event Viewer
Summary




(cont’d)
Manage file and directory ownership
Manage user rights
Enable custom user settings
Identify accounts used by Windows 2000
services
Lesson 6:
Managing
Users in Linux
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
•
Create new accounts on Linux systems
Set password aging policies on Linux systems
Set account policies in Linux
View user accounts used by system daemons
Explain run levels
Use ntsysv and chkconfig
Manually
Adding Users
File
Purpose
• /etc/passwd
• /etc/shadow
• /etc/logon.defs
 Public user database
 Shadow password file
 Contains default values
Manually
Adding Users (cont’d)
File
Purpose
• /etc/default/useradd
• /etc/skel
• /etc/group
 Contains default values
 Contains default values
 Group file
Linux
User Accounts
• Entry of the new
account into a
database
• Creation of the
resources the new
account will need
Linux User
Account Properties
•
•
•
•
•
•
User name
User ID number
Primary group ID number
Home directory
Shell program
Password
Pluggable
Authentication Modules
• The password file
• The shadow password file
• Creating and preparing home
directories
• Account creation utility
• linuxconf
Password Management
and Account Policies
• Password
aging
• Password checking
Groups
Mechanisms for managing access to
files and processes
Linux
System Accounts
• Different
subsystems should
run under different
accounts
• File protections
should be used to
prevent one
subsystem from
interfering with
resources belonging
to another
Run Levels,
ntsysv and chkconfig
•
•
•
•
The /etc/inittab file
The /etc/rc.d/ directory
The ntsysv command
The chkconfig command
Summary






Create new accounts on Linux systems
Set password aging policies on Linux systems
Set account policies in Linux
View user accounts used by system daemons
Explain run levels
Use ntsysv and chkconfig
Lesson 7:
Name Resolution
in LANs with DNS
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
•
•
Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Implement DNS in Windows 2000 and Linux
Deploy DDNS
Use nslookup
The Domain
Name System
Internet service that
converts common host names
into their corresponding
IP addresses
The Domain
Name Space
• DNS consists of three levels
– Root
– Top
Root
– Second
TOP
Second
Second
Accessing Hosts
by DNS Name
The .ciwcertified domain
Possible
resolution to a
top-level
domain, such as
.com
www
host1
www.ciwcertified.com
host1.ciwcertified.com
.research
.research
.sales
research1
research2
research2
research.ciwcertified.com
.dnsresearch
dns1
sales1
sales2
dns2
dnsresearch.research.ciwcertified.com
sales.ciwcertified.com
DNS
Server Types
•
•
•
•
•
Root server
Master (or primary) server
Slave (or secondary) server
Caching-only server
Forwarding server
Common
DNS Records
•
•
•
•
•
•
•
Internet (IN)
Name Server (NS)
Start of Authority (SOA)
Address (A)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Setting Up DNS
• Server
• Zone file
• DNS record
Probing DNS
with Nslookup
•
•
•
•
•
•
Locate name servers
Locate IP addresses
Locate host names
Review various record types
Change servers
List domains
Configuring DNS
in Windows 2000
• Dynamic DNS
– DNS record aging and scavenging
• SOA field
• WINS
• Zone transfers
Understanding BIND
• BIND 4
• BIND 8.x
• BIND 9.x
Setting Up
DNS in Linux
• The named.conf file
(BIND versions 8 and 9)
• The named.ca file
• The named.local file
• The forward zone file
• The reverse zone file
Troubleshooting DNS
• DNS Professional
• CyberKit
Professional
• Ping Plotter
• WS_FTP Ping
ProPack
Summary







Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Implement DNS in Windows 2000 and Linux
Deploy DDNS
Use nslookup
Lesson 8:
Name Resolution
with WINS and Samba
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain the basics of NetBIOS
• Identify additional name resolution options for
LANs and WANs
• Implement and manage WINS
• Use Samba to create a WINS server in UNIX
• Configure Samba systems to use Windows
2000 authentication
• Create and manage shares using Samba
NetBIOS
over TCP/IP
NetBIOS runs over TCP/IP much the
same way that SMB runs over TCP/IP
The NetBIOS
Naming Convention
• NetBIOS services use UDP ports 137 and
138 and TCP port 139
– 137 supports the NetBIOS name service
– 138 carries the NetBIOS datagram
service
– 139 carries the NetBIOS session layer
Windows Internet
Naming Service
• Handles queries regarding NetBIOS names
and corresponding IP addresses
• Uses UDP ports 137 and 138
NetBIOS computer name
(Instructor1)
IP address for
(Instructor1)
Managing WINS
• Scavenging and backup
– Scheduling queue
Static
Mapping
Static mapping creates entries in the WINS
database that allow non-WINS clients
• Entries include
– Unique
– Group
– Domain name
– Internet group
– Multihomed
Replication
– Push
partner
– Pull
partner
Configuring
DNS and WINS
• DNS and WINS can work together to allow
DNS to retrieve the dynamically assigned IP
address associated with a particular name
Samba
• Samba allows UNIX systems to participate
in Windows networks
– Establishes shares on UNIX hosts that
are accessible to Windows systems
– Shares printers
– Makes a UNIX system a WINS server
– Makes a UNIX system a WINS client
SWAT
• Samba configuration tool
– Home
– Globals
– Shares
– Printers
– Status
– View
– Password
Samba
and WINS
• Creating a WINS client
• Troubleshooting WINS in UNIX systems
Samba
Share Clients
• Windows
– Network Neighborhood applet
– Windows Explorer Map Network Drive utility
• Linux
– The smbclient program
– The smbmount program
Interoperability Issues
• Encrypting Samba passwords
– The smb.conf file
– The smbadduser command
– The smbpasswd command
– Registry changes
Summary
 Explain the basics of NetBIOS
 Identify additional name resolution options for
LANs and WANs
 Implement and manage WINS
 Use Samba to create a WINS server in UNIX
 Configure Samba systems to use Windows
2000 authentication
 Create and manage shares using Samba
Lesson 9:
Implementing
Internet Services
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Deploy user-level and anonymous FTP access
in Windows 2000 and Linux
• Describe standard and passive FTP
• Configure Telnet for Windows 2000 and Linux
• Configure finger in Linux
• Control access to Linux services
File Transfer
Protocol Servers
• Application-layer protocol
• Uses two ports
– TCP/20
– TCP/21
• Passive mode
• Normal mode
Anonymous
Accounts
• Anonymous accounts in Windows NT
• Anonymous accounts in UNIX
• Account considerations
Implementing
Microsoft FTP
• Microsoft Internet Information Server
(IIS) is the primary way to implement
FTP in Windows FTP
Managing
FTP in IIS
•
•
•
•
Security Accounts tab
Messages tab
Home Directory tab
Directory Security tab
Creating
Virtual FTP Servers
• Dedicated virtual FTP servers
• Simple virtual FTP servers
• Shared virtual FTP servers
Anonymous
Access in IIS
•
•
•
•
Analyzing and configuring anonymous FTP
Controlling access to your FTP site
Customizing your IIS FTP server
Configuring anonymous FTP on UNIX
Telnet
• Controls a system from a remote location
• Operates on port 23
Xinetd
•
•
•
•
•
FTP
Telnet
Finger
SWAT
TFTP
•
•
•
•
•
Chargen
Daytime
POP3
BOOTP
Echo
Finger
• Accesses information about local and
remote users
– Daytime
– Echo
– Chargen
The hosts.allow and
hosts.deny Files
• Controls access to
UNIX services
Summary
 Deploy user-level and anonymous FTP access
in Windows NT and UNIX
 Install and configure Telnet for Windows 2000
and UNIX
 Configure finger in UNIX
 Control access to UNIX services
Internet
System Management
 IT Systems and Services Overview
 Internet System Installation and Configuration
Issues
 Configuring the System
 User Management Essentials
 Managing Users in Windows 2000
Internet
System Management




Managing Users in Linux
Name Resolution in LANs with DNS
Name Resolution with WINS and Samba
Implementing Internet Services