Internet System Management Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 1: IT Systems and Services Overview Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • List the services offered by IT departments • Identify backbone and mission-critical services offered by IT departments • Discuss the concepts of system maintenance Common IT Tasks and Services • • • • • • System and service installation Web server configuration FTP server configuration and management Name resolution configuration E-mail server installation and support E-commerce server installation and support Common IT Tasks and Services (cont’d) • • • • • • Database server installation and support User management Server monitoring and optimization File backup Routing Establishing and managing shares Backbone Services • • • • • Naming services Address management Directory services Central logon Routing Mission-Critical Services • Mission-critical services are highly visible • Users rely on mission-critical services • Examples – Mail servers – Web servers – FTP servers – Middleware System Configuration • Binding protocols to the network interface card • Protocol management • Addressing • Gateways • Name resolution configuration • Service and application installation and management • IP addressing User Management • • • • • • • • Adding and removing users Using applications Managing permissions Group membership Password aging Account lockout Password history Controlled access System Performance • • • • • Bandwidth and access rate issues System I/O performance Hard drive access statistics CPU usage RAM usage Backup • Archiving user-created files • Keeping copies of entire operating systems • Storing changes to databases and other data stores • Off-site storage Maintenance • Upgrading operating systems • Installing service packs and hot fixes • Upgrading services, including Web and e-mail servers • Scanning hard drives for errors • Upgrading hard drives to provide more storage capacity Summary List the services offered by IT departments Identify backbone and mission-critical services offered by IT departments Discuss the concepts of system maintenance Lesson 2: Internet System Installation and Configuration Issues Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Identify common hardware platforms • Describe capabilities of various platform components • Define bandwidth and throughput • Identify common network operating systems • Determine the ideal operating system for a given environment • Discuss system installation issues System Elements • • • • • Bus speed System I/O NIC Hard drive RAM Bandwidth • The total amount of information a network connection can carry • Network connections – T1 – Fractional T1 – T2 – T3 – ISDN – DSL Calculating Throughput • A percentage of bandwidth; the amount a network connection is being used • Throughput elements – Connection speed – Amount of information – Time available for transfer Internetworking Operating Systems • • • • • • Microsoft Windows UNIX Linux System V Novell X-Window Operating System Issues • Ease of use • Platform stability • Available talent pool • Available technical support Operating System Issues (cont’d) • Cost • Hardware costs • Availability of services and applications • Purpose for the server Installing Network Operating Systems • • • • Single-boot and dual-boot machines Local and network installation Hardware considerations Listing system components Summary Identify common hardware platforms Describe capabilities of various platform components Define bandwidth and throughput Identify common network operating systems Determine the ideal operating system for a given environment Discuss system installation issues Lesson 3: Configuring the System Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • List key TCP/IP configuration parameters • Add NICs in Windows 2000 and Linux • Configure Windows 2000 with static IP addresses • Configure Linux with static IP addresses • Describe how DHCP works TCP/IP Configuration Parameters • • • • • • • Computer name IP address Subnet mask Default gateway DNS information DHCP client information WINS Adapters • Adding network adapter device drivers in UNIX/Linux • Adding network adapter device drivers in Windows 2000 • Binding device drivers to protocols in Windows 2000 Device Drivers (NIC) Static Addressing Linux • ifconfig • ifup • ifdown • linuxconf • netcfg • dmesg • grep Windows 2000 • ipconfig Additional TCP/IP Issues and Commands • • • • netstat traceroute router arp Dynamic Addressing DHCP lease process D is c o v e r O f fe r Request A c k n o w le d g m e n t Summary List key TCP/IP configuration parameters Add NICs in Windows 2000 and Linux Configure Windows 2000 with static IP addresses Configure Linux with static IP addresses Describe how DHCP works Lesson 4: User Management Essentials Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Define authentication • Explain the share-level and user-level access security models • Identify the purposes and functions of logon accounts, groups and passwords • Create a network password policy using standard practices and procedures Objectives (cont’d) • Discuss permissions issues • Describe the relationship between permissions and user profiles • Use administrative utilities for specific networks and operating systems • Identify the permissions needed to add, delete or modify user accounts Authentication • What you know • What you have • Who you are Security Models and Authentication Peer-level Access text User-level Access Peer-Level Access Athena Aphrodite Hermes Printer Apollo Ares User-Level Access Athena Aphrodite Hermes Printer B Printer A User Accounts Database Apollo Ares Peer-Level vs. User-Level Peer-level • Less expensive • Easier to implement • Less secure • Less control over file and resource management • Not scalable User-level • Increased security • Supports larger number of users • Increased control • Offers system logs • Grows with organizational needs Creating User Accounts • • • • • User name Password Group associations Permissions Additional options Permissions • • • • Read Write Execute Print Print Server Print Write Read Print Server Write Exec. User Accounts Database Printer Windows 2000 Permissions • • • • Full control Change Read No access UNIX Permissions Access Value Bit • 7 • 6 • 5 • 4 • 3 • 2 • 1 • 0 Access Value Bit Meaning Read, write and execute Read and write Read and execute Read only Write and execute Write Execute No mode bits (access absent) Novell Rights • Supervisor • Create • Read • File scan • Write • Access control • Erase • No access • Modify Additional Logon Account Terms • • • • Logon scripts Home directories Local profiles Roaming profiles Administrative Privileges • UNIX = (including System V, Solaris, Free BSD and all Linux variants) Root (full privilege) • Windows = Administrator (full privilege) Supervisor (full privilege) • Novell = Standard Password Practices • Create strong password – At least six characters – Both uppercase and lowercase letters – At least one Arabic numeral – At least one symbol • Implement password policy – Plan and create a balanced policy – Write and publish policy – Train users Network Security Policies • • • • • • • Password aging Password length Password history Account lockout Share creation User creation Local logon Standard Operating Procedures • Vendors for operating systems and software • Upgrading, replacing and maintaining hardware • Upgrading software (including operating systems and applications) • Responding to power outages, building evacuation and hacker intrusion • Acceptable use policy Summary Define authentication Explain the share-level and user-level access security models Identify the purposes and functions of logon accounts, groups and passwords Create a network password policy using standard practices and procedures Summary (cont’d) Discuss permissions issues Describe the relationship between permissions and user profiles Use administrative utilities for specific networks and operating systems Identify the permissions needed to add, delete or modify user accounts Lesson 5: Managing Users in Windows 2000 Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Identify the purpose of the Windows 2000 Security Accounts Manager • Administer remote Windows 2000 systems and users • Enforce systemwide policies • Convert a FAT drive to NTFS • Enable auditing in Windows 2000 Server • View local and remote events in Event Viewer Objectives (cont’d) • • • • Manage file and directory ownership Manage user rights Enable custom user settings Identify accounts used by Windows 2000 services The Security Accounts Manager • Sam – A collection of processes and files used by Windows 2000 to authenticate users – Located at C:\winnt\system32\config The Computer Management Snap-in • Managing users on a remote system Local Security Settings • Start | Programs | Administrative Tools | Local Security Policy – Configure account policies – Establish auditing – Change default user-rights settings – Alter default settings for system peripherals and auditing options – Determine public-key encryption and IP security policies Auditing, Ownership and Rights • Audit policy • User rights • Security options Editing and Customizing User Accounts • Groups • User environment (home directory, logon scripts, user profiles) • Dial-in options Windows 2000 Services and User Accounts • • • • IIS Remote Management Terminal Services NetShow Video Server Summary Identify the purpose of the Windows 2000 Security Accounts Manager Administer remote Windows 2000 systems and users Enforce systemwide policies Convert a FAT drive to NTFS Enable auditing in Windows 2000 Server View local and remote events in Event Viewer Summary (cont’d) Manage file and directory ownership Manage user rights Enable custom user settings Identify accounts used by Windows 2000 services Lesson 6: Managing Users in Linux Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • • • • • • Create new accounts on Linux systems Set password aging policies on Linux systems Set account policies in Linux View user accounts used by system daemons Explain run levels Use ntsysv and chkconfig Manually Adding Users File Purpose • /etc/passwd • /etc/shadow • /etc/logon.defs Public user database Shadow password file Contains default values Manually Adding Users (cont’d) File Purpose • /etc/default/useradd • /etc/skel • /etc/group Contains default values Contains default values Group file Linux User Accounts • Entry of the new account into a database • Creation of the resources the new account will need Linux User Account Properties • • • • • • User name User ID number Primary group ID number Home directory Shell program Password Pluggable Authentication Modules • The password file • The shadow password file • Creating and preparing home directories • Account creation utility • linuxconf Password Management and Account Policies • Password aging • Password checking Groups Mechanisms for managing access to files and processes Linux System Accounts • Different subsystems should run under different accounts • File protections should be used to prevent one subsystem from interfering with resources belonging to another Run Levels, ntsysv and chkconfig • • • • The /etc/inittab file The /etc/rc.d/ directory The ntsysv command The chkconfig command Summary Create new accounts on Linux systems Set password aging policies on Linux systems Set account policies in Linux View user accounts used by system daemons Explain run levels Use ntsysv and chkconfig Lesson 7: Name Resolution in LANs with DNS Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • • • • • • • Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Implement DNS in Windows 2000 and Linux Deploy DDNS Use nslookup The Domain Name System Internet service that converts common host names into their corresponding IP addresses The Domain Name Space • DNS consists of three levels – Root – Top Root – Second TOP Second Second Accessing Hosts by DNS Name The .ciwcertified domain Possible resolution to a top-level domain, such as .com www host1 www.ciwcertified.com host1.ciwcertified.com .research .research .sales research1 research2 research2 research.ciwcertified.com .dnsresearch dns1 sales1 sales2 dns2 dnsresearch.research.ciwcertified.com sales.ciwcertified.com DNS Server Types • • • • • Root server Master (or primary) server Slave (or secondary) server Caching-only server Forwarding server Common DNS Records • • • • • • • Internet (IN) Name Server (NS) Start of Authority (SOA) Address (A) Canonical Name (CNAME) Mail Exchanger (MX) Pointer (PTR) Setting Up DNS • Server • Zone file • DNS record Probing DNS with Nslookup • • • • • • Locate name servers Locate IP addresses Locate host names Review various record types Change servers List domains Configuring DNS in Windows 2000 • Dynamic DNS – DNS record aging and scavenging • SOA field • WINS • Zone transfers Understanding BIND • BIND 4 • BIND 8.x • BIND 9.x Setting Up DNS in Linux • The named.conf file (BIND versions 8 and 9) • The named.ca file • The named.local file • The forward zone file • The reverse zone file Troubleshooting DNS • DNS Professional • CyberKit Professional • Ping Plotter • WS_FTP Ping ProPack Summary Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Implement DNS in Windows 2000 and Linux Deploy DDNS Use nslookup Lesson 8: Name Resolution with WINS and Samba Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Explain the basics of NetBIOS • Identify additional name resolution options for LANs and WANs • Implement and manage WINS • Use Samba to create a WINS server in UNIX • Configure Samba systems to use Windows 2000 authentication • Create and manage shares using Samba NetBIOS over TCP/IP NetBIOS runs over TCP/IP much the same way that SMB runs over TCP/IP The NetBIOS Naming Convention • NetBIOS services use UDP ports 137 and 138 and TCP port 139 – 137 supports the NetBIOS name service – 138 carries the NetBIOS datagram service – 139 carries the NetBIOS session layer Windows Internet Naming Service • Handles queries regarding NetBIOS names and corresponding IP addresses • Uses UDP ports 137 and 138 NetBIOS computer name (Instructor1) IP address for (Instructor1) Managing WINS • Scavenging and backup – Scheduling queue Static Mapping Static mapping creates entries in the WINS database that allow non-WINS clients • Entries include – Unique – Group – Domain name – Internet group – Multihomed Replication – Push partner – Pull partner Configuring DNS and WINS • DNS and WINS can work together to allow DNS to retrieve the dynamically assigned IP address associated with a particular name Samba • Samba allows UNIX systems to participate in Windows networks – Establishes shares on UNIX hosts that are accessible to Windows systems – Shares printers – Makes a UNIX system a WINS server – Makes a UNIX system a WINS client SWAT • Samba configuration tool – Home – Globals – Shares – Printers – Status – View – Password Samba and WINS • Creating a WINS client • Troubleshooting WINS in UNIX systems Samba Share Clients • Windows – Network Neighborhood applet – Windows Explorer Map Network Drive utility • Linux – The smbclient program – The smbmount program Interoperability Issues • Encrypting Samba passwords – The smb.conf file – The smbadduser command – The smbpasswd command – Registry changes Summary Explain the basics of NetBIOS Identify additional name resolution options for LANs and WANs Implement and manage WINS Use Samba to create a WINS server in UNIX Configure Samba systems to use Windows 2000 authentication Create and manage shares using Samba Lesson 9: Implementing Internet Services Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Deploy user-level and anonymous FTP access in Windows 2000 and Linux • Describe standard and passive FTP • Configure Telnet for Windows 2000 and Linux • Configure finger in Linux • Control access to Linux services File Transfer Protocol Servers • Application-layer protocol • Uses two ports – TCP/20 – TCP/21 • Passive mode • Normal mode Anonymous Accounts • Anonymous accounts in Windows NT • Anonymous accounts in UNIX • Account considerations Implementing Microsoft FTP • Microsoft Internet Information Server (IIS) is the primary way to implement FTP in Windows FTP Managing FTP in IIS • • • • Security Accounts tab Messages tab Home Directory tab Directory Security tab Creating Virtual FTP Servers • Dedicated virtual FTP servers • Simple virtual FTP servers • Shared virtual FTP servers Anonymous Access in IIS • • • • Analyzing and configuring anonymous FTP Controlling access to your FTP site Customizing your IIS FTP server Configuring anonymous FTP on UNIX Telnet • Controls a system from a remote location • Operates on port 23 Xinetd • • • • • FTP Telnet Finger SWAT TFTP • • • • • Chargen Daytime POP3 BOOTP Echo Finger • Accesses information about local and remote users – Daytime – Echo – Chargen The hosts.allow and hosts.deny Files • Controls access to UNIX services Summary Deploy user-level and anonymous FTP access in Windows NT and UNIX Install and configure Telnet for Windows 2000 and UNIX Configure finger in UNIX Control access to UNIX services Internet System Management IT Systems and Services Overview Internet System Installation and Configuration Issues Configuring the System User Management Essentials Managing Users in Windows 2000 Internet System Management Managing Users in Linux Name Resolution in LANs with DNS Name Resolution with WINS and Samba Implementing Internet Services