Upload
networksguy
View
325
Download
0
Tags:
Embed Size (px)
Citation preview
1
Guide to Novell NetWare 6.0 Network
Administration
Chapter 14
2
Chapter 14 - Implementing and Securing Network Services
Describe NetWare 6 Internet/intranet services, including Net Services and Web Services components
Install and configure Novell Web Services components
3
Chapter 14 - Implementing and Securing Network Services
Describe public key cryptography and use the Novell Certificate Authority service to export public and private keys
Describe internal and external security policies and strategies, including firewalls, virus protection, and defense against denial-of-service attacks
4
Novell’s Internet/intranet services: Help simplify the implementation of business networks
by providing a common set of services for accessing data and resources with a variety of workstation and server operating systems
The Internet service component can be divided into Web Services, which are TCP/IP-based applications that give users access to network data and services though Web sites and FTP servers, and Net Services, which extend the capabilities of standard Web services
NetWare 6 Internet Service Components
5
6
Net Services requests: A network can be configured so that requests for Net
Services originating at user workstations are sent via the Internet to a firewall running on a server or router; once through the firewall, the request is routed to the appropriate services based on its IP address and port number
Port numbers are used to transfer information in a data packet to the correct application
To gain access to NetWare files and resources, Net Services run as applications on Web Services components, such as Apache Web Server
NetWare 6 Internet Service Components
7
8
Apache Web Server: Is open-source Web server software and a common
platform for implementing Web-based services It is installed by default during the NetWare 6 install It’s primary purpose is to provide support for Novell
Portal Services and Net Services, such as iFolder Requires no special configuration
NetWare 6 ships with the Tomcat Servlet Engine, which is used to run Java-basedWeb applications
NetWare 6 Internet Service Components
9
Novell Portal Services (NPS) is a portal strategy for delivering the right information to the people authorized to use it A portal provides one view into a company’s
information and displays this data as Web pages With NPS, network administrators can protect and
control access to network resources, delivering personalized data to people based on their company roles, locations, and group associations
NPS consists of a number of Java servlets that run on Apache Web Server
NetWare 6 Internet Service Components
10
11
NetWare Web Search Server: Makes network or Internet data searchable in minutes,
and it bridges all types of networks NetWare Enterprise Web Server:
Is an HTTP-based service for sending Web pages to browsers on the Internet, or to an intranet
FTP server: Allows for file transferring between Internet hosts
NetWare Web Manager: The portal service for managing Web Services
NetWare 6 Internet Service Components
12
Working with NetWare Enterprise Web Server NetWare Enterprise Web Server can be installed during
or after NetWare 6 server install, and once installed, NPS displays the NetWare Enterprise Web Server options in the Web Manager window to allow for configuration
There are many configuration options and settings, but the most common tasks are: starting and stopping Web Services, changing the default path to the content directory, creating virtual Web sites, configuring document preferences, and setting up public and restricted access sites
Installing and Configuring Web Services
13
14
15
16
Working with NetWare FTP Server: FTP services require server & client components Most Web browsers have a built-in FTP client for
accessing FTP servers Many dedicated FTP clients enable the operator to enter
commands directly from the FTP command prompt; other clients use a graphical environment
Setting up NetWare FTP Server requires installing the FTP software on the NetWare 6 server and then configuring the software to provide access to the content directories
Installing and Configuring Web Services
17
18
Working with NetWare FTP Server (cont.): After FTP Server is up and running, any FTP client can
be used to log in to the FTP server and transfer files To enable FTP Server logging, enter your server URL
and click your server name under the NetWare Enterprise Web Server heading to log in, click the Log Settings link in the left-hand column
You can configure FTP security by clicking the Security link in the Server Preferences window
Installing and Configuring Web Services
19
20
21
Working with NetWare FTP Server (cont.): Additional features of FTP Server include: multiple
instances of FTP Server software; FTP access restrictions; intruder detection; remote server access; special Quote Site commands; firewall support; active sessions display; Namespace support; Simple Network Management Protocol (SNMP) error-reporting service; welcome banner and message file support; NetWare Web Manager management; Cluster Services support
Installing and Configuring Web Services
22
Public key cryptography: Is a security system that authenticates users and
organizations to ensure that they are who they say they are and encrypts data transmissions to prevent information from being intercepted
Public key cryptography uses mathematically related sets of digital codes called key pairs, which consists of a public and private key that is unique to a person, an application, or an organization
To create a digital signature, cryptography software mathematically links the data being signed with the sender’s private key
Working with Certificate Services
23
24
25
Public key cryptography: The Certificate Authority (CA) service was developed to
mediate the exchange of public keys In this service, the public key cryptography software
running on an entity creates a public and private key pair. To get the public key authorized, an entity must send its public key and other identification data to a CA. The CA validates the owner’s key pair by creating a certificate containing the owner’s public key along with the CA’s digital signature
Working with Certificate Services
26
27
Novell Certificate Server: Integrates public key cryptography services into
eDirectory and enables administrators to create, issue, and manage user and server certificates
It helps meet the challenges of public key cryptography in these ways: creating an organizational CA in the eDirectory tree; storing key pairs in the eDirectory tree to provide security; allowing centralized management of public key certificates through ConsoleOne snap-ins; supporting common e-mail clients and browsers
Working with Certificate Services
28
Making Net Services and information available on the Internet exposes the network to potential electronic attacks Although public key cryptography secures data through
encryption and identifies entities with digital signatures, it does not prevent outside hackers from gaining unauthorized system access
Common hacker attacks categories: intrusion, social engineering, spoofing, virus attacks, denial-of-service attacks, and information theft
Securing Net Services
29
Internal security involves placing NetWare servers in secure locations and making sure you have adequate password policies In addition, consider these network protection
precautions: ensure that server rooms are locked at all times; workstations should not be visible from behind the user; keep wiring closets locked and restrict their access; provide extra security by using the console screen saver and SECURE CONSOLE commands; review file system and eDirectory security to ensure that users have only the rights they need to perform their tasks
Securing Net Services
30
How to avoid common internal security violations: Ensure passwords are safe and secure, especially the
administrator’s - intruder detection helps here Ensure that user accounts are not assigned
unauthorized rights - a tool such as Novell Advanced Audit Service and tools from BindView Solutions help here
Ensure that there are no rogue Admin accounts that have the Supervisor right to the eDirectory tree
Securing Net Services
31
Firewall external security: Computer firewalls control access between the
company’s private network and an untrusted external entity on the internet
Firewalls consist of software that run on a server and can be configured in the following ways: control the type of traffic permitted between the internal private network and the Internet; keep log files of information about external traffic; provide a central point that all network traffic must pass through; and permit only selected services to access the network
Securing Net Services
32
Protection against virus attacks: Viruses are often embedded in other programs or e-mail
attachments, and are activated by running the program or opening the e-mail attachment
Viruses are classified based on how they infect: boot sector viruses attack the boot records or file allocation tables; file viruses attack executable programs; macro viruses attack programs that run macros; stealth viruses disguise themselves to make it difficult for anti-virus software to detect them; worms are independent programs that copy themselves to other computers over a network
Securing Net Services
33
Protection against virus attacks (cont.): Virus protection on a network involves: installing a virus
protection system; making regular backups; and training users on how to reduce the risk of virus attacks
Virus removal planning involves these steps: isolate all infected systems and floppy diskettes; locate the clean floppy disk formatted with a boot system created earlier with the anti-virus software; use the boot disk to start and clean all infected computers; restart the system and create a system backup; scan the network drives for infection
Securing Net Services
34
Defense against denial-of-service attacks Denial-of-service attacks are usually caused by flooding
the server with packets or sending oversized packets to a server, making it crash
A properly configured firewall and software designed for Net Services security are the best defenses against these attacks
Securing Net Services
35
36
Chapter Summary
An essential part of Novell’s strategy for the future is to provide Internet services that enable clients and servers using diverse operating systems to be managed and accessed as one network. To do this, Novell has developed Net Services, which includes iFolder, NetStorage, iManager, iPrint, and iMonitor. Because Net Services is written to run on top of the open-source Apache Web Server, the services can be implemented on other network operating systems, such as Windows 2000/XP, Windows NT and Linux
37
Chapter Summary
NetWare Web Services include Enterprise Web Server and FTP Server, which can be installed and customized to supply information and Web pages to the Internet and local intranet. The NetWare Web Manager portal is used to configure and manage both Enterprise Web Server and FTP Server. Typical Web server management tasks include specifying the primary document directory, creating virtual Web sites, setting document preferences, and specifying public and restricted access to Web content. FTP configuration tasks include setting the default FTP directory, providing anonymous access, and restricting user access to the FTP server
38
Chapter Summary
Using public key cryptography to encrypt data transmission and provide authentication with digital signatures is a vital component of securing information transmission on the Internet . Public key cryptography uses public and private keys to create digital signatures and encrypt and decrypt data transmissions. Clients use the public key to encrypt data, which can be decrypted only by the public key owner’s private key
Certificate Authorities (CAs) issue public key certificates for verifying that the public key belongs to the entity distributing it
39
Chapter Summary
Internet security involves protecting Web and Net Services from threats such as theft, hacking, and computer viruses. An Internet security plan should include a firewall to isolate the internal network from the outside Internet and implement a virus protection and data recovery plan. Firewalls should be configured to detect denial-of-service attacks, such as the ping of death, SYN packet flooding, oversized UDP packets, teardrop attacks, and land attacks