Embed Size (px)
Citation preview
Internet System Management
Lesson 1:IT Systems and
Services Overview
Objectives
List the services offered by IT departments
Identify backbone and mission-critical services offered by IT departments
Discuss the concepts of system maintenance
Common IT Tasks and Services
System and service installation
Web server configuration
FTP server configuration and management
Name resolution configuration
E-mail server installation and support
E-commerce server installation and support
Common IT Tasksand Services (cont’d)
Database server installation and support
User management
Server monitoring and optimization
File backup
Routing
Establishing and managing shares
Backbone Services
Naming services
Address management
Directory services
Central logon
Routing
Mission-Critical Services
Mission-critical services are highly visible
Users rely on mission-critical services
Examples
- Mail servers
- Web servers
- FTP servers
- Middleware
System Configuration
Binding protocols to the network interface card
Protocol management
Addressing
Gateways
Name resolution configuration
Service and application installation and management
IP addressing
User Management
Adding and removing users
Using applications
Managing permissions
Group membership
Password aging
Account lockout
Password history
Controlled access
System Performance
Bandwidth and access rate issues
System I/O performance
Hard drive access statistics
CPU usage
RAM usage
Backup
Archiving user-created files
Keeping copies of entire operating systems
Storing changes to databases and other data stores
Off-site storage
Maintenance
Upgrading operating systems
Installing service packs and hot fixes
Upgrading services, including Web ande-mail servers
Scanning hard drives for errors
Upgrading hard drives to provide more storage capacity
Summary
List the services offered by IT departments
Identify backbone and mission-critical services offered by IT departments
Discuss the concepts of system maintenance
Lesson 2:Internet System Installation
and Configuration Issues
Objectives
Identify common hardware platforms
Describe capabilities of various platform components
Define bandwidth and throughput
Identify common network operating systems
Determine the ideal operating system for a given environment
Discuss system installation issues
System Elements
Bus speed
System I/O
NIC
Hard drive
RAM
Bandwidth
The total amount of information a network connection can carry
Network connections
- T1
- Fractional T1
- T2
- T3
- ISDN
- DSL
CalculatingThroughput
A percentage of bandwidth; the amount a network connection is being used
Throughput elements
- Connection speed
- Amount of information
- Time available for transfer
Internetworking Operating Systems
Microsoft Windows
UNIX
Linux
System V
Novell
X Windows
Operating System Issues
Ease of use
Platform stability
Available talent pool
Available technical support
Operating SystemIssues (cont’d)
Cost
Hardware costs
Availability of services and applications
Purpose for the server
Installing NetworkOperating Systems
Single-boot and dual-boot machines
Local and network installation
Hardware considerations
Listing system components
Summary
Identify common hardware platforms
Describe capabilities of various platform components
Define bandwidth and throughput
Identify common network operating systems
Determine the ideal operating system for a given environment
Discuss system installation issues
Lesson 3:Configuring the System
Objectives
List key TCP/IP configuration parameters
Add NICs in Windows 2000 and Linux
Configure Windows 2000 with static IP addresses
Configure Linux with static IP addresses
Describe how DHCP works
TCP/IP Configuration Parameters
Computer name
IP address
Subnet mask
Default gateway
DNS information
DHCP client information
WINS
Adapters
Adding network adapter device drivers in UNIX/Linux
Adding network adapter device drivers in Windows 2000
Binding device drivers to protocols in Windows 2000
Device Drivers (NIC)
Static Addressing
Windows 2000
ipconfig
Linux
ifconfig
ifup
ifdown
linuxconf
netcfg
dmesg
grep
Additional TCP/IP Issues and Commands
netstat
traceroute
router
arp
Dynamic Addressing
DHCP lease process
D i s c o v e r
O f f e r
R e q u e s t
A c k n o w l e d g m e n t
Summary
List key TCP/IP configuration parameters
Add NICs in Windows 2000 and Linux
Configure Windows 2000 with static IP addresses
Configure Linux with static IP addresses
Describe how DHCP works
Lesson 4:User Management
Essentials
Objectives
Define authentication
Explain the share-level and user-level access security models
Identify the purposes and functions of logon accounts, groups and passwords
Create a network password policy using standard practices and procedures
Objectives (cont’d)
Discuss permissions issues
Describe the relationship between permissions and user profiles
Use administrative utilities for specific networks and operating systems
Identify the permissions needed to add, delete or modify user accounts
Authentication
What you know
What you have
Who you are
Security Models and Authentication
text
Peer-levelAccess
User-levelAccess
Peer-Level Access
Athena Aphrodite Hermes
Apollo Ares
Printer
User-Level Access
Athena Aphrodite Hermes
AresApollo
User AccountsDatabase
Printer A
Printer B
Peer-Level vs. User-Level
Peer-level
Less expensive
Easier to implement
Less secure
Less control over file and resource management
Not scalable
User-level
Increased security
Supports larger number of users
Increased control
Offers system logs
Grows with organizational needs
Creating User Accounts
User name
Password
Group associations
Permissions
Additional options
Permissions
Read
Write
Execute
User AccountsDatabase
Write
Exec.
Write
Read
Printer
PrintServer
Server
Windows 2000Permissions
Full control
Change
Read
No access
UNIX Permissions
Access Value Bit
7
6
5
4
3
2
1
0
Access Value Bit Meaning
Read, write and execute
Read and write
Read and execute
Read only
Write and execute
Write
Execute
No mode bits (access absent)
Novell Rights
Supervisor
Read
Write
Erase
Modify
Create
File scan
Access control
No access
Additional LogonAccount Terms
Logon scripts
Home directories
Local profiles
Roaming profiles
Administrative Privileges
UNIX =(including System V, Solaris, Free BSD and all Linux variants)
Windows =
Novell =
Root (full privilege)
Administrator (full privilege)
Supervisor (full privilege)
Standard Password Practices
Create strong password
- At least six characters
- Both uppercase and lowercase letters
- At least one Arabic numeral
- At least one symbol
Implement password policy
- Plan and create a balanced policy
- Write and publish policy
- Train users
Network Security Policies
Password aging
Password length
Password history
Account lockout
Share creation
User creation
Local logon
Standard Operating Procedures
Vendors for operating systems and software
Upgrading, replacing and maintaining hardware
Upgrading software (including operating systems and applications)
Responding to power outages, building evacuation and hacker intrusion
Acceptable use policy
Summary
Define authentication
Explain the share-level and user-level access security models
Identify the purposes and functions of logon accounts, groups and passwords
Create a network password policy using standard practices and procedures
Summary (cont’d)
Discuss permissions issues
Describe the relationship between permissions and user profiles
Use administrative utilities for specific networks and operating systems
Identify the permissions needed to add, delete or modify user accounts
Lesson 5:Managing Users in Windows 2000
Objectives
Identify the purpose of the Windows 2000 Security Accounts Manager
Administer remote Windows 2000 systems and users
Enforce systemwide policies
Convert a FAT drive to NTFS
Enable auditing in Windows 2000 Server
View local and remote events in Event Viewer
Objectives (cont’d)
Manage file and directory ownership
Manage user rights
Enable custom user settings
Identify accounts used by Windows 2000 services
The Security Accounts Manager
Sam
- A collection of processes and files used by Windows 2000 to authenticate users
- Located at C:\winnt\system32\config
The ComputerManagement Snap-in
Managing users on a remote system
LocalSecurity Settings
Start | Programs | Administrative Tools | Local Security Policy
- Configure account policies
- Establish auditing
- Change default user-rights settings
- Alter default settings for system peripherals and auditing options
- Determine public-key encryption and IP security policies
Auditing,Ownership and Rights
Audit policy
User rights
Security options
Editing and Customizing User Accounts
Groups
User environment
(home directory,
logon scripts, user
profiles)
Dial-in options
Windows 2000Services and User Accounts
IIS
Remote Management
Terminal Services
NetShow Video Server
Summary
Identify the purpose of the Windows 2000 Security Accounts Manager
Administer remote Windows 2000 systems and users
Enforce systemwide policies
Convert a FAT drive to NTFS
Enable auditing in Windows 2000 Server
View local and remote events in Event Viewer
Summary (cont’d)
Manage file and directory ownership
Manage user rights
Enable custom user settings
Identify accounts used by Windows 2000 services
Lesson 6:Managing
Users in Linux
Objectives
Create new accounts on Linux systems
Set password aging policies on Linux systems
Set account policies in Linux
View user accounts used by system daemons
Explain run levels
Use ntsysv and chkconfig
Manually Adding Users
File
/etc/passwd
/etc/shadow
/etc/logon.defs
Purpose
Public user database
Shadow password file
Contains default values
Manually Adding Users (cont’d)
File
/etc/default/useradd
/etc/skel
/etc/group
Purpose
Contains default values
Contains default values
Group file
Linux User Accounts
Entry of the new account into a database
Creation of the resources the new account will need
Linux User Account Properties
User name
User ID number
Primary group ID number
Home directory
Shell program
Password
PluggableAuthentication Modules
The password file
The shadow password file
Creating and preparing home directories
Account creation utility
linuxconf
Password Management and Account Policies
Passwordaging
Password checking
Groups
Mechanisms for managing access tofiles and processes
Linux System Accounts
Different subsystems should run under different accounts
File protections should be used to prevent one subsystem from interfering with resources belonging to another
Run Levels,ntsysv and chkconfig
The /etc/inittab file
The /etc/rc.d/ directory
The ntsysv command
The chkconfig command
Summary
Create new accounts on Linux systems
Set password aging policies on Linux systems
Set account policies in Linux
View user accounts used by system daemons
Explain run levels
Use ntsysv and chkconfig
Lesson 7:Name Resolutionin LANs with DNS
Objectives
Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Implement DNS in Windows 2000 and Linux
Deploy DDNS
Use nslookup
The Domain Name System
Internet service thatconverts common host names
into their correspondingIP addresses
The Domain Name Space
Root
Second
TOP
Second
DNS consists of three levels
- Root
- Top
- Second
Accessing Hosts by DNS Name
wwwwww
www.ciwcertified.com
host1host1
host1.ciwcertified.com
The .ciwcertified domainThe .ciwcertified domain
sales1sales1
sales2sales2
.sales
sales.ciwcertified.com
.dnsresearch
dns1dns1
dns2dns2
dnsresearch.research.ciwcertified.com
.research
research2research2
research1research1
research.ciwcertified.com
.research
research2research2
Possible Possible resolution to a resolution to a
top-level top-level domain, such domain, such
as .comas .com
DNS Server Types
Root server
Master (or primary) server
Slave (or secondary) server
Caching-only server
Forwarding server
Common DNS Records
Internet (IN)
Name Server (NS)
Start of Authority (SOA)
Address (A)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Setting Up DNS
Server
Zone file
DNS record
Probing DNS with Nslookup
Locate name servers
Locate IP addresses
Locate host names
Review various record types
Change servers
List domains
Configuring DNS in Windows 2000
Dynamic DNS
- DNS record aging and scavenging
SOA field
WINS
Zone transfers
Understanding BIND
BIND 4
BIND 8.x
BIND 9.x
Setting Up DNS in Linux
The named.conf file (BIND versions 8 and 9)
The named.ca file
The named.local file
The forward zone file
The reverse zone file
Troubleshooting DNS
DNS Professional
CyberKit Professional
Ping Plotter
WS_FTP Ping ProPack
Summary
Explain the DNS
Identify DNS components
List the common DNS record types
Define reverse DNS lookup
Implement DNS in Windows 2000 and Linux
Deploy DDNS
Use nslookup
Lesson 8:Name Resolution
with WINS and Samba
Objectives
Explain the basics of NetBIOS
Identify additional name resolution options for LANs and WANs
Implement and manage WINS
Use Samba to create a WINS server in UNIX
Configure Samba systems to use Windows 2000 authentication
Create and manage shares using Samba
NetBIOS over TCP/IP
NetBIOS runs over TCP/IP much thesame way that SMB runs over TCP/IP
The NetBIOS Naming Convention
NetBIOS services use UDP ports 137 and 138 and TCP port 139
- 137 supports the NetBIOS name service
- 138 carries the NetBIOS datagram service
- 139 carries the NetBIOS session layer
Windows Internet Naming Service
Handles queries regarding NetBIOS names and corresponding IP addresses
Uses UDP ports 137 and 138
NetBIOS computer name (Instructor1) IP address for
(Instructor1)
Managing WINS
Scavenging and backup
- Scheduling queue
Static Mapping
Static mapping creates entries in the WINS database that allow non-WINS clients
Entries include Unique Group Domain name Internet group Multihomed
Replication
- Pushpartner
- Pullpartner
Configuring DNS and WINS
DNS and WINS can work together to allow DNS to retrieve the dynamically assigned IP address associated with a particular name
Samba
Samba allows UNIX systems to participate in Windows networks
- Establishes shares on UNIX hosts that are accessible to Windows systems
- Shares printers
- Makes a UNIX system a WINS server
- Makes a UNIX system a WINS client
SWAT
Samba configuration tool
- Home
- Globals
- Shares
- Printers
- Status
- View
- Password
Sambaand WINS
Creating a WINS client
Troubleshooting WINS in UNIX systems
Samba Share Clients
Windows
- Network Neighborhood applet
- Windows Explorer Map Network Drive utility
Linux
- The smbclient program
- The smbmount program
Interoperability Issues
Encrypting Samba passwords
- The smb.conf file
- The smbadduser command
- The smbpasswd command
- Registry changes
Summary
Explain the basics of NetBIOS
Identify additional name resolution options for LANs and WANs
Implement and manage WINS
Use Samba to create a WINS server in UNIX
Configure Samba systems to use Windows 2000 authentication
Create and manage shares using Samba
Lesson 9:Implementing
Internet Services
Objectives
Deploy user-level and anonymous FTP access in Windows 2000 and Linux
Describe standard and passive FTP
Configure Telnet for Windows 2000 and Linux
Configure finger in Linux
Control access to Linux services
File TransferProtocol Servers
Application-layer protocol
Uses two ports
- TCP/20
- TCP/21
Passive mode
Normal mode
Anonymous Accounts
Anonymous accounts in Windows NT
Anonymous accounts in UNIX
Account considerations
ImplementingMicrosoft FTP
Microsoft Internet Information Server (IIS) is the primary way to implement FTP in Windows FTP
Managing FTP in IIS
Security Accounts tab
Messages tab
Home Directory tab
Directory Security tab
Creating Virtual FTP Servers
Dedicated virtual FTP servers
Simple virtual FTP servers
Shared virtual FTP servers
Anonymous Access in IIS
Analyzing and configuring anonymous FTP
Controlling access to your FTP site
Customizing your IIS FTP server
Configuring anonymous FTP on UNIX
Telnet
Controls a system from a remote location
Operates on port 23
Xinetd
FTP
Telnet
Finger
SWAT
TFTP
Chargen
Daytime
POP3
BOOTP
Echo
Finger
Accesses information about local and remote users
- Daytime
- Echo
- Chargen
The hosts.allow andhosts.deny Files
Controls access to UNIX services
Summary
Deploy user-level and anonymous FTP access in Windows NT and UNIX
Install and configure Telnet for Windows 2000 and UNIX
Configure finger in UNIX
Control access to UNIX services
Internet System Management
IT Systems and Services Overview
Internet System Installation and Configuration Issues
Configuring the System
User Management Essentials
Managing Users in Windows 2000
InternetSystem Management
Managing Users in Linux
Name Resolution in LANs with DNS
Name Resolution with WINS and Samba
Implementing Internet Services
