Internet System Management
Download
Report
Transcript Internet System Management
Advanced Internet
System Management
Lesson 1:
Mission-Critical Services
Objectives
Identify foundational services, including
DNS, WINS and Samba
List mission-critical services
Discuss system maintenance and logging
Describe performance monitoring and
server optimization issues
Identify the importance of implementing
security features for your servers
Foundational
Services
Domain Name System
Windows Internet Naming Service
Samba
Server Message Blocks
NetBIOS over TCP/IP
Network File System
Types of
Mission-Critical Services
HTTP servers
Streaming media servers
Database servers
E-commerce servers
News servers
E-mail servers
Security services
Performance Monitoring
and Server Optimization
Logging
services
Auditing
services
Performance
Monitor
Fault
Tolerance
The ability for a
host or network
to recover from
an error or
system failure
High
Availability Clustering
Reading available resources
Reduced network latency
Centralized administration
Scalability
Backup
Backup considerations
-
Backup of critical host operating
systems and files
-
Off-site file storage
UNIX and NT backup programs
Backup devices
Backup tapes
Summary
Identify foundational services, including
DNS, WINS and Samba
List mission-critical services
Discuss system maintenance and logging
Describe performance monitoring and
server optimization issues
Identify the importance of implementing
security features for your servers
Lesson 2:
Installing and
Configuring a Web Server
Objectives
Identify the basic functions of a Web
server
Explain how a Web server identifies file
types
Customize the server root directories
Redirect URLs and add default
document types
Objectives
(cont’d)
Enable user-based authentication for the
Web server
Control access to a Web server based on
IP address
Enable HTML administration for IIS 5.0
Create virtual servers and directories in
IIS and Apache Server
Web Server
Root Directory
W e b s e rv e r
W e b s e rv e r ro o t:
C :\in e tp u b \w w w ro o t
N o rm a lly , a ll d o c u m e n ts
is s u e d b y th e s e rv e r
m u s t re s id e b e n e a th th e
ro o t d ire c to ry
Common
Web Servers
Apache Server
Microsoft IIS
Netscape Enterprise Server
Zeus Web server
Configuring IIS
Using the IIS snap-in
Connecting to the Web server
- The Home Directory tab
- The Documents tab
- The Directory Security tab
Controlling access by computer account
Controlling access by IP address
The Performance and Custom Errors tabs
Virtual
Servers
Dedicated virtual servers
Simple virtual servers
Shared virtual servers
Apache
Server
Location of Apache Server files
File placement
Apache Server RPM files
Administering
Apache Server
Apache Server processes
Stopping and starting httpd
Configuring Apache Server
Virtual Servers
and Apache
The NameVirtualHost directive
Order of entries
Summary
Identify the basic functions of a Web
server
Explain how a Web server identifies file
types
Customize the server root directories
Redirect URLs and add default document
types
Summary
(cont’d)
Enable user-based authentication for the
Web server
Control access to a Web server based on
IP address
Enable HTML administration for IIS 5.0
Create virtual servers and directories in IIS
and Apache Server
Lesson 3:
Advanced Web
Server Configuration
Objectives
Implement common e-commerce elements
Identify key HTTP error messages
Create a custom HTTP error message in IIS
Explain how Web servers and clients use
MIME
Objectives
(cont’d)
Describe how Web applications work with
IIS
Execute ASP and CGI scripts in an
e-commerce setting
Connect a Web site to a database using a
Web application
Install, configure and test a streaming
media server
Hypertext
Transfer Protocol
Application-layer protocol
HTTP requests and replies
- Command/Status
- Headers
- Body
HTTP Version 1.1
Request Commands
Options
Get
Head
Post
Put
Delete
Trace
Web Applications
and E-Commerce
Web application types
- Client-side applications
- Server-side applications
Server-Side Applications
and E-Commerce
Internet Database Connector (IDC)
Internet Server Application Programming
Interface (ISAPI)
Application servers
- Allaire ColdFusion
- IBM WebSphere Application Server
- Microsoft Transaction Server
- Microsoft IIS 5.0 ASP engine
- PHP
Web Applications
and MIME
MIME identifies the different types of
documents and applications that Internet
services manage
MIME and labeling
MIME and file extensions
- Hard-wired
- Configurable
E-Commerce Web
Servers and Perl
Perl for CGI is an almost-universal way to
attach Web servers to databases
Script
Execution in IIS 5.0
Scripts Only
- Allows execution of ASP applications
Scripts and Executables
- Allows execution of CGI scripts
Apache Server
and Perl
Placing a CGI script
in Apache Server
Troubleshooting a
Perl installation in
Linux
E-Commerce Web
Servers and Gateways
Gateways
Performance
Databases
Active
Server Pages
Microsoft
technology that
implements Web
applications
ODBC, Web Gateways
and E-Commerce
Adding a system DSN
Registering a database with Windows 2000
Implementing a gateway in IIS using ASP
Streaming
Media Servers
Streaming media server standard
Streaming server hardware and software
requirements
On-demand versus live streaming
URLs and port numbers
RealServer mount points
Summary
Implement common e-commerce
elements
Identify key HTTP error messages
Create a custom HTTP error message in
IIS
Explain how Web servers and clients
use MIME
Summary
(cont’d)
Describe how Web applications work
with IIS
Execute ASP and CGI scripts in an
e-commerce setting
Connect a Web site to a database using
a Web application
Install, configure and test a streaming
media server
Lesson 4:
Enabling Secure
Sockets Layer
Objectives
Describe the functions of SSL
Identify the SSL handshake process
Use the IIS 5.0 snap-in to generate an SSL
certificate request
Deploy the Certificate Authority snap-in to
sign certificate requests
Configure IIS 5.0 to use SSL
Secure
Sockets Layer (SSL)
The Web server and the client browser
exchange and negotiate a secure
communications link
SSL
Architecture
C lient M achine
Server M achine
A pplication L ayer
(T elnet,FT P,H T T P,N FS,N IS)
SSL
UDP
A pplication L ayer
T raffic
Secure
E ncrypted
A pplication L ayer
(T elnet,FT P,H T T P,N FS,N IS)
SSL
UDP
T ransport L ayer (T C P)
T ransport L ayer (T C P)
N etw ork L ayer
N etw ork L ayer
SSL and
Channel Security
The channel is
private
The channel is
authenticated
The channel is
reliable
SSL
Handshake
Hello phase
Key Exchange
phase
Session Key
Production phase
Server Verify
phase
Client
Authentication
phase
Finished phase
Applying
SSL Encryption
40-bit key
128-bit key
Requesting and
Installing a Certificate
Certificate types
The X.509v3 standard
Revocation lists
Certificate benefits
Certificate shortcomings
Certificate
Concerns
Password-protected text file
Binding
CA security
Data sniffing and tampering
Summary
Describe the functions of SSL
Identify the SSL handshake process
Use the IIS 5.0 snap-in to generate an SSL
certificate request
Deploy the Certificate Authority snap-in to
sign certificate requests
Configure IIS 5.0 to use SSL
Lesson 5:
Configuring and
Managing a News Server
Objectives
Create a newsgroup in both Windows
2000 and Linux
Configure newsgroup expiration
policies
Control access to a news server
through IP address filtering and userbased authentication
NNTP
Service
Usenet newsgroups
Private and Usenet
NNTP servers
The Expires header
Summary
Create a newsgroup in both Windows 2000
and Linux
Configure newsgroup expiration policies
Control access to a news server through IP
address filtering and user-based
authentication
Lesson 6:
E-Mail
Server Essentials
Objectives
Describe the process of sending an
e-mail message
Explain key e-mail server concepts
Describe the functions of e-mail
protocols
Sending and
Delivering E-Mail
SMTP Server
End User
The Internet
E-mail
account
End User
E-Mail
Agents
Mail transfer agent
Mail delivery agent
Mail user agent
E-Mail Server
Terminology
Masquerading
Aliasing
Relaying
Simple Mail
Transfer Protocol
SMTP commands
- helo
- ehlo
- mail from
- rcpt to
- data
- quit
Post Office
Protocol 3 (POP3)
POP3 commands
- user
- pass
- list
- retr
- dele
- quit
IMAP
and LDAP
IMAP and e-mail clients
Lightweight Directory Access Protocol
Web
Mail
E-mail servers:
- Create a Web interface
- Provide Web-based access
Summary
Describe the process of sending an
e-mail message
Explain key e-mail server concepts
Describe the functions of e-mail
protocols
Lesson 7:
Configuring an
E-Mail Server
Objectives
Identify the purpose and usefulness of
MX records
Discuss DNS as it applies to e-mail
servers
Configure an e-mail server in
Windows 2000
Manage a Web-based e-mail service
Deploy a list server
MX Records
and E-Mail Servers
MX records inform the DNS server
where to direct e-mail messages
- Intradomain e-mail
- Interdomain e-mail
Intradomain
E-Mail
DNS Server
james.ciwcertifed.com
E-Mail Server
Patrick.ciwcertifed.com
Interdomain
E-Mail
DNS Server
stanger.com
E-Mail Server
james.stanger.com
mail.stanger.com
lane.com
E-Mail Server
mail.lane.com
patrick.lane.com
Mail Exchange
Record Fields
Domain name
IN
MX
Numerical value
Server name
Summary
Identify the purpose and usefulness of
MX records
Discuss DNS as it applies to e-mail
servers
Configure an e-mail server in
Windows 2000
Manage a Web-based e-mail service
Deploy a list server
Lesson 8:
Proxy
Servers
Objectives
Explain the benefits of a proxy server
Define network address translation
Differentiate between public and private
IP addresses
Install and configure Web-based and
SMTP-based proxy servers
Proxy
Servers
Network address translation
Connecting to a proxy server
Modifying clients
Connecting to a
Proxy Server
E thernet
Internet
C lient
P rox y
W eb S erv er
Proxy Server
Considerations
Advanced users may try to bypass the
proxy server
You need a license that allows enough
connections for all employees
Summary
Explain the benefits of a proxy server
Define network address translation
Differentiate between public and private
IP addresses
Install and configure Web-based and
SMTP-based proxy servers
Lesson 9:
Logging
Activity
Objectives
Explain the need for logging activity
generated by servers and services
Configure Web server logs in IIS,
Apache Server and ftpd
View information from a Web server log
file using commercial log analysis
software
Logging
Information
Server efficiency
Usage rate
Revenue generation
Security
Setting
Priorities
Mission criticality
Service type
Server location
Recent
installations
Evaluating Logs
Peak usage rates
Error messages
Failed logon attempts
HTTP
Server Log Files
Server log
Access log
Error log
Referrer log
Agent log
FTP
Log Files
FTP log files contain the following
information
- IP address of the client connecting to
your server
- Client’s user name
- Date and time the connection was made
- IP address of the server
- Commands issued
File
Analysis Software
WebTrends
Webalizer
Summary
Explain the need for logging activity
generated by servers and services
Configure Web server logs in IIS,
Apache Server and ftpd
View information from a Web server
log file using commercial log analysis
software
Lesson 10:
Monitoring and
Optimizing Internet Servers
Objectives
Explain the need for server monitoring
and optimization
Use tools when monitoring and
optimizing servers
Identify key Internet server elements to
monitor
Adjust Internet server settings to meet
expected workload
Analyzing
Server Performance
Server and service log files
Protocol analyzers (packet sniffers)
System performance tools
Queues and
Bottlenecks
Queue
- Sequence of
requests for
services
Bottleneck
- Number of
incoming
requests
exceeds that rate
at which the
system can
service them
Correcting
Bottlenecks
Speed up the component causing the
bottleneck by upgrading or replacing it
Replicate the component causing the
bottleneck by distributing the demand
for a service across multiple servers
Increase the capacity of the queues in
the system to tolerate more requests
Hardware
Concerns
Web servers
Web applications and session state
Summary
Explain the need for server monitoring and
optimization
Use tools when monitoring and optimizing
servers
Identify key Internet server elements to
monitor
Adjust Internet server settings to meet
expected workload
Lesson 11:
Fault Tolerance
and System Backup
Objectives
Identify ways to create fault tolerance in a
network host
Explain the concept of offsite storage
Implement procedures for disaster
assessment
Follow a data recovery strategy
Implement recovery procedures to repair
corrupted data
Fault
Tolerance
The ability of a
system or
application to
recover lost
information due
to a hardware or
software failure
RAID
RAID 0: disk striping
RAID 1: disk mirroring
RAID 4: disk striping with large blocks
RAID 5: disk striping with parity
Additional Fault
Tolerance Options
Hot swapping
Uninterruptible power supply
Folder replication
Offsite storage and site mirroring
Removable media
Site
Redirection
Helps recover
from system
outages and
denial-of-service
attacks by
redirecting
Internet services
and sites
Tape Backup
and Removable Media
Floppy disks
Zip disks
CD-ROMs
Tapes
Planning a
Backup Strategy
Determining which files to back up
Choosing local or network backup types
Selecting a backup method
Planning and practicing restoration
procedures
Ensuring that you have verified all backup
files
Disaster Assessment
and Recovery
Windows 2000 and Linux boot disks
Windows 2000 system state data
Windows Emergency Repair Disk
Windows 2000 Safe Mode
Troubleshooting Linux
Summary
Identify ways to create fault tolerance in a
network host
Explain the concept of offsite storage
Implement procedures for disaster
assessment
Follow a data recovery strategy
Implement recovery procedures to repair
corrupted data
Lesson 12:
Security
Overview
Overview
Identify vulnerabilities commonly found in
various operating systems
List the steps to counteract operating
system weaknesses
Define firewall and intrusion detection
concepts
Discuss the effect of security measures on
employees and system hosts
Recognize security breaches
Server
Vulnerabilities
Users and group permissions
Multiple partitions
Policies
System defaults
System bugs
This
System is
Secure!
Enhancing
Server Security
Enabling shadow passwords
Removing unnecessary system services
Firewalls
Create a perimeter that protects your
private network from other public
networks
Firewall
Functions
Enhance logging and authentication
Encrypt transmissions between hosts
and/or networks
Provide enhanced security
Default to one of two types of behavior
- Reject all traffic unless explicitly
permitted
- Allow all traffic unless explicitly denied
Firewall Types
Packet filter
Application-level gateway proxy
Circuit-level gateway proxy
Firewall
Terminology
Internal interfaces
External interfaces
Demilitarized zone
Rule
Bastion host
Intrusion
Detection Systems
Network-based IDS
Host-based IDS
Hybrid IDS
Security
Tradeoffs
Complexity
Host performance
degradation
Unintended denial
of service
Recognizing
Security Breaches
Failed logons
Unexplained or common system
shutdowns and restarts
Changes in user privileges
Added or removed accounts
System processes that have been shut
down, activated or restarted
Changes in file permissions
Summary
Identify vulnerabilities commonly found
in various operating systems
List the steps to counteract operating
system weaknesses
Define firewall and intrusion detection
concepts
Discuss the effect of security measures
on employees and system hosts
Recognize security breaches
Advanced Internet
System Management
Mission-Critical Services
Installing and Configuring a Web Server
Advanced Web Server Configuration
Enabling Secure Sockets Layer
Configuring and Managing a News Server
E-Mail Server Essentials
Advanced Internet
System Management
Configuring an E-Mail Server
Proxy Servers
Logging Activity
Monitoring and Optimizing Internet
Servers
Fault Tolerance and System Backup
Security Overview