Internet System Management
Lesson 1: IT Systems and Services Overview
Objectives List the services offered by IT departments Identify backbone and mission-critical services offered by IT departments Discuss the concepts of system maintenance
Common IT Tasks and Services System and service installation Web server configuration FTP server configuration and management Name resolution configuration server installation and support E-commerce server installation and support
Common IT Tasks and Services (cont’d) Database server installation and support User management Server monitoring and optimization File backup Routing Establishing and managing shares
Backbone Services Naming services Address management Directory services Central logon Routing
Mission-Critical Services Mission-critical services are highly visible Users rely on mission-critical services Examples - Mail servers - Web servers - FTP servers - Middleware
System Configuration Binding protocols to the network interface card Protocol management Addressing Gateways Name resolution configuration Service and application installation and management IP addressing
User Management Adding and removing users Using applications Managing permissions Group membership Password aging Account lockout Password history Controlled access
System Performance Bandwidth and access rate issues System I/O performance Hard drive access statistics CPU usage RAM usage
Backup Archiving user-created files Keeping copies of entire operating systems Storing changes to databases and other data stores Off-site storage
Maintenance Upgrading operating systems Installing service packs and hot fixes Upgrading services, including Web and servers Scanning hard drives for errors Upgrading hard drives to provide more storage capacity
Summary List the services offered by IT departments Identify backbone and mission-critical services offered by IT departments Discuss the concepts of system maintenance
Lesson 2: Internet System Installation and Configuration Issues
Objectives Identify common hardware platforms Describe capabilities of various platform components Define bandwidth and throughput Identify common network operating systems Determine the ideal operating system for a given environment Discuss system installation issues
System Elements Bus speed System I/O NIC Hard drive RAM
Bandwidth The total amount of information a network connection can carry Network connections - T1 - Fractional T1 - T2 - T3 - ISDN - DSL
Calculating Throughput A percentage of bandwidth; the amount a network connection is being used Throughput elements - Connection speed - Amount of information - Time available for transfer
Internetworking Operating Systems Microsoft Windows UNIX Linux System V Novell X Windows
Operating System Issues Ease of use Platform stability Available talent pool Available technical support
Operating System Issues (cont’d) Cost Hardware costs Availability of services and applications Purpose for the server
Installing Network Operating Systems Single-boot and dual-boot machines Local and network installation Hardware considerations Listing system components
Summary Identify common hardware platforms Describe capabilities of various platform components Define bandwidth and throughput Identify common network operating systems Determine the ideal operating system for a given environment Discuss system installation issues
Lesson 3: Configuring the System
Objectives List key TCP/IP configuration parameters Add NICs in Windows 2000 and Linux Configure Windows 2000 with static IP addresses Configure Linux with static IP addresses Describe how DHCP works
TCP/IP Configuration Parameters Computer name IP address Subnet mask Default gateway DNS information DHCP client information WINS
Adapters Adding network adapter device drivers in UNIX/Linux Adding network adapter device drivers in Windows 2000 Binding device drivers to protocols in Windows 2000 Device Drivers (NIC)
Static Addressing Windows 2000 ipconfig Linux ifconfig ifup ifdown linuxconf netcfg dmesg grep
Additional TCP/IP Issues and Commands netstat traceroute router arp
Dynamic Addressing DHCP lease process
Summary List key TCP/IP configuration parameters Add NICs in Windows 2000 and Linux Configure Windows 2000 with static IP addresses Configure Linux with static IP addresses Describe how DHCP works
Lesson 4: User Management Essentials
Objectives Define authentication Explain the share-level and user-level access security models Identify the purposes and functions of logon accounts, groups and passwords Create a network password policy using standard practices and procedures
Objectives (cont’d) Discuss permissions issues Describe the relationship between permissions and user profiles Use administrative utilities for specific networks and operating systems Identify the permissions needed to add, delete or modify user accounts
Authentication What you know What you have Who you are
Security Models and Authentication
Peer-Level Access
User-Level Access
Peer-Level vs. User-Level Peer-level Less expensive Easier to implement Less secure Less control over file and resource management Not scalable User-level Increased security Supports larger number of users Increased control Offers system logs Grows with organizational needs
Creating User Accounts User name Password Group associations Permissions Additional options
Permissions Read Write Execute Print
Windows 2000 Permissions Full control Change Read No access
UNIX Permissions Access Value Bit 7 6 5 4 3 2 1 0 Access Value Bit Meaning Read, write and execute Read and write Read and execute Read only Write and execute Write Execute No mode bits (access absent)
Novell Rights Supervisor Read Write Erase Modify Create File scan Access control No access
Additional Logon Account Terms Logon scripts Home directories Local profiles Roaming profiles
Administrative Privileges UNIX = (including System V, Solaris, Free BSD and all Linux variants) Windows = Novell = Root (full privilege) Administrator (full privilege) Supervisor (full privilege)
Standard Password Practices Create strong password - At least six characters - Both uppercase and lowercase letters - At least one Arabic numeral - At least one symbol Implement password policy - Plan and create a balanced policy - Write and publish policy - Train users
Network Security Policies Password aging Password length Password history Account lockout Share creation User creation Local logon
Standard Operating Procedures Vendors for operating systems and software Upgrading, replacing and maintaining hardware Upgrading software (including operating systems and applications) Responding to power outages, building evacuation and hacker intrusion Acceptable use policy
Summary Define authentication Explain the share-level and user-level access security models Identify the purposes and functions of logon accounts, groups and passwords Create a network password policy using standard practices and procedures
Summary (cont’d) Discuss permissions issues Describe the relationship between permissions and user profiles Use administrative utilities for specific networks and operating systems Identify the permissions needed to add, delete or modify user accounts
Lesson 5: Managing Users in Windows 2000
Objectives Identify the purpose of the Windows 2000 Security Accounts Manager Administer remote Windows 2000 systems and users Enforce systemwide policies Convert a FAT drive to NTFS Enable auditing in Windows 2000 Server View local and remote events in Event Viewer
Objectives (cont’d) Manage file and directory ownership Manage user rights Enable custom user settings Identify accounts used by Windows 2000 services
The Security Accounts Manager Sam - A collection of processes and files used by Windows 2000 to authenticate users - Located at C:\winnt\system32\config
The Computer Management Snap-in Managing users on a remote system
Local Security Settings Start | Programs | Administrative Tools | Local Security Policy - Configure account policies - Establish auditing - Change default user-rights settings - Alter default settings for system peripherals and auditing options - Determine public-key encryption and IP security policies
Auditing, Ownership and Rights Audit policy User rights Security options
Editing and Customizing User Accounts Groups User environment (home directory, logon scripts, user profiles) Dial-in options
Windows 2000 Services and User Accounts IIS Remote Management Terminal Services NetShow Video Server
Summary Identify the purpose of the Windows 2000 Security Accounts Manager Administer remote Windows 2000 systems and users Enforce systemwide policies Convert a FAT drive to NTFS Enable auditing in Windows 2000 Server View local and remote events in Event Viewer
Summary (cont’d) Manage file and directory ownership Manage user rights Enable custom user settings Identify accounts used by Windows 2000 services
Lesson 6: Managing Users in Linux
Objectives Create new accounts on Linux systems Set password aging policies on Linux systems Set account policies in Linux View user accounts used by system daemons Explain run levels Use ntsysv and chkconfig
Manually Adding Users File /etc/passwd /etc/shadow /etc/logon.defs Purpose Public user database Shadow password file Contains default values
Manually Adding Users (cont’d) File /etc/default/useradd /etc/skel /etc/group Purpose Contains default values Group file
Linux User Accounts Entry of the new account into a database Creation of the resources the new account will need
Linux User Account Properties User name User ID number Primary group ID number Home directory Shell program Password
Pluggable Authentication Modules The password file The shadow password file Creating and preparing home directories Account creation utility linuxconf
Password Management and Account Policies Password aging Password checking
Groups Mechanisms for managing access to files and processes
Linux System Accounts Different subsystems should run under different accounts File protections should be used to prevent one subsystem from interfering with resources belonging to another
Run Levels, ntsysv and chkconfig The /etc/inittab file The /etc/rc.d/ directory The ntsysv command The chkconfig command
Summary Create new accounts on Linux systems Set password aging policies on Linux systems Set account policies in Linux View user accounts used by system daemons Explain run levels Use ntsysv and chkconfig
Lesson 7: Name Resolution in LANs with DNS
Objectives Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Implement DNS in Windows 2000 and Linux Deploy DDNS Use nslookup
The Domain Name System Internet service that converts common host names into their corresponding IP addresses
The Domain Name Space Root Second TOP Second DNS consists of three levels - Root - Top - Second
Accessing Hosts by DNS Name www host1 host1.ciwcertified.com The.ciwcertified domain sales1 sales2.sales sales.ciwcertified.com.dnsresearch dns1 dns2 dnsresearch.research.ciwcertified.com.research research2 research1 research.ciwcertified.com.research research2 Possible resolution to a top-level domain, such as.com
DNS Server Types Root server Master (or primary) server Slave (or secondary) server Caching-only server Forwarding server
Common DNS Records Internet (IN) Name Server (NS) Start of Authority (SOA) Address (A) Canonical Name (CNAME) Mail Exchanger (MX) Pointer (PTR)
Setting Up DNS Server Zone file DNS record
Probing DNS with Nslookup Locate name servers Locate IP addresses Locate host names Review various record types Change servers List domains
Configuring DNS in Windows 2000 Dynamic DNS - DNS record aging and scavenging SOA field WINS Zone transfers
Understanding BIND BIND 4 BIND 8.x BIND 9.x
Setting Up DNS in Linux The named.conf file (BIND versions 8 and 9) The named.ca file The named.local file The forward zone file The reverse zone file
Troubleshooting DNS DNS Professional CyberKit Professional Ping Plotter WS_FTP Ping ProPack
Summary Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Implement DNS in Windows 2000 and Linux Deploy DDNS Use nslookup
Lesson 8: Name Resolution with WINS and Samba
Objectives Explain the basics of NetBIOS Identify additional name resolution options for LANs and WANs Implement and manage WINS Use Samba to create a WINS server in UNIX Configure Samba systems to use Windows 2000 authentication Create and manage shares using Samba
NetBIOS over TCP/IP NetBIOS runs over TCP/IP much the same way that SMB runs over TCP/IP
The NetBIOS Naming Convention NetBIOS services use UDP ports 137 and 138 and TCP port supports the NetBIOS name service carries the NetBIOS datagram service carries the NetBIOS session layer
Windows Internet Naming Service Handles queries regarding NetBIOS names and corresponding IP addresses Uses UDP ports 137 and 138 NetBIOS computer name (Instructor1) IP address for (Instructor1)
Managing WINS Scavenging and backup - Scheduling queue
Static Mapping Static mapping creates entries in the WINS database that allow non-WINS clients Entries include Unique Group Domain name Internet group Multihomed
Replication - Push partner - Pull partner
Configuring DNS and WINS DNS and WINS can work together to allow DNS to retrieve the dynamically assigned IP address associated with a particular name
Samba Samba allows UNIX systems to participate in Windows networks - Establishes shares on UNIX hosts that are accessible to Windows systems - Shares printers - Makes a UNIX system a WINS server - Makes a UNIX system a WINS client
SWAT Samba configuration tool - Home - Globals - Shares - Printers - Status - View - Password
Samba and WINS Creating a WINS client Troubleshooting WINS in UNIX systems
Samba Share Clients Windows - Network Neighborhood applet - Windows Explorer Map Network Drive utility Linux - The smbclient program - The smbmount program
Interoperability Issues Encrypting Samba passwords - The smb.conf file - The smbadduser command - The smbpasswd command - Registry changes
Summary Explain the basics of NetBIOS Identify additional name resolution options for LANs and WANs Implement and manage WINS Use Samba to create a WINS server in UNIX Configure Samba systems to use Windows 2000 authentication Create and manage shares using Samba
Lesson 9: Implementing Internet Services
Objectives Deploy user-level and anonymous FTP access in Windows 2000 and Linux Describe standard and passive FTP Configure Telnet for Windows 2000 and Linux Configure finger in Linux Control access to Linux services
File Transfer Protocol Servers Application-layer protocol Uses two ports - TCP/20 - TCP/21 Passive mode Normal mode
Anonymous Accounts Anonymous accounts in Windows NT Anonymous accounts in UNIX Account considerations
Implementing Microsoft FTP Microsoft Internet Information Server (IIS) is the primary way to implement FTP in Windows FTP
Managing FTP in IIS Security Accounts tab Messages tab Home Directory tab Directory Security tab
Creating Virtual FTP Servers Dedicated virtual FTP servers Simple virtual FTP servers Shared virtual FTP servers
Anonymous Access in IIS Analyzing and configuring anonymous FTP Controlling access to your FTP site Customizing your IIS FTP server Configuring anonymous FTP on UNIX
Telnet Controls a system from a remote location Operates on port 23
Xinetd FTP Telnet Finger SWAT TFTP Chargen Daytime POP3 BOOTP Echo
Finger Accesses information about local and remote users - Daytime - Echo - Chargen
The hosts.allow and hosts.deny Files Controls access to UNIX services
Summary Deploy user-level and anonymous FTP access in Windows NT and UNIX Install and configure Telnet for Windows 2000 and UNIX Configure finger in UNIX Control access to UNIX services
Internet System Management IT Systems and Services Overview Internet System Installation and Configuration Issues Configuring the System User Management Essentials Managing Users in Windows 2000
Internet System Management Managing Users in Linux Name Resolution in LANs with DNS Name Resolution with WINS and Samba Implementing Internet Services