Chapter Two Clients and Servers: Who’s the Boss?
Objectives To determine the differences between a client and a server To examine peer-to-peer networks and client/server networks To receive a basic introduction to network operating systems (NOS) To examine the role of the network client To see the difference between networking models
Peer-to-Peer (P2P) Networks Each device is a client and each device is a server. Network security is an oxymoron.
Client Server Networks A dedicated server maintains a security database. Each user who logs onto the network is assigned permissions and privileges, based on their credentials.
Permissions Determines what access rights a user has to specific network resources –Resources can include files and/or access to devices.
Privileges Determines what actions a user is permitted to perform on a workstation or on the network –Can include issues such as creating user accounts, shutting down the server, and so forth
Administrative Accounts An account that allows full power on the network Name of account varies with NOS –Microsoft = Administrator –Novell = Supervisor –Unix = Super User In a secure environment –These accounts should be disabled and new accounts with full permissions created.
Major Network Operating Systems Linux Microsoft Novell Unix
Linux Open source While companies can charge for distribution packages, the OS must always be available for free Supports everything from desktop systems to multi-processor servers right out of the box
Microsoft NT –Started with 3.51 and ended with 4.0 –Server, Enterprise Edition, and Terminal Server Windows 2000 –Server –Advanced Server –Data Center Windows 2003
Novell Versions prior to 5.0 used IPX/SPX as default protocol Heavily dependent on broadcast messages for advertising services Uses Directory Services to manage network resources
Unix One of the most robust NOS that money can buy Comes in a variety of packages customized by different manufacturers Supports 16 processors out of the box with a custom version that supports up to 64 Provided the base code for Linux
Network Clients Acts as the redirector Provides network access to the applications running on the system Must be specific to both the host OS and the NOS
Network Models Workgroup Domain Directory services
Workgroup The most basic network model A group of networked devices that share common resources and responsibilities Used in peer-to-peer networks Can also be set up within domains
Domain A favorite of Microsoft NOS All devices or resources on a network that fall under a single administrative umbrella Can be geographically scattered, administered from a single location
Domains in NT Two or more domains can be linked by trusts. Trusts are always one-way. –For a two-way trust, you must set up two distinct one- way trusts in each direction. NT trusts are non-transitive. –If you set up a trust between A and B, and another between B and C, A will NOT automatically trust C. Primary domain controllers house the master database and periodically copy it to backup domain controllers.
Trusts in WIN2K and Higher Trusts are still one-way. Now trusts are transitive. –If you set up a trust between A and B, and another between B and C, A WILL automatically trust C. A domain controller is a domain controller is a domain controller.
Understanding Trusts The “trusted” domain holds the security database. The “trusting” domain is requesting access or authentication. A user logs on to the trusting domain, which forwards the authentication request to the trusted domain. Pass-through authentication is the process of sending authentication requests to another domain.
Domain Structures Single domain Single master domain Multiple master domain Complete trust
The Single Domain This is the simplest form. One security database controls all resources, including user authentication and resource access.
Single Master Domain One domain handles user authentication. –May include multiple BDUs in NT One or more resource domains control access to network resources. It allows for tighter security than the single domain.
Multiple Master Two or more domains manage user authentication and allow pass-through authentication with those they trust. Other domains may or may not manage resources. This is excellent for very large or complex networks.
Complete Trust Every domain on the network trusts every other domain on the network. This is generally considered a very bad idea. It usually occurs either through accident or mismanagement.
Directory Services Based on the Lightweight Directory Access Protocol (LDAP) All network resources arranged in a tree structure, similar to the hierarchy used on a hard disk
The Directory Services Structure Starts with the root (country or top-level domain) Organizations beneath the root (Delmar, IBM, Dell, etc.) Organizational units or container objects beneath the organization Leaf objects –Specific entities Distinguished name –The entire path to an object
Microsoft Active Directory Microsoft’s implementation of LDAP Structure very similar to Novell’s directory services Generally accessible through Microsoft Management Consoles –Small applets running on a Microsoft machine