Internet system management
Sponsored Links
This presentation is the property of its rightful owner.
1 / 118

Internet System Management PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on
  • Presentation posted in: General

Internet System Management. Lesson 1: IT Systems and Services Overview. Objectives. List the services offered by IT departments Identify backbone and mission-critical services offered by IT departments Discuss the concepts of system maintenance. Common IT Tasks and Services.

Download Presentation

Internet System Management

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Internet System Management


Lesson 1:IT Systems and Services Overview


Objectives

  • List the services offered by IT departments

  • Identify backbone and mission-critical services offered by IT departments

  • Discuss the concepts of system maintenance


Common IT Tasks and Services

  • System and service installation

  • Web server configuration

  • FTP server configuration and management

  • Name resolution configuration

  • E-mail server installation and support

  • E-commerce server installation and support


Common IT Tasksand Services (cont’d)

  • Database server installation and support

  • User management

  • Server monitoring and optimization

  • File backup

  • Routing

  • Establishing and managing shares


Backbone Services

  • Naming services

  • Address management

  • Directory services

  • Central logon

  • Routing


Mission-Critical Services

  • Mission-critical services are highly visible

  • Users rely on mission-critical services

  • Examples

    • Mail servers

    • Web servers

    • FTP servers

    • Middleware


Binding protocols to the network interface card

Protocol management

Addressing

Gateways

Name resolution configuration

Service and application installation and management

IP addressing

System Configuration


User Management

  • Adding and removing users

  • Using applications

  • Managing permissions

  • Group membership

  • Password aging

  • Account lockout

  • Password history

  • Controlled access


System Performance

  • Bandwidth and access rate issues

  • System I/O performance

  • Hard drive access statistics

  • CPU usage

  • RAM usage


Backup

  • Archiving user-created files

  • Keeping copies of entire operating systems

  • Storing changes to databases and other data stores

  • Off-site storage


Maintenance

  • Upgrading operating systems

  • Installing service packs and hot fixes

  • Upgrading services, including Web ande-mail servers

  • Scanning hard drives for errors

  • Upgrading hard drives to provide more storage capacity


Summary

  • List the services offered by IT departments

  • Identify backbone and mission-critical services offered by IT departments

  • Discuss the concepts of system maintenance


Lesson 2:Internet System Installation and Configuration Issues


Objectives

  • Identify common hardware platforms

  • Describe capabilities of various platform components

  • Define bandwidth and throughput

  • Identify common network operating systems

  • Determine the ideal operating system for a given environment

  • Discuss system installation issues


System Elements

  • Bus speed

  • System I/O

  • NIC

  • Hard drive

  • RAM


Bandwidth

  • The total amount of information a network connection can carry

  • Network connections

    • T1

    • Fractional T1

    • T2

    • T3

    • ISDN

    • DSL


CalculatingThroughput

  • A percentage of bandwidth; the amount a network connection is being used

  • Throughput elements

    • Connection speed

    • Amount of information

    • Time available for transfer


Internetworking Operating Systems

  • Microsoft Windows

  • UNIX

  • Linux

  • System V

  • Novell

  • X-Window


Ease of use

Platform stability

Available talent pool

Available technical support

Operating System Issues


Operating System Issues (cont’d)

  • Cost

  • Hardware costs

  • Availability of services and applications

  • Purpose for the server


Installing NetworkOperating Systems

  • Single-boot and dual-boot machines

  • Local and network installation

  • Hardware considerations

  • Listing system components


Summary

  • Identify common hardware platforms

  • Describe capabilities of various platform components

  • Define bandwidth and throughput

  • Identify common network operating systems

  • Determine the ideal operating system for a given environment

  • Discuss system installation issues


Lesson 3:Configuring the System


Objectives

  • List key TCP/IP configuration parameters

  • Add NICs in Windows 2000 and Linux

  • Configure Windows 2000 with static IP addresses

  • Configure Linux with static IP addresses

  • Describe how DHCP works


TCP/IP Configuration Parameters

  • Computer name

  • IP address

  • Subnet mask

  • Default gateway

  • DNS information

  • DHCP client information

  • WINS


Adapters

  • Adding network adapter device drivers in UNIX/Linux

  • Adding network adapter device drivers in Windows 2000

  • Binding device drivers to protocols in Windows 2000

Device Drivers (NIC)


Windows 2000

ipconfig

Linux

ifconfig

ifup

ifdown

linuxconf

netcfg

dmesg

grep

Static Addressing


Additional TCP/IP Issues and Commands

  • netstat

  • traceroute

  • router

  • arp


Dynamic Addressing

DHCP lease process


Summary

  • List key TCP/IP configuration parameters

  • Add NICs in Windows 2000 and Linux

  • Configure Windows 2000 with static IP addresses

  • Configure Linux with static IP addresses

  • Describe how DHCP works


Lesson 4:User Management Essentials


Objectives

  • Define authentication

  • Explain the share-level and user-level access security models

  • Identify the purposes and functions of logon accounts, groups and passwords

  • Create a network password policy using standard practices and procedures


Objectives (cont’d)

  • Discuss permissions issues

  • Describe the relationship between permissions and user profiles

  • Use administrative utilities for specific networks and operating systems

  • Identify the permissions needed to add, delete or modify user accounts


Authentication

  • What you know

  • What you have

  • Who you are


Security Models and Authentication


Peer-Level Access


User-Level Access


Peer-level

Less expensive

Easier to implement

Less secure

Less control over file and resource management

Not scalable

User-level

Increased security

Supports larger number of users

Increased control

Offers system logs

Grows with organizational needs

Peer-Level vs. User-Level


Creating User Accounts

  • User name

  • Password

  • Group associations

  • Permissions

  • Additional options


Permissions

  • Read

  • Write

  • Execute

  • Print


Windows 2000Permissions

  • Full control

  • Change

  • Read

  • No access


Access Value Bit

7

6

5

4

3

2

1

0

Access Value Bit Meaning

Read, write and execute

Read and write

Read and execute

Read only

Write and execute

Write

Execute

No mode bits (access absent)

UNIX Permissions


Supervisor

Read

Write

Erase

Modify

Create

File scan

Access control

No access

Novell Rights


Additional LogonAccount Terms

  • Logon scripts

  • Home directories

  • Local profiles

  • Roaming profiles


UNIX =(including System V, Solaris, Free BSD and all Linux variants)

Windows =

Novell =

Root (full privilege)

Administrator (full privilege)

Supervisor (full privilege)

Administrative Privileges


Standard Password Practices

  • Create strong password

    • At least six characters

    • Both uppercase and lowercase letters

    • At least one Arabic numeral

    • At least one symbol

  • Implement password policy

    • Plan and create a balanced policy

    • Write and publish policy

    • Train users


Network Security Policies

  • Password aging

  • Password length

  • Password history

  • Account lockout

  • Share creation

  • User creation

  • Local logon


Standard Operating Procedures

  • Vendors for operating systems and software

  • Upgrading, replacing and maintaining hardware

  • Upgrading software (including operating systems and applications)

  • Responding to power outages, building evacuation and hacker intrusion

  • Acceptable use policy


Summary

  • Define authentication

  • Explain the share-level and user-level access security models

  • Identify the purposes and functions of logon accounts, groups and passwords

  • Create a network password policy using standard practices and procedures


Summary(cont’d)

  • Discuss permissions issues

  • Describe the relationship between permissions and user profiles

  • Use administrative utilities for specific networks and operating systems

  • Identify the permissions needed to add, delete or modify user accounts


Lesson 5:Managing Users in Windows 2000


Objectives

  • Identify the purpose of the Windows 2000 Security Accounts Manager

  • Administer remote Windows 2000 systems and users

  • Enforce systemwide policies

  • Convert a FAT drive to NTFS

  • Enable auditing in Windows 2000 Server

  • View local and remote events in Event Viewer


Objectives(cont’d)

  • Manage file and directory ownership

  • Manage user rights

  • Enable custom user settings

  • Identify accounts used by Windows 2000 services


The Security Accounts Manager

  • Sam

    • A collection of processes and files used by Windows 2000 to authenticate users

    • Located at C:\winnt\system32\config


The ComputerManagement Snap-in

  • Managing users on a remote system


LocalSecurity Settings

  • Start | Programs | Administrative Tools | Local Security Policy

    • Configure account policies

    • Establish auditing

    • Change default user-rights settings

    • Alter default settings for system peripherals and auditing options

    • Determine public-key encryption and IP security policies


Auditing,Ownership and Rights

  • Audit policy

  • User rights

  • Security options


Editing and Customizing User Accounts

  • Groups

  • User environment (home directory, logon scripts, user profiles)

  • Dial-in options


Windows 2000Services and User Accounts

  • IIS

  • Remote Management

  • Terminal Services

  • NetShow Video Server


Summary

  • Identify the purpose of the Windows 2000 Security Accounts Manager

  • Administer remote Windows 2000 systems and users

  • Enforce systemwide policies

  • Convert a FAT drive to NTFS

  • Enable auditing in Windows 2000 Server

  • View local and remote events in Event Viewer


Summary (cont’d)

  • Manage file and directory ownership

  • Manage user rights

  • Enable custom user settings

  • Identify accounts used by Windows 2000 services


Lesson 6:Managing Users in Linux


Objectives

  • Create new accounts on Linux systems

  • Set password aging policies on Linux systems

  • Set account policies in Linux

  • View user accounts used by system daemons

  • Explain run levels

  • Use ntsysv and chkconfig


File

/etc/passwd

/etc/shadow

/etc/logon.defs

Purpose

Public user database

Shadow password file

Contains default values

Manually Adding Users


File

/etc/default/useradd

/etc/skel

/etc/group

Purpose

Contains default values

Contains default values

Group file

Manually Adding Users (cont’d)


Entry of the new account into a database

Creation of the resources the new account will need

Linux User Accounts


Linux User Account Properties

  • User name

  • User ID number

  • Primary group ID number

  • Home directory

  • Shell program

  • Password


PluggableAuthentication Modules

  • The password file

  • The shadow password file

  • Creating and preparing home directories

  • Account creation utility

  • linuxconf


Password Management and Account Policies

  • Passwordaging

  • Password checking


Groups

Mechanisms for managing access tofiles and processes


Linux System Accounts

  • Different subsystems should run under different accounts

  • File protections should be used to prevent one subsystem from interfering with resources belonging to another


Run Levels,ntsysv and chkconfig

  • The /etc/inittab file

  • The /etc/rc.d/ directory

  • The ntsysv command

  • The chkconfig command


Summary

  • Create new accounts on Linux systems

  • Set password aging policies on Linux systems

  • Set account policies in Linux

  • View user accounts used by system daemons

  • Explain run levels

  • Use ntsysv and chkconfig


Lesson 7:Name Resolutionin LANs with DNS


Objectives

  • Explain the DNS

  • Identify DNS components

  • List the common DNS record types

  • Define reverse DNS lookup

  • Implement DNS in Windows 2000 and Linux

  • Deploy DDNS

  • Use nslookup


The Domain Name System

Internet service thatconverts common host namesinto their correspondingIP addresses


The Domain Name Space

  • DNS consists of three levels

    • Root

    • Top

    • Second

Root

TOP

Second

Second


dns2

Accessing Hosts by DNS Name

Possible resolution to a top-level domain, such as .com

The .ciwcertified domain

www

host1

www.ciwcertified.com

host1.ciwcertified.com

.research

.sales

.research

research1

sales1

.dnsresearch

dns1

research2

sales2

research2

research.ciwcertified.com

sales.ciwcertified.com

dnsresearch.research.ciwcertified.com


Root server

Master (or primary) server

Slave (or secondary) server

Caching-only server

Forwarding server

DNS Server Types


Common DNS Records

  • Internet (IN)

  • Name Server (NS)

  • Start of Authority (SOA)

  • Address (A)

  • Canonical Name (CNAME)

  • Mail Exchanger (MX)

  • Pointer (PTR)


Setting Up DNS

  • Server

  • Zone file

  • DNS record


Probing DNS with Nslookup

  • Locate name servers

  • Locate IP addresses

  • Locate host names

  • Review various record types

  • Change servers

  • List domains


Configuring DNS in Windows 2000

  • Dynamic DNS

    • DNS record aging and scavenging

  • SOA field

  • WINS

  • Zone transfers


Understanding BIND

  • BIND 4

  • BIND 8.x

  • BIND 9.x


Setting Up DNS in Linux

  • The named.conf file (BIND versions 8 and 9)

  • The named.ca file

  • The named.local file

  • The forward zone file

  • The reverse zone file


Troubleshooting DNS

  • DNS Professional

  • CyberKit Professional

  • Ping Plotter

  • WS_FTP Ping ProPack


Summary

  • Explain the DNS

  • Identify DNS components

  • List the common DNS record types

  • Define reverse DNS lookup

  • Implement DNS in Windows 2000 and Linux

  • Deploy DDNS

  • Use nslookup


Lesson 8:Name Resolution with WINS and Samba


Objectives

  • Explain the basics of NetBIOS

  • Identify additional name resolution options for LANs and WANs

  • Implement and manage WINS

  • Use Samba to create a WINS server in UNIX

  • Configure Samba systems to use Windows 2000 authentication

  • Create and manage shares using Samba


NetBIOS over TCP/IP

NetBIOS runs over TCP/IP much thesame way that SMB runs over TCP/IP


The NetBIOS Naming Convention

  • NetBIOS services use UDP ports 137 and 138 and TCP port 139

    • 137 supports the NetBIOS name service

    • 138 carries the NetBIOS datagram service

    • 139 carries the NetBIOS session layer


NetBIOS computer name (Instructor1)

IP address for (Instructor1)

Windows Internet Naming Service

  • Handles queries regarding NetBIOS names and corresponding IP addresses

  • Uses UDP ports 137 and 138


Managing WINS

  • Scavenging and backup

    • Scheduling queue


Static Mapping

Static mapping creates entries in the WINS database that allow non-WINS clients

  • Entries include

    • Unique

    • Group

    • Domain name

    • Internet group

    • Multihomed


Replication

  • Pushpartner

  • Pullpartner


Configuring DNS and WINS

  • DNS and WINS can work together to allow DNS to retrieve the dynamically assigned IP address associated with a particular name


Samba

  • Samba allows UNIX systems to participate in Windows networks

    • Establishes shares on UNIX hosts that are accessible to Windows systems

    • Shares printers

    • Makes a UNIX system a WINS server

    • Makes a UNIX system a WINS client


SWAT

  • Samba configuration tool

    • Home

    • Globals

    • Shares

    • Printers

    • Status

    • View

    • Password


Sambaand WINS

  • Creating a WINS client

  • Troubleshooting WINS in UNIX systems


Samba Share Clients

  • Windows

    • Network Neighborhood applet

    • Windows Explorer Map Network Drive utility

  • Linux

    • The smbclient program

    • The smbmount program


Interoperability Issues

  • Encrypting Samba passwords

    • The smb.conf file

    • The smbadduser command

    • The smbpasswd command

    • Registry changes


Summary

  • Explain the basics of NetBIOS

  • Identify additional name resolution options for LANs and WANs

  • Implement and manage WINS

  • Use Samba to create a WINS server in UNIX

  • Configure Samba systems to use Windows 2000 authentication

  • Create and manage shares using Samba


Lesson 9:Implementing Internet Services


Objectives

  • Deploy user-level and anonymous FTP access in Windows 2000 and Linux

  • Describe standard and passive FTP

  • Configure Telnet for Windows 2000 and Linux

  • Configure finger in Linux

  • Control access to Linux services


File TransferProtocol Servers

  • Application-layer protocol

  • Uses two ports

    • TCP/20

    • TCP/21

  • Passive mode

  • Normal mode


Anonymous Accounts

  • Anonymous accounts in Windows NT

  • Anonymous accounts in UNIX

  • Account considerations


ImplementingMicrosoft FTP

  • Microsoft Internet Information Server (IIS) is the primary way to implement FTP in Windows FTP


Managing FTP in IIS

  • Security Accounts tab

  • Messages tab

  • Home Directory tab

  • Directory Security tab


Creating Virtual FTP Servers

  • Dedicated virtual FTP servers

  • Simple virtual FTP servers

  • Shared virtual FTP servers


Anonymous Access in IIS

  • Analyzing and configuring anonymous FTP

  • Controlling access to your FTP site

  • Customizing your IIS FTP server

  • Configuring anonymous FTP on UNIX


Telnet

  • Controls a system from a remote location

  • Operates on port 23


FTP

Telnet

Finger

SWAT

TFTP

Chargen

Daytime

POP3

BOOTP

Echo

Xinetd


Finger

  • Accesses information about local and remote users

    • Daytime

    • Echo

    • Chargen


The hosts.allow andhosts.deny Files

  • Controls access to UNIX services


Summary

  • Deploy user-level and anonymous FTP access in Windows NT and UNIX

  • Install and configure Telnet for Windows 2000 and UNIX

  • Configure finger in UNIX

  • Control access to UNIX services


Internet System Management

  • IT Systems and Services Overview

  • Internet System Installation and Configuration Issues

  • Configuring the System

  • User Management Essentials

  • Managing Users in Windows 2000


InternetSystem Management

  • Managing Users in Linux

  • Name Resolution in LANs with DNS

  • Name Resolution with WINS and Samba

  • Implementing Internet Services


  • Login