NETWORK SECURITY AND
SECURITY ADMINISTRATION
NETWORKING COMMANDS
1. PING-Measures connectivity and network latency between lacal &
Remote system. It uses ICMP echo packets.
Example:-ping 192.168.0.1
OR ping www.redhat.com
2. TRACEROUTE-Shows network path between lacal and Remote System.
Useful for pinpointing network congestion.
Example:- traceroute www.redhat.com
3. NETSTAT-List network statistics and parameters, including Network
Connection, Routing table, Interface statistics.
Example :- netstat –rn
Or netstat –a
4. IFCONFIG-The ifconfig command is used to configure and display network
devices.
5. NETCONFIG-The netconfig command is used to set the IP address.
APACHE WEB SERVER
Apache is Red Hat’s standard web server.
The term APACHE comes from the word patches that means
the collection of modules and application for different type of
scripts .
APACHE support almost every type of scripts Like Perl,
PHP,JAVA, HTML etc.
According to Netcraft web server survey Apache is the most
widely used web server. More then 50% sites are hosted on
apache web server.
Apache provides very stable and scalable web server platform.
Apache also support virtual hosting.
VIRTUAL HOSTING
Virtual Hosting allows us to host more than one web site on the same
mavhine rather than having a separate machine for each web site.
IP Address based Virtual Hosting:
It is more reliable because it doesn’t require any special feature on the
browser side. It require seprate IP for each Web Site in the single
machine.
This can be done either by installing additional network cards or IP
aliasing.
#Name VirtualHost 192.168.0.1
Listen 80
<VirtualHost 192.168.0.1>
DocumentRoot /home/yahoo/
ServerName yahoo.com
ServerAdmin admin@yahoo.com
</virtualHost>
<VirtualHost 192.168.0.2>
DocumentRoot /home/google/
ServerName google.com
ServerAdmin admin@google.com
</VirtualHost>
In this yahoo.com and google.com both have separate IP address but
both on same machine. If yahoo.com is listened on IP 192.168.0.1 and
google.com is listened on 192.168.0.2.
Service Profile:Apache
Type: System V-launched service
Packages: httpd
Daemons: httpd
Scripts: httpd
Ports: 80/tcp(httpd), 443/tcp (https)
Configuratin: /etc/httpd/* , /var/www/*
It also support for syntax checking of the httpd.conf file
using:
# service httpd configtest
/etc/hhttpd folder is the main configuration directory for APPACHE.in this
directory other sub directory are present some important subdirectories are-
>
Modules -> In this directory all modules files are present.
Logs -> In this directory all log files are present.
Conf.d -> In this directory all supporting configuration files are present.
Conf -> In this directory main configuration files are present.
The main configuration file for APACHE is httpd.conf which is in
/etc/httpd/conf folder.
DOMAIN NAME SERVER
Resolves hostnames into IP address (forward lookup)
Resolves IP address into hostnames (reverse lookup)
Allows machine to be logically grouped by name domains
DNS is the Domain Name System, which maintains a database that
can help your computer translate domain name such as
www.redhat.com to IP address such as 216.148.218.197. As indivisual
DNS server are not large enough to keep a database for the entire
Internet, they can refer requests to other DNS server. This section
address two basic DNS server configuration: a caching-only server,
and a primary DNS server for a domain. The key configuration files to
support such servers include /etc/nsswitch.conf, /etc/resolve.conf,
and /etc/hosts,/etc/named.conf,/var/named/.
Types of DNS Server
1. Master DNS Server – contain the master copy of data for a
zone.
2. Slave DNS Server – provides an automatic backup to the
master name server.
3. Caching-only Server – When a request is make for a Web
page such as www.osborne.com , network asks the
configured DNS server for the associated IP address. This is
usally known as a name query. If the DNS server is outside
your network, this request can take time. If you have a
caching-only name server, these queries are stored
locally,which can save significant time while you or others
on your network are browsing the same sites on the Internet.
DOMAIN NAME SERVER
DNS root
Top-level Domain
Com net us jp
Second-Level Domain
Example.net
Omoini.ny.us
www.example.net www.omoini.ny.us
fox.trot.example.net
The DNS root has a small set of top level domains that
rarely changes. Some of them are as aero, com, net, edu,
gov, info, org, int, and name. In a domain name like
www.example.net is a first-level name within the root,
example is a second level name within net, and www is
third level domain called fox. Trot. The tree can extend to
any number of levels, but in generally it is not more then
four levels deep.
Service Profile : DNS
Type : System V-managed service
Packages : bind, bind-utils, bind-shroot
Daemons : named, rndc
Scripts : named
Ports : 53
Configs : (under /var/named/chroot)
/var/named/*, /etc/rndc.*
Related : caching-nameserver, openssl
ROOT
CACHING MASTER SLAVE DNS
DNS DNS
208.164.186.2
208.164.186. 208.164.18
INTERNAL NETWORK
192.168.1.0/24
DHCP SERVER
DHCP: Dynamic Host Configuration Protocol, implemented via
dhcpd
It assigns IP address for its clients
In a Network , A computer needs information like IP address, dns
server, gate way, subnetmask to communicate to computer. This
can be done via two ways:
Manual assignment
Dynamically
But if hundred of computers are there , manual assignment is not
a feasible approach and here dhcp comes into the picture.
DHCP provides the facility to centrally manage the address and
other n/w information for client coputers on a LAN.DHCP
automatically give all client computer on network the necessary
information to communicate.
DHCP server providers:
I.P.address
Netmask
Dns server I.P.
Router(gateway)
DHCP process:
1. Client broadcasts DISCOVER to the server.
2. Server reply with its IP.
3. Clients sends REQUEST for address on the received IP.
4. Server commits allocation & returns ACK containing IP,
Subnet Mask, DNS , Gateway etc.
Example: DHCP server provides ip address between
192.168.0.1/192.168.0.20
192.168.0.1
DHCP SERVER
SWITCH
PC 1 PC 3
192.168.0.18 PC 2 192.168.0.20
192.168.0.19
DHCP provides methods for hosts on a TCP/IP network to request and
be granted IP addresses , and also to discover information about their
local network. One machine on an Ethernet segment is designed the dhcp
server and configured to answer these requests. IP addresses are either
dyanamically assigned from a range or pool of address, or statiscally
assigned by MAC address.
Services Profile : DHCP
Types : System V-managed service
Packages : dhcp
Deamons : dhcpd
Scripts : dhcpd
Ports : 67(bootps),68(bootcp)
Configuration : /etc/dhcpd.conf, /var/lib/dhcpd.leases
Related : dhclient
NETWORK FILE SERVICE(NFS)
To share files and directories among users from different systems
Shared directories are access through the mount command
NFS server translate nfs request on the local file system
Service Profile : NFS
Type : System V-managed service
Packages : nfs-utils
Deamons : nfsd,lockd,rpciod
Scripts : nfs,nfslock
Ports : assigned by portmap(111)
Configuration : /etc/exports
Related : portmap
NFS Server
Exported directories are defined in /etc/exports
Each entry specifies the host to which the file system is
exported plus
Assoiciated permission and options :-
Options should be specified
Default option : (ro, sync)
File system to be exported via NFS are defined in
/etc/exports . Here is an example :
/var/ftp/pub *.example.com (ro,sync)
Bigserver.redhat.com
/root/presentation server2.example.com (rw,sync)
/data 192.168.10.0/255.255.255.0(sync)
Client-side NFS
Implemented as a kernel module
/etc/fstab can be used to specify network mounts
NFS server shares are mounted at boot time by
/etc/rc.d/init.d/netfs
Autofs mounts NFS shares on demand and unmount them
when idle
To associate a shared directory on the network with the mount
point in your local file system, use mount. When you mount a
exported directory from an NFS server, you can access it as if it
was local to your machine. Shares can be mounted manually by
root, or automatically at root time.
/etc/fstab allow you to specify network directories to be mounted at
boot. Here’s a sample fstab entry that defines a shared
filesystem /var/ftp/pub on server to be mounted locally as
/mnt/pub.
Server1: /var/ftp/pub /mnt/pub nfs defaults 00
NFS Server & Client:
NFS SERVER
(LINUX)
SWITCH
NFS CLIENT 1 NFS CLIENT 2
(LINUX) (UNIX)
BIBLIOGRAPHY
As per the need of my project of networking on
Linux operating system, I required information regarding
various tools used in networking. Therefore I have gone
through several books for above information’s. My project
coordinator has suggested me to go through some books whose
list is as follows:-
1. Red Hat Enterprise Linux Essential RH033.
2. Red Hat Enterprise Linux System Administartion
RH133.
3. Red Hat Network Services and Security Administation
RH253.
REFERENCES
Websites:-
1. www.redhat.com
2. www.linux.org
3. www.rpmfind.net
4. www.freshmeat.org