Upload
rose-watts
View
223
Download
6
Tags:
Embed Size (px)
Citation preview
Copyright © 2002 ProsoftTraining. All rights reserved.
Advanced Internet System Management
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:Mission-Critical Services
Objectives
• Identify foundational services, including DNS, WINS and Samba
• List mission-critical services• Discuss system maintenance and logging• Describe performance monitoring and server
optimization issues• Identify the importance of implementing
security features for your servers
Foundational Services
• Domain Name System• Windows Internet Naming Service• Samba• Server Message Blocks• NetBIOS over TCP/IP• Network File System
Types ofMission-Critical Services
• HTTP servers• Streaming media servers• Database servers• E-commerce servers• News servers• E-mail servers• Security services
Performance Monitoringand Server Optimization
• Logging services
• Auditing services
• Performance Monitor
Fault Tolerance
The ability for a host or network to recover from an error or system failure
HighAvailability Clustering
• Reading available resources• Reduced network latency• Centralized administration• Scalability
Backup
• Backup considerations
– Backup of critical host operating systems
and files
– Off-site file storage
– UNIX and NT backup programs
– Backup devices
– Backup tapes
Summary
Identify foundational services, including DNS, WINS and Samba
List mission-critical services Discuss system maintenance and logging Describe performance monitoring and server
optimization issues Identify the importance of implementing
security features for your servers
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 2:Installing and
Configuring a Web Server
Objectives
• Identify the basic functions of a Web server• Explain how a Web server identifies file types• Customize the server root directories• Redirect URLs and add default document
types
Objectives (cont’d)
• Enable user-based authentication for the Web server
• Control access to a Web server based on IP address
• Enable HTML administration for IIS 5.0• Create virtual servers and directories in IIS
and Apache Server
Web ServerRoot Directory
Web server
Web server root: C:\inetpub\wwwroot
Normally, all documents issued by the server
must reside beneath the root directory
Common Web Servers
• Apache Server• Microsoft IIS• Netscape Enterprise Server• Zeus Web server
Configuring IIS
• Using the IIS snap-in• Connecting to the Web server
– The Home Directory tab– The Documents tab– The Directory Security tab
• Controlling access by computer account• Controlling access by IP address• The Performance and Custom Errors tabs
Virtual Servers
• Dedicated virtual servers• Simple virtual servers• Shared virtual servers
Apache Server
• Location of Apache Server files• File placement• Apache Server RPM files
AdministeringApache Server
• Apache Server processes• Stopping and starting httpd• Configuring Apache Server
Virtual Serversand Apache
• The NameVirtualHost directive• Order of entries
Summary
Identify the basic functions of a Web server Explain how a Web server identifies file types Customize the server root directories Redirect URLs and add default document
types
Summary (cont’d)
Enable user-based authentication for the Web server
Control access to a Web server based on IP address
Enable HTML administration for IIS 5.0 Create virtual servers and directories in IIS
and Apache Server
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 3:Advanced Web
Server Configuration
Objectives
• Implement common e-commerce elements• Identify key HTTP error messages• Create a custom HTTP error message in IIS 5.0• Explain how Web servers and clients use
MIME
Objectives (cont’d)
• Describe how Web applications work with IIS 5.0
• Execute ASP and CGI scripts in ane-commerce setting
• Connect a Web site to a database using a Web application
• Install, configure and test a streaming media server
HypertextTransfer Protocol
• Application-layer protocol• HTTP requests and replies
– Command/Status– Headers– Body
HTTP Version 1.1Request Commands
• Options• Get• Head• Post• Put• Delete• Trace
Web Applications and E-Commerce
• Web application types– Client-side applications– Server-side applications
Server-Side Applications and E-Commerce
• Internet Database Connector (IDC)• Internet Server Application Programming
Interface (ISAPI)• Application servers
– Allaire ColdFusion– IBM WebSphere Application Server– Microsoft Transaction Server– Microsoft IIS 5.0 ASP engine– PHP
Web Applications and MIME
• MIME identifies the different types of documents and applications that Internet services manage
• MIME and labeling• MIME and file extensions
– Hard-wired– Configurable
E-Commerce WebServers and Perl
• Perl for CGI is an almost-universal way to attach Web servers to databases
Script Execution in IIS 5.0
• Scripts Only– Allows execution of ASP applications
• Scripts and Executables– Allows execution of CGI scripts
Apache Server and Perl
• Placing a CGI script in Apache Server
• Troubleshooting a Perl installation inLinux
E-Commerce Web Servers and Gateways
• Gateways• Performance• Databases
Active Server Pages
Microsoft technology that implements Web applications
ODBC, Web Gatewaysand E-Commerce
• Adding a system DSN• Registering a database with Windows 2000• Implementing a gateway in IIS using ASP
Streaming Media Servers
• Streaming media server standard• Streaming server hardware and software
requirements• On-demand versus live streaming• URLs and port numbers• RealServer mount points
Summary
Implement common e-commerce elements Identify key HTTP error messages Create a custom HTTP error message in IIS 5.0 Explain how Web servers and clients use
MIME
Summary (cont’d)
Describe how Web applications work with IIS 5.0
Execute ASP and CGI scripts in ane-commerce setting
Connect a Web site to a database using a Web application
Install, configure and test a streaming media server
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 4:Enabling SecureSockets Layer
Objectives
• Describe the functions of SSL• Identify the SSL handshake process• Use the IIS 5.0 snap-in to generate an SSL
certificate request• Deploy the Certificate Authority snap-in to
sign certificate requests• Configure IIS 5.0 to use SSL
Secure Sockets Layer (SSL)
• The Web server and the client browser exchange and negotiate a secure communications link
SSL Architecture
Server Machine
Application Layer (Telnet,FTP,HTTP,NFS,NIS)
SSL
UDP Transport Layer (TCP)
Network Layer
Client Machine
Application Layer (Telnet,FTP,HTTP,NFS,NIS)
SSL
UDP Transport Layer (TCP)
Network Layer
Secure Encrypted
Application Layer Traffic
SSL and Channel Security
• The channel is private
• The channel is authenticated
• The channel is reliable
SSL Handshake
• Hello phase• Key Exchange phase• Session Key
Production phase
• Server Verify phase• Client
Authentication phase
• Finished phase
Applying SSL Encryption
• 40-bit key• 128-bit key
Requesting andInstalling a Certificate
• Certificate types• The X.509v3 standard• Revocation lists• Certificate benefits• Certificate shortcomings
Certificate Concerns
• Password-protected text file• Binding• CA security• Data sniffing and tampering
Summary
Describe the functions of SSL Identify the SSL handshake process Use the IIS 5.0 snap-in to generate an SSL
certificate request Deploy the Certificate Authority snap-in to
sign certificate requests Configure IIS 5.0 to use SSL
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 5:Configuring and
Managing a News Server
Objectives
• Create a newsgroup in both Windows 2000 and Linux
• Configure newsgroup expiration policies• Control access to a news server through IP
address filtering and user-based authentication
NNTP Service
• Usenet newsgroups• Private and Usenet
NNTP servers• The Expires header
Summary
Create a newsgroup in both Windows 2000 and Linux
Configure newsgroup expiration policies Control access to a news server through IP
address filtering and user-based authentication
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 6:E-Mail
Server Essentials
Objectives
• Describe the process of sending an e-mail message
• Explain key e-mail server concepts• Describe the functions of e-mail protocols
Sending andDelivering E-Mail
End User
SMTP Server
End User
E-Mail Agents
• Mail transfer agent• Mail delivery agent• Mail user agent
E-Mail ServerTerminology
• Masquerading• Aliasing• Relaying
Simple Mail Transfer Protocol
• SMTP commands– helo– ehlo– mail from– rcpt to– data– quit
Post Office Protocol 3 (POP3)
• POP3 commands– user– pass– list– retr– dele– quit
IMAP and LDAP
• IMAP and e-mail clients• Lightweight Directory Access Protocol
Web Mail
• E-mail servers:– Create a Web interface– Provide Web-based access
Summary
Describe the process of sending an e-mail message
Explain key e-mail server concepts Describe the functions of e-mail protocols
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 7:Configuring
E-Mail Servers
Objectives
• Identify the purpose and usefulness of MX records
• Discuss DNS as it applies to e-mail servers• Configure an e-mail server in
Windows 2000• Manage a Web-based e-mail service• Deploy a list server
MX Recordsand E-Mail Servers
• MX records inform the DNS server where to direct e-mail messages– Intradomain e-mail– Interdomain e-mail
Intradomain E-Mail
DNS Server
E-Mail Server Patrick.ciwcertifed.com
james.ciwcertifed.com
Interdomain E-Mail
DNS Server
E-Mail Servermail.stanger.com
E-Mail Servermail.lane.com
james.stanger.com
patrick.lane.com
lane.com
stanger.com
Mail Exchange Record Fields
• Domain name• IN• MX• Numerical value• Server name
Summary
Identify the purpose and usefulness of MX records
Discuss DNS as it applies to e-mail servers Configure an e-mail server in
Windows 2000 Manage a Web-based e-mail service Deploy a list server
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 8:Proxy Servers
Objectives
• Explain the benefits of a proxy server• Differentiate between public and private
IP addresses• Install and configure Web-based and SMTP-
based proxy servers
Proxy Servers
• Connecting to a proxy server• Modifying clients
Connecting to aProxy Server
Ethernet
Client
Internet
Web ServerProxy
Proxy Server Considerations
• Advanced users may try to bypass the proxy server
• You need a license that allows enough connections for all employees
Summary
Explain the benefits of a proxy server Differentiate between public and private IP
addresses Install and configure Web-based and SMTP-
based proxy servers
Summary
Explain the benefits of a proxy server Differentiate between public and private IP
addresses Install and configure Web-based and SMTP-
based proxy servers
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 9:Logging Activity
Objectives
• Explain the need for logging activity generated by servers and services
• Configure Web server logs in IIS, Apache Server and ftpd
• Identify the need to check DNS and e-mail logs
• View information from a Web server log file using commercial log analysis software
Logging Information
• Server efficiency• Usage rate• Revenue generation• Security
Setting Priorities
• Mission criticality• Service type• Server location• Recent
installations
Evaluating Logs
• Peak usage rates• Error messages• Failed logon attempts
HTTP Server Log Files
• Server log• Access log• Error log• Referrer log• Agent log
FTP Log Files
• FTP log files contain the following information– IP address of the client connecting to your
server– Client’s user name– Date and time the connection was made– IP address of the server– Commands issued
FileAnalysis Software
• WebTrends• Webalizer
Summary
Explain the need for logging activity generated by servers and services
Configure Web server logs in IIS, Apache Server and ftpd
Identify the need to check DNS and e-mail logs
View information from a Web server log file using commercial log analysis software
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 10:Monitoring and
Optimizing Internet Servers
Objectives
• Explain the need for server monitoring and optimization
• Use tools when monitoring and optimizing servers
• Identify key Internet server elements to monitor
• Adjust Internet server settings to meet expected workload
Analyzing Server Performance
• Server and service log files• Protocol analyzers (packet sniffers)• System performance tools
Queues and Bottlenecks
• Queue– Sequence of
requests for services
• Bottleneck– Number of
incoming requests exceeds that rate at which the system can service them
Correcting Bottlenecks
• Speed up the component causing the bottleneck by upgrading or replacing it
• Replicate the component causing the bottleneck by distributing the demand for a service across multiple servers
• Increase the capacity of the queues in the system to tolerate more requests
HardwareConcerns
• Web servers• Web applications and session state
Summary
Explain the need for server monitoring and optimization
Use tools when monitoring and optimizing servers
Identify key Internet server elements to monitor
Adjust Internet server settings to meet expected workload
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 11:Fault Tolerance
and System Backup
Objectives
• Identify ways to create fault tolerance in a network host
• Explain the concept of offsite storage• Implement procedures for disaster
assessment• Follow a data recovery strategy• Implement recovery procedures to repair
corrupted data
Fault Tolerance
The ability of a system or application to recover lost information due to a hardware or software failure
RAID
• RAID 0: disk striping• RAID 1: disk mirroring• RAID 4: disk striping with large blocks• RAID 5: disk striping with parity
Additional FaultTolerance Options
• Hot swapping• Uninterruptible power supply• Folder replication• Offsite storage and site mirroring• Removable media
Site Redirection
Helps recover from system outages and denial-of-service attacks by redirecting Internet services and sites
Tape Backupand Removable Media
• Floppy disks• Zip disks• CD-ROMs• Tapes
Planning aBackup Strategy
• Determining which files to back up• Choosing local or network backup types• Selecting a backup method• Planning and practicing restoration
procedures• Ensuring that you have verified all backup
files
Disaster Assessmentand Recovery
• Windows 2000 and Linux boot disks• Windows 2000 system state data• Windows Emergency Repair Disk• Windows 2000 Safe Mode• Troubleshooting Linux
Summary
Identify ways to create fault tolerance in a network host
Explain the concept of offsite storage Implement procedures for disaster
assessment Follow a data recovery strategy Implement recovery procedures to repair
corrupted data
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 12:Security Overview
Overview
• Identify vulnerabilities commonly found in various operating systems
• List the steps to counteract operating system weaknesses
• Define firewall and intrusion detection concepts
• Discuss the effect of security measures on employees and system hosts
• Recognize security breaches
Server Vulnerabilities
• Users and group permissions• Multiple partitions• Policies• System defaults• System bugs
This System is Secure!
Enhancing Server Security
• Enabling shadow passwords• Removing unnecessary system services
Firewalls
• Create a perimeter that protects your private network from other public networks
Firewall Functions
• Enhance logging and authentication• Encrypt transmissions between hosts and/or
networks• Provide enhanced security• Default to one of two types of behavior
– Reject all traffic unless explicitly permitted– Allow all traffic unless explicitly denied
Firewall Types
• Packet filter• Application-level gateway proxy• Circuit-level gateway proxy
Firewall Terminology
• Internal interfaces• External interfaces• Demilitarized zone• Rule• Bastion host
IntrusionDetection Systems
• Network-based IDS• Host-based IDS• Hybrid IDS
Security Tradeoffs
• Complexity• Host performance
degradation• Unintended denial
of service
RecognizingSecurity Breaches
• Failed logons• Unexplained or common system shutdowns
and restarts• Changes in user privileges• Added or removed accounts• System processes that have been shut down,
activated or restarted• Changes in file permissions
Summary
Identify vulnerabilities commonly found in various operating systems
List the steps to counteract operating system weaknesses
Define firewall and intrusion detection concepts
Discuss the effect of security measures on employees and system hosts
Recognize security breaches
Advanced InternetSystem Management
Mission-Critical Services Installing and Configuring a Web Server Advanced Web Server Configuration Enabling Secure Sockets Layer Configuring and Managing a News Server E-Mail Server Essentials
Advanced InternetSystem Management
Configuring E-Mail Servers Proxy Servers Logging Activity Monitoring and Optimizing Internet Servers Fault Tolerance and System Backup Security Overview