Chapter Ten: Implementing Internet Services Hands-On Novell NetWare 0 5, Enhanced Edition




Download 49.83 Kb.
Sana21.03.2017
Hajmi49.83 Kb.

Chapter Ten:
Implementing Internet Services

Hands-On Novell NetWare 6.0/6.5, Enhanced Edition

Objectives

After reading this chapter and completing the exercises, you will be able to:

  • Describe NetWare 6 Internet/intranet services, including Net Services and Web Services components

  • Install and configure Novell Web Services components

  • Describe public key cryptography and use the Novell Certificate Authority services to export public and private keys

  • Describe external security policies and strategies, including firewalls, virus protection, and defense against denial-of-service attacks

NetWare 6 Internet Service Components

  • The NetWare 6 Internet service components can be divided into Net Services and Web Services components, as shown in Figure 10-1

  • Web Services are TCP/IP-based applications that make network data and services available to users, such as Web sites and FTP servers

  • Net Services components extend the capabilities of standard Web services and include many of the services you have worked with already, such as iFolder, NetStorage, iPrint, iManager, and Remote Manager

Novell Internet Services

NetWare 6 Internet Service Components

  • To gain access to NetWare files and resources, Novell Net Services run as applications on Web Services components, such as Apache Web Server

  • Novell chose Apache Web Server to host the Net Services components because it’s an open-source Web server that’s public-domain software, meaning it’s freely available and can be modified to run on other operating system platforms

Apache Web Server for NetWare

  • Apache Web Server is open-source Web server originally developed by the Apache Group, a non-profit organization

  • Being public-domain software, Apache Web Server is free to any organization or individual who wants to use it to implement Web-based services

  • Apache Web Server is used by these NetWare 6 Web-based services:

  • NetWare Web Manager

  • NetWare Web Search Server

  • NetWare WebAccess

  • iFolder

  • iManager

Tomcat Servlet Engine for NetWare

  • The Tomcat Servlet Engine, also developed by the Apache Group, is used to run Java-based Web applications

  • It is used by several NetWare 6 components, including Novell Portal Services and NetWare Web Search Server

Novell Portal Services

  • Novell Portal Services (NPS) is the leading portal strategy for delivering the right information to the people who are authorized to use it

  • NPS consists of a number of Java applications, called Java servlets, that run on Apache Web Server, as shown in Figure 10-2

  • Novell Web Manager is an example of an NPS application that customizes the content of browser-based management utilities, such as iManager and Remote Manager, based on the user’s access rights

NetWare Web Search Server

  • NetWare Web Search Server can make data on your network or the Internet searchable in minutes

  • It bridges all types of networks—from file servers to intranets and the Internet—delivering requested information in a minimum amount of time

  • Installed by default during the NetWare 6 installation, NetWare Web Search Server is ready to run simply by pointing it at the Web or file servers you want included in the search index

NetWare Enterprise Web Server

  • Apache Web Server is automatically installed during the NetWare 6 installation, but its primary purpose is to provide support for NPS and Net Services, such as iFolder and NetStorage

  • To host a company’s Web or FTP site, you need to install and configure NetWare Enterprise Web Server, which is an HTTP-based service for sending Web pages to browsers on the Internet or within the company intranet

  • An extranet is a combination of public and private Web sites, usually created to expedite communication and cooperation among companies that work closely together

FTP Server

  • Before the advent of HTTP and World Wide Web servers, File Transfer Protocol (FTP) server provided a means of transferring files from one Internet host to another

  • FTP servers are designed as a highly efficient and secure method of transferring files to and from Internet sites

  • Web servers can transfer files using HTTP, but FTP servers generally offer more efficient and reliable delivery through their specialized transfer protocol

NetWare Web Manager

  • NetWare Web Manager is the portal service used to configure and manage NetWare Web Services and access other Web-based management tools

Installing and
Configuring Web Services

  • All files in the content directory and its subdirectories are available to the browser clients

  • NetWare Enterprise Web Server, based on Netscape Web Server, is included on the NetWare 6 operating system CD

  • In addition, other commonly used Web servers are available for hosting Web sites, including Apache, iPlanet, and Microsoft Internet Information Server

Installing and
Configuring Web Services

  • The iPlanet Web server is an LDAP-only server designed for user authentication and management, electronic commerce (e-commerce), extranet, and Internet applications and is the foundation for a suite of e-commerce-delivered products from the Sun-Netscape alliance

  • Microsoft offers two levels of its Web server product: Microsoft Personal Web Server (PWS) and Internet Information Server (IIS)

  • To deliver Web site content for personal intranet applications, Microsoft designed PWS for use on Windows 95/98 and NT workstations and includes a limited version of IIS for Windows 2000 Professional computers

Working with NetWare
Enterprise Web Server

  • NetWare Enterprise Web Server can be installed during or after the NetWare 6 server installation

  • If you have access to a NetWare 6 server with the Supervisor right, you can follow the steps listed on pages 438 and 439 of the textbook

Operating and Configuring
Enterprise Web Server

  • Before using Enterprise Web Server, you must use Web Manager to start the Web server and make any necessary configuration changes

  • After Enterprise Web Server was installed, Novell Portal Services displayed the NetWare Enterprise Web Servers option in the Web Manager (see Figure 10-5)

  • After selecting the NetWare Enterprise Web Servers option, the Enter Network Password dialog box opened, requesting user name and password

Starting and Stopping
Web Services

  • After selecting the NetWare Enterprise Web Servers option in, the Server Preferences window is displayed, with options on the left side of the window to open different configuration windows

  • For example, in Figure 10-6, the Server Preferences window is displaying the Server On/Off window

Changing the Path of
the Default Web Content

  • After verifying that the server was operating properly, you want to move the Web site’s contents from the default location to the IS\Web directory in the CORP volume

  • By default, the Web content directory is located on the SYS volume, in the SYS:Novonyx\SuiteSpot\Docs directory

  • Because the Web site is expected to grow quite large, you want to move the content directory to the CORP volume to avoid the risk of accidentally bringing down the NetWare 6 server by filling up the SYS volume

Creating a Virtual Document
Directory

  • To configure NetWare Enterprise Web Server to use a virtual directory named Engineering, perform the steps on page 442 of the textbook

Configuring Document
Preferences

  • When NetWare Enterprise Web Server receives a request from a browser that does not specify the name of a page file, it uses a default index filename specified in the Document Preferences window

Setting Up Public and
Restricted Access

  • After Enterprise Web Server is installed, anyone accessing the server from a Web browser can open document files in the SYS:Novonyx\SuiteSpot\Docs directory or any of its subdirectories

  • If you change the primary document directory, create additional document directories, or want to restrict access to documents, you need to click the Restrict Access link under Server Preferences, and then scroll down to the Public Directory Designations list box

Working with NetWare FTP Server

  • NetWare FTP Server is a Web Services application that allows users to transfer files to and from the NetWare volumes that have been configured as part of the FTP content

  • After logging in to NetWare FTP Server, users can also navigate to other NetWare servers and volumes where they have access rights, even though the other servers are not running the FTP Server software

  • To access files on an FTP site, computers must have FTP client software

Installing NetWare FTP Server

  • If you have access to a server that you can use to install the FTP software, you can follow these steps outlined on page 446 of the textbook to setup an FTP server on your computer

Configuring the FTP Server

  • As with Enterprise Web Server, NetWare FTP Server is configured by using the Web Manager portal

  • You can use Web Manager’s FTP option to turn the FTP server on and off, set the default home directory path, and configure user access

  • The default home directory is set to the SYS:Public directory of the server hosting the FTP services

Accessing FTP Folders and Files

  • After FTP Server is up and running, you can use any FTP client to log in to the FTP server and transfer files

Working with Certificate Services

  • Public key cryptography is a security system that authenticates users and organizations to ensure that they are who they claim to be and encrypts data transmissions to prevent information from being intercepted by unauthorized people

  • Table 10-4 shows how public key cryptography relates to file system and eDirectory security

  • Public key cryptography provides both authentication and encryption security through the use of mathematically related sets of digital codes called key pairs

  • A key pair consists of a public and private key that is unique to an individual, application, or organization

  • The private key is kept solely by the owner of the key pair and used to create digital signatures and encrypt and decrypt data

  • The public key is made available to all network users and used by outside entities to encrypt data sent to the key pair owner

  • Public key certificates contain, at a minimum, the entity’s public key, a subject name, and a CA-generated digital signature

  • Public key certificates generated by most commercial CAs use the X.509v3 format and contain the following information:

  • The name of the user or organization (subject name)

  • The public key of the user or organization

  • The length of time the public key certificate is valid

  • The name of the CA that signed the public key certificate (issuer)

  • The digital signature created by the CA

Novell Certificate Server

  • Novell Certificate Server, included with NetWare 6, integrates public key cryptography services into eDirectory and enables administrators to create, issue, and manage user and server certificates

  • It helps network administrators meet the challenges of public key cryptography with the following functions:

  • Creating an Organizational CA in the eDirectory tree that allows your CA server to internally issue user and server certificates without going to an external CA

  • Storing key pairs in the eDirectory tree to provide security against unauthorized access and tampering yet make public keys available to all network entities

  • Allowing centralized management of public key certificates by using ConsoleOne snap-ins

  • Supporting commonly used e-mail clients and Web browsers

  • After installing Novell Certificate Server and creating an Organizational CA for the UAS_tree during the NetWare installation, use ConsoleOne to perform the following CA management tasks:

  • Create a Server Certificate object for the UASHOST server

  • Request a public key certificate from an external CA

  • Create a user certificate

  • Create trusted root containers and objects

Securing Net Services

  • Making Net Services and information available on the Internet exposes the NetWare server and user workstations to potential attacks on an organization’s information system

  • The most common types of hacker attacks on information systems can be divided into these five general categories:

  • Intrusion

  • Spoofing

  • Virus attacks

  • Denial-of-service attacks

  • Information theft

Internal Security

  • Ensure that server rooms are kept locked during off-hours

  • Provide extra security by using the console screen saver and Secure Console commands

  • Change user password restrictions to require a password of at least eight characters that’s changed every 60 days

  • Review the file system and eDirectory security to ensure that users have only the rights they need to perform their assigned tasks

Common Internal Security
Violations

  • Password security is your front-line defense against internal security violations

  • Despite your best planning and documentation, user accounts might be assigned unauthorized rights to the eDirectory tree or file system

  • Another possible security compromise involves creating a rogue Admin account that has the Supervisor right to the eDirectory tree

  • When tracing internal security violations involving excessive rights, you should follow the procedures shown on pages 457 and 458 of the textbook to track the problem to the source

Firewall Security

  • Firewalls consist of software that runs on a server or specialized hardware, such as a network router, and can be configured to provide protection from external threats in the following ways:

  • Enforce corporate security and access control policies by controlling the type of traffic permitted between the internal private network and the Internet

  • Keep log files of information about external traffic to better monitor the source and frequency of unauthorized access attempts

  • Provide a central point that all network traffic must pass through before reaching the internal private network

  • Act as a traffic cop by permitting only selected services, such as FTP or WWW, to access the network

  • Create firewall partitions that limit security breaches or prevent intruder attacks from spreading across the company intranet

  • A firewall’s primary objective is to prevent entities on untrusted or unknown networks from accessing services and computers on the trusted or internal network

  • A trusted network consists of your organization’s private network along with the firewall server and networks it covers; it can exist within the company intranet and include the network addresses of other computers and networks on the Internet that you regularly communicate and do business with

  • You can implement a virtual private network (VPN), which is a trusted network that sends packets over an untrusted network

  • An untrusted network, such as the Internet, is an external network whose administration and security policies are either unknown or out of your control

  • An unknown network is neither trusted nor untrusted and, by default, is treated the same as an untrusted network

  • You can use firewall software to enable the following security measures on all untrusted and unknown networks:

  • Packet filtering

  • Virtual private networks

  • Network Address Translation (NAT)

  • IPX/IP gateways

  • Circuit-level gateways

  • Proxy services

Protection Against Virus Attacks

  • Viruses are often embedded in other programs or e-mail attachments

  • After a virus is activated by running the program or opening the e-mail attachment, it can copy itself to other programs or disk storage areas

  • Each virus has a different signature, which is a bit pattern made by the virus when it’s embedded in a program or an e-mail attachment

  • Firewalls offer security measures to help protect a network from information theft and attacks, but they are not designed to detect and prevent viruses from entering the network

  • Viruses are classified based on how they infect computer systems:

  • Boot sector viruses

  • File viruses, also called Trojan horses

  • Macro viruses

  • Stealth viruses

  • Polymorphic viruses

  • Worms

Virus Prevention Techniques

  • Virus prevention on a network involves installing a virus protection system, making regular backups, and training users on how to reduce the risk of virus attacks

  • Virus protection systems scan programs on the server and user workstations and monitor program files as they are loaded to detect known virus signatures

  • Refer to the list on pages 462 and 463 of the textbook for common virus infection symptoms

Virus Removal Planning

  • Despite security measures and anti-virus software, with all the new viruses popping up almost daily, there’s always the possibility that one could slip by your anti-virus software and infect your network’s computers

  • After a virus was detected recently on the UAS, you used the procedure shown on pages 463 and 464 of the textbook to isolate and remove the virus from all networked computers

Defense Against
Denial-of-Service Attacks

  • Although denial-of-service attacks don’t usually directly damage or steal a company’s data, they can cost a company a lot of money by bogging down the organization’s Web services, causing lost customer sales and reducing user productivity

  • Denial-of-service attacks are usually caused by flooding the server with packets or sending oversized packets to a service, causing it to crash

Common Denial-of-Service Attacks

Summary

  • An essential part of Novell’s strategy for the future is to provide Internet services that enable clients and servers using diverse operating systems to be managed and accessed as one network

  • NetWare Web Services includes Enterprise Web Server and FTP Server, which can be installed and customized to supply information and Web pages to the Internet and local intranet

  • Using public key cryptography to encrypt data transmission and provide authentication with digital signatures is a vital component of securing information transmission on the Internet

  • Certificate Authorities issue public key certificates for verifying that the public key belongs to the entity distributing it

  • Internet security involves protecting Web and Net Services from threats such as data theft, hacking, and computer viruses



Download 49.83 Kb.

Bosh sahifa
Aloqalar

    Bosh sahifa


Chapter Ten: Implementing Internet Services Hands-On Novell NetWare 0 5, Enhanced Edition

Download 49.83 Kb.