1 / 39

Guide to Novell NetWare 6.0 Network Administration

Guide to Novell NetWare 6.0 Network Administration Chapter 14 Chapter 14 - Implementing and Securing Network Services Describe NetWare 6 Internet/intranet services, including Net Services and Web Services components Install and configure Novell Web Services components

sandra_john
Télécharger la présentation

Guide to Novell NetWare 6.0 Network Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guide to Novell NetWare 6.0 Network Administration Chapter 14

  2. Chapter 14 - Implementing and Securing Network Services • Describe NetWare 6 Internet/intranet services, including Net Services and Web Services components • Install and configure Novell Web Services components

  3. Chapter 14 - Implementing and Securing Network Services • Describe public key cryptography and use the Novell Certificate Authority service to export public and private keys • Describe internal and external security policies and strategies, including firewalls, virus protection, and defense against denial-of-service attacks

  4. NetWare 6 Internet Service Components • Novell’s Internet/intranet services: • Help simplify the implementation of business networks by providing a common set of services for accessing data and resources with a variety of workstation and server operating systems • The Internet service component can be divided into Web Services, which are TCP/IP-based applications that give users access to network data and services though Web sites and FTP servers, and Net Services, which extend the capabilities of standard Web services

  5. NetWare 6 Internet Service Components • Net Services requests: • A network can be configured so that requests for Net Services originating at user workstations are sent via the Internet to a firewall running on a server or router; once through the firewall, the request is routed to the appropriate services based on its IP address and port number • Port numbers are used to transfer information in a data packet to the correct application • To gain access to NetWare files and resources, Net Services run as applications on Web Services components, such as Apache Web Server

  6. NetWare 6 Internet Service Components • Apache Web Server: • Is open-source Web server software and a common platform for implementing Web-based services • It is installed by default during the NetWare 6 install • It’s primary purpose is to provide support for Novell Portal Services and Net Services, such as iFolder • Requires no special configuration • NetWare 6 ships with the Tomcat Servlet Engine, which is used to run Java-basedWeb applications

  7. NetWare 6 Internet Service Components • Novell Portal Services (NPS) is a portal strategy for delivering the right information to the people authorized to use it • A portal provides one view into a company’s information and displays this data as Web pages • With NPS, network administrators can protect and control access to network resources, delivering personalized data to people based on their company roles, locations, and group associations • NPS consists of a number of Java servlets that run on Apache Web Server

  8. NetWare 6 Internet Service Components • NetWare Web Search Server: • Makes network or Internet data searchable in minutes, and it bridges all types of networks • NetWare Enterprise Web Server: • Is an HTTP-based service for sending Web pages to browsers on the Internet, or to an intranet • FTP server: • Allows for file transferring between Internet hosts • NetWare Web Manager: • The portal service for managing Web Services

  9. Installing and Configuring Web Services • Working with NetWare Enterprise Web Server • NetWare Enterprise Web Server can be installed during or after NetWare 6 server install, and once installed, NPS displays the NetWare Enterprise Web Server options in the Web Manager window to allow for configuration • There are many configuration options and settings, but the most common tasks are: starting and stopping Web Services, changing the default path to the content directory, creating virtual Web sites, configuring document preferences, and setting up public and restricted access sites

  10. Installing and Configuring Web Services • Working with NetWare FTP Server: • FTP services require server & client components • Most Web browsers have a built-in FTP client for accessing FTP servers • Many dedicated FTP clients enable the operator to enter commands directly from the FTP command prompt; other clients use a graphical environment • Setting up NetWare FTP Server requires installing the FTP software on the NetWare 6 server and then configuring the software to provide access to the content directories

  11. Installing and Configuring Web Services • Working with NetWare FTP Server (cont.): • After FTP Server is up and running, any FTP client can be used to log in to the FTP server and transfer files • To enable FTP Server logging, enter your server URL and click your server name under the NetWare Enterprise Web Server heading to log in, click the Log Settings link in the left-hand column • You can configure FTP security by clicking the Security link in the Server Preferences window

  12. Installing and Configuring Web Services • Working with NetWare FTP Server (cont.): • Additional features of FTP Server include: multiple instances of FTP Server software; FTP access restrictions; intruder detection; remote server access; special Quote Site commands; firewall support; active sessions display; Namespace support; Simple Network Management Protocol (SNMP) error-reporting service; welcome banner and message file support; NetWare Web Manager management; Cluster Services support

  13. Working with Certificate Services • Public key cryptography: • Is a security system that authenticates users and organizations to ensure that they are who they say they are and encrypts data transmissions to prevent information from being intercepted • Public key cryptography uses mathematically related sets of digital codes called key pairs, which consists of a public and private key that is unique to a person, an application, or an organization • To create a digital signature, cryptography software mathematically links the data being signed with the sender’s private key

  14. Working with Certificate Services • Public key cryptography: • The Certificate Authority (CA) service was developed to mediate the exchange of public keys • In this service, the public key cryptography software running on an entity creates a public and private key pair. To get the public key authorized, an entity must send its public key and other identification data to a CA. The CA validates the owner’s key pair by creating a certificate containing the owner’s public key along with the CA’s digital signature

  15. Working with Certificate Services • Novell Certificate Server: • Integrates public key cryptography services into eDirectory and enables administrators to create, issue, and manage user and server certificates • It helps meet the challenges of public key cryptography in these ways: creating an organizational CA in the eDirectory tree; storing key pairs in the eDirectory tree to provide security; allowing centralized management of public key certificates through ConsoleOne snap-ins; supporting common e-mail clients and browsers

  16. Securing Net Services • Making Net Services and information available on the Internet exposes the network to potential electronic attacks • Although public key cryptography secures data through encryption and identifies entities with digital signatures, it does not prevent outside hackers from gaining unauthorized system access • Common hacker attacks categories: intrusion, social engineering, spoofing, virus attacks, denial-of-service attacks, and information theft

  17. Securing Net Services • Internal security involves placing NetWare servers in secure locations and making sure you have adequate password policies • In addition, consider these network protection precautions: ensure that server rooms are locked at all times; workstations should not be visible from behind the user; keep wiring closets locked and restrict their access; provide extra security by using the console screen saver and SECURE CONSOLE commands; review file system and eDirectory security to ensure that users have only the rights they need to perform their tasks

  18. Securing Net Services • How to avoid common internal security violations: • Ensure passwords are safe and secure, especially the administrator’s - intruder detection helps here • Ensure that user accounts are not assigned unauthorized rights - a tool such as Novell Advanced Audit Service and tools from BindView Solutions help here • Ensure that there are no rogue Admin accounts that have the Supervisor right to the eDirectory tree

  19. Securing Net Services • Firewall external security: • Computer firewalls control access between the company’s private network and an untrusted external entity on the internet • Firewalls consist of software that run on a server and can be configured in the following ways: control the type of traffic permitted between the internal private network and the Internet; keep log files of information about external traffic; provide a central point that all network traffic must pass through; and permit only selected services to access the network

  20. Securing Net Services • Protection against virus attacks: • Viruses are often embedded in other programs or e-mail attachments, and are activated by running the program or opening the e-mail attachment • Viruses are classified based on how they infect: boot sector viruses attack the boot records or file allocation tables; file viruses attack executable programs; macro viruses attack programs that run macros; stealth viruses disguise themselves to make it difficult for anti-virus software to detect them; worms are independent programs that copy themselves to other computers over a network

  21. Securing Net Services • Protection against virus attacks (cont.): • Virus protection on a network involves: installing a virus protection system; making regular backups; and training users on how to reduce the risk of virus attacks • Virus removal planning involves these steps: isolate all infected systems and floppy diskettes; locate the clean floppy disk formatted with a boot system created earlier with the anti-virus software; use the boot disk to start and clean all infected computers; restart the system and create a system backup; scan the network drives for infection

  22. Securing Net Services • Defense against denial-of-service attacks • Denial-of-service attacks are usually caused by flooding the server with packets or sending oversized packets to a server, making it crash • A properly configured firewall and software designed for Net Services security are the best defenses against these attacks

  23. Chapter Summary • An essential part of Novell’s strategy for the future is to provide Internet services that enable clients and servers using diverse operating systems to be managed and accessed as one network. To do this, Novell has developed Net Services, which includes iFolder, NetStorage, iManager, iPrint, and iMonitor. Because Net Services is written to run on top of the open-source Apache Web Server, the services can be implemented on other network operating systems, such as Windows 2000/XP, Windows NT and Linux

  24. Chapter Summary • NetWare Web Services include Enterprise Web Server and FTP Server, which can be installed and customized to supply information and Web pages to the Internet and local intranet. The NetWare Web Manager portal is used to configure and manage both Enterprise Web Server and FTP Server. Typical Web server management tasks include specifying the primary document directory, creating virtual Web sites, setting document preferences, and specifying public and restricted access to Web content. FTP configuration tasks include setting the default FTP directory, providing anonymous access, and restricting user access to the FTP server

  25. Chapter Summary • Using public key cryptography to encrypt data transmission and provide authentication with digital signatures is a vital component of securing information transmission on the Internet . Public key cryptography uses public and private keys to create digital signatures and encrypt and decrypt data transmissions. Clients use the public key to encrypt data, which can be decrypted only by the public key owner’s private key • Certificate Authorities (CAs) issue public key certificates for verifying that the public key belongs to the entity distributing it

  26. Chapter Summary • Internet security involves protecting Web and Net Services from threats such as theft, hacking, and computer viruses. An Internet security plan should include a firewall to isolate the internal network from the outside Internet and implement a virus protection and data recovery plan. Firewalls should be configured to detect denial-of-service attacks, such as the ping of death, SYN packet flooding, oversized UDP packets, teardrop attacks, and land attacks

More Related