1 / 41

COMP3122 Network Management

COMP3122 Network Management. Richard Henson March 2012. Week 8: Internet Access, Web Services, and Remote Access. Objectives: Configure a specified web server to support www & ftp sites Run a world wide web site that includes server scripting

bernad
Télécharger la présentation

COMP3122 Network Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMP3122 Network Management Richard Henson March 2012

  2. Week 8: Internet Access, Web Services, and Remote Access • Objectives: • Configure a specified web server to support www & ftp sites • Run a world wide web site that includes server scripting • Configure a server to accept services by remote access • Apache runs on Unix/Linux

  3. “Web Service” access • The following diagram illustrates the relationship between web client and web server processes: • client requests information… • server processes the request and sends a response back to the client…

  4. Internal & External Access to Web Services • Both use, by default, http (TCP port 80) • Both use a specified area on the server for webpages • http:// always needs to be used • Internal host service (Intranet) can be accessed via resource name or IP address • External host needs a domain name

  5. Access to Web Services across a local network • Each web service has a unique name • e.g. “mywebsite”, “myftpsite” • For Internal network access… • www services accessed at the client end using an Internet Browser • local name maps by default to root www service folder e.g. wwwroot

  6. Access Control and Internal Web Services(Intranet) • Access controlled by: • EITHER username/password protection of pages beyond the home page • OR user login name authentication with active directory (or equivalent) for access to the service

  7. Accessing through the world wide web • Full URL needed to gain access • i.e. local www name.domain name • Access to service controlled through a requirement to login • by default, all users automatically logged on to an “anonymous” account (Internet Guest)

  8. Web-based Client-Server Model Optional logon at The server end… Most web pages Accessed directly through “anonymous” guest logon: no pwd

  9. IIS (Internet Information Server) • IIS has been logically coupled with Windows Servers since 1996… • Visual BASIC runtime environment known as ASP • originally enabled VB code to create .asp files to perform tasks and interact directly with the client browser • included a number of COM+ objects

  10. IIS and Security • By 2000… • IIS generally acknowledged to be one of the major security weaknesses of Microsoft platforms interfacing with the web • Vb source code easily hacked or reengineered • most viruses came in via IIS & VB code

  11. The .net framework and web services • Major IIS change in 2001 -> .net framework • server scripts no longer contained source code (except HTML) • Windows 2003 has .net built-in (IIS v6) • .net framework required to run server scripts and access databases

  12. .net frameworkand Active Directory • .net took awhile to perfect… (!) • not the case with .net v1.1 • and not with the first release of 2003 Server… • early object framework did not interface well with active directory • Windows 2003 WAS a success… • But NOT because of .net framework!

  13. .net framework v2.0 and Active Directory • .net v2 released some time after 2003 server • included “Active Directory namespace” • System.DirectoryServices • allowed more effective linking of active directory objects with .net objects. e.g.’s • http://www.vsj.co.uk/dotnet/display.asp?id=409 • helped .net to become a popular platform

  14. Management of Groups of Web Pages • IIS performs various “server end” tasks: • controlled access to the contents of web sites • home or “root” directory path • name definition(s) for “home page” e.g index.html, index.aspx • the right scripting “engine” for files containing executable code • need to be compiled, interpreted, or (if run-time e.g. ActiveX) just executed

  15. Home Page Service for websites • Agreed home page convention by ISPs: • home page is index.htm, index.html • this page is downloaded when the domain name is entered in the browser window • Microsoft home page convention: • default.htm/html • default.aspx • Latter can (should?) be changed to conform to general convention

  16. Setting up an IISFTP service • FTP protocol is ancient (RFC 238, 1972) • still popular & works well for uploading/downloading • IIS allows configuration of an FTP server for: • Internal ftp access: • local ftp service name • External ftp access: • local name.domain name • FTP server can be accessed: • directly through the browser • using an ftp client

  17. Accessing an IIS SMTP service • SMTP protocol (or Internet Mail forwarding) developed from FTP (RFC 821, 1978) • Web-based or Internal SMTP service set up in the same way as FTP • same access rights/limitations, etc. • Further software (Exchange Server) needed to provide a full mail service

  18. Setting up an Exchange Mail Server Service • Exchange is complex software • MailServers have large resource requirements • Uses x500 data storage standard • store for details of mailbox users • can interface with details of Active Directory users! • Further stores: • incoming messages that need distributing to mailboxes • mailboxes & their messages • database of existing mailbox names

  19. A POP3 service • SMTP sends messages between Internet servers • Cannot be used to download mail from mailboxes to clients • need to use the POP3 protocol • POP3 Server principles: • user logs on to server • if user is authorised: • any messages in that user’s mailbox are located • all messages downloaded to local folder by POP3 client software

  20. Administering the Web Service • Software GUI tools for IIS administration • MMC • management snap-in • Command line tools for IIS administration • direct access via browser • Access to these tools needs to be restricted… • Service should allow a number of different web sites to be set up in different folders • Excellent website (for W2003, IIS v6) • http://www.windowsnetworking.com/articles_tutorials/Web-Sites-Windows-2003.html

  21. Administering the WWW Service • IP address of the web server is normally that of the host machine • needs to be provision for • manual settings • several addresses e.g. multiple websites running through separate folders • Typical set up & management tasks required for each website: • website name, port, home directory, default filename pecking order • optional username/password & access permissions • “virtual directories” • security permissions for use with server certificates and the public key infrastructure (PKI)

  22. Web Services and The Cloud • Companies like Amazon, Google (apps), and salesforce.com have created web services (XML/http) and made them available to a wider public for storing their data • this approach benefits companies most that are experience relatively quick growth • instead of getting new storage resources every year, organisations can quickly and easily purchase more "cloud space"

  23. Cloud Services, the future, and Security • Cloud computing can offer applications as-a-service as well… • a future is predicted where everything is outsourced and no kind of local CPU is even needed • employees will simply have a monitor, keyboard, and mouse that will allow them to connect to the cloud for all of their resources (!) • but will this be secure? And what comeback will organisations have if something goes wrong?

  24. Open Access v Logonto Web Server? • Allowing network or external users to access part of the server has its risks! • One strategy: use “anonymous login” • anyone can log on and gain access to the service • but they only get “guest-equivalent” (i.e. minimum) access rights • can be frustrating…

  25. Open Access v Logonto Web Server? • Alternative: request username/password access • access rights then depend on user privilege • no longer “open access” • but good for auditing and control

  26. Open Access v Logonto Web Server? • Servers in general: • potentially open to attack by both internal and external network users (security vital) • Standard web server practice: • no file access possible other than at and below the designated root • main issue for the system regarding user requests for web access: • whether or not to allow access at all • whether to allow read only or read-write access

  27. Offering a Proxy Service • A Proxy Server runs on a server being used as a Firewall • Acts as an intermediate party between the Internet and local network services: • intercepts user requests for services such as FTP • decides whether or not to forward them to the true server • The effect is that the internal and external computers talk to the proxy service rather than directly to each other

  28. The Proxy Service approach Firewall with Proxy service Real server Request to proxy server Internal Network ...

  29. Proxy Service - continued • User on either side of the firewall… • illusion that they are talking to a real server • in fact they are dealing with a proxy • IF outside user tries to “hack” into the network server, internal network architecture is hidden • A proxy server can be programmed to block certain requests, sites, actions e.g: • blocking certain WWW sites • preventing FTP downloads

  30. Proxy Service • Provides network client machine with controlled access to the Internet • Clients can only gain access to the Internet via the Proxy Service • Enables the network administrator to control: • which TCP ports, and therefore which protocols can be used • which (if any) external IP addresses can be accessed/filtered

  31. Proxy Service • Can also provide a storage facility for web pages (web cache) • Mans that clients don’t need to keep going out onto the Internet to access the same page • web cache speeds up access to regularly accessed web pages • less actual www traffic, so more bandwidth available to those accessing pages that haven’t been previously downloaded

  32. Streaming Media Service • Serves streaming sound/video/animation files to multiple users simultaneously • across the network • across the Internet • If connection has sufficient bandwidth • Also provides the conversion software codecs to produce and run the streaming media files

  33. How Does Streaming Technology Work? • A streaming sound file is no longer in a .wav or .mid format • Using special software, any sound file can be: • converted/compressed into a streaming format • Accessed remotely using e.g. rtsp://server/path/filename • A suitable Audio player is then needed to play the streaming audio • must contains its own software codecs

  34. Real Audio • Probably the most popular Internet streaming system • .ram file contains the search string for the local browser • .ra file contains the sound file that can be sent bit by bit using streaming technologies

  35. How Does Streaming Technology Work? • The .ra file is stored on a remote server • path begins with rtsp:// • tells an application that: • the file is located externally on a streaming sever • it is using Real Time Streaming Protocols • next in the path: • name of the folder on the streaming server where the file resides • finally the name of the target file itself

  36. Secure Remote Access to the Network Servers • Two realistic possibilities: • via telephone line to server • via secure channel through the Internet • Routing and Remote Access service • Provided by Windows Servers as “Routing and Remote Access service” • not available by default • Wizard eases installation

  37. Access to www service via Telephone • ISPs use RAS to provide logon connections for multiple users via: • standard (analogue) phone link • one modem needed on/connected to the server for each remote connection – still needed in some parts of the country • ISDN (largely replaced by… ADSL) • As with www, ftp, email services available: • appropriate security arrangements need to be in place • appropriate client-server TCP protocols required

  38. Remote Access Service • Public Telephone network, security options: • callback security • server makes a note of the caller’s number • hangs up • calls the caller back! • logon • only authorised users are allowed to log on • encryption • log on data can/should? be encrypted • PPTP filtering • only allows PPTP packets through

  39. Remote Access Service • Dial-up (OSI level 1/2) Protocols • SLIP (Serial Line Interface Protocol) • developed in 1984 • now old hat! • PPP (Point-Point Protocol) • current standard • more flexible than PPP • allows a greater range of transport protocols • Allows remote allocation of IP addresses to clients by DHCP server

  40. Remote Access via VPN within the Internet • Protocols for creating a secure channel through the Internet: • PPTP (Point-Point Tunnelling Protocol) • secure version of PPP • port 1723 • L2TP now more popular • port 1701

  41. Thanks for Listening

More Related