Chapter 03


Published on


Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Chapter 03

  1. 1. Linux Networking and Security Chapter 3
  2. 2. Configuring Client Services <ul><li>Configure DNS name resolution </li></ul><ul><li>Configure dial-up network access using PPP </li></ul><ul><li>Understand client services such as DHCP and LDAP </li></ul><ul><li>Use remote graphical applications and remote dial-up authentication </li></ul><ul><li>Use common client tools such as Linux Web browsers and email clients </li></ul>
  3. 3. Setting Up Name Resolution <ul><li>The domain name service (DNS) is implemented by a domain name server </li></ul><ul><ul><li>The term domain name refers to the name of multiple hosts on the Internet that are collectively referred to </li></ul></ul><ul><ul><li>The most widely known top-level domain is .com </li></ul></ul><ul><ul><li>Within a top-level domain, an organization has its own domain or domains </li></ul></ul><ul><ul><li>Network hosts are given names called hostnames </li></ul></ul><ul><ul><li>A fully qualified domain name (FQDN) combines a hostname with the name of its domain </li></ul></ul>
  4. 4. Setting Up Name Resolution
  5. 5. Configuring the DNS Resolver Manually <ul><li>The resolver is the client part of DNS </li></ul><ul><ul><li>It makes requests to a DNS server so that other workstation programs can use the IP address of a given server to make a network connection </li></ul></ul><ul><ul><li>The resolver is configured by a single file in Linux: /etc/resolv.conf </li></ul></ul><ul><ul><li>Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver </li></ul></ul>
  6. 6. The hosts File <ul><li>Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host </li></ul><ul><li>The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses </li></ul>
  7. 7. Configuring the DNS Resolver Graphically
  8. 8. Configuring the DNS Resolver Graphically
  9. 9. Configuring the DNS Resolver Graphically
  10. 10. Configuring the DNS Resolver Graphically
  11. 11. Dial-up Network Access Using PPP <ul><li>PPP is widely used to connect to the Internet via modem </li></ul><ul><ul><li>PPP includes feature that make it more secure, flexible, and dependable than terminal emulation </li></ul></ul><ul><ul><li>In reality, PPP was not very secure and was challenging to configure and manage </li></ul></ul><ul><li>Two advances improve PPP security: </li></ul><ul><ul><li>Password Authentication Protocol (PAP) stores user data in a file that only the root user accesses </li></ul></ul><ul><ul><li>Challenge Handshake Authentication Protocol (CHAP) is the most secure PPP option </li></ul></ul>
  12. 12. PPP Connections <ul><li>Text-mode utility wvdial is designed to ease the difficulty of working with PPP </li></ul><ul><ul><li>Used from a command line on a server </li></ul></ul><ul><li>Red Hat Linux uses a utility called rp3 </li></ul><ul><ul><li>This is a wizard-driven graphical utility </li></ul></ul><ul><li>The Linux KDE graphical environment uses a utility called KPPP </li></ul><ul><li>diald automates PPP </li></ul><ul><ul><li>difficult to use and challenging to set up </li></ul></ul>
  13. 13. PPP Connections
  14. 14. PPP Connections
  15. 15. Using DHCP <ul><li>Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients </li></ul><ul><ul><li>DHCP can drastically reduce the administration needs of a network </li></ul></ul><ul><ul><li>The DHCP server is installed by default on many Linux systems </li></ul></ul><ul><ul><li>Configuration of DHCP involves creating an /etc/dhcpd.conf file </li></ul></ul>
  16. 16. Using DHCP
  17. 17. Understanding LDAP <ul><li>The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information </li></ul><ul><ul><li>LDAP directories are organized as inverted trees of information </li></ul></ul><ul><ul><li>To use a directory, client software allows traversal of the tree, looking for the needed data </li></ul></ul><ul><ul><li>Objects in the tree are referred to using a formalized set of identifiers </li></ul></ul>
  18. 18. Understanding LDAP
  19. 19. Understanding LDAP
  20. 20. Running Applications Remotely
  21. 21. Running Applications Remotely <ul><li>Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server </li></ul><ul><ul><li>To use xhost Authentication, include the hostname of the computer that will be allowed to display </li></ul></ul><ul><ul><li>xauth Authentication is more secure than xhost since it employs the use of a cookie </li></ul></ul><ul><li>XDMCP for Remote Graphical Terminals </li></ul><ul><ul><li>lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux </li></ul></ul>
  22. 22. Running Applications Remotely <ul><li>Using r-Utilities for Remote Execution </li></ul><ul><ul><li>Allow a user to learn about or execute a program on another host </li></ul></ul><ul><ul><li>The r-utilities are not secure </li></ul></ul><ul><li>Using UUCP for Remote Access </li></ul><ul><ul><li>Provides transfer of email over modem between multiple email servers </li></ul></ul>
  23. 23. Running Applications Remotely
  24. 24. Web and Mail Clients <ul><li>Popular Linux Browsers </li></ul><ul><ul><li>Lynx is a text-based browser that is installed by default on many popular Linux distributions </li></ul></ul><ul><ul><li>Netscape Communicator on Linux is similar to Netscape on Windows </li></ul></ul><ul><ul><li>Mozilla is included as the default on Red Hat Linux on the Gnome desktop </li></ul></ul><ul><ul><li>Other browsers: Opera, dillo, Galeon, SkipStone </li></ul></ul>
  25. 25. Popular Linux Browsers
  26. 26. Understanding Email <ul><li>Email is transferred on the Internet via the Simple Mail Transport Protocol (SMTP) </li></ul><ul><li>Email-related programs are divided into three categories: </li></ul><ul><ul><li>Mail Transfer Agent (MTA) - moves email messages from one server to another </li></ul></ul><ul><ul><li>Mail Delivery Agent (MDA) - places email in a user’s mailbox </li></ul></ul><ul><ul><li>Mail User Agent (MUA) - displays and manages email messages for a user </li></ul></ul>
  27. 27. Understanding Email <ul><li>On every Linux system, user accounts have associated email accounts and email is placed in the /var/spool/mail directory </li></ul><ul><li>Email is typically retrieved using a MUA in one of three ways: </li></ul><ul><ul><li>Post Office Protocol (POP3) - via a POP3 server downloads messages to the computer </li></ul></ul><ul><ul><li>Internet Mail Access Protocol (IMAP) - views messages on the remote server </li></ul></ul><ul><ul><li>Web browser </li></ul></ul>
  28. 28. Understanding Email <ul><li>Using an Email Filter: Procmail </li></ul><ul><ul><li>Procmail is a special MDA acts as a filter and processes email based on user-defined criteria </li></ul></ul><ul><ul><li>Difficult to configure, but worth the effort if a large number of incoming messages are regularly received </li></ul></ul><ul><ul><li>Is installed by default on many Linux systems </li></ul></ul><ul><ul><li>Checks for both a system-wide configuration file /etc/procmailrc and per-user .procmailrc </li></ul></ul><ul><ul><li>These files can contain recipes, or formulas for examining email messages and taking an action </li></ul></ul>
  29. 29. Linux Email Clients
  30. 30. Linux Email Clients
  31. 31. Chapter Summary <ul><li>The client portion of the domain name service is called a resolver </li></ul><ul><li>A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part </li></ul><ul><li>PPP is a popular method of making network connections via modem </li></ul><ul><li>PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols </li></ul><ul><li>The wvdial utility can configure and manage a PPP connection from the command line </li></ul>
  32. 32. Chapter Summary <ul><li>The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic </li></ul><ul><li>The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server </li></ul><ul><li>Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients </li></ul><ul><li>The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources </li></ul>
  33. 33. Chapter Summary <ul><li>The OpenLDAP server is provided with most Linux distributions </li></ul><ul><li>X can execute graphical programs remotely by referring to the DISPLAY variable or the --display command line option </li></ul><ul><li>XDMCP lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux without first logging into Linux via Telnet </li></ul><ul><li>The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment </li></ul>
  34. 34. Chapter Summary <ul><li>The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of email messages between servers in the days before Internet connectivity was widespread </li></ul><ul><li>Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape </li></ul><ul><li>Internet email relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages </li></ul>
  35. 35. Chapter Summary <ul><li>MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server </li></ul><ul><li>The Procmail program processes email messages using recipes which provide automatic message management </li></ul><ul><li>Many other Linux email clients are popular: elm and pine, fetchmail, Kmail and Balsa </li></ul>