Week 5 Blog

Understanding and Configuring Web Servers

Web servers

Web servers is how we are viewing this blog, which is on the internet. However, like most lessons this focuses on web servers in a business, which is crucial. Web servers are like most servers, where users can request files and then send it to them. We used very basic HTML in the lab this week. When the client views it through a web browser it’ll look different as it did when editing it in vi. The protocols

Client requests web server through internet. The web server gets information from servers from the secure private local area network. The data sometimes in the form of HTML is then sent to the client.

Apache overview and configuration guidelines

Like Professor said in the lecture this week, Apache is the most popular web server. Once you download Apache you’ll find that there’s lots of modules that you can configure. The configuration file is found at /etc/httpd/conf/httpd.conf. The server name is important, because that’s how users will reach it. The server name can either be a domain name with www.website.com:80 or you can use an IP address like 192.186.0.2. For the server admin you want it to be the email of the administrator. This is so that if there’s an issue they can be contacted. Security can always be an issue when dealing with web servers. For instance, you don’t want everyone to know which modules are installed. This is because a potential hacker can see weaknesses like a lack of security modules and attack the webserver. There’s many way to configure how long a web server maintains its connection after a request has been fulfilled. Timeout, KeepAlive, MaxKeepAliveRequests, and KeepAliveTimeout’s perimeters (in seconds) can be changed.

The .htaccess file

We use httpd.conf to change parts of the website and directory hierarchies, but sometimes that’s not enough. Therefore the .htaccess files is great for when you need more control for the Apache server. This is where you can find additional functionality and modules. Broken links are something you’ve probably experienced in the past. However, sometimes you’re redirected to the site you meant to go to. This page request is perfect to relocate visitors to the current link. Password protection is also a common use of an .htaccess file. For instance, I don’t want anyone to be able to login to my DeVry account. Directories and subdirectories can be secured by using the .htaccess file. So if you’re looking to make changes and can’t find anything in httpd.conf, you’ll most likely find it in the .htaccess file.

Week 4 Blog

FTP Servers/Service-Level Agreements

Basics of FTP

The file transfer protocol is how files are transferred and copied to a server or client. An example of an FTP is the secure file transfer protocol, which was used in this week’s lab. Accessing a secure file transfer protocol (SFTP) is relatively easy. The user must log in and the server will ask for a password. Once the encrypted password is sent the user has access to the directory.

FTP Server Versus File-Sharing Server

I mentioned that FTP transfers and copies files. FPTs are not a file sharing server. One difference is how each one transfers files. If you ever downloaded a file from the internet and you lost connection, you know you must start over. What’s great about file transfer protocol is that if you lose connection, you simply resume the download at the last packet that was transferred correctly. FTP works best when transferring files from one computer to another.

Configuring a Secure FTP Server

Security is needed when it comes to an FTP server. It’s very easy to overwrite or delete the wrong file (especially when only dealing with text. During the lab we this week we kept on changing the credentials as to who can send an receive files using a FTP server. This was done by making various changes to the vsftpd.conf file. Once you open the file, you’ll see configurations like anonymous_enable, local_enable, write_enable. These parameters restrict certain functions that can be dangerous if untouched.

FTP Clients

This week we only used a command line FTP. We used get and put from each of the machines to send and receive text files. This isn’t as convenient as using a GUI if you’re still learning Linux commands. Most GUI FTPs are clients like look like a file browser of a operating system.

Service-Level Agreements

A service-level agreement also abbreviated as SLA is  an agreement between service providers and their client. The most straight forward aspects of SLAs are the costs of everything which includes web servers, SFTP servers, and overages. Quality, availability, and responsibilities are outlined in the service-level agreement.

Week 3 Blog

Week 3 Course Blog

Introduction

This week was all about electronic mailing and the architecture of electronic mail with Linux. Not only did we learn how important email is in a business setting, but we also learned how to setup and configure two different types of email servers, which are outgoing and incoming mail servers.

The Email Server Architecture

The Outgoing mail server uses SMTP. Simple mail transfer protocol is a server type used to receive emails from a different server. Although called, outgoing mail server, it’s also called the mail transfer agent. The Incoming mail server is how the mail is received by the client. The user can check the mail when they want because the message is stored in a local directory.

Sending Mail

Getting the message to outgoing mail server is done after the user is authenticated to send the message. The software called mail user agent (MUA) communicates with the outgoing mail server that I previously talked about. The SMTP protocol port that’s used is 25 or 587. Processing recipient’s address starts with the outgoing mail server examining the email sent. The email doesn’t go straight from sender to receiving. The message goes through many mail transfer agents (MTAs). Once it arrives it’s stored in a queue where the recipient can view it.

Receiving Mail

Receiving emails if much different than it used to be. Before everyone was online at every second, emails wouldn’t be received until the user logged on. Once they were online the email would be deleted from the server and be downloaded on the user’s computer. This outdated message was called the post office protocol (POP). POP3 is similar but more modern but still not as good as IMAP. The internet message access protocol syncs actions done to messages unlike POP/POP3. The drawback is that you need to be online to view all the emails. The more time that passes the less of an issue this is.

Configuring Sendmail Email Servers

Configuring the DNS MX record is the first step of configuring a Sendmail email server. Once the fields for the MX records are set (name, MX level, data, time to live) the Sendmail must be configured. One of the steps is to open the config file and change the DAEMON_OPTIONS line. This is so that it’s the actual mail server IP address. Configuring outgoing mail relays is important because the mail transfer agents and internet must forward the email, so it gets to the correct domain. We created virtual hosts for this week’s lab. This was done by using Vi (like all other configurations in this week’s lab) and overwriting /etc/mail/local-host-names. For normal accounts on a Linux server to receive mail they need an email account on the server.

Week 2 Blog

Week 2 Course Blog

Introduction

This week was all about network security. This blog will be split into six parts that focus on important parts of this week’s lesson. Security measures are done with both hardware and software and even as far as secured rooms using finger scanners. These security measures differ with ever network.

Application security and software updates

Not every application is perfect, in fact most aren’t. My antivirus software has many updates a week. This is because there’s always new ways for people to get in where they shouldn’t. Linux is great because you can update all installed software with one line of code (su -c 'dnf update').  If you’re logged in as an administrator, then simply type sudo dnf update. If you’re scared that you’ll forget to constantly check for updates, then login as admin and enter sudo /sbin/chkconfig --level 345 dnf on; /sbin/service dnf start. This script automatically updates all software at 4:00 AM.

Network protection and firewalls

There’s safety in numbers for when it comes to networks.  Filtering traffic is a great way to see who’s doing what on a network. A great way to do this is by using a firewall with hardware, software, or both. Firewalls can set rules for an individual IP address and Ports like we did in this week’s lab! We also blocked traffic with just a few commands.

Local Software Firewalls

Most ISPs will provide a physical firewall when setting up a network. This isn’t enough for a larger network. Software firewalls are great for running on a server. This week we used iptables. I mentioned above that you can block incoming and outcoming traffic. Software firewalls can also show if a file server has been compromised. If your file server is making web page requests that’s not a good sign.

Routers and Network Address Translation (NAT)

Every device on a network has their own address, this is so traffic knows where to go. Routers is responsible for mapping your private IP address and port to the web page you’re visiting (like this blog). NAT makes internal private addresses into external public addresses (or external public addresses into internal private addresses) with a router or gateway.

Proxy Servers

Proxy servers are a type of firewall that filters traffic and hide the identity of workstations. The type of traffic that proxy servers filter can be domain names and keywords. Proxy servers also cache data. Here’s an example of caching: open a website you’ve never visited before then close your browser. When you go back to that website, you’ll notice that it loaded faster.

Name Resolution

Name resolution is an easy to understand concept. We use domain names like Google.com because it’s easier to remember than a public IP. On top of that, IPs can change but you can keep the domain name. The domain name has to be translated to the public address so that you’re transferred to the website.

Outro

Hopefully if you’re reading this you’re not learning anything new. If you do, great! If not, review is always important.