Week 7 Blog

Dynamic Host Configuration

Dynamic Host Configuration Protocol

Linux can both use dynamic host configuration protocol (DHCP) to get network information and be used to act as a DHCP server. These types of servers can grab addresses from a pool when it’s requested. Additionally, Locations of DNS servers and default internet gateways are distributed. Now get ready for the borderline confusing setting and configuration for a DHCP server.

Manual IP Configuration

There’s four fields that need to be set after the network configuration tool is launched. These four are:

·         IP address – This can be left alone or be set manually. A static IP address of machines has an IP address that does not change even after reboot.

·         Subnet mask – The subnet mask is responsible for getting the range of addresses for the computers and devices on the LAN or subnet.

·         Default gateway – Whenever the need to leave your LAN, the request needs to figure out what node on the subnetwork will route to outside the LAN. The gateway can route the requests for IP addresses that are outside of the local subnet.

·         Domain name system (DNS) – It’s hard for people to remember IP address in full so we give them host names. The DNS translates this so when we do something with a host name the system sees it as an IP address.

Configuring a DHCP Client

There’s four important network parameters that need to be set when setting up a DHCP server. Lease time is a time set for clients for how long they can use the IP address from the DHCP server. This lease can be renewed if the client makes a request. Without any configuration, the lease time is set at 86,400 seconds, which is 24 hours. Host workstations can be assigned a name with the use of DHCP as well. The configuration file is found under /etc/dhcp/dhclient.conf. Typically, the DHCP client configuration file doesn’t need to be touched, but it’s good to know how everything works, specially setting the parameters.

Configuring a DHCP Server

Installing the DHCP package is the first step to setting up a DHCP server. Next is making sure that the firewall is allowing communication through the two UDP ports 67 & 68. The next is opening and editing the configuration file found under /etc/dhcp/dhcpd.conf. Once your parameters are set it’s time to launch the dhcpd server daemon. The next two steps are to set up the host firewall, and then the DHCP configuration file under /etc/dhcp/dhcpd.conf. After your parameters are set you are done (after testing of course).

Week 6 Blog

DBMSs and Programming Languages

Databases and programming languages are what makes websites so special. We used HTML a little last week and it was very primitive. Most websites now are connected to databases in order to retrieve and store information. Programming allows features like usernames/passwords, security, and most visual aspects. Web servers are responsible for loading the index/home page, access the database to retrieve data, and sends the information to the client. Programming languages allow the website to be able to communicate to the web server.

Understanding the Database Management Systems (DBMs) Architecture

There’s a lot to DBMs, but most of it’s easy to understand. Let’s start with the clients. There’s the database administrator, web server, and anyone that is trusted. Anytime the database needs maintenance performed it needs to be done by the database administrator. Servicing the database outside of the company’s local area network can cause security issues because if you can access it outside, then somebody else can. The web server allows the web page to construct dynamic web pages by accessing the database once a web client requests the page. Database servers don’t need to be directly connected to internet. Developers can just access the database through the web server.

MySQL Configuration

The database management system we talked about this lesson was MySQL., which is specifically a relational database.  Relational database structures information to other comparative information. MySQL is highly modifiable. The main configure file is the my.cnf file. I mentioned earlier about remote access to the database server. To you can turn off that feature with the main configuration file. Once that’s done, you’ll create a root password and administrator account in MySQL. If the MySQL server package isn’t downloaded, then type sudo dnf -y install mysql-server into the terminal. This will also install MySQL users and groups. Set up passwords for the users and allow certain permissions for certain groups as a security protocol. An average Joe shouldn’t be able to make huge changes to the database. Here is how you drop the users: mysql> drop user ''@localhost;. If you need to exit MySQL enter in this command mysql> exit;.

Week 5 Blog

Understanding and Configuring Web Servers

Web servers

Web servers is how we are viewing this blog, which is on the internet. However, like most lessons this focuses on web servers in a business, which is crucial. Web servers are like most servers, where users can request files and then send it to them. We used very basic HTML in the lab this week. When the client views it through a web browser it’ll look different as it did when editing it in vi. The protocols

Client requests web server through internet. The web server gets information from servers from the secure private local area network. The data sometimes in the form of HTML is then sent to the client.

Apache overview and configuration guidelines

Like Professor said in the lecture this week, Apache is the most popular web server. Once you download Apache you’ll find that there’s lots of modules that you can configure. The configuration file is found at /etc/httpd/conf/httpd.conf. The server name is important, because that’s how users will reach it. The server name can either be a domain name with www.website.com:80 or you can use an IP address like 192.186.0.2. For the server admin you want it to be the email of the administrator. This is so that if there’s an issue they can be contacted. Security can always be an issue when dealing with web servers. For instance, you don’t want everyone to know which modules are installed. This is because a potential hacker can see weaknesses like a lack of security modules and attack the webserver. There’s many way to configure how long a web server maintains its connection after a request has been fulfilled. Timeout, KeepAlive, MaxKeepAliveRequests, and KeepAliveTimeout’s perimeters (in seconds) can be changed.

The .htaccess file

We use httpd.conf to change parts of the website and directory hierarchies, but sometimes that’s not enough. Therefore the .htaccess files is great for when you need more control for the Apache server. This is where you can find additional functionality and modules. Broken links are something you’ve probably experienced in the past. However, sometimes you’re redirected to the site you meant to go to. This page request is perfect to relocate visitors to the current link. Password protection is also a common use of an .htaccess file. For instance, I don’t want anyone to be able to login to my DeVry account. Directories and subdirectories can be secured by using the .htaccess file. So if you’re looking to make changes and can’t find anything in httpd.conf, you’ll most likely find it in the .htaccess file.

Week 4 Blog

FTP Servers/Service-Level Agreements

Basics of FTP

The file transfer protocol is how files are transferred and copied to a server or client. An example of an FTP is the secure file transfer protocol, which was used in this week’s lab. Accessing a secure file transfer protocol (SFTP) is relatively easy. The user must log in and the server will ask for a password. Once the encrypted password is sent the user has access to the directory.

FTP Server Versus File-Sharing Server

I mentioned that FTP transfers and copies files. FPTs are not a file sharing server. One difference is how each one transfers files. If you ever downloaded a file from the internet and you lost connection, you know you must start over. What’s great about file transfer protocol is that if you lose connection, you simply resume the download at the last packet that was transferred correctly. FTP works best when transferring files from one computer to another.

Configuring a Secure FTP Server

Security is needed when it comes to an FTP server. It’s very easy to overwrite or delete the wrong file (especially when only dealing with text. During the lab we this week we kept on changing the credentials as to who can send an receive files using a FTP server. This was done by making various changes to the vsftpd.conf file. Once you open the file, you’ll see configurations like anonymous_enable, local_enable, write_enable. These parameters restrict certain functions that can be dangerous if untouched.

FTP Clients

This week we only used a command line FTP. We used get and put from each of the machines to send and receive text files. This isn’t as convenient as using a GUI if you’re still learning Linux commands. Most GUI FTPs are clients like look like a file browser of a operating system.

Service-Level Agreements

A service-level agreement also abbreviated as SLA is  an agreement between service providers and their client. The most straight forward aspects of SLAs are the costs of everything which includes web servers, SFTP servers, and overages. Quality, availability, and responsibilities are outlined in the service-level agreement.

Week 3 Blog

Week 3 Course Blog

Introduction

This week was all about electronic mailing and the architecture of electronic mail with Linux. Not only did we learn how important email is in a business setting, but we also learned how to setup and configure two different types of email servers, which are outgoing and incoming mail servers.

The Email Server Architecture

The Outgoing mail server uses SMTP. Simple mail transfer protocol is a server type used to receive emails from a different server. Although called, outgoing mail server, it’s also called the mail transfer agent. The Incoming mail server is how the mail is received by the client. The user can check the mail when they want because the message is stored in a local directory.

Sending Mail

Getting the message to outgoing mail server is done after the user is authenticated to send the message. The software called mail user agent (MUA) communicates with the outgoing mail server that I previously talked about. The SMTP protocol port that’s used is 25 or 587. Processing recipient’s address starts with the outgoing mail server examining the email sent. The email doesn’t go straight from sender to receiving. The message goes through many mail transfer agents (MTAs). Once it arrives it’s stored in a queue where the recipient can view it.

Receiving Mail

Receiving emails if much different than it used to be. Before everyone was online at every second, emails wouldn’t be received until the user logged on. Once they were online the email would be deleted from the server and be downloaded on the user’s computer. This outdated message was called the post office protocol (POP). POP3 is similar but more modern but still not as good as IMAP. The internet message access protocol syncs actions done to messages unlike POP/POP3. The drawback is that you need to be online to view all the emails. The more time that passes the less of an issue this is.

Configuring Sendmail Email Servers

Configuring the DNS MX record is the first step of configuring a Sendmail email server. Once the fields for the MX records are set (name, MX level, data, time to live) the Sendmail must be configured. One of the steps is to open the config file and change the DAEMON_OPTIONS line. This is so that it’s the actual mail server IP address. Configuring outgoing mail relays is important because the mail transfer agents and internet must forward the email, so it gets to the correct domain. We created virtual hosts for this week’s lab. This was done by using Vi (like all other configurations in this week’s lab) and overwriting /etc/mail/local-host-names. For normal accounts on a Linux server to receive mail they need an email account on the server.

Week 2 Blog

Week 2 Course Blog

Introduction

This week was all about network security. This blog will be split into six parts that focus on important parts of this week’s lesson. Security measures are done with both hardware and software and even as far as secured rooms using finger scanners. These security measures differ with ever network.

Application security and software updates

Not every application is perfect, in fact most aren’t. My antivirus software has many updates a week. This is because there’s always new ways for people to get in where they shouldn’t. Linux is great because you can update all installed software with one line of code (su -c 'dnf update').  If you’re logged in as an administrator, then simply type sudo dnf update. If you’re scared that you’ll forget to constantly check for updates, then login as admin and enter sudo /sbin/chkconfig --level 345 dnf on; /sbin/service dnf start. This script automatically updates all software at 4:00 AM.

Network protection and firewalls

There’s safety in numbers for when it comes to networks.  Filtering traffic is a great way to see who’s doing what on a network. A great way to do this is by using a firewall with hardware, software, or both. Firewalls can set rules for an individual IP address and Ports like we did in this week’s lab! We also blocked traffic with just a few commands.

Local Software Firewalls

Most ISPs will provide a physical firewall when setting up a network. This isn’t enough for a larger network. Software firewalls are great for running on a server. This week we used iptables. I mentioned above that you can block incoming and outcoming traffic. Software firewalls can also show if a file server has been compromised. If your file server is making web page requests that’s not a good sign.

Routers and Network Address Translation (NAT)

Every device on a network has their own address, this is so traffic knows where to go. Routers is responsible for mapping your private IP address and port to the web page you’re visiting (like this blog). NAT makes internal private addresses into external public addresses (or external public addresses into internal private addresses) with a router or gateway.

Proxy Servers

Proxy servers are a type of firewall that filters traffic and hide the identity of workstations. The type of traffic that proxy servers filter can be domain names and keywords. Proxy servers also cache data. Here’s an example of caching: open a website you’ve never visited before then close your browser. When you go back to that website, you’ll notice that it loaded faster.

Name Resolution

Name resolution is an easy to understand concept. We use domain names like Google.com because it’s easier to remember than a public IP. On top of that, IPs can change but you can keep the domain name. The domain name has to be translated to the public address so that you’re transferred to the website.

Outro

Hopefully if you’re reading this you’re not learning anything new. If you do, great! If not, review is always important.

Week 1 Blog

Introduction

Like I mentioned in my test post, this blog will be used as a platform to talk about my journey in the class WEB375 Web Architecture. This week I'll be focusing on the brainstorming of my course project, my experience with the lab, and the objectives I learned.

Course Project

Getting started had me feeling nervous until I watched the video Professor shared in the announcements. I had prepared myself on a week before the session started because classes always open early. I have a few ideas on how to start this week.

-Not going to do single host as of now. Putting the web, mail, file, and database server isn’t how it’s done anymore. Instead I’m looking to have one host machine supply one service. A router can be used to allow the servers to run on a local network.

-Going to determine services (includes servers and remote GUI Desktop), protocol & ports, server applications, and client applications. I understand it’s better to administrate through a terminal but it’s good to have the option and know how to use both.

Week 1 Lab

This week was just a brush up on stuff I have learned in the past. Syntax and remembering which directory I am in were my biggest problems. It took me about an hour, but I believe everything is correct. I'm looking forward to seeing how the other labs will go.

Week 1 Objectives

I found that most of these objectives can't be found in the book or lesson, so I used what I know and some sources (left links for fact checking).

TCP Packets & Ports: Transmission control protocol is how computers speak over the internet. Packets are just information that are sent using protocols. Ports are how we can receive information from the internet. Ports have their own number which refers to the type of protocol.

Filtering packets on Cisco routers or iptables in Linux: I didn't know this myself, so I went to Cisco's website (I'll leave a link below). Access control lists can control what enters and leaves the network. As for iptables, I found a website called booleanworld that answers this question. Filtering packets can be done using a framework called netfilter. With netfilter you can "[allow/drop/modify traffic]". A link will be left below for this as well.

Proxy servers such as the one available in Apache: Apache is a web server. I found a lot of information online about Apache's reverse proxy. Here's what apchepetutor said "A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website.". 

Concept of a DMZ and how it can be implemented: I checked the book for DMZ/demilitarized zone and couldn't find anything unfortunately. A quick Google search told me it's the border that separates the Korean Peninsula in half. The DMZ network name was named after the border. I found an article on Techrepublic. Most of this information went over my head. The concept is that you can have public servers separated from your local area network. This adds security to your network. As for how to implement, I will send you off to this link:

https://www.techrepublic.com/article/lock-it-down-implementing-a-dmz/

The implementation progress is twice as long as this post! Copy this: "To DMZ-ize your current setup" then paste into the find function (ctrl+f).

I hope the next set of objectives are in the book or lesson!

-Jake

Links:

https://community.cisco.com/t5/network-architecture-documents/how-to-filter-ip-packets/ta-p/3131213

https://www.booleanworld.com/depth-guide-iptables-linux-firewall/

https://www.techrepublic.com/article/lock-it-down-implementing-a-dmz/