Network Administration and Security

Miguel Landry FOKO SINDJOUNG, PhD

Senior Lecturer
Department of Computer Engineering
Fotso Victor University Institute of Technology
University of Dschang
Cameroon
 Objectives

• Understand the basics of Network administration with Linux

OS
• Being able to understand the management of the Linux file
system and Kernel for network management activities
• Configure network services like DHCP, DNS, Samba, etc.
• Understand the network management and security
• Know how user management can be done in a security
perspective
• Find account policies and specially password policy
• Find various user permissions and restrictions.
2
 Outlines

• Chapter 1: Introduction to Network Administration

• Chapter 2: Network Administration activities

• Chapter 3: Network configuration and setting

• Chapter 4: Network management and security

3
 Chapter 3 Objectives

• Know how to install various network services;

• Configure a Dynamic Host Control Protocol;

• Understand and configure a Domain Name System;

and

• Know on how to configure a Samba server.

4
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

5
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

6
 Chapter 3: Network Configuration and setting
1- Introduction
• A computer network is a telecommunications network that allows
computers to exchange data.
• The physical connection between networked computing devices is
established using either cable media or wireless media (The best-
known computer network is the Internet)
• Network configuration is an activity to properly configure any
network infrastructure
through which various network applications/services can be run
and accessed.
• Administrators must be able to configure IP addresses as well as
other configuration files at different network services such as
DHCP, DNS, Email, Web Servers and other such related network
7
services
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

8
 Chapter 3: Network Configuration and setting
2- Configuring networks
• There is an essential need to configure various network services those
facilitate for the above network applications to work properly

• Network configuration and setup of various services in any organization is

a challenging task to configure various network services such as DHCP,
DNS, Web Service, Email, etc. to run various applications that are to be
accessed through network.

• The following section explains various core and essential network

services that are to be required in any organization through which various
applications can be run and accessed through an organizational network

9
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

10
 Chapter 3: Network Configuration and setting
3- Dynamic Host Configuration Protocol (DHCP) (1/4)
• The DHCP is a network protocol used to configure devices that are
connected to a network.

• It involves clients and a server operating in a client-server model

• DHCP automatically assigns IP addresses and other network

configuration information (subnet mask, broadcast address, etc) to
computers on a network.

• The DHCP server maintains a database of available IP addresses

and configuration information.
11
 Chapter 3: Network Configuration and setting
3- Dynamic Host Configuration Protocol (DHCP) (2/4)
• A client configured for DHCP will send out a broadcast request to
the DHCP server requesting an address.

• The DHCP server will then issue a "lease" and assign it to that
client (The time period of a valid lease can be specified on the
server)

• DHCP reduces the amount of time required to configure clients and

allows one to move a computer to various networks and be
configured with the appropriate IP address, gateway and subnet
mask

12
Chapter 3: Network Configuration and setting
3- Dynamic Host Configuration Protocol (DHCP) (3/4)

13
 Chapter 3: Network Configuration and setting
3- Dynamic Host Configuration Protocol (DHCP) (4/4)
• How it works?
– Lease Request: Client broadcasts request to DHCP server with a source address of
0.0.0.0 and a destination address of 255.255.255.255. The request includes the MAC
address which is used to direct the reply
– IP lease offer: DHCP server replies with an IP address, subnet mask, network
gateway, name of the domain, name servers, duration of the lease and the IP address
of the DHCP server
– Lease Selection: Client receives offer and broadcasts to al DHCP servers that will
accept given offer so that other DHCP server need not make an offer
– The DHCP server then sends an acknowledgement to the client. The client is
configured to use TCP/IP
– Lease Renewal: When half of the lease time has expired, the client will issue a new
request to the DHCP server

• Click here to Configure a DCHP server on Debian: 14

 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

15
 Chapter 3: Network Configuration and setting
4- Domain Name System (DNS) (1/5)
• A DNS server, or name server, is used to resolve an IP address to a hostname
or vice versa
• It is a hierarchical distributed naming system for computers, services, or any
resource connected to the internet or a private network.
• It associates various information with domain names assigned to each of the
participating entities.
• Most prominently, it translates easily memorized domain names to the
numerical IP addresses needed for the purpose of locating computer services
and devices worldwide
• By setting up a DNS server, you become part of a hierarchy of DNS servers
that make up the internet.
• At the top of this hierarchy is the root server, represented by a dot (“.”) below
the root server are the top level domains (such as .com, .org, and so on)
16
Chapter 3: Network Configuration and setting
4- Domain Name System (DNS) (2/5)

17
 Chapter 3: Network Configuration and setting
4- Domain Name System (DNS) (3/5)
• Each domain is typically represented by a least two DNS servers.
The following are different types of DNS servers
– Primary (master) name server contains authoritative
information about the domains that it serves
– Secondary (slave) name server gets all information for the
domain from the primary
– Caching name server simply caches the information it receives
about the locations of hosts and domains
– Forwarding name server is essentially a caching name server
but is useful in cases where computers lie behind a firewall and
in which only one computer can make DNS queries outside that
firewall on behalf of all the internal computers
18
 Chapter 3: Network Configuration and setting
4- Domain Name System (DNS) (4/5)
• Understanding BIND: Most Linux and UNIX systems
implement DNS services by using the Berkeley Internet
Name Domain (BIND) software.
• The basic components of BIND include the following:
– DNS server daemon (/usr/sbin/named): the named daemon listens on a port
for DNS services requests and then fulfills those requests based on
information in the configuration files that you create
– DNS configuration files (named.conf and /var/named/ *): the/etc/named.conf
file is where you add most of the general configuration information that you
need to define the DNS services for your domain
– DNS lookup tools to check that your DNS server is resolving host names
properly
19
 Chapter 3: Network Configuration and setting
4- Domain Name System (DNS) (5/5)
• For security reasons, restrict access to those who
request it based on the following :
– Access control list can contain those hosts, domains or IP
addresses that one wants to group together and apply the same
level of access to DNS server
– Listen-on ports by default, name server accepts only name
server requests that come to port 53 on name server
– Authentication is to verify the identities of hosts that are
requesting services from DNS server, can use keys for
authentication and authorization.
• Click here to configure a DNS server on Debian
20
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

21
 Chapter 3: Network Configuration and setting
5- Network File System (NFS) (1/4)
• NFS is a server-client protocol for sharing files between computers
on a common network.
• It allows a computer to access directories on remote computers by
mounting them on a local file system as if they were a local disk
• The administrator on the NFS server has to define the directories
that need to be activated, or exported, for access by the NFS clients,
and administrators on the clients need to define both the NFS server
and the subset of its exported directories to use.
• The server and client do not have to use the same operating system.
• The client system just needs to be ruining an NFS client compatible
with the NFS server

22
 Chapter 3: Network Configuration and setting
5- Network File System (NFS) (2/4)
• One should follow some general rules when configuring
NFS

– Only export directories beneath the / directory

– Do not export a subdirectory of a directory that has

already been exported. Likewise, do not export the
parent of a subdirectory unless it is on a separate device

– Only export local filesystems

23
 Chapter 3: Network Configuration and setting
5- Network File System (NFS) (3/4)
• Some NFS key concepts:
– The Virtual File System (VFS): is the mechanism used by NFS to redirect all access
to NFS-mounted files to the remote server.
– Stateless Operation: Programs that read and write to files on a local filesystem rely
on the operating system to track their access location within the file with a pointer
– Caching: NFS clients typically request more data than they need and cache the results
in memory locally so that further sequential access of the data can be done locally
instead of access from server
– NFS and Symbolic links: One has to be careful with the use of symbolic links on
exported NFS directories (If an absolute link points to a directory on the NFS server
that hasn't been exported, then the NFS client won't be able to access it)
– NFS Background mounting: NFS clients use remote procedure call (RPC) suite of
network application helper programs to mount remote filesystems
– Hard and Soft mounts: The process of continuous retrying, whether in the
background or foreground, is called a hard mount

24
 Chapter 3: Network Configuration and setting
5- Network File System (NFS) (4/4)
• Some NFS key concepts:
– NFS Daemons: NFS isn't a single program, but a suite of interrelated programs that
work together to get the job done. The following are several daemons that are started
when a system goes into run level 3 or multi-user mode :
• automountd Daemon : This daemon handles the mounting and unmounting
requests from the autofs service
• lockd Daemon: supports record-locking operations on NFS files
• mountd Daemon: handles file-system mount requests from remote systems and
provides access control
• nfslogd Daemon: This daemon provides operational logging
• statd Daemon: This daemon works with lockd daemon to provide crash and
recovery functions for the lock manager
• Nfs: Starts the RPC processes needed to serve shared NFS file systems
• nfs4cbd Daemon , rpcbind , nfslock , netfs .
• How to install and configure NFS?
25
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

26
 Chapter 3: Network Configuration and setting
5- Web Server (1/4)
• The primary function of a web server is to cater web page
to the request of clients using the Hypertext Transfer
Protocol (HTTP).
• This means delivery of HTML documents and any
additional content that may be included by a document,
such as images, style sheets and scripts.
• The server that sends your web browser the code to
display a web page is called a web server.
• Whether you need a web server to host a website on the
Internet a Red Hat Enterprise Linux server can function as
a web server using the Apache HTTP server. 27
 Chapter 3: Network Configuration and setting
5- Web Server (2/4)
• The Apache HTTP server is a popular, open source server
application that runs on many UNIX-based systems as well as
Microsoft Windows

• A user agent, commonly a web browser initiates communication by

making a request for a specific resource using HTTP and the server
responds with the content of that resource or displays an error
message, if not available.

• The resource is typically a real file on the server's secondary

storage, but this is not necessarily the case and depends on how the
web server is implemented
28
 Chapter 3: Network Configuration and setting
5- Web Server (3/4)
• Samba Server

– Samba is a software package that comes with Red Hat Linux to

share file systems and printers on a network with computers that
use the session massage block (SMS) protocol.

– SMB is the protocol that is delivered with windows operating

systems for sharing files and printers.

– In Red Hat Linux, the Samba software package contains a

variety of daemon processes, administrative tools, user tools,
and configuration files
29
 Chapter 3: Network Configuration and setting
5- Web Server (4/4)
• Samba Server

– The default Samba configuration file is smb.conf, which is in /etc/samba

directory.

– If you need to access features that are not available through the samba server
configuration file you can edit /etc/samba/smb.conf file as required

– Daemon processes consist of smbd (the SMB daemon) and nmbd ( the
NetBIOS
name server ). The following are some of the clients that Samba supports:

• Window 9X , Window 2000, Window NT, Window ME, Window XP,

Window for workgroups, Ms Client 3.0 for DOS, OS/2, Dave for
Macintosh computer
30
• How to configure Samba in Debian OS?
 Chapter 3 outlines

• Introduction
• Configuring networks
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Network File System (NFS)
• Web Server
• Summary

31
 Chapter 3: Network Configuration and setting
6- Summary
• In this Chapter, installation, configuration and setup of various
network services such as DHCP, DNS, NFS and Samba server are
explained.

• This knowledge may help to understand the concepts and install,

configure and commissioning of other network services such as
Email, FTP and such related services also.

• Student has to practice in real time to have more exposure and built
confidence in configuration of network services

32
 Chapter 3: Network Configuration and setting
7- Homework
• Discuss the activities between DHCP Server and DHCP
Client

• What are the different types of DNS servers? Explain.

• List the components required to configure BIND

• What is Samba Server? Explain its importance

33
 Bibliography

1. Computer Networks by Andrew S Tanenbaum , Fifth Edition

2. SA2, Redhat System Administration I & II, Student Workbook
3. Cisco Certified Network Associate Study Guide, Seventh Edition by
Todd Lammle
4. Redhat Enterprise Linux System Administration
5. http://en.wikipedia.org/wiki/Internetworking
6. http://en.wikipedia.org/wiki/Remote_administration

34