1 Network Administration ITA3564 Leung Hung 25958118

Slides:



Advertisements
Similar presentations
CCNA – Network Fundamentals
Advertisements

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Chapter 8 Administering TCP/IP.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter Overview TCP/IP Protocols IP Addressing.
CS 356 Systems Security Spring Dr. Indrajit Ray
1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
Process-to-Process Delivery:
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Module 3: Configuring Basic TCP/IPv4 Settings. Overview of the TCP/IP Protocol Suite Overview of TCP/IP Addressing Name Resolution Dynamic IP Addressing.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Chapter 6: Packet Filtering
Computer Networks. IP Addresses Before we communicate with a computer on the network we have to be able to identify it. Every computer on a network must.
SEED Infotech Pvt. Ltd. 1 Networking in Java. SEED Infotech Pvt. Ltd. 2 Objectives of This Session Describe issues related to any type of network using.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Jozef Goetz, Application Layer PART VI Jozef Goetz, Position of application layer The application layer enables the user, whether human.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
1 Version 3.0 Module 11 TCP Application and Transport.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 2: TCP/IP Architecture.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
TCP/IP fundamentals Unit objectives Discuss the evolution of TCP/IP Discuss TCP/IP fundamentals.
Linux+ Guide to Linux Certification Chapter Fifteen Linux Networking.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
TCP/IP TCP/IP LAYERED PROTOCOL TCP/IP'S APPLICATION LAYER TRANSPORT LAYER NETWORK LAYER NETWORK ACCESS LAYER (DATA LINK LAYER)
TCP/IP Transport and Application (Topic 6)
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.
1 TCP/IP Networking. 2 TCP/IP TCP/IP is the networking protocol suite most commonly used with UNIX, Windows, NT and most other OS’s. TCP/IP defines a.
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
1 COP 4343 Unix System Administration Unit 11: Networking – basic concepts: IP, TCP, UDP, DHCP – devices: setup, status.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
Linux Operations and Administration Chapter Eight Network Communications.
Hands-On Ethical Hacking and Network Defense
Network protocles (TCP), (UDP), (DHCP), (DNS) DR:abd alrauoof alshtawi
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Created by : Asst. Prof. Ashish Shah, J. M
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Understand the OSI Model Part 2
Lecture 6: TCP/IP Networking By: Adal Alashban
Network Services CSCI N321 – System and Network Administration
I. Basic Network Concepts
Network Services.
Networking Theory (part 2)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 2: TCP/IP Architecture.
CS4470 Computer Networking Protocols
Module 12 Network Configuration
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Networking Theory (part 2)
Networking Theory (part 2)
Presentation transcript:

1 Network Administration ITA3564 Leung Hung

2 Module Rationale /Aims To introduce the basic concepts of internetworking architecture and protocol To introduce the basic concepts of computer system and network administration To develop basic skills for network server administration

3 Learning Objectives Students will be able to: install and maintain computer networks; understand network protocols and network services architecture; demonstrate the knowledge and skills of network administration through practical exercises; build and use the Samba server in a mixed environment; to set up and configure Dynamic Host Configuration Protocol, Domain Name System (DNS), Network File System (NFS), and SAMBA Note: Platform : CentOS 5.3 Download site: ftp.cuhk.hk

4 Assessment (Proposed) Continues Assessment 50% Quizs10% Tests Written(x2)30% Skill-based10% Final Examination 50%

5 Pre-requisites You should understand how to use of basic Linux commands (e.g. cd, ls, useradd, userdel, pwd …) the functions of system configuration files (e.g. /etc/passwd, /etc/group …) how to configure your network card (e.g. IP address, DNS, default gateway, host name) use of vi editor (to edit configuration files) shell scripts (simple)

6 Teaching Materials Lecture Notes Tutorials Lab Exercises Recommended Textbook Craig Hunt, TCP/IP Network Administration, 3rd edition, O'Reilly & Associates, Evi Nemeth; Linux Administration Handbook; Prentice Hall PTR, Scott Mann; Linux TCP/IP Network Administration; Prentice Hall PTR; Nemth E, Snyder G, Seebass G and Hein T H; UNIX System Administration 3rd Edition; Addison Wesley, Useful site:

7 Network Administration Module 1 TCP/IP

8 OSI and Protocol Stack

9 Packet Encapsulation The data is sent down the protocol stack Each layer adds to the data by prepending headers 22Bytes20Bytes 4Bytes 64 to 1500 Bytes

10 IP: Internet Protocol Unreliable … connectionless datagram delivery service Responsible for routing of data through intermediate networks and computers

11 IP Routing Routing Table - Destination IP address - IP address of a next-hop router - Flags - Network interface specification Application Transport Network Link Application Transport Network Link Network Link Source Destination Router

12 ICMP : Internet Control Message Protocol ICMP, Internet Control Message Protocol, is a set format that contains packets that show error, control, and informational messages. Used to report problems with delivery of IP Datagrams within an IP network Used by ping, tracerout commands

13 TCP : Transmission Control Protocol Connection-Oriented, Reliable, Byte Stream Service TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. Protocol Set up connection 1.Transfer data 2.Close connection

14 UDP: User Datagram Protocol UDP, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.

15 IP Address (IPv4) IP address – 32 bits Format: X.X.X.X (X ranged from 0 to 255) e.g Classes of IP Address Class A Class B Class C Class D (Multicast) Class E (Experimental purpose)

16 IP Address Classes wxyz Class A Network ID Host ID Class B Network ID Host ID Class C Network ID Host ID

17 Subnetting a Network Subnets Subnet Masks Determining Local and Remote Hosts

18 Subnets Router Subnet 1Subnet HubHub Network ID: Subnet Mask: Network ID: Subnet Mask:

19 Subnet Masks IP Address Subnet Mask Network ID

20 Available Host IDs Number of Host IDs : 2 n - 2 Subnet Mask N Network ID Host ID

21 Network Configuration in Linux The basic steps are: Assign an IP address and hostname Setup the new host to configure its network interfaces at boot time Setup a default route and perhaps fancier routing Point to a DNS name server, to allow access to the rest of Internet

22 How to configure IP address Edit the configure file /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes TYPE=Ethernet IPADDR= NETMASK= GATEWAY=

23 How to configure hostname Edit configuration file /etc/sysconfig/network NETWORKING=yes HOSTNAME=linuxserver

24 How to configure DNS Edit the configuration file /etc/resolv.conf nameserver nameserver Note: Domain Name Service (DNS) is the service used to convert human readable names (e.g. of hosts to IP addresses (e.g ).

25 Different types of Network Services Web Server FTP Server DNS Server Mail Server (SMTP, POP3, IMAP) NIS/NFS Server (Share drive between Linux) Samba Server (Share drive with Windows OS) Dynamic Host Configuration Protocol (DHCP) Server SSH (Remote Access with encryption) Telnet (Remote Access) Proxy Server (Squid) Firewall (IPTABLES)

26 Port Number A port number is a way to distinguish one TCP/IP service from another at a given IP address. This way one server machine can provide many different services without conflicts among the incoming and outgoing data. For the TCP/IP services, a port number is a 16-bit integer (1 ~ 65535). e.g. Web Server (Port 80), Telnet Server (Port 23)…

27 Well-known port number You may refer to the following web site for well-known port number PortDescription 20FTP -- Data 21FTP -- Control 22SSH Remote Login Protocol 23Telnet 25Simple Mail Transfer Protocol (SMTP) 53Domain Name System (DNS) 80HTTP (Web) 110POP3 443HTTPS

28 Configure Domain Name Service (DNS) To configure a machine as a DNS client, you only need to edit: /etc/resolv.conf nameserver /etc/nsswitch.conf - “service switch” file that determines which mechanisms will be used to resolve hostname-to-IP-address mappings Specify the order in which DNS, NIS (NIS+) and /etc/hosts should be consulted

29 Scenario 1 (Same Network) How machine A sends a packet to machine B.

30 Scenario 2 (Different Network) How machine A sends a packet to machine B. A B

31 Network Administration Module 2 Internet Services

32 Network Services /etc/services Standard services such as , FTP … all associate themselves with “well-known” ports defined in this file ftp 21/tcp ftp 21/udp ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp telnet 23/udp

33 xinetd (daemon) The xinetd daemon (a program running in background) is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. Extended Internet Services Daemon Accept client request from Internet Redirect to corresponding service It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

34 xinetd (Cont) The configuration files for xinetd are as follows: /etc/xinetd.conf — The global xinetd configuration file /etc/xinetd.d/ directory — The directory containing all service-specific files Restart the service /etc/rc.d/init.d/xinetd restart Or service xinetd restart

35 How xinetd works When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allocated amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

36 xinetd Configuration File General configuration settings which effect every service under xinetd's control It is read once when the xinetd service is started defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = } includedir /etc/xinetd.d

37 xinetd Configuration Files Parameters instances — Sets the maximum number of requests xinetd can handle at once. log_type — Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file log_on_success — Configures xinetd to log if the connection is successful log_on_failure — Configures xinetd to log if there is a connection failure or if the connection is not allowed

38 xinetd Configuration Files Parameters (Cont) cps — Configures xinetd to allow no more than 25 connections per second to any given service.. If this limit is reached, the service is retired for 30 seconds. includedir /etc/xinetd.d/ — Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory

39 The /etc/xinetd.d/ Directory Contains the configuration files for each service managed by xinetd and the names of the files correlate to the service The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf. The primary reason the configuration for each service is stored in separate file is to make customization easier and less likely to effect other services

40 Example - telnet /etc/xinetd.d/telnet service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes }

41 /etc/xinetd.d/ Configuration Files Parameters service — Defines the service name, usually to match a service listed in the /etc/services file. flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection. socket_type — Sets the network socket type to stream. wait — Defines whether the service is single-threaded (yes) or multi-threaded (no). user — Defines what user ID the process process will run under. server — Defines the binary executable to be launched. log_on_failure — Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf. disable — Defines whether or not the service is active.

42 /etc/hosts.allow and /etc/hosts.deny Using TCP wrappers to manage access to certain network services Any network services managed by xinetd can use TCP wrappers to manage access xinetd can use the /etc/hosts.allow and /etc/hosts.deny files to configure access to system services hosts.allow - a list of rules that allow clients to access the network services controlled by xinetd hosts.deny - rules to deny access

43 /etc/hosts.allow and /etc/hosts.deny Flowchart

44 Configure Network Interfaces (using ifconfig command) ifconfig command enables or disables a network interface (or using ifup / ifdown ) sets its IP address and subnet mask sets various other options and parameters e.g. ifconfig eth netmask

45 Configure Static Routes / Default Gateway route command Defines static routes, explicit routing table entries that never change e.g. route add -net netmask gw Default Gateway Causes all packets whose destination network is not found in the kernel’s routing table to be sent to the indicated gateway e.g. route add default gw

46 Static Route and Dynamic Route A static route is a route that is created manually by a network administrator. The opposite of a static route is a dynamic route. Dynamic routes are created by routing protocols.

47 Dynamic Reconfiguration and Tuning Linux put a representation of kernel and networking parameters that can be tuned into the /proc filesystem The important networking variables are in /proc/sys/net/ipv4

48 IPv4 IPv4 is version 4 of the Internet Protocol (IP). It was the first version of the Internet Protocol to be widely deployed, and forms the basis for most of the current Internet (as of 2004). It is described in IETF RFC 791, which was first published in September, IPv4 uses 32-bit addresses, limiting it to unique addresses, many of which are reserved for special purposes such as local networks or multicast addresses, reducing the number of addresses that can be allocated as public Internet addresses. As the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run.

49 IPv6 IPv6, or Internet Protocol version 6, is a network layer standard; i.e., it governs the addressing and routing of data packets through a network. IPv6 is intended to replace the IPv4 standard, whose limits on network addresses will eventually lead to exhaustion of available addresses.. IPv4 supports 4,294,967,296 (4.294 × 109) addresses, inadequate for giving even one address to every living person, much less cars, phones, PDAs, and toasters; while IPv6 supports about 3.4 × 1038 (340 undecillion) addresses -- about 4.3 × 1020 (430 quintillion) addresses per square inch (6.7 × 1017 (670 quadrillion) addresses/mm²) of the Earth's surface.