NETWORK SECURITY AND

SECURITY ADMINISTRATION
 NETWORKING COMMANDS
1. PING-Measures connectivity and network latency between lacal &
Remote system. It uses ICMP echo packets.
Example:-ping 192.168.0.1
OR ping www.redhat.com

2. TRACEROUTE-Shows network path between lacal and Remote System.

Useful for pinpointing network congestion.

Example:- traceroute www.redhat.com

3. NETSTAT-List network statistics and parameters, including Network

Connection, Routing table, Interface statistics.

Example :- netstat –rn

Or netstat –a

4. IFCONFIG-The ifconfig command is used to configure and display network

devices.

5. NETCONFIG-The netconfig command is used to set the IP address.

APACHE WEB SERVER

 Apache is Red Hat’s standard web server.

  The term APACHE comes from the word patches that means
the collection of modules and application for different type of
scripts .

 APACHE support almost every type of scripts Like Perl,

PHP,JAVA, HTML etc.

 According to Netcraft web server survey Apache is the most

widely used web server. More then 50% sites are hosted on
apache web server.

 Apache provides very stable and scalable web server platform.

 Apache also support virtual hosting.

VIRTUAL HOSTING
Virtual Hosting allows us to host more than one web site on the same
mavhine rather than having a separate machine for each web site.

IP Address based Virtual Hosting:

It is more reliable because it doesn’t require any special feature on the

browser side. It require seprate IP for each Web Site in the single
machine.

This can be done either by installing additional network cards or IP

aliasing.

#Name VirtualHost 192.168.0.1

Listen 80

<VirtualHost 192.168.0.1>
 DocumentRoot /home/yahoo/

ServerName yahoo.com

ServerAdmin admin@yahoo.com

</virtualHost>

<VirtualHost 192.168.0.2>

DocumentRoot /home/google/

ServerName google.com

ServerAdmin admin@google.com

</VirtualHost>

In this yahoo.com and google.com both have separate IP address but

both on same machine. If yahoo.com is listened on IP 192.168.0.1 and
google.com is listened on 192.168.0.2.

Service Profile:Apache

 Type: System V-launched service

 Packages: httpd

 Daemons: httpd

 Scripts: httpd

 Ports: 80/tcp(httpd), 443/tcp (https)

 Configuratin: /etc/httpd/* , /var/www/*

  It also support for syntax checking of the httpd.conf file
using:

# service httpd configtest

/etc/hhttpd folder is the main configuration directory for APPACHE.in this

directory other sub directory are present some important subdirectories are-
>

Modules -> In this directory all modules files are present.

Logs -> In this directory all log files are present.

Conf.d -> In this directory all supporting configuration files are present.

Conf -> In this directory main configuration files are present.

The main configuration file for APACHE is httpd.conf which is in

/etc/httpd/conf folder.

DOMAIN NAME SERVER

 Resolves hostnames into IP address (forward lookup)

 Resolves IP address into hostnames (reverse lookup)

 Allows machine to be logically grouped by name domains

 DNS is the Domain Name System, which maintains a database that
can help your computer translate domain name such as
www.redhat.com to IP address such as 216.148.218.197. As indivisual
DNS server are not large enough to keep a database for the entire
Internet, they can refer requests to other DNS server. This section
address two basic DNS server configuration: a caching-only server,
and a primary DNS server for a domain. The key configuration files to
support such servers include /etc/nsswitch.conf, /etc/resolve.conf,
and /etc/hosts,/etc/named.conf,/var/named/.

Types of DNS Server

1. Master DNS Server – contain the master copy of data for a

zone.
2. Slave DNS Server – provides an automatic backup to the
master name server.
3. Caching-only Server – When a request is make for a Web
page such as www.osborne.com , network asks the
configured DNS server for the associated IP address. This is
usally known as a name query. If the DNS server is outside
your network, this request can take time. If you have a
caching-only name server, these queries are stored
locally,which can save significant time while you or others
on your network are browsing the same sites on the Internet.
DOMAIN NAME SERVER

DNS root

Top-level Domain
Com net us jp
 Second-Level Domain
Example.net

Omoini.ny.us
www.example.net www.omoini.ny.us
fox.trot.example.net

The DNS root has a small set of top level domains that
rarely changes. Some of them are as aero, com, net, edu,
gov, info, org, int, and name. In a domain name like
www.example.net is a first-level name within the root,
example is a second level name within net, and www is
third level domain called fox. Trot. The tree can extend to
any number of levels, but in generally it is not more then
four levels deep.

Service Profile : DNS

 Type : System V-managed service

 Packages : bind, bind-utils, bind-shroot
  Daemons : named, rndc

 Scripts : named

 Ports : 53

 Configs : (under /var/named/chroot)

/var/named/*, /etc/rndc.*

 Related : caching-nameserver, openssl

ROOT

CACHING MASTER SLAVE DNS

DNS DNS
208.164.186.2
208.164.186. 208.164.18
 INTERNAL NETWORK

192.168.1.0/24

DHCP SERVER

 DHCP: Dynamic Host Configuration Protocol, implemented via

dhcpd

 It assigns IP address for its clients

In a Network , A computer needs information like IP address, dns

server, gate way, subnetmask to communicate to computer. This
can be done via two ways:

 Manual assignment

 Dynamically
But if hundred of computers are there , manual assignment is not
a feasible approach and here dhcp comes into the picture.
DHCP provides the facility to centrally manage the address and
other n/w information for client coputers on a LAN.DHCP
automatically give all client computer on network the necessary
information to communicate.

DHCP server providers:

 I.P.address

 Netmask

 Dns server I.P.

 Router(gateway)

DHCP process:
1. Client broadcasts DISCOVER to the server.
2. Server reply with its IP.
3. Clients sends REQUEST for address on the received IP.
4. Server commits allocation & returns ACK containing IP,
Subnet Mask, DNS , Gateway etc.
 Example: DHCP server provides ip address between
192.168.0.1/192.168.0.20

192.168.0.1

DHCP SERVER

SWITCH

PC 1 PC 3
192.168.0.18 PC 2 192.168.0.20
192.168.0.19
DHCP provides methods for hosts on a TCP/IP network to request and
be granted IP addresses , and also to discover information about their
local network. One machine on an Ethernet segment is designed the dhcp
server and configured to answer these requests. IP addresses are either
dyanamically assigned from a range or pool of address, or statiscally
assigned by MAC address.

Services Profile : DHCP

 Types : System V-managed service

 Packages : dhcp

 Deamons : dhcpd

 Scripts : dhcpd

 Ports : 67(bootps),68(bootcp)

 Configuration : /etc/dhcpd.conf, /var/lib/dhcpd.leases

 Related : dhclient

NETWORK FILE SERVICE(NFS)

  To share files and directories among users from different systems

 Shared directories are access through the mount command

 NFS server translate nfs request on the local file system

Service Profile : NFS

 Type : System V-managed service

 Packages : nfs-utils

 Deamons : nfsd,lockd,rpciod

 Scripts : nfs,nfslock

 Ports : assigned by portmap(111)

 Configuration : /etc/exports

 Related : portmap

NFS Server
 Exported directories are defined in /etc/exports

 Each entry specifies the host to which the file system is

exported plus

 Assoiciated permission and options :-

Options should be specified
Default option : (ro, sync)

File system to be exported via NFS are defined in

/etc/exports . Here is an example :

/var/ftp/pub *.example.com (ro,sync)

Bigserver.redhat.com
/root/presentation server2.example.com (rw,sync)

/data 192.168.10.0/255.255.255.0(sync)

Client-side NFS

 Implemented as a kernel module

  /etc/fstab can be used to specify network mounts

 NFS server shares are mounted at boot time by

/etc/rc.d/init.d/netfs
 Autofs mounts NFS shares on demand and unmount them
when idle

To associate a shared directory on the network with the mount

point in your local file system, use mount. When you mount a
exported directory from an NFS server, you can access it as if it
was local to your machine. Shares can be mounted manually by
root, or automatically at root time.

/etc/fstab allow you to specify network directories to be mounted at

boot. Here’s a sample fstab entry that defines a shared
filesystem /var/ftp/pub on server to be mounted locally as
/mnt/pub.

Server1: /var/ftp/pub /mnt/pub nfs defaults 00

NFS Server & Client:

 NFS SERVER

(LINUX)

SWITCH

NFS CLIENT 1 NFS CLIENT 2

(LINUX) (UNIX)
 BIBLIOGRAPHY

As per the need of my project of networking on

Linux operating system, I required information regarding
various tools used in networking. Therefore I have gone
through several books for above information’s. My project
coordinator has suggested me to go through some books whose
list is as follows:-

1. Red Hat Enterprise Linux Essential RH033.

2. Red Hat Enterprise Linux System Administartion
RH133.
3. Red Hat Network Services and Security Administation
RH253.

REFERENCES

Websites:-

1. www.redhat.com
2. www.linux.org
3. www.rpmfind.net
4. www.freshmeat.org