Web Server Administration

1
Web Server Administration

• Chapter 5
• Managing a Server

2
Overview

• Understand the Web server administrator's view of
  server management
• Examine networking models
• Learn how users are authenticated
• Manage users and groups

3
Overview

• Manage file system permissions
• Share resources in a network
• Enforce network policies

4
Web Administrator's View of Server Management

• Web server software is a product that works with
  the operating system
• The server computer can run more than one
  software product such as e-mail and FTP
• With both a LAN and the Web, controlling access
  is very important
• The Web server can be part of the LAN
• Web communication and LAN communication are
  different

5
Microsoft LAN Networking Models-Workgroup

• Treats each computer in the network as an equal,
  or peer
• Also called peer-to-peer networking
• Each computer is a client and a server
• When you allow others to access resources on your
  computer, your computer is acting as a server
• When you access resources on another computer,
  your computer is acting as a client

6
Microsoft LAN Networking Models-Workgroup

• Appropriate for networks with 10 or less
  computers
• A number of disadvantages
• Most users do not want to administer resources on
  their computer
• Need user names and passwords of users who need
  resources
• Difficult to keep track of changing passwords

7
Microsoft LAN Networking Models-Domain

• One or more servers centralize control
• Computers are part of a domain
• Single, centralized logon
• Single point of control
• Users can be given access to resources anywhere
  in the domain

8
Client/Server Networking Model

• Client represents a program such as a browser or
  an e-mail client
• Server has a corresponding program that
  communicates with the client
• Server program known as a service in Windows or a
  daemon in Linux
• Networking in Linux follows the client/server
  model
• Telnet is used to log on to another computer

9
Authenticating Users

• Process of determining a user's true identity
• Three basic methods
• What you know user name and passwords
• What you have entry card
• Who you are biometrics

10
Implementing an Authentication System

• If a Windows network has older computers running
  NT, 95, or 98, the server must use NTLM
• It is not as secure as Kerberos, which is the
  default for Windows 2000, 2003, and XP

11
Managing Users and Groups

• Users need accounts to access resources on a
  server
• On a Web server there is a restricted account
  that is used on behalf of Internet users
• In a LAN, users with common resource needs are
  put in a group, and the group is given access to
  the resource

12
Managing Users and Groups in Windows

• Windows has an account called system
• It represents the operating system and it has
  many of the same privileges of the administrator
• Often needed by server programs
• Linux typically uses unique accounts for each
  daemon

13
Users and Groups in Windows

• Local accounts exist on a single computer and can
  be used to control resources only on that
  computer
• Domain accounts can be used to control resources
  on all the computers that are part of the domain
• Active Directory (AD) allows domains to be
  grouped into a forest
• Microsoft Exchange requires AD

14
Groups in Windows

• Domain local groups have members from the same
  domain
• Assign permissions to resources in the same
  domain
• Global groups have members from the same domain
• Can be used to assign permissions to resources in
  any domain
• Universal groups can have members from any domain
• Can be used to assign permissions to resources in
  any domain

15
Users and Groups in Linux

• Properties of user accounts

16
File System Permissions

• Permission allow you to control access to the
  resources on a computer such as a Web page, a
  document, or a program
• In Windows, the NTFS file system is required in
  order to assign permissions
• All Linux file systems incorporate permissions

17
File System Permissions in Windows
18
File System Permissions in Linux
19
Linux Permissions

• Permissions are set for user, group, and others
• Each permission is set with a single digit from 0
  to 7 based on the combination of permissions
• read 4
• write 2
• execute 1

20
Using chmod to Set Permissions
21
Sharing Resources in a Windows Network

• Shared folders require permissions
• When comparing share permissions and NTFS
  permissions, the most restrictive permission
  takes precedence

22
Enforcing Network Policies

• You can control a number of policies in both
  Windows and Linux
• Windows has many more policies but the majority
  are appropriate for LANs
• A common policy involves passwords
• Number of days before change allowed
• Number of days before change required

23
Summary

• The Web server has a guest user account that is
  used to access Web pages
• Windows LAN models include the workgroup and
  domain models
• Linux only uses the client/server model
• Authentication is based on what you know, what
  you have, and who you are
• Core of security incorporates users, groups, and
  permissions