CHAPTER FOUR Server Configuration - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

CHAPTER FOUR Server Configuration

Description:

Netscape Enterprise Server / Sun makes up about 3 percent. http://news.netcraft.com/archives/web_server_survey.html. Choosing Web Server Software ... – PowerPoint PPT presentation

Number of Views:355
Avg rating:3.0/5.0
Slides: 28
Provided by: CEG0
Category:

less

Transcript and Presenter's Notes

Title: CHAPTER FOUR Server Configuration


1
CHAPTER FOUR Server Configuration
  • By
  • Kofi Lokko

2
  • The objectives of the chapter is to learn about
    the following topics.
  • Choosing a Web Server Software.
  • Customizing your Web Server.
  • Controlling access
  • Secure Sockets Layer Configuration
  • Virtual hosts.

3
Choosing a Web Server Software
  • What is a Web server?
  • Computer hardware where web pages are stored
    and accessed by others using web client software,
    or the computer software that allows users to
    access the web pages.
  • http//www.wda.org/Public/help/glossary.htm

4
Choosing Web Server Software
  • Price There are different prices, ranging from
    being free to several hundreds of dollars.
  • Scalability How scalable the web server
    software is depends on the different platforms on
    which it can run.
  • Manageability There are resource tools that
    helps in the administering, securing, and on the
    whole manage you web server.
  • Performance A web server needs to be available
    at all times to show its reliability.

5
Choosing Web Server Software
  • Accessibility It is essential that the Web be
    accessible in order to provide equal access and
    equal opportunity to everybody. Much of the focus
    on Web accessibility has been on the
    responsibilities of Web developers. However, Web
    software also has a vital role in Web
    accessibility. Software needs to help developers
    produce and evaluate accessible Web sites, and be
    usable by everyone including people with
    disabilities.
  • http//www.w3.org/WAI/intro/accessibility.php

6
Choosing Web Server Software
  • Surveys have shown that the following are the 3
    most widely used web servers on the internet.
  • Apache makes up about 69 percent
  • Microsoft IIS makes up about 21 percent
  • Netscape Enterprise Server / Sun makes up about
    3 percent
  • http//news.netcraft.com/archives/web_server_surv
    ey.html

7
Choosing Web Server Software
  • Installation You can easily download web server
    software from the internet.
  • You may have the option to download source code
    or binary, the source code will give you the
    option of twigging it to suite you, but the
    binary will not. Amongst the web servers
    mentioned earlier, only Apache offers the
    software in both formats.
  • Most of the other servers have installation
    programs to install the binary executables.

8
Customizing your Web Server
  • There are many options that are used to configure
    a Web server.
  • Each web server has its own configuration tools
    or interface.
  • Apache Configurations are done by editing a
    series of configuration files. The configuration
    files contain directives that control the
    behavior of Apache.
  • Directives is simply a special word that
    describes a configuration option. It is typically
    a name followed by a value or a series of values
  • A list of configuration directives are available
    at the Apache site.
  • http//httpd.apache.org/docs/1.3/mod/directives.h
    tml

9
Customizing your Web Server
  • Microsoft IIS Configuration is done through the
    MMC snap-in console.
  • Microsoft Management console
  • The Microsoft Management Console (MMC) is an
    extensible, common console framework for
    management of applications
  • The Microsoft Management Console (MMC) was
    provided with the Windows NT 4.0 Option Pack as a
    common interface for administration of the IIS
    4.0, Certificate Server, Transaction Server, and
    other Option Pack tools. Now it is included in
    all versions of windows starting from Windows
    2000.
  • http//www.windowsitlibrary.com/Content/405/15/1.h
    tml1
  • http//www.microsoft.com/windows2000/techinfo/plan
    ning/management/mmcsteps.asp

10
Customizing your Web Server
  • The configuration options have different names
    for each server type, but they all do the same
    thing control the behavior of the web server.
  • Apache refers to these options as directives,
  • Microsoft IIS refers to them as properties and
    Netscape refers to them as resources

11
Customizing your Web Server
  • Some general server options
  • User and Group this is used to restrict access
    on the server.
  • Ports This option specifies which port the
    HTTPD should listen to.
  • The default port is set to 80 on most servers.
  • You can also configure the web server to listen
    on other ports.

12
Customizing your Web Server
  • Some Directory Options
  • DocumentRoot / Home Directory / Primary Document
    Directory
  • Alias / Virtual Directory / Additional Document
    Directories
  • DirectoryIndex / Default Document
  • IndexOptions / Directory Browsing

13
Controlling Access
  • A web server must have permissions to access
    documents in order to make pages available to
    requesting clients.
  • Unix operating systems and new versions of
    Microsoft Operating systems offer directories and
    files access control abilities.
  • The file system plays a big roll in these access
    control abilities.

14
Controlling Access
  • File Systems
  • In computing, a file system is a method for
    storing and organizing computer files and the
    data they contain to make it easy to find and
    access them. File systems may use a storage
    device such as a hard disk or CD-ROM and involve
    maintaining the physical location of the files,
    or they may be virtual and exist only as an
    access method for virtual data or for data over a
    network (e.g. NFS). en.wikipedia.org/wiki/File_sy
    stems

15
Controlling Access
  • Folder and File level permissions
  • Share permissions are available for both the FAT
    file system and the NTFS file system.
  • Share permission does not work on individual
    files, it is designed to work on shared folders.
  • The Share permissions are limited to Read,
    Change, and Full Control.
  • Share permissions only apply to those who are
    connecting over the network
  • Needless to say, you must be using the NTFS file
    system to be able to use NTFS permissions
  • NTFS permissions will apply whether the user
    connects over the network, or connects locally.
  • NTFS permissions also allow you to set
    permissions on individual files, and those
    permissions can be different from the parent
    folder
  • The permission levels in NTFS are narrower than
    the Share permissions, with 6 levels for folders
    and 5 levels for files.

16
Controlling Access
  • Folder and File level permissions
  • Needless to say, you must be using the NTFS file
    system to be able to use NTFS permissions
  • NTFS permissions will apply whether the user
    connects over the network, or connects locally.
  • NTFS permissions also allow you to set
    permissions on individual files, and those
    permissions can be different from the parent
    folder
  • The permission levels in NTFS are narrower than
    the Share permissions, with 6 levels for folders
    and 5 levels for files.
  • Read, List the Folder Contents, Write, Read
    Execute, Modify and Full Control
  • For only folders

17
Controlling Access
  • You can choose to share a folder from any file
    system, FAT, FAT32, or NTFS If you are sharing
    from a FAT or FAT32 partition, your choices for
    what kinds of permissions you place on the
    folders are limited to three choices, Read,
    Modify, or Full Control.
  • If you truly want to secure your folders and
    files, you will want to have an NTFS file system
    on your partition, and have the far greater
    controls of the NTFS permissions. With NTFS you
    can specify the exact permissions for both
    folders and files, and choose whether they have
    the same permissions inherited from the parent to
    the child, or to have different permissions.
  • Remember, permissions are cumulative, but a deny
    will always override an allow, and in NTFS, a
    file permissions will always override its
    folders' permissions.

18
Controlling Access
  • The HTTP protocol (RFC2616) defines a simple
    framework for access authentication schemes. The
    assumption is that a certain group of pages --
    usually referred to as a protected realm or just
    a realm -- should only be accessible to certain
    people who are able to provide credentials if
    challenged by the server
  • Basic Access Authentication
  • The basic authentication scheme assumes that your
    (the client's) credentials consist of a username
    and a password where the latter is a secret known
    only to you and the server.
  • The major drawback of the basic authentication
    scheme is that it is relatively simple for
    eavesdroppers to spy out your password since it
    is transmitted in plain sight.

19
Controlling Access
  • Cryptography
  • An alternative authentication scheme known as
    digest authentication remedies this weakness
    through the use of cryptographic, usually the MD5
    message digest algorithm defined in RFC 1321.
  • MD5 takes an input string of arbitrary length and
    computes a 128-bit number from it. Since MD5 is a
    one-way function, it is virtually impossible to
    reverse the computation and obtain the input
    value from the output value.

20
Controlling Access
  • Digest Access Authentication
  • To securely prevent replay attacks, a more
    sophisticated procedure is obviously necessary
    the digest access authentication scheme.
  • Security Considerations
  • You should keep in mind that even with digest
    authentication, all data except for your password
    is transmitted in plain view, fully accessible to
    potential eavesdroppers.
  • There's no way for the client to establish that
    it's actually talking to the server it intends to
    talk to. There's no mechanism in place that
    allows the server to authenticate itself to the
    client.
  • For a detailed review of the security properties
    of digest access authentication, please refer to
    section 4 of RFC 2617.
  • Unfortunately, some browsers are lacking support
    for digest authentication, see this discussion
    group message and the replies for details
  • http//frontier.userland.com/stories/storyReader2
    159

21
Secure Socket Layer Configuration
  • SSL - Short for Secure Sockets Layer, a protocol
    developed by Netscape for transmitting private
    documents via the Internet. SSL works by using a
    public key to encrypt data that's transferred
    over the SSL connection. Both Netscape Navigator
    and Internet Explorer support SSL, and many Web
    sites use the protocol to safely transmit
    confidential information, such as credit card
    numbers.www.techniqueweb.com/terminology.php

22
Secure Socket Layer Configuration
  • HTTPS - Hypertext Transfer Protocol over Secure
    Socket Layer, or HTTP over SSL (HTTPS) is a Web
    protocol developed by Netscape and built into its
    browser that encrypts and decrypts user page
    requests as well as the pages that are returned
    by the Web server. HTTPS is the use of Netscape's
    Secure Socket Layer (SSL) as a sub layer under
    its regular HTTP application layering.
    www.agimo.gov.au/publications/2003/08/framework/gl
    ossary

23
Secure Socket Layer Configuration
  • S-HTTP - A protocol for transmitting data
    securely over the World Wide Web is Secure HTTP
    (S-HTTP).
  • Whereas SSL creates a secure connection between a
    client and a server, over which any amount of
    data can be sent securely, S-HTTP is designed to
    transmit individual messages securely. SSL and
    S-HTTP, therefore, can be seen as complementary
    rather than competing technologies. Both
    protocols have been approved by the Internet
    Engineering Task Force (IETF) as a standard.
  • www.elepub.com/sw/3_010.html

24
Virtual Hosts
  • We do not have to use a separate machine to host
    each domain.
  • Several domains associated with one server is
    called virtual hosts.
  • There are two types of virtual hosts
  • IP-based and Named-based

25
Virtual Hosts
  • IP-based virtual hosts use the IP address of the
    connection to determine the correct virtual host
    to serve. Therefore you need to have a separate
    IP address for each host.
  • With name-based virtual hosting, the server
    relies on the client to report the hostname as
    part of the HTTP headers. Using this technique,
    many different hosts can share the same IP
    address.

26
Virtual Hosts
  • Name-based virtual hosting is usually simpler,
    since you need only configure your DNS server to
    map each hostname to the correct IP address and
    then configure the HTTP Server to recognize the
    different hostnames. Name-based virtual hosting
    also eases the demand for scarce IP addresses.
    Therefore you should use name-based virtual
    hosting unless there is a specific reason to
    choose IP-based virtual hosting. Some reasons why
    you might consider using IP-based virtual
    hosting
  • http//httpd.apache.org/docs/1.3/vhosts/name-based
    .html

27
Virtual Hosts
  • Some ancient clients are not compatible with
    name-based virtual hosting. For name-based
    virtual hosting to work, the client must send the
    HTTP Host header. This is required by HTTP/1.1,
    and is implemented by all modern HTTP/1.0
    browsers as an extension.
  • Name-based virtual hosting cannot be used with
    SSL secure servers because of the nature of the
    SSL protocol.
  • Some operating systems and network equipment
    implement bandwidth management techniques that
    cannot differentiate between hosts unless they
    are on separate IP addresses.
Write a Comment
User Comments (0)
About PowerShow.com