HandsOn Novell Open Enterprise Server for NetWare and Linux

1
Hands-On Novell Open Enterprise Server for
NetWare and Linux

• Chapter 11
• Implementing and Securing Internet Services

2
Objectives

• After reading this chapter and completing the
  activities,
• you will be able to
• Describe Novells Web Services and Net Services
• Install and configure Web Services components
• Describe technologies for securing Web services,
  including firewalls and virus protection
• Explain encryption security techniques, Novell
  Certificate Services, and OpenSSH
• Describe Novells backup services

3
Introduction to Novell Internet Services

• Novell Internet and intranet services
• Simplify setting up business networks
• NetWare 6.5 Internet service components
• Web Services
• TCP/IP-based applications
• Make network data and services available to users
• Net Services
• Extend the capabilities of standard Web services
• Include services such as iFolder, NetStorage,
  iPrint, iManager, and Remote Manager

4
Introduction to Novell Internet Services
(continued)
5
Apache Web Server for NetWare

• Apache Web Server
• Open-source Web server software
• Apache Web Server is used in two ways on Open
  Enterprise Server
• To support Novell Net Services
• As a dedicated Web server
• For hosting an organizations Web site or
  corporate intranet

6
Tomcat Servlet Engine for NetWare

• Used to run Java-based Web applications
• Used by several Net Services components including
• Novell Portal Services (NPS)
• NetWare Web Search Server
• Network administrators
• Rarely need to configure or manage the Tomcat
  Servlet Engine
• Web-based applications programmers
• Often work with Tomcat

7
Novell Portal Services (NPS)

• Portal strategy
• For delivering the right information to the
  people who are authorized to use it
• NPS consists of a number of Java servlets
• That run on Apache Web Server
• Tomcat Servlet Engine runs Java servlets
• It must support the Sun Microsystems Java 2.2
  Servlet specification
• NetWare 6.5 creates eDirectory objects
• To support NPSs additional capabilities

8
Novell Portal Services (NPS) (continued)
9
Novell QuickFinder Server (formerly NetWare Web
Search Server)

• Makes data on your network or the Internet
  searchable in minutes
• Bridges all types of networks
• To deliver requested information in a minimum
  amount of time
• Installed by default during the NetWare 6.5
  installation
• A browser based utility

10
NetWare Web Manager

• Portal service
• Used to access the utilities for
• Configuring, accessing, and managing other
  Web-based management tools
• Based on the users access rights
• NetWare Web Manager is a Java-based browser
  utility
• You can use it to access Web Services from any
  location on the Internet

11
Installing and Configuring Web Services

• Web services classification
• Web servers
• File transfer servers
• Web servers
• Operate in a client-server relationship
• NetWare server processes requests
• Web browser acts as a client
• File transfer services
• Allow users to download/upload files efficiently
  and securely

12
Working with Apache Web Server

• Installing Apache Web Server
• Admin instance is installed automatically during
  NetWare 6.5 installation
• Use iManager to install System instance of Apache
  Web Server
• Configuring Apache Web Server
• Use directives stored in Httpd.conf
• Requires knowledge of directives
• Apache Manager
• GUI interface for editing the Httpd.conf file

13
Working with Apache Web Server (installed
components screen)
14
Configuring Apache Web Server

• Httpd.conf, a simple text file, contains all the
  information to configure Apache Web Server
• Apache Manager -a GUI for editing httpd.conf
• Stop and restart Apache Web Server
• To install updates or change features
• Changing administration mode
• From File to eDirectory
• Simplifies management
• By storing configuration directives as an
  eDirectory object
• Which can be accessed by all Apache Web servers

15
Working with Apache Web Server (Httpd.conf file)
16
Working with Apache Web Server (IManager-Open
Source)
17
Working with Apache Web Server (continued)

• Change the path of default Web content
• To prevent the SYS volume from filling up
• Creating additional document sites
• Giving each department a separate content
  directory
• Can simplify management

18
Working with FTP Server

• FTP Server
• Enables users to transfer files to and from
  NetWare volumes
• FTP services require server and client components
• Disadvantage
• FTP does not encrypt data packets
• Setting up FTP Server requires
• Installing the software on the NetWare 6.5 server
  
• And then configuring it

19
Working with FTP Server (continued)

• Installing FTP Server
• Copy files from Products CD 2
• Use iManager to set IP address and start FTP
  service
• Configuring FTP server
• Use FTP option under the File Protocols heading
  in iManager
• Use User tab to
• Enable the FTP service for Web publishing
• Set the default home server and directory
• Enable anonymous users

20
Securing Web Services

• Most common attacks on information systems
• Intrusion
• Spoofing
• Virus attacks
• Denial-of-service attacks
• Information theft
• Demilitarized zone (DMZ)
• Where packets from outside first enter the
  network
• Area most vulnerable to attacks
• Where Internet router and firewall are located

21
Securing Web Services

• Intrusion
• Unauthorized person gaining access through
  illegal use of another users account.
• Spoofing
• Masquerading as an authorized user or entity
• Sending packets that have been modified
• Virus attacks
• Programs embedded in software or email attachments

22
Securing Web Services

• Denial-of-service attacks
• Prevents users from accessing network
• Caused by a bombardment of packets
• Information theft
• Illegally intercepting and reading information
  transmitted
• Wire taps and sniffer software

23
Securing Web Services (continued)
24
Firewall Security

• Firewalls
• Software that runs on a server or specialized
  hardware
• Can be configured to protect against external
  threats
• Trusted network
• Consists of your organizations private network
• Along with the firewall server and networks it
  covers
• Virtual private network (VPN)
• Trusted network that sends packets over an
  untrusted network

25
Firewall Security (continued)

• Untrusted network
• External network
• With administration and security policies that
  are either unknown or out of your control
• Unknown network
• Neither trusted nor untrusted
• By default, is treated the same as an untrusted
  network

26
Firewall Security (continued)

• Use firewalls to enable the following measures
• Packet filtering-examines IP addresses
• Virtual private networks (VPN)-secure channel
• Network Address Translation (NAT)-hides client
• IPX/IP gateways-same as NAT
• Circuit-level gateways-inspects packets
• Proxy services-monitors network

27
Protection Against Virus Attacks

• Virus signature
• Bit pattern created when virus is embedded in a
  program
• Or an e-mail attachment
• Virus classification
• Boot sector virus-attack boot record
• File virus-Trojan-attach to code in the program
• Macro virus-attack programs that run macros
• Stealth virus-mask themselves-cannot detect
• Polymorphic virus (stealth)-creates mutations
• Worms-independent programs that spread

28
Protection Against Virus Attacks (continued)

• Virus prevention techniques involve
• Installing a virus protection system
• Making regular backups
• Training users on how to reduce the risk of virus
  attacks
• Virus protection systems
• Scan programs on servers and user computers
• Monitor program files as they are loaded to
  detect known virus signatures
• Create virus removal planning

29
Defense Against Denial-of-Service Attacks

• Denial-of-Service attacks
• Do not usually damage or steal a companys data
  directly
• Can result in high costs
• Usually caused by flooding a server with packets
• Or sending oversized packets to a service,
  causing it to crash
• Best defense against these attacks
• Correctly configured firewall

30
Defense Against Denial-of-Service Attacks
(continued)
31
Working with Encryption Security

• Encryption
• Process of converting plaintext into a secret
  message
• Called ciphertext
• Which can be read only after its decrypted
• By reversing the encryption process
• Cipher
• Algorithm used to encrypt and decrypt a message
• Cryptography
• Science of encrypting data
• Use algorithms with a special value called a key

32
Working with Encryption Security (continued)
33
Cryptography Techniques

• Major types of cryptography techniques
• Symmetric
• Same key is used to encrypt and decrypt a message
• Advantages simple and efficient
• Disadvantage secure key exchange
• Asymmetric
• Also called public key cryptography
• Uses a set of two keys a public key and a
  private key
• Private key is kept solely by pairs owner
• Used to create and decrypt data
• Public key is made available to all network users
• Used to decrypt data

34
Cryptography Techniques (continued)
35
Cryptography Techniques (continued)

• Digital signatures
• Authenticate an electronic document
• As being from a specific user or organization
• Employs public key cryptography
• Digital certificates
• Provide reliable public keys
• At minimum, contains
• Entitys public key
• Subject name
• CA-generated digital signature
• Use the X.509v3 format

36
Cryptography Techniques (continued)
37
Cryptography Techniques (continued)
38
Using Novells Certificate Services

• Novell Certificate Server
• Integrates public key cryptography services into
  eDirectory
• Enables administrators to create, issue, and
  manage user and server certificates
• Novell International Cryptography Infrastructure
  (NICI)
• Used to support all cryptography and signature
  functions
• Must be installed on both the Novell server and
  client

39
Using Novells Certificate Services (continued)

• Common administrative tasks
• Creating server certificates
• One for the DNS service and one for other IP
  services
• Used to create secure SSL connections with client
  computers
• Creating trusted root certificates
• Provide the certificates from other organizations
• That your server will trust automatically
• Use iManager to add trusted root certificates to
  your eDirectory tree
• Creating user certificates

40
Encryption Protocols

• Secure data and password transmission
• Symmetric processing
• A type of encryption where the same key is used
  to encrypt and decrypt the message.
• Asymmetric processing
• or public key which uses one key to encrypt a
  message and another to decrypt the message

41
Encryption Protocols

• IP Security Protocol (IPSec)
• Developed by the Internet Engineering Task Force
  (IETF)
• Secures the network layer by using Encapsulating
  Security Payload (ESP)
• To perform encryption and decryption at IP packet
  level
• Secure Sockets Layer and Transport Layer Security
• Protocols for securing message transmission
  across the Internet
• Use a hybrid of symmetric and asymmetric
  encryption to encrypt data packets

42
Encryption Protocols (continued)

• Secure Hypertext Transfer Protocol (HTTPS)
• Secure communication protocol
• Designed to transfer encrypted information
  between computers over the Web
• HTTPS is essentially an enhancement of HTTP
• Uses SSL/TLS for secure data transmission
• Message digest security
• Ensures data has not been tampered with
• Or changed since it left the sender

43
Encryption Protocols (continued)
44
Working with the Secure Shell Protocol OpenSSH

• OpenSSH
• Offers the same functions as Telnet, Rlogin, and
  FTP
• Includes encryption to protect data and passwords
• Users of telnet, rlogin, and ftp may not realize
  that their password is transmitted across the
  Internet unencrypted, but it is. OpenSSH encrypts
  all traffic (including passwords) to effectively
  eliminate eavesdropping, connection hijacking,
  and other attacks. Additionally, OpenSSH provides
  secure tunneling capabilities and several
  authentication methods, and supports all SSH
  protocol versions.

45
Working with the Secure Shell Protocol OpenSSH

• OpenSSH utilities
• SSH, which replaces Rlogin and Telnet
• SCP, which replaces RCP
• S/FTP, which replaces FTP
• OpenSSH Manager

46
Working with the Secure Shell Protocol OpenSSH
(continued)

• Using the OpenSSH Service
• You can use one of several client programs
• To access NetWare 6.5 server console securely
• One popular choice is the PuTTy utility

47
Backing Up Network Data

• Organizations data plays a critical role
• Use the Storage Management System
• To implement a disaster recovery plan that
  includes
• Backing up and restoring data

48
The Storage Management System

• Storage Management System (SMS)
• Backs up complex networks
• Consisting of data stored on multiple file
  servers and DOS and OS/2 workstations
• Host server
• NetWare server that runs the backup program
• Has the attached backup medium
• Target servers
• Other servers and client computers being backed up

49
The Storage Management System (continued)
50
The Storage Management System (continued)

• SMS software components
• Storage device drivers
• The enhanced SBCON utility
• Target Server Agents (TSAs)
• Workstation TSAs

51
Establishing a Backup System

• Involves six steps
• Determine your networks storage needs
• Determine a backup strategy
• Assign a backup user
• Run the backup software on a scheduled basis
• Test the backup
• Develop a disaster recovery procedure

52
Establishing a Backup System (continued)

• Determine your networks storage needs
• Calculate how much data needs to be copied to the
  backup tape
• On a daily basis
• Determine a backup strategy
• Full
• Incremental
• Differential

53
Establishing a Backup System (continued)
54
Establishing a Backup System (continued)

• Assign a backup user
• Has the advantage of allowing you to assign other
  people to perform the backup
• Limits the number of times you need to log in to
  the network as Admin
• Run the backup software on a scheduled basis
• Use SBCON to back up files
• Testing the backup
• Try restoring selected files from the backup
  media
• Developing a disaster recovery procedure

55
Establishing a Backup System (continued)
56
Summary

• Novell provides Internet services
• Web services include
• Apache Web Server
• FTP Server
• Internet security involves
• Protecting Web and Net services from threats
• Information theft
• Intrusion
• Computer viruses
• Internet security plan should include a firewall

57
Summary (continued)

• Public key cryptography
• Encrypt data transmission
• Provide authentication with digital signatures
• Used to create digital signatures
• Certification Authorities (CAs)
• Issue public key certificates
• For verifying that the public key belongs to the
  entity distributing it