350 likes | 371 Views
Linux Networking and Security. Chapter 3. Configuring Client Services. Configure DNS name resolution Configure dial-up network access using PPP Understand client services such as DHCP and LDAP Use remote graphical applications and remote dial-up authentication
E N D
Linux Networking and Security Chapter 3
Configuring Client Services • Configure DNS name resolution • Configure dial-up network access using PPP • Understand client services such as DHCP and LDAP • Use remote graphical applications and remote dial-up authentication • Use common client tools such as Linux Web browsers and email clients
Setting Up Name Resolution • The domain name service (DNS) is implemented by a domain name server • The term domain name refers to the name of multiple hosts on the Internet that are collectively referred to • The most widely known top-level domain is .com • Within a top-level domain, an organization has its own domain or domains • Network hosts are given names called hostnames • A fully qualified domain name (FQDN) combines a hostname with the name of its domain
Configuring the DNS Resolver Manually • The resolver is the client part of DNS • It makes requests to a DNS server so that other workstation programs can use the IP address of a given server to make a network connection • The resolver is configured by a single file in Linux: /etc/resolv.conf • Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver
The hosts File • Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host • The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses
Dial-up Network AccessUsing PPP • PPP is widely used to connect to the Internet via modem • PPP includes feature that make it more secure, flexible, and dependable than terminal emulation • In reality, PPP was not very secure and was challenging to configure and manage • Two advances improve PPP security: • Password Authentication Protocol (PAP) stores user data in a file that only the root user accesses • Challenge Handshake Authentication Protocol (CHAP) is the most secure PPP option
PPP Connections • Text-mode utility wvdial is designed to ease the difficulty of working with PPP • Used from a command line on a server • Red Hat Linux uses a utility called rp3 • This is a wizard-driven graphical utility • The Linux KDE graphical environment uses a utility called KPPP • diald automates PPP • difficult to use and challenging to set up
Using DHCP • Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients • DHCP can drastically reduce the administration needs of a network • The DHCP server is installed by default on many Linux systems • Configuration of DHCP involves creating an /etc/dhcpd.conf file
Understanding LDAP • The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information • LDAP directories are organized as inverted trees of information • To use a directory, client software allows traversal of the tree, looking for the needed data • Objects in the tree are referred to using a formalized set of identifiers
Running Applications Remotely • Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server • To use xhost Authentication, include the hostname of the computer that will be allowed to display • xauth Authentication is more secure than xhost since it employs the use of a cookie • XDMCP for Remote Graphical Terminals • lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux
Running Applications Remotely • Using r-Utilities for Remote Execution • Allow a user to learn about or execute a program on another host • The r-utilities are not secure • Using UUCP for Remote Access • Provides transfer of email over modem between multiple email servers
Web and Mail Clients • Popular Linux Browsers • Lynx is a text-based browser that is installed by default on many popular Linux distributions • Netscape Communicator on Linux is similar to Netscape on Windows • Mozilla is included as the default on Red Hat Linux on the Gnome desktop • Other browsers: Opera, dillo, Galeon, SkipStone
Understanding Email • Email is transferred on the Internet via the Simple Mail Transport Protocol (SMTP) • Email-related programs are divided into three categories: • Mail Transfer Agent (MTA) - moves email messages from one server to another • Mail Delivery Agent (MDA) - places email in a user’s mailbox • Mail User Agent (MUA) - displays and manages email messages for a user
Understanding Email • On every Linux system, user accounts have associated email accounts and email is placed in the /var/spool/mail directory • Email is typically retrieved using a MUA in one of three ways: • Post Office Protocol (POP3) - via a POP3 server downloads messages to the computer • Internet Mail Access Protocol (IMAP) - views messages on the remote server • Web browser
Understanding Email • Using an Email Filter: Procmail • Procmail is a special MDA acts as a filter and processes email based on user-defined criteria • Difficult to configure, but worth the effort if a large number of incoming messages are regularly received • Is installed by default on many Linux systems • Checks for both a system-wide configuration file /etc/procmailrc and per-user .procmailrc • These files can contain recipes, or formulas for examining email messages and taking an action
Chapter Summary • The client portion of the domain name service is called a resolver • A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part • PPP is a popular method of making network connections via modem • PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols • The wvdial utility can configure and manage a PPP connection from the command line
Chapter Summary • The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic • The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server • Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients • The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources
Chapter Summary • The OpenLDAP server is provided with most Linux distributions • X can execute graphical programs remotely by referring to the DISPLAY variable or the --display command line option • XDMCP lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux without first logging into Linux via Telnet • The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment
Chapter Summary • The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of email messages between servers in the days before Internet connectivity was widespread • Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape • Internet email relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages
Chapter Summary • MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server • The Procmail program processes email messages using recipes which provide automatic message management • Many other Linux email clients are popular: elm and pine, fetchmail, Kmail and Balsa