1 / 35

Linux Networking and Security

Linux Networking and Security. Chapter 3. Configuring Client Services. Configure DNS name resolution Configure dial-up network access using PPP Understand client services such as DHCP and LDAP Use remote graphical applications and remote dial-up authentication

ryeager
Download Presentation

Linux Networking and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Networking and Security Chapter 3

  2. Configuring Client Services • Configure DNS name resolution • Configure dial-up network access using PPP • Understand client services such as DHCP and LDAP • Use remote graphical applications and remote dial-up authentication • Use common client tools such as Linux Web browsers and email clients

  3. Setting Up Name Resolution • The domain name service (DNS) is implemented by a domain name server • The term domain name refers to the name of multiple hosts on the Internet that are collectively referred to • The most widely known top-level domain is .com • Within a top-level domain, an organization has its own domain or domains • Network hosts are given names called hostnames • A fully qualified domain name (FQDN) combines a hostname with the name of its domain

  4. Setting Up Name Resolution

  5. Configuring the DNS Resolver Manually • The resolver is the client part of DNS • It makes requests to a DNS server so that other workstation programs can use the IP address of a given server to make a network connection • The resolver is configured by a single file in Linux: /etc/resolv.conf • Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver

  6. The hosts File • Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host • The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses

  7. Configuring the DNS Resolver Graphically

  8. Configuring the DNS Resolver Graphically

  9. Configuring the DNS Resolver Graphically

  10. Configuring the DNS Resolver Graphically

  11. Dial-up Network AccessUsing PPP • PPP is widely used to connect to the Internet via modem • PPP includes feature that make it more secure, flexible, and dependable than terminal emulation • In reality, PPP was not very secure and was challenging to configure and manage • Two advances improve PPP security: • Password Authentication Protocol (PAP) stores user data in a file that only the root user accesses • Challenge Handshake Authentication Protocol (CHAP) is the most secure PPP option

  12. PPP Connections • Text-mode utility wvdial is designed to ease the difficulty of working with PPP • Used from a command line on a server • Red Hat Linux uses a utility called rp3 • This is a wizard-driven graphical utility • The Linux KDE graphical environment uses a utility called KPPP • diald automates PPP • difficult to use and challenging to set up

  13. PPP Connections

  14. PPP Connections

  15. Using DHCP • Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients • DHCP can drastically reduce the administration needs of a network • The DHCP server is installed by default on many Linux systems • Configuration of DHCP involves creating an /etc/dhcpd.conf file

  16. Using DHCP

  17. Understanding LDAP • The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information • LDAP directories are organized as inverted trees of information • To use a directory, client software allows traversal of the tree, looking for the needed data • Objects in the tree are referred to using a formalized set of identifiers

  18. Understanding LDAP

  19. Understanding LDAP

  20. Running Applications Remotely

  21. Running Applications Remotely • Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server • To use xhost Authentication, include the hostname of the computer that will be allowed to display • xauth Authentication is more secure than xhost since it employs the use of a cookie • XDMCP for Remote Graphical Terminals • lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux

  22. Running Applications Remotely • Using r-Utilities for Remote Execution • Allow a user to learn about or execute a program on another host • The r-utilities are not secure • Using UUCP for Remote Access • Provides transfer of email over modem between multiple email servers

  23. Running Applications Remotely

  24. Web and Mail Clients • Popular Linux Browsers • Lynx is a text-based browser that is installed by default on many popular Linux distributions • Netscape Communicator on Linux is similar to Netscape on Windows • Mozilla is included as the default on Red Hat Linux on the Gnome desktop • Other browsers: Opera, dillo, Galeon, SkipStone

  25. Popular Linux Browsers

  26. Understanding Email • Email is transferred on the Internet via the Simple Mail Transport Protocol (SMTP) • Email-related programs are divided into three categories: • Mail Transfer Agent (MTA) - moves email messages from one server to another • Mail Delivery Agent (MDA) - places email in a user’s mailbox • Mail User Agent (MUA) - displays and manages email messages for a user

  27. Understanding Email • On every Linux system, user accounts have associated email accounts and email is placed in the /var/spool/mail directory • Email is typically retrieved using a MUA in one of three ways: • Post Office Protocol (POP3) - via a POP3 server downloads messages to the computer • Internet Mail Access Protocol (IMAP) - views messages on the remote server • Web browser

  28. Understanding Email • Using an Email Filter: Procmail • Procmail is a special MDA acts as a filter and processes email based on user-defined criteria • Difficult to configure, but worth the effort if a large number of incoming messages are regularly received • Is installed by default on many Linux systems • Checks for both a system-wide configuration file /etc/procmailrc and per-user .procmailrc • These files can contain recipes, or formulas for examining email messages and taking an action

  29. Linux Email Clients

  30. Linux Email Clients

  31. Chapter Summary • The client portion of the domain name service is called a resolver • A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part • PPP is a popular method of making network connections via modem • PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols • The wvdial utility can configure and manage a PPP connection from the command line

  32. Chapter Summary • The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic • The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server • Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients • The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources

  33. Chapter Summary • The OpenLDAP server is provided with most Linux distributions • X can execute graphical programs remotely by referring to the DISPLAY variable or the --display command line option • XDMCP lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux without first logging into Linux via Telnet • The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment

  34. Chapter Summary • The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of email messages between servers in the days before Internet connectivity was widespread • Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape • Internet email relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages

  35. Chapter Summary • MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server • The Procmail program processes email messages using recipes which provide automatic message management • Many other Linux email clients are popular: elm and pine, fetchmail, Kmail and Balsa

More Related