1 linux networking and security chapter 3. 2 configuring client services configure dns name...
TRANSCRIPT
2
Configuring Client Services
Configure DNS name resolution Configure dial-up network access using PPP Understand client services such as DHCP and LDAP Use remote graphical applications and remote dial-up
authentication Use common client tools such as Linux Web browsers
and email clients
3
Setting Up Name Resolution
The domain name service (DNS) is implemented by a domain name server The term domain name refers to the name of multiple hosts on
the Internet that are collectively referred to The most widely known top-level domain is .com Within a top-level domain, an organization has its own domain or
domains Network hosts are given names called hostnames A fully qualified domain name (FQDN) combines a hostname
with the name of its domain
5
Configuring the DNS Resolver Manually
The resolver is the client part of DNS It makes requests to a DNS server so that other workstation
programs can use the IP address of a given server to make a network connection
The resolver is configured by a single file in Linux: /etc/resolv.conf
Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver
6
The hosts File
Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host
The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses
11
Dial-up Network AccessUsing PPP
PPP is widely used to connect to the Internet via modem PPP includes feature that make it more secure, flexible, and
dependable than terminal emulation In reality, PPP was not very secure and was challenging to
configure and manage
Two advances improve PPP security: Password Authentication Protocol (PAP) stores user data in a
file that only the root user accesses Challenge Handshake Authentication Protocol (CHAP) is the
most secure PPP option
12
PPP Connections
Text-mode utility wvdial is designed to ease the difficulty of working with PPP Used from a command line on a server
Red Hat Linux uses a utility called rp3 This is a wizard-driven graphical utility
The Linux KDE graphical environment uses a utility called KPPP
diald automates PPP difficult to use and challenging to set up
15
Using DHCP
Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients DHCP can drastically reduce the administration needs of a
network The DHCP server is installed by default on many Linux systems Configuration of DHCP involves creating an /etc/dhcpd.conf file
17
Understanding LDAP
The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information LDAP directories are organized as inverted trees of information To use a directory, client software allows traversal of the tree,
looking for the needed data Objects in the tree are referred to using a formalized set of
identifiers
21
Running Applications Remotely
Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server To use xhost Authentication, include the hostname of the
computer that will be allowed to display xauth Authentication is more secure than xhost since it employs
the use of a cookie
XDMCP for Remote Graphical Terminals lets users on remote X servers obtain a graphical login screen
and begin using X clients on Linux
22
Running Applications Remotely
Using r-Utilities for Remote Execution Allow a user to learn about or execute a program on another
host The r-utilities are not secure
Using UUCP for Remote Access Provides transfer of email over modem between multiple email
servers
24
Web and Mail Clients
Popular Linux Browsers Lynx is a text-based browser that is installed by default on many
popular Linux distributions Netscape Communicator on Linux is similar to Netscape on
Windows Mozilla is included as the default on Red Hat Linux on the
Gnome desktop Other browsers: Opera, dillo, Galeon, SkipStone
26
Understanding Email
Email is transferred on the Internet via the Simple Mail Transport Protocol (SMTP)
Email-related programs are divided into three categories: Mail Transfer Agent (MTA) - moves email messages from one
server to another Mail Delivery Agent (MDA) - places email in a user’s mailbox Mail User Agent (MUA) - displays and manages email messages
for a user
27
Understanding Email
On every Linux system, user accounts have associated email accounts and email is placed in the /var/spool/mail directory
Email is typically retrieved using a MUA in one of three ways: Post Office Protocol (POP3) - via a POP3 server downloads
messages to the computer Internet Mail Access Protocol (IMAP) - views messages on the
remote server Web browser
28
Understanding Email
Using an Email Filter: Procmail Procmail is a special MDA acts as a filter and processes email
based on user-defined criteria Difficult to configure, but worth the effort if a large number of
incoming messages are regularly received Is installed by default on many Linux systems Checks for both a system-wide configuration file /etc/procmailrc
and per-user .procmailrc These files can contain recipes, or formulas for examining email
messages and taking an action
31
Chapter Summary
The client portion of the domain name service is called a resolver
A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part
PPP is a popular method of making network connections via modem
PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols
The wvdial utility can configure and manage a PPP connection from the command line
32
Chapter Summary
The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic
The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server
Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients
The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources
33
Chapter Summary
The OpenLDAP server is provided with most Linux distributions X can execute graphical programs remotely by referring to the
DISPLAY variable or the --display command line option XDMCP lets users on remote X servers obtain a graphical login
screen and begin using X clients on Linux without first logging into Linux via Telnet
The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment
34
Chapter Summary
The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of email messages between servers in the days before Internet connectivity was widespread
Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape
Internet email relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages
35
Chapter Summary
MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server
The Procmail program processes email messages using recipes which provide automatic message management
Many other Linux email clients are popular: elm and pine, fetchmail, Kmail and Balsa