Guide to Novell NetWare 6.0 Network Administration

1

Guide to Novell NetWare 6.0 Network

Administration

Chapter 14

2

Chapter 14 - Implementing and Securing Network Services

Describe NetWare 6 Internet/intranet services, including Net Services and Web Services components

Install and configure Novell Web Services components

3

Chapter 14 - Implementing and Securing Network Services

Describe public key cryptography and use the Novell Certificate Authority service to export public and private keys

Describe internal and external security policies and strategies, including firewalls, virus protection, and defense against denial-of-service attacks

4

Novell’s Internet/intranet services: Help simplify the implementation of business networks

by providing a common set of services for accessing data and resources with a variety of workstation and server operating systems

The Internet service component can be divided into Web Services, which are TCP/IP-based applications that give users access to network data and services though Web sites and FTP servers, and Net Services, which extend the capabilities of standard Web services

NetWare 6 Internet Service Components

6

Net Services requests: A network can be configured so that requests for Net

Services originating at user workstations are sent via the Internet to a firewall running on a server or router; once through the firewall, the request is routed to the appropriate services based on its IP address and port number

Port numbers are used to transfer information in a data packet to the correct application

To gain access to NetWare files and resources, Net Services run as applications on Web Services components, such as Apache Web Server


8

Apache Web Server: Is open-source Web server software and a common

platform for implementing Web-based services It is installed by default during the NetWare 6 install It’s primary purpose is to provide support for Novell

Portal Services and Net Services, such as iFolder Requires no special configuration

NetWare 6 ships with the Tomcat Servlet Engine, which is used to run Java-basedWeb applications


9

Novell Portal Services (NPS) is a portal strategy for delivering the right information to the people authorized to use it A portal provides one view into a company’s

information and displays this data as Web pages With NPS, network administrators can protect and

control access to network resources, delivering personalized data to people based on their company roles, locations, and group associations

NPS consists of a number of Java servlets that run on Apache Web Server


11

NetWare Web Search Server: Makes network or Internet data searchable in minutes,

and it bridges all types of networks NetWare Enterprise Web Server:

Is an HTTP-based service for sending Web pages to browsers on the Internet, or to an intranet

FTP server: Allows for file transferring between Internet hosts

NetWare Web Manager: The portal service for managing Web Services


12

Working with NetWare Enterprise Web Server NetWare Enterprise Web Server can be installed during

or after NetWare 6 server install, and once installed, NPS displays the NetWare Enterprise Web Server options in the Web Manager window to allow for configuration

There are many configuration options and settings, but the most common tasks are: starting and stopping Web Services, changing the default path to the content directory, creating virtual Web sites, configuring document preferences, and setting up public and restricted access sites

Installing and Configuring Web Services

16

Working with NetWare FTP Server: FTP services require server & client components Most Web browsers have a built-in FTP client for

accessing FTP servers Many dedicated FTP clients enable the operator to enter

commands directly from the FTP command prompt; other clients use a graphical environment

Setting up NetWare FTP Server requires installing the FTP software on the NetWare 6 server and then configuring the software to provide access to the content directories


18

Working with NetWare FTP Server (cont.): After FTP Server is up and running, any FTP client can

be used to log in to the FTP server and transfer files To enable FTP Server logging, enter your server URL

and click your server name under the NetWare Enterprise Web Server heading to log in, click the Log Settings link in the left-hand column

You can configure FTP security by clicking the Security link in the Server Preferences window


21

Working with NetWare FTP Server (cont.): Additional features of FTP Server include: multiple

instances of FTP Server software; FTP access restrictions; intruder detection; remote server access; special Quote Site commands; firewall support; active sessions display; Namespace support; Simple Network Management Protocol (SNMP) error-reporting service; welcome banner and message file support; NetWare Web Manager management; Cluster Services support


22

Public key cryptography: Is a security system that authenticates users and

organizations to ensure that they are who they say they are and encrypts data transmissions to prevent information from being intercepted

Public key cryptography uses mathematically related sets of digital codes called key pairs, which consists of a public and private key that is unique to a person, an application, or an organization

To create a digital signature, cryptography software mathematically links the data being signed with the sender’s private key

Working with Certificate Services

25

Public key cryptography: The Certificate Authority (CA) service was developed to

mediate the exchange of public keys In this service, the public key cryptography software

running on an entity creates a public and private key pair. To get the public key authorized, an entity must send its public key and other identification data to a CA. The CA validates the owner’s key pair by creating a certificate containing the owner’s public key along with the CA’s digital signature


27

Novell Certificate Server: Integrates public key cryptography services into

eDirectory and enables administrators to create, issue, and manage user and server certificates

It helps meet the challenges of public key cryptography in these ways: creating an organizational CA in the eDirectory tree; storing key pairs in the eDirectory tree to provide security; allowing centralized management of public key certificates through ConsoleOne snap-ins; supporting common e-mail clients and browsers


28

Making Net Services and information available on the Internet exposes the network to potential electronic attacks Although public key cryptography secures data through

encryption and identifies entities with digital signatures, it does not prevent outside hackers from gaining unauthorized system access

Common hacker attacks categories: intrusion, social engineering, spoofing, virus attacks, denial-of-service attacks, and information theft

Securing Net Services

29

Internal security involves placing NetWare servers in secure locations and making sure you have adequate password policies In addition, consider these network protection

precautions: ensure that server rooms are locked at all times; workstations should not be visible from behind the user; keep wiring closets locked and restrict their access; provide extra security by using the console screen saver and SECURE CONSOLE commands; review file system and eDirectory security to ensure that users have only the rights they need to perform their tasks


30

How to avoid common internal security violations: Ensure passwords are safe and secure, especially the

administrator’s - intruder detection helps here Ensure that user accounts are not assigned

unauthorized rights - a tool such as Novell Advanced Audit Service and tools from BindView Solutions help here

Ensure that there are no rogue Admin accounts that have the Supervisor right to the eDirectory tree


31

Firewall external security: Computer firewalls control access between the

company’s private network and an untrusted external entity on the internet

Firewalls consist of software that run on a server and can be configured in the following ways: control the type of traffic permitted between the internal private network and the Internet; keep log files of information about external traffic; provide a central point that all network traffic must pass through; and permit only selected services to access the network


32

Protection against virus attacks: Viruses are often embedded in other programs or e-mail

attachments, and are activated by running the program or opening the e-mail attachment

Viruses are classified based on how they infect: boot sector viruses attack the boot records or file allocation tables; file viruses attack executable programs; macro viruses attack programs that run macros; stealth viruses disguise themselves to make it difficult for anti-virus software to detect them; worms are independent programs that copy themselves to other computers over a network


33

Protection against virus attacks (cont.): Virus protection on a network involves: installing a virus

protection system; making regular backups; and training users on how to reduce the risk of virus attacks

Virus removal planning involves these steps: isolate all infected systems and floppy diskettes; locate the clean floppy disk formatted with a boot system created earlier with the anti-virus software; use the boot disk to start and clean all infected computers; restart the system and create a system backup; scan the network drives for infection


34

Defense against denial-of-service attacks Denial-of-service attacks are usually caused by flooding

the server with packets or sending oversized packets to a server, making it crash

A properly configured firewall and software designed for Net Services security are the best defenses against these attacks


36

Chapter Summary

An essential part of Novell’s strategy for the future is to provide Internet services that enable clients and servers using diverse operating systems to be managed and accessed as one network. To do this, Novell has developed Net Services, which includes iFolder, NetStorage, iManager, iPrint, and iMonitor. Because Net Services is written to run on top of the open-source Apache Web Server, the services can be implemented on other network operating systems, such as Windows 2000/XP, Windows NT and Linux

37

Chapter Summary

NetWare Web Services include Enterprise Web Server and FTP Server, which can be installed and customized to supply information and Web pages to the Internet and local intranet. The NetWare Web Manager portal is used to configure and manage both Enterprise Web Server and FTP Server. Typical Web server management tasks include specifying the primary document directory, creating virtual Web sites, setting document preferences, and specifying public and restricted access to Web content. FTP configuration tasks include setting the default FTP directory, providing anonymous access, and restricting user access to the FTP server

38

Chapter Summary

Using public key cryptography to encrypt data transmission and provide authentication with digital signatures is a vital component of securing information transmission on the Internet . Public key cryptography uses public and private keys to create digital signatures and encrypt and decrypt data transmissions. Clients use the public key to encrypt data, which can be decrypted only by the public key owner’s private key

Certificate Authorities (CAs) issue public key certificates for verifying that the public key belongs to the entity distributing it

39

Chapter Summary

Internet security involves protecting Web and Net Services from threats such as theft, hacking, and computer viruses. An Internet security plan should include a firewall to isolate the internal network from the outside Internet and implement a virus protection and data recovery plan. Firewalls should be configured to detect denial-of-service attacks, such as the ping of death, SYN packet flooding, oversized UDP packets, teardrop attacks, and land attacks

Guide to Novell NetWare 6.0 Network Administration

Documents

Transcript of Guide to Novell NetWare 6.0 Network Administration