1 linux networking and security chapter 4. 2 configuring client services configure...

1

Linux Networking and Security

Chapter 4

2

Configuring Client Services

Configure “superservers” to handle multiple network services

Set up administrative services like logging and printing Use simple network information services like finger and

talk Understand basic mailing list and news server

configurations

3

The Superservers

Superservers listen on multiple network ports and start the appropriate service when a client connection arrives for that port.

xinetd is a superserver gaining popularity It is a revised version of inetd that creates a more secure

environment Shipped with Red Hat Linux

xinetd is the most widely used superserver Application level security is provided via TCP Wrappers - the

tcpd program

4

TCP Wrappers

5

TCP Wrappers

TCP Wrappers - tcpd - is an application-level access control program TCP Wrappers is not a firewall and should be used with one if

Linux security issues exist Configuration is done by two files: /etc/hosts.allow and

/etc/hosts.deny Ensure proper and expected configuration by testing carefully

before relying on it

6

TCP Wrappers

7

Services Beyond the Superserver

Many services do not rely on superservers, they are designed to run standalone Apache Web server is the best example of this Servers such as SMTP and FTP can be used in standalone

mode, or with inetd or xinetd FTP runs more efficiently in standalone mode if much FTP traffic

is expected

8

Exploring Network Testing Services

There are 5 common testing services and they are used via Telnet The echo service repeats back whatever you type showing that

a remote host is receiving typed data The chargen service returns a character stream and continues

to until the session is ended The discard service is like /dev/null The time service returns a number corresponding to the current

time and closes the connection The daytime service returns the current date/time in human-

readable form, then ends the session

9

Using Administrative Services

Logging with logd System logging can be done remotely using syslogd by enabling

another host to receive syslog messages across the network and specifying a host in /etc/syslog.conf

Printing with lpd Linux can print across the network using lpd when printer

definitions that specify remote hosts cause a local copy of lpd to contact lpd running on a remote host and forward the print job to that host

10


11


12


Time Management with NTP Time in Linux is managed using the Network Time Protocol

(NTP) , which is implemented by the ntpd daemon On a LAN, NTP is designed to maintain correct time to within a

few milliseconds, the NTP protocol is designed for precision of 232 picoseconds

The ntpd program is installed on most Linux systems by default and it is controlled by a script in /etc/rc.d/init.d

13


14

Understanding SNMP on Linux

The Simple Network management Protocol (SNMP) is designed to give feedback about how the components of the network are functioning Use SNMP to determine if routers are overloaded or whether

remote programs have crashed An SNMP-aware program running on a host is called an agent

and it is configured to watch for specific events on the host An SNMP console gathers data from agents on the network for

system administrator’s review

15

Benchmarking with NetPerf

NetPerf provides benchmarking service to help determine how the throughput of the networking hardware compares with others Benchmarking is the process of comparing items by evaluating

their performance on a fixed task Throughput tells how much data a connection can handle NetPerf easily tests network speeds using the UDP and TCP

transport protocols

16

Allowing Dial-in Access with a PPP Server

The same program, pppd, is used for both the client and server sides of a PPP connection; the only difference is who calls whom and how pppd is configured To set up a PPP dial-in server, you must have a getty-type

program that watches a modem mgetty is typically used since it was designed with modems in

mind mgetty starts pppd, however, mgetty must be configured to use

the AutoPPP command

17

Using Basic Information Services

Communicating with talk The talk program uses the talkd daemon to allow a real-time

conversation with another user who is logged in on a remote host and also using talkd

Talkd service must be enabled in /etc/inetd.conf or in /etc/xinetd.d/talkd

To work in a graphical display mode rather than a character-mode, access talkd functionality using a graphical tool such as Ktalk

18


19


Using finger to Collect User Information The finger program uses the finger protocol via the

in.fingerd.daemon.finger finger provides a user with information as to whether another

user is logged in and for how long, as well as the user’s full name

finger is enabled in /etc/inetd.conf or /etc/xinetd.d/finger To use a graphical finger client, use kfinger

20


21


Collecting Server Information with whois In order to learn more about a domain, access domain

information in the database maintained by the domain registrar The whois utility queries that database to learn about a specific

domain whois queries the main whois server, called whois.internic.net Use whois with the help parameter to learn about extended

queries you can make

22


Linux Telephony The term telephony typically refers to having a computer interact

with a telephone in such a way that it can be an answering machine, it can route and track calls, and act as a voice recorder

Linux has support for special hardware cards that allow you to connect phone lines to the system

Using Linux as a fax server is a simple but useful form of telephony

23


24


25

Understanding Mailing Lists and News Servers

A mailing list enables a group of users to share information on an ongoing basis via email The concept behind mailing lists is that when an email message

is sent (posted) to the email list, the mailing list manager (MLM) sends the message to all users on the list

To become a member of a mailing list, users subscribe, where unsubscribing removes user

26


The advantage of mailing list software is that it automates subscribing, unsubscribing, and sending all the messages so individuals don’t have to spend time managing user lists One of the most widely used MLM packages is majordomo Other mailing list managers include: LISTSERV; ListProc;

SmartList; Mailman

27


28


Understanding Linux News Servers Newsgroup postings are passed around the Internet using

NNTP The most widely used Linux news server software is INN, with

the news server daemon innd For most networks, setting up a dedicated news server is not

worth the effort A better solution is to gain access to an ISP’s news server

29


Linux News Clients Linux provides several good news clients that allow the reading

of newsgroup postings, either graphically or in text mode Most full-featured Web browsers now include newsgroup

browsing capabilities Netscape browser is a popular browser option Gnome and KDE are graphical options The most widely used text-mode news reader is trn

30


31

Chapter Summary

The superservers, inetd and xinetd, listen to numerous ports and start network services when needed to respond to an incoming client request

Application-level security is provided for inetd via TCP Wrappers - the tcpd program

Ports are mapped to service names by the /etc/services file Some network services such as Apache Web server and the innd

news server are not designed to be run by the superserver but standalone

Network testing services such as chargen and echo are provided by inetd

32

Chapter Summary

System logging can be done remotely using syslogd by enabling another host to receive syslog messages across the network and specifying a host in /etc/syslog.conf

Linux can print across the network using lpd Time management in Linux is provided via NTP and the ntpd

daemon SNMP provides detailed information about what is happening on

hosts on a network NetPerf provides benchmarking service to help you determine

how the throughput of your networking hardware compare with that of other systems

33

Chapter Summary

To configure Linux as a PPP server, use mgetty or a similar program to watch for incoming modem calls

The talk system lets users communicate in real-time between hosts

Linux supports a number of chat-style messaging services such as Yahoo! Chat, America Online instant messager (AIM), and Microsoft Network

The finger program provides a small user account summary The whois command lets you query information about a domain

name through the network information databases maintained by name registers

34

Chapter Summary

Linux telephony is a growing field that allows your computer to interact with voice telephone systems

Voice-over-IP (VoIP) is a technology that allows you to make long-distance telephone calls

Mailing List Management (MLM) software provides automated management of message delivery between a potentially large number of users

Setting up a news server on Linux is possible, but maintaining such a server can entail much work

Many Web browsers include news-reading capability

1 linux networking and security chapter 4. 2 configuring client services configure...

Documents

administrative services

host slide

network testing services

multiple network services

session slide

client services

d slide

tcpd program slide