web server(apache),

24
Web Server(Apache), Web Server(Apache), Proxy Server(Squid) & Proxy Server(Squid) & Server Logs Server Logs By Sanjay Kumar Malik By Sanjay Kumar Malik Lecturer Lecturer University School of IT University School of IT GGS Indraprastha University GGS Indraprastha University Kashmere Gate, Delhi -110403 Kashmere Gate, Delhi -110403

Upload: webhostingguy

Post on 08-Jun-2015

736 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Web Server(Apache),

Web Server(Apache),Web Server(Apache),

Proxy Server(Squid) & Server Proxy Server(Squid) & Server LogsLogs

By Sanjay Kumar MalikBy Sanjay Kumar MalikLecturerLecturer

University School of ITUniversity School of ITGGS Indraprastha UniversityGGS Indraprastha University

Kashmere Gate, Delhi -110403Kashmere Gate, Delhi -110403

Page 2: Web Server(Apache),

ContentsContents Web Server and its types. Web Server and its types. Apache Web Server.Apache Web Server. Requirements for hosting web server.Requirements for hosting web server. How web server works.How web server works. Web server security.Web server security. Proxy server,Types, Advantages.Proxy server,Types, Advantages. Network Devices.Network Devices. Linux & Its features.Linux & Its features. A few Linux commands.A few Linux commands. Server log.Server log. Network Security.Network Security. Anti-x.Anti-x. Malicious Software (virus,worms,trojan horse).Malicious Software (virus,worms,trojan horse). GGSIPU Website updating through VPNGGSIPU Website updating through VPN

Page 3: Web Server(Apache),

Webserver & it’s types Webserver & it’s types

A computer that delivers.serves Web pages. A computer that delivers.serves Web pages. Every Web server has an IP address and possibly a domain Every Web server has an IP address and possibly a domain

name. For example www.yahoo.com. name. For example www.yahoo.com. A computer with appropriate configuration may be turned into a A computer with appropriate configuration may be turned into a

Web server by installing server softwareWeb server by installing server software There are many Web server software applications like There are many Web server software applications like

commonly used are -:commonly used are -:

1.1. Apache(Linux based)Apache(Linux based)

2.2. IIS(Internet Information Services by Microsoft)IIS(Internet Information Services by Microsoft)

Page 4: Web Server(Apache),

Apache Web ServerApache Web Server

1.1. Apache is developed and maintained by an open community of developers.Apache is developed and maintained by an open community of developers.

2.2. The first version of the Apache web server was created by Robert McCool.The first version of the Apache web server was created by Robert McCool.

3.3. The application is available for a wide variety of operating systems including The application is available for a wide variety of operating systems including Unix, FreeBSD, Linux, Solaris, Novell NetWare, Mac OS X, and Microsoft Unix, FreeBSD, Linux, Solaris, Novell NetWare, Mac OS X, and Microsoft Windows but commonly used for Linux. Windows but commonly used for Linux.

4.4. A free and open source software.A free and open source software.

5.5. As of November 2005, Microsoft IIS (Internet Information Services) gained As of November 2005, Microsoft IIS (Internet Information Services) gained popularity,popularity,

6.6. Apache serves more than 50% of all websites.Apache serves more than 50% of all websites.

Page 5: Web Server(Apache),

Requirement for Hosting Requirement for Hosting WebServer(WebSite).WebServer(WebSite).

1.Registere a DOMAIN Name.1.Registere a DOMAIN Name. 2.High Bandwidth.2.High Bandwidth. 3.Public IP Addresses.3.Public IP Addresses. 4.HighEnd Server (Hardware)4.HighEnd Server (Hardware) 5.HTML/PHP/ASP(Language to write static 5.HTML/PHP/ASP(Language to write static

& interactive web pages)& interactive web pages) Apache webserver/IIS. (s/w)Apache webserver/IIS. (s/w)

Page 6: Web Server(Apache),

How Webserver worksHow Webserver works1.1. First the User enter First the User enter www.yahoo.comwww.yahoo.com in his/her Browser ( Internet in his/her Browser ( Internet

Explorer/Netscape etc).Explorer/Netscape etc).2.2. The Request goes to Proxy server which is providing internet facility.The Request goes to Proxy server which is providing internet facility.3.3. Proxy Server then Forwards the Request(www.yahoo.com) to ISP Proxy Server then Forwards the Request(www.yahoo.com) to ISP

Domain(say MTNL).Domain(say MTNL).4.4. ISP Domain contains list of all Web servers like yahoo.com, ISP Domain contains list of all Web servers like yahoo.com,

hotmail.com , google.com etc. and forward the Request to appropriate hotmail.com , google.com etc. and forward the Request to appropriate Web Servers.Web Servers.

5.5. When the Request reaches at When the Request reaches at www.yahoo.comwww.yahoo.com, it looks into its , it looks into its webpages directory to send back the desired webpage to the webpages directory to send back the desired webpage to the ISP(MTNL).ISP(MTNL).

6.6. ISP then forwards the webpage to Proxy server.ISP then forwards the webpage to Proxy server.7.7. Finally Proxy server sends the Request back to the original client from Finally Proxy server sends the Request back to the original client from

where is originated.where is originated.www.yahoo.com ISP Domain Proxy server www.yahoo.com

Note:-For Home users, request will go directly to ISP since home users don’t use proxy servers.

Page 7: Web Server(Apache),

Web Server SecurityWeb Server Security

HTTPS stands for Hypertext Transfer Protocol over Secure Socket HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL. Layer, or HTTP over SSL.

HTTPS encrypts and decrypts the page requests and page HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a information between the client browser and the web server using a secure Socket Layer (SSL, like a Tunnel). secure Socket Layer (SSL, like a Tunnel).

HTTPS by default uses port 443 as opposed to the standard HTTP HTTPS by default uses port 443 as opposed to the standard HTTP port of 80. port of 80.

SSL transactions are negotiated by means of a keybased encryption SSL transactions are negotiated by means of a keybased encryption algorithm between the client and the server, algorithm between the client and the server,

This key is usually either 40 or 128 bits in strength (the higher the This key is usually either 40 or 128 bits in strength (the higher the number of bits , the more secure the transaction). number of bits , the more secure the transaction).

Page 8: Web Server(Apache),

Proxy Server,Advantages & Proxy Server,Advantages & Types(Squid & Others)Types(Squid & Others)

A proxy server is a server (an application program) which serves the requests A proxy server is a server (an application program) which serves the requests of its clients by forwarding requests to other servers.of its clients by forwarding requests to other servers.

Advantages:-Advantages:- Provide internet access to its clients. It’s a centralize server for managing Provide internet access to its clients. It’s a centralize server for managing

internet. Provide Monitoring services. Reduce the workload of router (client internet. Provide Monitoring services. Reduce the workload of router (client don’t connect to router directly). Proxy hides the clients from outside world.don’t connect to router directly). Proxy hides the clients from outside world.

Squid (Linux based), ISA (Microsoft), Wingate (windows based).Squid (Linux based), ISA (Microsoft), Wingate (windows based).

Squid is free and work on Linux. It doesn’t require high end servers. It provide Squid is free and work on Linux. It doesn’t require high end servers. It provide blocking, filtering, monitoring services and other features.blocking, filtering, monitoring services and other features.

Clients

Proxy ServerWAN Link

LAN

Cables

Page 9: Web Server(Apache),

Networking DevicesNetworking Devices

Router:- It connects internal network to the external network. Works as a gateway for a network. Any computer which want to access a computer outside of its network has to use a Router.

Features/specifications/commands:-

•Router provide security/authentication/monitoring .It provide connectivity between two different LAN, one LAN to WAN & WAN to WAN.

•Router comes with RAM, Flash Memory, OS, Physical port (Serial/Ethernet).

•Cisco has following series of router:-1600,1700,1800,2400,2600,2800 etc.

Connecting to a router(commands):- #sh run : to show current config. To change password:- #enable ; #config (to go to config mode) ; #line console 0 ;#login #password cisco ; #end #exit (to exit)

Page 10: Web Server(Apache),

SwitchesSwitches

1. A Network device. Provides connectivity to all machines. Basically a centralize device with intelligence to forward data. Generally , superior than hubs.

It maintains a table by which it takes decision to forward data. It has speed of upto 1000 mbps. It comes with 8port,16port,24port,48port,72port and so on)

MODEMS1. Modems(Modulator – Demodulator) are used to convert analog signals to digital signals and

vice versa. Basically it’s converter.

Cables1. FiberOptics:-It has speed upto 40000Mbps.Signals flow in lights form. Can cover 1000 mtr.

Data travels with speed of light.

2. UTP:- It has speed up to 1000Mpbs,signals flow in digital form.cover upto 100 mtr.

3. Co-axial cable:-it has upto 100Mbps,can cover 100 mtr.

Page 11: Web Server(Apache),

Linux Introduction & featuresLinux Introduction & features Linus Benedict TorvaldsLinus Benedict Torvalds was a second year student of Computer Science at the was a second year student of Computer Science at the University of HelsinkiUniversity of Helsinki .. Linux Torvalds wanted to create a Free/Open Source OS.Linux Torvalds wanted to create a Free/Open Source OS. In 1991 he created the kernel(main part of OS) for Linux.In 1991 he created the kernel(main part of OS) for Linux. Then he called several volunteer programmers across the world to participate in developing a free OS like Linux.Then he called several volunteer programmers across the world to participate in developing a free OS like Linux. Earlier he was using MINIX which has limitations.Earlier he was using MINIX which has limitations. So he decided to devolope linux for enterprise/home users.So he decided to devolope linux for enterprise/home users.

Linux FeaturesLinux Features1.Linux is free/open source(source codes are freely available).1.Linux is free/open source(source codes are freely available).

2.Linux doesn’t require high end machines to start with.2.Linux doesn’t require high end machines to start with.

3.Linux can be installed on 80286(first computer series).3.Linux can be installed on 80286(first computer series).

4.Linux is Multitasking/Multiuser OS.4.Linux is Multitasking/Multiuser OS.

5.Linux is more secure than windows.5.Linux is more secure than windows.

6.Linux is more stable and reliable.6.Linux is more stable and reliable.

7.Linux doesn’t cost too much.(support isn’t free).7.Linux doesn’t cost too much.(support isn’t free).

8.Now Linux support various software like windows and coming with GUI features.8.Now Linux support various software like windows and coming with GUI features.

Page 12: Web Server(Apache),

A few Linux commandsA few Linux commands

Commands Description

touch create new file

mkdir create new dir.

vi to edit file.

cd change dir.

cp copy file/dir.

mv move file/dir

rm remove file.

rmdir remove dir.

date view date.

cal view calendar.

bc view calculator.

Init -0 shutdown the machine.

Page 13: Web Server(Apache),

Server LogsServer Logs Server log are basically records which indicated what had happened in a server.Server log are basically records which indicated what had happened in a server. Logs gather the information about IP & Services on a server.Logs gather the information about IP & Services on a server. Every Services running on server has its own server logs.Every Services running on server has its own server logs.

Apache has it logs under dir /var/log/httpd/access.logApache has it logs under dir /var/log/httpd/access.log #samle is attached.#samle is attached.

Squid has its logs under dir /var/log/squid/access.logSquid has its logs under dir /var/log/squid/access.log #sample is attached.#sample is attached.

Squid logs1209105932.207 3 172.16.78.42 TCP_IMS_HIT/304 303 GET http://www.ncbi.nlm.nih.gov/blast/js/utils.js - NONE/- application/x-javascript

1209105931.658 7 172.16.1.148 TCP_MEM_HIT/200 1212 GET http://www.relbio.com/images/careers_hover.jpg - NONE/- image/jpeg1208855587.146 5561

172.16.16.12 TCP_MISS/302 553 GET http://mail.yahoo.com/ - DIRECT/202.86.7.110 text/html1208855687.590 712 172.16.1.1 TCP_MISS/302 572 GET http://orkut.com/ - DIRECT/72.14.209.85 text/html

Apache Logs(mail.ipu.edu)202.159.218.122 - - [22/Apr/2008:09:47:21 +0530] "GET /webmail/src/style.php?themeid=default_theme&templateid=default HTTP/1.1" 200 5627 "http://mail.ipu.edu/webmail/src/login.php" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"

59.90.72.161 - - [22/Apr/2008:09:12:14 +0530] "GET /webmail/src/style.php?themeid=default_theme&templateid=default HTTP/1.1" 200 5627 "http://mail.ipu.edu/webmail/src/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/)"

202.159.218.122 - - [22/Apr/2008:09:47:21 +0530] "GET /webmail/src/login.php HTTP/1.1" 200 2363 "http://mail.ipu.edu/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"

Page 14: Web Server(Apache),

Network SecurityNetwork SecurityA.What is Network security?A.What is Network security?

Network security is the process of preventing and detecting unauthorized use of Network security is the process of preventing and detecting unauthorized use of your Network. Prevention measures help you to stop unauthorized users (also your Network. Prevention measures help you to stop unauthorized users (also known as "intruders hackers, attackers, or crackers") from accessing any part of known as "intruders hackers, attackers, or crackers") from accessing any part of your computer system. your computer system.

Intruders may be able to watch all your actions on the Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or computer, or cause damage to your computer by reformatting your hard drive or changing your data.changing your data.

Types of Attacks:Types of Attacks:

Dos (Denial of Services):- Attackers often flood lot of unwanted packets to a servers and Dos (Denial of Services):- Attackers often flood lot of unwanted packets to a servers and cause the server to process them. As a result server get busy handling them and cause the server to process them. As a result server get busy handling them and might come to a crash.might come to a crash.

Phishing:- It’s latest attack. Hacker creates a clone website of an authorized bank’s Phishing:- It’s latest attack. Hacker creates a clone website of an authorized bank’s websites. When any user access that authorized bank’s website, the clone website websites. When any user access that authorized bank’s website, the clone website comes up in place of the original and user insert all his accounts details which is comes up in place of the original and user insert all his accounts details which is actually going to a hacker.actually going to a hacker.

Social Networking:-Hackers often develop friendship with IT administrator so that they Social Networking:-Hackers often develop friendship with IT administrator so that they can get valuable information about their network and perform the desirable task.can get valuable information about their network and perform the desirable task.

Page 15: Web Server(Apache),

Securing NetworksSecuring NetworksToday, there are lots of methods for securing a network. Following are Today, there are lots of methods for securing a network. Following are

examples.examples.FirewalllFirewalll

– Firewall is a network security device.Firewall is a network security device.– Firewall may be both software (iptables, windows firewall,shorewall)/hardware Firewall may be both software (iptables, windows firewall,shorewall)/hardware

device.(cisco pix,cisco ASA, cyber-roam)device.(cisco pix,cisco ASA, cyber-roam)– Firewall works like a wall to secure a networkFirewall works like a wall to secure a network– Firewall checks every incoming/outgoing packet through network.Firewall checks every incoming/outgoing packet through network.– Firewall, according to the set rules allow authorized packet to pass throughFirewall, according to the set rules allow authorized packet to pass through– Firewall helps deny, DoS, Phishing, Spams.Access attacks etc.Firewall helps deny, DoS, Phishing, Spams.Access attacks etc.

IDS/IPS(Instrusion Detection Systems and Prevention Systems)IDS/IPS(Instrusion Detection Systems and Prevention Systems)

•IDS/IPS is a hardware devices.IDS/IPS is a hardware devices.•IDS/IPS work as final resource for detecting a threat,attack.IDS/IPS work as final resource for detecting a threat,attack.•It is much advance technique for detecting/preventing attacks.It is much advance technique for detecting/preventing attacks.•It detect these threats by watching for trends, looking for attacks that use particular It detect these threats by watching for trends, looking for attacks that use particular patterns of messages.patterns of messages.

Page 16: Web Server(Apache),

Anti-XAnti-XApart from using firewall and IPS/IDS there other technique

that can be used to prevent virus/attacks/threat. Anti-X(X refer to various sub name of Anti)

Anti-Virus: Scans networks traffic to prevent the transmission of known viruses based on virus Anti-Virus: Scans networks traffic to prevent the transmission of known viruses based on virus signatures. Scan for viruses, detect them and delete them.signatures. Scan for viruses, detect them and delete them.

Anti-Spyware: Scan network traffic to prevent the transmission of spyware programs.Anti-Spyware: Scan network traffic to prevent the transmission of spyware programs.

Anti-Spam: Examines e-mail before it reaches the users, deleting or segregating junk e-mail.Anti-Spam: Examines e-mail before it reaches the users, deleting or segregating junk e-mail.

Anti-Phishing: Monitors URLs sent in messages through the network, looking for the fake URL, Anti-Phishing: Monitors URLs sent in messages through the network, looking for the fake URL, inherent in Phishing attacks, preventing the attack from reaching the users.inherent in Phishing attacks, preventing the attack from reaching the users.

URL-Filtering: Filters web traffic based on URL to prevent users from connecting to inappropriate URL-Filtering: Filters web traffic based on URL to prevent users from connecting to inappropriate sites.sites.

E-mail Filtering: Provides anti-spam tools. Also filters e-mails containing offensive materials, E-mail Filtering: Provides anti-spam tools. Also filters e-mails containing offensive materials, potentially protecting the Enterprise from lawsuits. potentially protecting the Enterprise from lawsuits.

Page 17: Web Server(Apache),

A few NetworkingToolsA few NetworkingToolsGFI LANGuard

– GFI LANguard Network Security Scanner (N.S.S.) is an award-winning solution that allows you to scan, detect, assess and rectify any security vulnerabilities on your network. http://www.gfi.com/lannetscan/

Packet Trap

– The PacketTrap pt360 Tool Suite PRO consolidates dozens of network management and monitoring tools into a single, integrated interface. For more information visit: http://www.packettrap.com/product/index.aspx

OPManager

- OPManager is a network monitoring software that can automatically discover our network, group your devices into intuitive maps, monitor devices in real-time and alert instantaneously on failure.

http://manageengine.adventnet.com/products/opmanager/

IPAudit

IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks.

. For more informations visit:http://ipaudit.sourceforge.net/Ethereal (Packet snifferEthereal (Packet sniffer) http://www.ethereal.com) http://www.ethereal.comWireShark (packet sniffer)WireShark (packet sniffer) http://www.wireshark.org http://www.wireshark.orgNMAP (port scanner)NMAP (port scanner) http://nmap.org http://nmap.orgMRTG MRTG ((Multi-route traffic generator)Multi-route traffic generator) http://www.mrtg.com http://www.mrtg.comSpamassassin (Mail Filter)Spamassassin (Mail Filter) http://www.spamassassin.apache.org http://www.spamassassin.apache.orgVNC (Remote desktop)VNC (Remote desktop) http://www.realvnc.com http://www.realvnc.com

Page 18: Web Server(Apache),

Malicious SoftwareMalicious Software

Is a software that is intentionally included or inserted in Is a software that is intentionally included or inserted in a system for a harmful purpose.a system for a harmful purpose.VirusVirus:-Computer viruses are small software programs :-Computer viruses are small software programs that are designed to spread from one computer to that are designed to spread from one computer to another and to interfere with computer operation. another and to interfere with computer operation. Effects of VirusEffects of Virus:-:-1.A virus might corrupt or delete data on your 1.A virus might corrupt or delete data on your computer.computer.2.Due to virus drives are not opened.2.Due to virus drives are not opened.3.Slows down the speed of the system.3.Slows down the speed of the system.4.Taskmanager is Disabled.4.Taskmanager is Disabled.

Page 19: Web Server(Apache),

Threats other than virusThreats other than virus WormWorm:-:-A A computer wormcomputer worm is a self-replicating computer program. It is a self-replicating computer program. It

uses a network to send copies of itself to other nodes and it may do so uses a network to send copies of itself to other nodes and it may do so without any user intervention.without any user intervention.

Trozan HorseTrozan Horse:-:- Trojan horseTrojan horse is a piece of software which appears to is a piece of software which appears to perform a certain action but in fact performs another such as a perform a certain action but in fact performs another such as a computer virus.computer virus.

SpywareSpyware:-:- Spyware is software that performs actions such as creating Spyware is software that performs actions such as creating unsolicited pop-ups, hijacks home/search pages, or redirects browsing unsolicited pop-ups, hijacks home/search pages, or redirects browsing results. results.

Page 20: Web Server(Apache),

AntivirusAntivirus

““Antivirus" is protective software designed to defend your computer Antivirus" is protective software designed to defend your computer against malicious software or "malware" includes: viruses, Trojans, against malicious software or "malware" includes: viruses, Trojans, etc.etc.

Examples:- Examples:- Symantec antivirus.Symantec antivirus. Trend micro.Trend micro. Mcafee antivirus.Mcafee antivirus. Panda antivirus etc.Panda antivirus etc.

Page 21: Web Server(Apache),

How to use antivirusHow to use antivirus

Install antivirus software on the computer.Install antivirus software on the computer. Update the virus definitions through internet.Update the virus definitions through internet. Download security patches from internet.Download security patches from internet. Run security patch.Run security patch. Full Scan the system.Full Scan the system. Check the scan history of the system.Check the scan history of the system. Restart the system.Restart the system.

Page 22: Web Server(Apache),

Symantec Antivirus Corporate EditionSymantec Antivirus Corporate Edition

Centralized management and administration.Centralized management and administration. Effective protection from spyware and adware.Effective protection from spyware and adware. Protecting users from viruses that attempt to disable security Protecting users from viruses that attempt to disable security

measures.measures. Virus protection and monitoring from a single management console.Virus protection and monitoring from a single management console. Backed by Symantec Security Response, the world’s leading Internet Backed by Symantec Security Response, the world’s leading Internet

security research and support organizationsecurity research and support organization

Page 23: Web Server(Apache),

Management of Symantec Antivirus in Management of Symantec Antivirus in

Indraprastha UniversityIndraprastha University There is a centrally managed antivirus server which is managing There is a centrally managed antivirus server which is managing

networked clients in the campus.networked clients in the campus. It pulls latest virus definition files from symantec web server and push It pulls latest virus definition files from symantec web server and push

the virus definitions on the managed clients.the virus definitions on the managed clients. Antivirus server check regularly managed clients.Antivirus server check regularly managed clients. It scans the all managed clients in the given schedule time by the It scans the all managed clients in the given schedule time by the

antivirus server. antivirus server. No need of manual scan on client side.No need of manual scan on client side. No need to update definition on client side manually.No need to update definition on client side manually.

Page 24: Web Server(Apache),

GGSIPU Website Updating through VPNGGSIPU Website Updating through VPN

Install VPN Client Software & configure VPN Certificate by following Install VPN Client Software & configure VPN Certificate by following instructions given by NICinstructions given by NIC

Click Start -> Programs -> Cisco Systems VPN Client -> VPN Click Start -> Programs -> Cisco Systems VPN Client -> VPN ClientClient

Select VPN Certificate & click on ‘Connect’ & enter login & passwordSelect VPN Certificate & click on ‘Connect’ & enter login & password Now you logon in NIC ServerNow you logon in NIC Server Open Internet Explorer & enter ftp url e.g. Open Internet Explorer & enter ftp url e.g. ftp://ftp://ipu.ac.inipu.ac.in Right click and enter login & passwordRight click and enter login & password Web Server Window containing files & folder openWeb Server Window containing files & folder open Now to upload any file or folder just use copy & past in desired folderNow to upload any file or folder just use copy & past in desired folder

Note: Take care of correct path, deleting, or overriding any files / foldersNote: Take care of correct path, deleting, or overriding any files / foldersThank You.Thank You.