Chapter 5

5. Installation of Application server and Management

5.1. DHCP, DNS, TELNET server compares with other NOS set up of
corresponding network services

Let’s explore the concepts of DHCP, DNS, and TELNET servers, comparing them with

other network operating system (NOS) services.

1. Dynamic Host Configuration Protocol (DHCP):
o Purpose: DHCP simplifies IP address management within a network.
o Functionality:
▪ DHCP Server: Automatically assigns IP addresses to client devices, ensuring
proper communication over the network.
▪ DHCP Client: Receives IP information by default (e.g., PCs, mobile
devices, IoT endpoints).
▪ DHCP Relaying: Centralized DHCP servers handle requests from multiple
subnets via routers or hosts.
o Advantage: Reduces manual IP address assignment overhead for network
administrators.
o Comparison:
▪ DNS: Translates domain names to IP addresses.
▪ DHCP: Assigns IP addresses dynamically.
▪ Difference: DNS deals with domain names, while DHCP manages IP address
allocation1.
2. Domain Name System (DNS):
o Purpose: Converts human-readable domain names (like “FS.com”) to IP addresses.
o Functionality:
▪ Each domain can correspond to multiple IP addresses.
▪ DNS servers handle domain-to-IP translation.
o Advantage: Eliminates the need to remember lengthy IP addresses.
o Comparison:
▪ DHCP: Assigns IP addresses.
▪ DNS: Resolves domain names to IP addresses1.
3. TELNET Server:
o Purpose: Provides remote command-line access to network devices.
o Functionality:
▪ Allows users to log in remotely and execute commands.
▪ Older protocol, often replaced by more secure alternatives (like SSH).
o Advantage: Enables remote management and troubleshooting.
o Comparison:
▪ DHCP and DNS serve different purposes.
▪ TELNET: Facilitates remote access to devices2.

In summary:

• DHCP assigns IP addresses dynamically.

• DNS translates domain names to IP addresses.
• TELNET provides remote command-line access. Each of these services
plays a vital role in network communication and management
2. open SSH: secure network communication

Certainly! Let’s delve into the world of SSH and SCP for remote administration
and secure file transfer. These powerful tools are essential for managing remote
servers and transferring files between hosts.

1. SSH (Secure Shell):

o SSH is a protocol that allows secure communication between two systems
over an unsecured network (such as the internet).
o It provides encrypted communication, ensuring confidentiality and integrity.
o protocol ssh is the Linux SSH client command, while SSH refers to the general.
o To connect to a remote host using SSH, you can use the following command:
o ssh yourusername@yourserver

Replace your username with your actual username and your

server with the server’s address. You’ll be prompted for your
password.

o SSH is commonly used for remote shell access, executing commands, and
managing servers.
1. SCP (Secure Copy):
o SCP (secure copy) is built on top of SSH and allows you to copy files
securely between hosts.
o It’s useful for transferring files, creating backups, and synchronizing data.
o The syntax for using SCP is as follows:
▪ To copy from a (remote) server to your computer:
▪ scp yourusername@yourserver:/path/to/remote/file
/path/on/your/computer
 For example: scp examplefile
yourusername@yourserver:/home/yourusername/

▪ To copy from your computer to a (remote) server:

▪ scp /path/on/your/computer
yourusername@yourserver:/path/on/remote/server

For example: scp

yourusername@yourserver:/home/yourusername/examplefile .

The dot at the end means the current local directory.

▪ To copy directly between two (remote) servers:

▪ scp yourusername@server1:/path/to/source/file
yourusername@server2:/path/to/target/directory
o Note: Be cautious when copying files with the same name and location, as
SCP will overwrite them without warning.

Remember that both SSH and SCP rely on secure authentication (usually via
passwords or SSH keys). Use these tools wisely to manage your remote systems
effectively.

For more in-depth information, check out this Pluralsight tutorial on SCP and SSH
commands. Happy remote administration!

5.3 FTP and setting up Mail service and client

explore setting up an FTP server and configuring email services on Windows 10.

Setting Up an FTP Server on Windows 10

Building your own FTP (File Transfer Protocol) server can be a convenient
solution for transferring files through a private or public network without the
limitations often found with cloud storage services. Here’s how to set up an FTP
server on your Windows 10 PC:
1. Install the FTP Server Feature:
o Press Windows key + X to open the Power User menu and select Programs
and Features.
o Click the Turn Windows features on or off link.
o Expand Internet Information Services and check the FTP Server option.
o Expand FTP Server and check the FTP Extensibility option.
o Check Web Management Tools with the default selections.
o Click OK to begin the installation and then click Close.
2. Configure an FTP Site:
o Open the Control Panel.
o Click on Administrative Tools.
o Double-click Internet Information Services (IIS) Manager.
o Expand and right-click Sites in the Connections pane.
o Select Add FTP Site.
o Name your new FTP site and enter the path to the FTP folder where you want
to send and receive files.
o You can also use the Make New Folder button to create a specific folder for
your FTP files.
o Leave all the default settings for Binding and SSL Settings, but change the
SSL option to No SSL (Note: In a business environment or for sensitive data,
consider configuring SSL).
o On Authentication, check the Basic option.
Your FTP server is now set up and ready to transfer files from your home network
or remotely over the internet.

Configuring Email Accounts in Windows 10

Windows 10 includes a built-in Mail app that allows you to access various email
accounts (such as Outlook.com, Gmail, Yahoo!, etc.) in one centralized interface.
Here’s how to set it up:
1. Open the Mail app:
o Click the Settings (gear) button at the bottom of the left pane.
o Click Manage accounts in the right pane.
2. Add a new email account:
o Select Add account.
o Choose the type of account you want to add (e.g., Outlook, Google, etc.).
o Enter the required information (email address, password, and account
name).
o Click Sign in.

Your email account will start syncing, and you’ll be able to send and receive
emails using the Mail app.

Remember to update your account settings if needed, and adjust mailbox sync
settings as necessary.

Feel free to explore these features further, and if you have any more questions, I’m
here to assist!

5.4 network information services (NIS)and sharing file system (NFS)

Certainly! Let’s delve into the Network Information Service

(NIS) and the Network File System (NFS):
 1. Network Information Service (NIS):
o NIS provides a distributed database system for common
configuration files in a network.

o NIS servers manage copies of these database files, while NIS

clients request information from the servers instead of using their
own local copies.

o For instance, the /etc/hosts file can be managed by NIS. A few

NIS servers maintain copies of the hosts file information, and all
NIS clients query these servers for host address details instead of
checking their own local /etc/hosts file.

o Once NIS is operational, managing individual /etc/hosts files on

every machine is unnecessary. Updating the NIS servers ensures
that all machines retrieve the new configuration file information
consistently.

o NIS plays a crucial role in managing configuration information

across the network, making it consistent on all hosts.

2. Network File System (NFS):

o NFS is a distributed filesystem that allows sharing files between
separate hosts.
o An NFS server has one or more filesystems that are mounted by
NFS clients. To the clients, the remote disks appear as local disks.

o NFS filesystems are mounted using the standard

Unix mount command, and Unix utilities work seamlessly with
NFS-mounted files just like local files.

o NFS simplifies system administration by eliminating the need to

maintain multiple copies of files on various machines. All NFS
clients share a single copy of the file on the NFS server.

o Users benefit from NFS as well. Instead of logging into different

systems and transferring files between them, users can stay on
one system and access all necessary files within a consistent file tree.

In summary, NIS provides the framework for using NFS.

While NFS manages the resource users care about most—their files
—NIS ensures that hosts agree on essential configuration
information such as usernames and host addresses.

5.5 SAMBA: Linux and windows files and printer sharing

Certainly! Let’s explore Samba, a powerful tool that facilitates

seamless file and printer sharing between Linux and Windows
systems:

1. Samba for Linux and Windows File Sharing:

o Samba enables interoperability between Linux and Windows
by allowing them to communicate effectively.

o Here’s how you can access Samba shares from both Linux and
Windows clients:

For Linux Clients:

o Install the necessary Samba client packages. On the client
machine, install the samba-common and samba-client packages.

o # yum install samba-client samba-common -y

o Check if you can access the shares from the server using either
the hostname or IP address:

o # smbclient -U user -L 192.168.1.122

This command will display available shares, including printer
drivers and home directories.

o Create a directory to use as your mount point

(e.g., /mnt/myshare):

o # mkdir /mnt/myshare

o Mount the share using the following command

(replace user and 192.168.1.122 with appropriate values):
 o # mount -t cifs -o username=user //192.168.1.122/myshare
/mnt/share
o Make the mount persistent by editing /etc/fstab. You can either
provide credentials directly in /etc/fstab or create a credential
file:

o //192.168.1.122/myshare /mnt/share cifs

username=user,password=password,_netdev 0 0

OR
//192.168.1.122/myshare /mnt/share cifs
credentials=/home/user/.cred,_netdev 0 0

The _netdev option is crucial for network devices.

For Windows Clients:

o To map a drive to the Samba share, open PowerShell and issue
the following command:

o PS > NET USE M: \\centos my share

This maps the Samba share to the M: drive.

With this basic setup, you’ll be able to access file

shares from client machines in your network,
regardless of whether they run Linux or Windows
 5.6 DNS/BIND: Tracking Domain Name and Address
Certainly! Let’s delve into the Domain Name System
(DNS) and its implementation using BIND:

1. DNS (Domain Name System):

o DNS is a critical component of the internet infrastructure. It
maps domain names (such as www.example.com) to IP
addresses (such as 192.168.1.1).

o With the introduction of IPv6, IP addresses have become

complex, making it challenging for humans to work with
them directly.

o The DNS specification defines a secure, general-purpose

database that holds information about internet hosts.

o It also specifies a protocol used to exchange this information.

o DNS provides library routines that implement the protocol.

o Additionally, DNS plays a role in routing email.

2. BIND (Berkeley Internet Name Domain):

o BIND is the most widely used DNS software.

o It serves as both a nameserver (resolving domain names to
IP addresses) and a resolver (querying other nameservers).
 o Key features of BIND include:
▪ Authoritative Nameserver: Provides authoritative
answers for domain names.

▪ Caching Nameserver: Stores recently resolved

queries to speed up future requests.

▪ Forwarder: Forwards queries to other nameservers.

▪ Master/Slave Configuration: Allows redundancy
and load distribution.

o To set up BIND:

▪ Install BIND packages (e.g., bind9 on Ubuntu).

▪ Configure BIND by editing files
like /etc/bind/named.conf.options.

▪ Set up zones (e.g., forward and reverse zones) in

configuration files.

▪ Troubleshoot any issues that arise.

In summary, DNS and BIND work together to ensure efficient
domain name resolution and IP address mapping across the internet,
simplifying communication for both humans and machines
 5.7 Setting up a firewall and web server
Certainly! Let’s dive into setting up a firewall and a web server. I’ll
provide step-by-step instructions for both.

Setting Up a Firewall

1. Understanding How Firewalls Work

• On a Linux machine (such as Ubuntu), the default firewall is

called iptables.
• By default, iptables allows all connections without exceptions.
• There are three main chains in iptables:
o INPUT: For incoming connections.
o OUTPUT: For outgoing connections.
o FORWARD: Allows packets to be rerouted.

2. Creating Firewall Rules

• To allow specific connections, we append rules to each section

using the -A directive.
• Example: To allow incoming HTTP traffic (port 80):
• sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
• To allow established connections:
• sudo iptables -A INPUT -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT
3. Creating an iptables File

• Let’s create an iptables file using your favorite editor (e.g., VIM):
• sudo vim /etc/iptables.firewall.rules
• Add your rules to this file (explained below).

4. Sample Rules (Modify as Needed)

• Allow loopback (lo0) traffic:

• *filter
• # Allow all loopback (lo0) traffic
• -A INPUT -i lo -j ACCEPT
• Drop traffic to 127/8 that doesn’t use lo0:
• -A INPUT -d 127.0.0.0/8 -j REJECT
• Allow SSH (port 22):
• -A INPUT -p tcp --dport 22 -j ACCEPT
• Allow HTTP (port 80):
• -A INPUT -p tcp --dport 80 -j ACCEPT
• Allow MySQL (port 3306):
• -A INPUT -p tcp --dport 3306 -j ACCEPT
• Allow FTP (port 21):
• -A INPUT -p tcp --dport 21 -j ACCEPT

5. Save and Apply Rules

 • Save the iptables rules:
• sudo iptables-save > /etc/iptables.firewall.rules
• Create a startup file to load these rules on boot:
• sudo vim /etc/network/if-pre-up.d/firewall
• Add the following content and save:
• #!/bin/sh
• /sbin/iptables-restore < /etc/iptables.firewall.rules
• Make the startup file executable:
• sudo chmod +x /etc/network/if-pre-up.d/firewall

Setting Up a Web Server

• To set up a web server, you can use popular software

like Apache, Nginx, or Lighttpd.
• Install your chosen web server software, configure virtual hosts,
and upload your website files.
• Ensure your firewall rules allow incoming HTTP traffic (port 80)
for the web server.

Remember to adapt these instructions to your specific environment and

requirements. Stay secure and enjoy hosting your applications
 What is Firewall?
• A firewall is a network security device, either hardware or software-based,
which monitors all incoming and outgoing traffic and based on a defined set
of security rules accepts, rejects, or drops that specific traffic.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply
• A firewall is a type of network security device that filters incoming and
outgoing network traffic with security policies that have previously been set
up inside an organization.
• A firewall is essentially the wall that separates a private internal network from
the open Internet at its very basic level.
Cont …
 Need For Firewall
• Before Firewalls, network security was performed by Access Control
Lists (ACLs) residing on routers.
• ACLs are rules that determine whether network access should be granted
or denied to specific IP address. But ACLs cannot determine the nature of
the packet it is blocking. Also, ACL alone does not have the capacity to keep
threats out of the network. Hence, the Firewall was introduced.
• Connectivity to the Internet is no longer optional for organizations.
However, accessing the Internet provides benefits to the organization; it
also enables the outside world to interact with the internal network of the
organization. This creates a threat to the organization. In order to secure
the internal network from unauthorized traffic, we need a Firewall.
 Working of Firewall
• Firewall match the network traffic against the rule set defined in
its table. Once the rule is matched, associate action is applied to
the network traffic. For example, Rules are defined as any
employee from Human Resources department cannot access the
data from code server and at the same time another rule is
defined like system administrator can access the data from both
Human Resource and technical department. Rules can be defined
on the firewall based on the necessity and security policies of the
organization. From the perspective of a server, network traffic
can be either outgoing or incoming.
Types of Network Firewall
Generally we can categorized in to 3
1. Host based Firewall
Protect a single host
2. Third party Firewall
On Antivirus
3. Network based Firewall
• It secured whole network based on Access control list/policy you NW
Admin Set.
• Configure on Router
• The integration of SW and HW
• Clouding Services
 Types of Network Firewall
• Network Firewalls are the devices that are used to prevent private
networks from unauthorized access. A Firewall is a security solution for
the computers or devices that are connected to a network, they can be
either in the form of hardware as well as in form of software. It
monitors and controls the incoming and outgoing traffic (the amount of
data moving across a computer network at any given time ).
• The major purpose of the network firewall is to protect an inner
network by separating it from the outer network. An inner Network can
be simply called a network created inside an organization and a network
that is not in the range of an inner network can be considered an Outer
Network.
 Packet Filters

• It is a technique used to control

network access by monitoring
outgoing and incoming packets
and allowing them to pass or
halt based on the source and
destination Internet Protocol (IP)
addresses, protocols, and
ports. This firewall is also
known as a static firewall.
 Stateful Inspection Firewalls
• It is also a type of packet filtering that
is used to control how data packets
move through a firewall.
• It is also called dynamic packet
filtering.
• These firewalls can inspect that if the
packet belongs to a particular session
or not.
• It only permits communication if and
only if, the session is perfectly
established between two endpoints
else it will block the communication.
Application Layer Firewalls

• These firewalls can examine application layer (of OSI

model) information like an HTTP request. If finds
some suspicious application that can be responsible
for harming our network or that is not safe for our
network then it gets blocked right away.
 Next-generation Firewalls
• These firewalls are called
intelligent firewalls. These
firewalls can perform all the
tasks that are performed by the
other types of firewalls that we
learned previously but on top of
that, it includes additional
features like application
awareness and control,
integrated intrusion prevention,
and cloud-
delivered threat intelligence.
 Circuit-level Gateways
• A circuit-level gateway is a firewall
that provides User Datagram
Protocol (UDP) and Transmission
Control Protocol (TCP) connection
security and works between an Open
Systems Interconnection (OSI)
network model’s transport and
application layers such as the session
layer.
Software Firewall Hardware Firewall
• The software firewall is a type of • A hardware firewall is a physical appliance
computer software that runs on our that is deployed to enforce a network
computers. It protects our system
from any external attacks such as boundary. All network links crossing this
unauthorized access, malicious boundary pass-through this firewall,
attacks, etc. by notifying us about which enables it to perform an inspection
the danger that can occur if we of both inbound and outbound network
open a particular mail or if we try to traffic and enforce access controls and
open a website that is not secure. other security policies.
• A software firewall is a special type • It is a physical piece of equipment
of computer software that runs on
a computer/server. Its main planned to perform firewall duties. A
purpose is to protect your hardware firewall can be a computer or a
computer/server from outside dedicated piece of equipment which
attempts to control or gain access serve as a firewall. Hardware firewall are
depending on your choice of a incorporated into the router that is
software firewall. situated between the computer and the
internet gateway.
Cloud Firewall

• These are software-based, cloud-deployed network devices. This

cloud-based firewall protects a private network from any unwanted
access. Unlike traditional firewalls, a cloud firewall filters data at the
cloud level.
 what is BIND (Berkeley Internet Name
Domain)
• DNS used to translate Host Name/resolve into IP addresses and the ip
address in to hostname
• BIND is open source software that enables you to publish your
Domain Name System (DNS) information on the Internet, and to
resolve DNS queries for your users.
• The name BIND stands for “Berkeley Internet Name Domain”.
Unix And Linux