2.5 Summarize and explain server roles Flashcards
Summarize NTP
NTP (Network Time Protocol) is designed to resolve issues regarding the system time of server and client systems. Having an accurate system time is important for several reasons.
The purpose of NTP is to ensure accurate system times. A system is configured as an NTP client, which will set the system time based on data received from one or more NTP servers. Typically three or more NTP servers are used to best ensure the most accurate time.
Summarize SSH
SSH (Secure Shell) is a service that allows for secure communication between hosts. The securing features include symmetrical encryption, asymmetrical encryption, and hashing. SSH is used for the following:
As a secure replacement for telnet and other insecure remote-connection services (such as rlogin). On the client side, the ssh command is used for this feature.
As a secure replacement for file transfer methods such as ftp and rcp. On the client side, the sftp command is used to replace ftp, and the scp command is used to replace rcp.
As a secure replacement for remote execution methods such as rsh. On the client side, the command is used for this feature.
Web
The Web (also called the “World Wide Web”) is a component of the Internet that is accessible via web browsers. The term is often used interchangeably with the Internet, but the Internet refers to all the systems connected globally, including servers that provide other features, such as database access and mail services.
CERTIFICATE AUTHORITY
One of the problems with IT security revolves around the concept of trust. For example, suppose you want to connect to your bank online and you type the bank’s URL in a browser. Your browser gets a response from a remote server, but how can you ensure that remote server is actually your bank and not a server that hijacked your connection attempt?
The solution to this is digital certifications. When the browser connects to the server, the server issues a signature that is tied to a digital certificate. A third-party organization called a Certificate Authority (CA) is consulted by the web browser to verify the signature. The trust is built between the client system and the server by using the CA for verification.
NAME SERVER
While users prefer to use hostnames or URL addresses to access other systems, the systems themselves use IP addresses. So when you perform a command like ping www.google.com, it needs to be converted into an IP address before the ping request can be sent.
Because there are millions of systems on the Internet, keeping track of all the hostnames and IP addresses can be a daunting task. The Domain Name Service (DNS) protocol provides the solution. DNS uses a series of name servers to perform the hostname-to-IP-address conversion. Name servers are responsible for knowing a subset of hostnames and their corresponding IP addresses, making the task of updating and maintaining these translations easier because the process is distributed over thousands of different systems
DHCP
Your own system needs networking information that is specific to the network on which you are located. This includes information like the IP address, the gateway IP address, the name server, and the netmask (network mask). These pieces of network information can be assigned manually, which is fine for servers that don’t move between networks, but not easy for mobile devices that move from one network to another.
A Dynamic Host Configuration Protocol (DHCP) server provides client systems with this network information automatically. When a client is configured as a DHCP server, it sends a request for DHCP servers to provide this network information. Once this data is received, the client automatically configures itself, allowing the system to communicate on the network.
FILE SERVERS
A file server is a system that shares files. Several different file servers are commonly used on Linux systems:
FTP server: While FTP servers provide little security (they don’t encrypt network data), they are still widely used in certain situations. For example, you may want to publicly share files on the Internet. An FTP server that uses an anonymous user account (one that doesn’t require a password to authenticate) would be a good solution as long as the FTP server has been configured not to permit uploading of files. In terms of accessing an FTP server, an individual user would need to initiate the access via an FTP client program.
SFTP server: SSH (see “SSH” in this chapter) can be used to provide FTP-like access, but in a secured manner. This type of file sharing requires user authentication and secures data transport. In terms of accessing an SFTP server, an individual user would need to initiate the access via an SSH client program.
Samba: Samba is a service that can share both files and printers. It is designed to share files in a manner that allows Microsoft Windows clients the ability to access the shares. It can also be integrated with a Microsoft Server domain. This makes Samba a good solution in an environment that has a mix of operating systems. In terms of accessing an FTP server, an individual user could initiate the access via a Samba client program, but an administrator can also configure access via a mount point (a directory available in the filesystem).
NFS: NFS (Network File System) is primarily designed to share files between Linux or Unix systems (aka, nix systems). There are some non-nix client programs available, but these are not commonly used. NFS lacks a lot of the modern security features found in other file servers, but given that it is normally used only on a LAN, these security issues are not as big of a concern. Unlike with FTP or SFTP, users don’t initiate access to an NFS server. An administrator would mount an NFS share, making the share available via the filesystem structure on the client system.
AUTHENTICATION SERVER
An authentication server is a system that is used to authenticate user accounts on client systems. Several different authentication servers are available on Linux systems:
RADIUS: There are several different options for RADIUS (Remote Authentication Dial-In User Service) servers, including GNU Radius, FreeRADIUS, OpenRADIUS, and BSDRadius. Each has a common collection of features but offers some different features as well. All RADIUS servers are designed to provide centralized AAA (Authentication, Authorization, and Accounting) services. RADIUS servers can be used for a variety of authentication operations, as they are not just limited to Linux.
IPA: Identity, Policy, and Audit (IPA) is a combination of several different technologies that provide the functionality of an authentication server. Several different IPA options are available, but normally the following features are included:
Lightweight Director Access Protocol (LDAP): This provides a means to store and retrieve account data.
Kerberos: A service that provides central authorization of user accounts.
NTP: See “NTP” in this chapter.
DNS: See “Name Server” in this chapter.
CA: See “Certificate Authority” in this chapter.
PROXY
A proxy server acts as a “go between” amid two systems. For example, if you connect to a web server via a web browser, you could use a proxy server to handle the connection to the web server. There are several reasons why a proxy server provides an advantage:
Proxy servers can monitor network traffic and filter based on the content of the traffic.
Proxy servers can bypass filters by appearing to be originating from a different system or network.
Proxy servers can log network traffic and access to remote systems.
Proxy servers can improve performance by caching static data, either on the client or the server side.
Proxy servers can provide security features, making the connection more secure.
Proxy servers can even translate data from one form to another. For example, they could be used to translate data from one language to another.
The most common proxy server on Linux is Squid, but there are also others that perform specific tasks.
LOGGING
Logging is the process of taking reports from services and storing the data into files or databases for future retrieval. One common logging service is called Syslog (the service itself runs as the syslogd process). This service stores its log files in the /var/log directory, normally in plain-text files that can be viewed directly. Most modern Linux systems use a newer variation of syslogd called rsyslogd, a service that is similar to syslogd but has more configuration features.
Another logging method often used in conjunction with rsyslogd is called journald. The journald service is a component of systemd, a feature that is used to manage processes during the boot procedure. While journald also stores log files in the /var/log directory, the data is stored in a binary format and displayed via the journalctl command.
CONTAINERS
You may be familiar with the concept of virtual machines already. Containers share some of the features of virtual machines, but also have some key differences.
A virtual machine (VM) is an operating system (OS) that runs within another OS. The VM is provided virtual components, like CPU and RAM, via an application called a hypervisor. More details on VMs are provided in Chapter 5, “Compare and contrast cloud and virtualization concepts and technologies.”
A container is like a lightweight VM. It often acts like a separate system; for example, containers often have their own networking configuration, like IP addresses. However, a container doesn’t require all of the components that a VM requires, like a separate virtual CPU, dedicated RAM, or dedicated hard disk space. As a result, your system might be able to support hundreds of containers, whereas it could only support a handful of concurrently running VMs.
One of the most popular container-based software programs is called docker. With docker, you can create and execute containers on Linux-based systems.
VPN
Virtual Private Network (VPN) is a service that allows for a virtual network over a public network. Thus, data can be shared across public networks in a secure manner. There is a large number of VPN software available for Linux.
MONITORING
Monitoring is a generic term used to describe actively watching activity on your system. A large number of monitoring tools is available for Linux; some of these tools monitor process activity (the top command, for example), network activity (wireshark, tcpdump, and so on), system activity (Nagios, Cacti, and so on) and user activity (psacct, who, w, lsof, and so on). Monitoring is a huge topic by itself, but for the exam just be aware of what monitoring is, not the vast number of details and utilities that support it.
DATABASE
A database is a system used to store and return data upon request. This is another of those topics in Linux where a lot of options are available.
In a sense, most of the files stored in the /etc directory structure are simple databases (for example, the /etc/passwd file). However, most definitions of databases include the need for some database management system to provide controlled access to the data held within the database. You could argue that tools are used to manage the data in the file in /etc directly (such as the useradd command modifies the /etc/passwd file); however, calling these tools “database management systems” is a bit of a stretch.
Most people consider more robust software programs to be database management systems. This includes programs such as Oracle, MySQL, PostgreSQL, Apache Derby, and Firebird.
PRINT SERVER
A print server manages print jobs (requests to send data to a printer). The most common print server for Linux is Common Unix Print Service (CUPS). CUPS can be configured to send print jobs to a print queue. When a printer is available, CUPS will send the print job from the queue to the printer.
CUPS also allows for the cancelling of print jobs, print job priority, and the ability to connect to other print servers (like those shared via Samba or from Microsoft Windows print servers).