DEV Community: sylvia

WEB375 Week 6

sylvia — Sun, 13 Oct 2019 00:27:08 +0000

This week we learn how to set up a MySQL Database Server, including the database management systems (DBMS) architecture. These technologies are not directly visible to the client, but without databases and programming languages, websites would be very limited/static. Databases provide organized ways to store and manage information.

The following are the clients of a DBMS:

The database administrator needs to access the database to perform maintenance and should have access from the local machine and LAN. Although it is possible to provide access from outside the company's LAN, this may create security issues.
The web server must access the database to construct dynamic web pages when responding to requests from its own web clients. Developers for the website must access the database while developing and maintaining the web applications, but this is often done through the web server.

S set up a basic MySQL server by logging in as admin and stopping all firewalls. I made sure the MySQL packages were installed and checked for errors. Secured the installation by changing the root password, removing anonymous users and disabled remote login. I connected into mariadb. Created a new database table with employees and wages.

WEB375 Week 5

sylvia — Sun, 13 Oct 2019 00:22:59 +0000

Understanding and configuring web servers

Web servers are responsible for sending the content you view every day on the Internet. An organization's web server is the backbone of the company's Internet presence. Apache is by far the most popular web server on the Internet and is included with all major Linux distributions and macOS.

How I configured the Apache web server on a Linux system.

Checked to see if Apache was installed. You can install using dnf install -y httpd
Set up the name of the web server to match the name of the computer using vi /etc/httpd/conf/httpd.conf
Changed the name at about line 95
Deleted the hashtag from the beginning of the line to uncomment and replaced the www.example.com:80 with 192.168.0.2
Replaced the localhost with the IP address
Saved the file and started the Apache server and then checked the status
Setup a rule for iptables to allow HTTP traffic to our server and then saved the rule
Tested for installation using links to display web pageson both systems
Once on the web server, created a web page and saved it. In the file entered "APACHE IS COOL!!!" and sent the message
Logged in to different client to display the message

WEB375 Week 4

sylvia — Sun, 13 Oct 2019 00:22:12 +0000

FTP Servers and Service-Level Agreements

FTP (File Transfer Protocol) is the most common method of uploading files to a server. A wide array of FTP servers, such as vsftpd, and clients exist for every platform.

This week I configured a secure FTP server and used it for both sftp and ftp. Started by first checking if it was installed and then edited the file to configure it. Once it was configured, I started the vsftpd service and enabled it to launch during boot.

Had a few complications with user permissions. Started from the beginning and everything went smoothly.

WEB375 Week 3

sylvia — Sun, 13 Oct 2019 00:20:54 +0000

Week 3 Lab Overview:
Set up a sendmail server on the Linux system. I also sent a message to my own username and made sure that the mail was sent correctly.

Lecture Overview
Electronic mail has become an integral part of our daily lives. The architecture behind electronic mail is similar to the postal system. Email is address similar with to and from addresses and is dropped off at an outgoing mail server. Mail is then transferred from one server to another server. This week, we will set up our own post office to accept e-mail address and transfer them to other post offices to deliver them to a local user's mailbox. Two commonly used e-mail server apps on Linux are Sendmail and Postfix. Both of these server applications are actually comprised of smaller programs that each perform specific tasks. We will also look at many different protocols and approaches to set up an e-mail architecture, with separate incoming and outgoing mail servers and clients that are applications themselves or web-based clients.

The following are two types of e-mail servers:

Outgoing Mail Server: Using the simple mail transfer protocol (SMTP), this server type receives e-mail messages from an e-mail client application or another server. This server forwards the message to the server of the recipient's domain or, if the recipient is part of the same domain, forwards it to the incoming mail server for the domain. The outgoing mail server is referred to as the mail transfer agent (MTA). Two common outgoing mail servers for Linux are Sendmail and Postfix.
Incoming Mail Server: The incoming mail server receives e-mail from the local outgoing mail server and stores it in a local directory the user can access when his or her mail client connects to this server. When a client connects to an incoming mail server, either the post office protocol version 3 (POP3) or Internet message access protocol (IMAP) is used. The incoming mail server is referred to as the mail delivery agent (MDA). If a system is using Sendmail as the outgoing mail server, the MDA is the program procmail.

SMTP - protocol. To send e-mail

MUA - e-mail client application i.e. Thunderbird

MDA - Connect to this server to receive mail

MIME is the format used to send attachments with mail

IMAP is the protocol mail clients use to synchronize their mail with the server.

MTA is another way to refer to the outgoing mail server.

POP3 is the protocol used by clients to move a copy of a. mail message to their computers.

WEB375 Week 2

sylvia — Sun, 13 Oct 2019 00:18:47 +0000

This week we applied security measures for a Fedora server IP firewall by configuring stringent permit and deny rule sets. I appended the INPUT, OUTPUT, and FORWARD chains to permit HTTP, ICMP ping, and SSH access and to deny all other access.

First, I checked to see if iptables was installed, install if no. Then I used iptables with -L switch to list the current host-based firewall rules. The system returned a list of the existing chains indicating that there were no firewall rules set for any of them. I proceeded with the -F switch which flushed all rule chains and began with an empty rule chain to add my own.

Rules I applied:
INPUT to allow HTTP (web) access
INPUT to allow secure shell (SSH) connections
INPUT to allow ICMP pings
INPUT to deny all other traffic from the INPUT chain

Lecture

One common activity that improves any server's security is installing software updates. This ensures that any application running on the server has the latest bug fixes and patches. One of the most common ways to protect a network or server is to filter incoming and outgoing traffic through a firewall. A firewall can be a physical device, such as your home's cable modern, or it can be an application running on a computer, such as iptables on a Linux computer. The network administrator establishes a set of rules for the firewall to enforce. Network traffic can be filtered based on the packer's IP address or pot, or on the application. i.e. if you have a web server running on your computer or LAN, incoming traffic to port 80 would be permitted. If that was the only server running, you would block or deny any other traffic coming into your network.

A single firewall configuration is most likely how the home network is set up. A single firewall is seldom used in organizations that run their own servers because all server traffic must enter the LAN. If a service is compromised behind the firewall, the malicious hacker may have access to all the computers on the organization's LAN.

A single host is an alternative for an organization. A single host may be placed outside the firewall. In this configuration, the single host must run its own software firewall, such as iptables. The firewall protecting the private LAN can now be more restrictive because there are no public services provided on the LAN. This provides higher security for the organization's information on the LAN.

Another alternative configuration that protects the LAN uses a single firewall device that has three network connections. This is called a three-legged firewall. All network traffic for the LAN and the servers pass through the firewall. The firewall routes and applies one set of filter rules to traffic going to the servers. It routes LAN traffic to the LAN and can apply a different set of rules to that traffic.

Another configuration that separates the serves from the Lan is the dual-firewall demilitarized zone (DMZ) configuration. This configuration has all traffic for the organization pass through the outer firewall. Traffic for the servers is allowed through, as well as any traffic destined for users on the LAN so the rules for this firewall area combination of the allow or permit rules for both the servers and the LAN. The inner firewall has a more restrictive set of rules to protect traffic on the LAN.

WEB375 Week 1

sylvia — Sun, 13 Oct 2019 00:18:01 +0000

Week 1

This week I learned about client-server architecture, single and bastion host configurations, host workstations, and Linux commands.

Web Architecture

Server = remote computer application which finds data that has been requested or performs a service

Client Application = local device that displays the data

Both of these make client-server architecture

Example of client - server are web pages and sending e-mail messages.

Web page uses web browsers are client applications (firefox,chrome, safari, i.e.)

Web client on local device (PC) requests web page from remote server using uniform resource locator or URL.

URL contains two parts:
location of server that contains the data
name of the file with the data

Server can use scripting languages like : PHP or Ruby
These files will have instructions on how to find and create data.

Web server applications like Apache, Nginx, Microsoft IIS accept request for data and retrieves the files or data, formats them according to a set of rules (like HTML) and sends it back to the user.

The client (web page / email) will display information according to rules used to format it.

Email can use Outlook, Entourage, Apple Mail, or web browser for client.
Common server apps are SendMail and Exchange

Other common types of server applications are
File or FTP servers that permit the transfer of files from one computer to another
DHCP servers that distribute IP addresses for computer and other Internet-connected devices on the local area network (LAN)
Database servers like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server which usually communicate with a web server on the same machine or Local area network (LAN)

A remote computer that provides a service such as a web server is said to host the service. If the organization wants to provide a number of different services to Internet users, there are several ways to design the Local network to provide those services.

The design of your network and the manner in which you configure your servers is the web architecture of your organization.

Two common architectures for web services are
SINGLE HOST
BASTION HOST

Single host: single computer that hosts all server apps the organization manages. This is a low cost solution because only one computer is needed for all services.
The network and server config is simpler. A con is that if the single computer has issues such as hardware fault, all services are unavailable. If a hacker were to gain access to the single host, he would have access to all severs and data on that host.

Bastion Host: Runs only a single service. It may be a web server, an e-mail server, or some other type of server. When a bastion host has a failure or is attacked, only the serve running on that server is affected. This has the potential to increase the reliability and security of an organization's web architecture, but it complicates management of the system. A web architecture comprised of bastion hosts must ensure that network traffic runs smoothly between the hosts and that files and services on one host are available to other hosts that may need them.
For example, the web server must access the database server to retrieve information on a product that was requested by the client. With a bastion host web architecture, there could be several additional machines to administer, update software, and manage users. Some organizations may not have the manpower or experience to reliably manage this type of system.

Web and Other Services

Each service that we provide in our web architecture has a special language and a set of rules, called a protocol, that it uses to communicate with a client.

Several services have more than one protocol that can be used, but it is important that both the server and any clients use the same protocol. For example, if an email client is using POP3 to access an e-mail server that is running only the IMAP protocol, the client will not be able to connect to the server, even if the username, password and URL are correct. Several protocols offer a secure version. For web servers, HTTPS is the secure version of HTTP, and SFTP is the secure version of the file sharing protocol FTP.

It is possible for a server application and a client application to both support several protocols. The protocol used to receive and send files can be determined by the user or the server. Then the client can negotiate a protocol that will provide the best performance and most reliable, secure connection for the server the user requested.

In addition to those in the table above, there are many other types of services, such as database services, that a host workstation can provide.

Server Management

The primary purpose of a host workstation is to provide service, and with provided service must come service management. You can manage a server by using a keyboard and a mouse that are directly connection to the host computer, but it is more common to manage a server remotely.
The advantages of this is having a server in a special room that is carefully climate controlled. From a security point of view, this allows the organization to separate employees who need physical access to the server room where all servers are maintained from employees who need access to a specific host to manage the services on it.

There are two primary ways to remotely manage a Linux server:
SSH
VNC

Both of these need to have an additional service available on the host for the administrator to have remote access.

The SSH service is provided by default on Linux hosts and gives the administrator remote command-line access through a traditional Linux shell or terminal window.

Virtual Network Computer(VNC) provides access to the graphical user interface (GUI) running on the Linux workstation. A VNC server application must be running on the host for the administrator to remotely access it on a VNC client application. Once connected, the administrator can use the host GUI as if working directly in front of the physical machine.

In a professional environment, Linux hosts seldom provide a GUI interface, so you will normally use SSH to manage servers. As mentioned earlier, bastion hosts are more secure than single hosts because they have fewer services that can be vulnerable to attach. This is also the reason that Linux hosts do not run GUI interfaces. A Linux host with a GUI interface has all of the command-line tools installed, but additional GUI applications are provided so that administrators can manage the system using windows and mouse clicks. Each of these additional applications and the libraries they use may have vulnerabilities that can be exploited, this weakening your system's security.

Linux as a Web Server Platform

The kernel, or core, of the Linux operating system was developed by Linus Torvalds in the early 1990s from his experience with the GNU and Minix operation systems. Both systems are based on Unix, which was developed at Bell Labs in the 1970s. By making the source code for Linux open source and freely available, Torvalds allowed many other developers to refine the kernel and extend its capabilities. Over more than 20 years, Linux has grown into a robust operating system that provides the backend power for many of the websites and services provided on the Internet.

Because Linux is open source, many organizations and individuals have made slight modifications to kernel or applications so that these better meet the needs of the organization. The result is the availability of hundreds of distributions, or flavors, of Linux. Often, applications can easily be moved from one distribution to another with no problem. When working with servers, it is important to understand that default configurations provided from one distribution to another can vary. Default configurations can also vary from version to version within a distribution. As an administrator, it is important to understand the significance of the many parameters that can be found in a service's configuration file so that you are not dependent on a specific distribution.

There are three main Linux distribution trees. The distributions in each tree are similar to one another and often share similar configuration details and GUI applications. The table below lists the three main family trees of Linux distributions.

There are many operations systems based on Linux that do not fall under one of these trees, such as GenToo and Android.