chapter two clients and servers: who’s the boss?
TRANSCRIPT
Objectives
• To determine the differences between a client and a server
• To examine peer-to-peer networks and client/server networks
• To receive a basic introduction to network operating systems (NOS)
• To examine the role of the network client
• To see the difference between networking models
Peer-to-Peer (P2P) Networks
• Each device is a client and each device is a server.
• Network security is an oxymoron.
Client Server Networks
• A dedicated server maintains a security database.
• Each user who logs onto the network is assigned permissions and privileges, based on their credentials.
Permissions
• Determines what access rights a user has to specific network resources– Resources can include files and/or access to
devices.
Privileges
• Determines what actions a user is permitted to perform on a workstation or on the network– Can include issues such as creating user
accounts, shutting down the server, and so forth
Administrative Accounts
• An account that allows full power on the network
• Name of account varies with NOS– Microsoft = Administrator– Novell = Supervisor– Unix = Super User
• In a secure environment– These accounts should be disabled and new accounts
with full permissions created.
Linux
• Open source
• While companies can charge for distribution packages, the OS must always be available for free
• Supports everything from desktop systems to multi-processor servers right out of the box
Microsoft
• NT– Started with 3.51 and ended with 4.0– Server, Enterprise Edition, and Terminal Server
• Windows 2000– Server– Advanced Server– Data Center
• Windows 2003
Novell
• Versions prior to 5.0 used IPX/SPX as default protocol
• Heavily dependent on broadcast messages for advertising services
• Uses Directory Services to manage network resources
Unix
• One of the most robust NOS that money can buy
• Comes in a variety of packages customized by different manufacturers
• Supports 16 processors out of the box with a custom version that supports up to 64
• Provided the base code for Linux
Network Clients
• Acts as the redirector
• Provides network access to the applications running on the system
• Must be specific to both the host OS and the NOS
Workgroup
• The most basic network model
• A group of networked devices that share common resources and responsibilities
• Used in peer-to-peer networks
• Can also be set up within domains
Domain
• A favorite of Microsoft NOS
• All devices or resources on a network that fall under a single administrative umbrella
• Can be geographically scattered, administered from a single location
Domains in NT
• Two or more domains can be linked by trusts.• Trusts are always one-way.
– For a two-way trust, you must set up two distinct one-way trusts in each direction.
• NT trusts are non-transitive.– If you set up a trust between A and B, and another
between B and C, A will NOT automatically trust C.• Primary domain controllers house the master database
and periodically copy it to backup domain controllers.
Trusts in WIN2K and Higher
• Trusts are still one-way.
• Now trusts are transitive.– If you set up a trust between A and B, and
another between B and C, A WILL automatically trust C.
• A domain controller is a domain controller is a domain controller.
Understanding Trusts
• The “trusted” domain holds the security database.
• The “trusting” domain is requesting access or authentication.
• A user logs on to the trusting domain, which forwards the authentication request to the trusted domain.
• Pass-through authentication is the process of sending authentication requests to another domain.
The Single Domain
• This is the simplest form.
• One security database controls all resources, including user authentication and resource access.
Single Master Domain
• One domain handles user authentication.– May include multiple BDUs in NT
• One or more resource domains control access to network resources.
• It allows for tighter security than the single domain.
Multiple Master
• Two or more domains manage user authentication and allow pass-through authentication with those they trust.
• Other domains may or may not manage resources.
• This is excellent for very large or complex networks.
Complete Trust
• Every domain on the network trusts every other domain on the network.
• This is generally considered a very bad idea.
• It usually occurs either through accident or mismanagement.
Directory Services
• Based on the Lightweight Directory Access Protocol (LDAP)
• All network resources arranged in a tree structure, similar to the hierarchy used on a hard disk
The Directory Services Structure
• Starts with the root (country or top-level domain)• Organizations beneath the root (Delmar, IBM, Dell,
etc.)• Organizational units or container objects beneath the
organization• Leaf objects
– Specific entities• Distinguished name
– The entire path to an object