Title: VCE IT Theory Slideshows
1VCE IT Theory Slideshows
Web serversand related hardware and software
- By Mark Kelly
- mark_at_vceit.com
- Vceit.com
2Contents
- Operating systems
- Web server software
- Protocols
- Security
- Proxy servers
3Operating systems
- Choices
- Windows
- Linux, Unix, FreeBSD
4Windows OS
- Smoothly integrates with MS apps like Access, MS
SQL, Frontpage - Less stable under heavy web traffic
- Can be more vulnerable to viruses, hackers
- Good if you run ASP
5nix
- Stable, even under heavy web traffic load
- Can run Frontpage extensions if you use Frontpage
to develop the site - Cheaper than Windows
- Preferred if using PHP and MySQL
6Web server software
- Handles the processing of HTTP protocol web page
requests - Delivers web pages to visitors
- Hosts application software e.g. wiki, blog,
forum, CMS, databases.
7Web server software
- Choices
- Apache the most popular. Free. Open source.
Runs under Windows, Mac OS X or nix. - Microsoft IIS (only runs under Windows)
- Dozens of other small and large, free
proprietary packages
8From Wikipedia
Vendor Product Web Sites Hosted Percent
Apache Apache 148,085,963 59.36
Microsoft IIS 56,637,980 22.70
9Not just for websites
- Can even be embedded in devices e.g. routers,
printers, NAS devices to act as control panels - E.g. to control your home router, do you go to
10.1.1.1 or 192.168.1.1? - If so, the device has a little web server
embedded in it! - No software except a browser needed on client PCs
to administer the device.
10(No Transcript)
11Web server functionality
- Decode requests for webpages
- Map a URL (uniform resource locator) to either
- a static HTML file in the local file system
- Software to handle the request for dynamic
content (e.g. PHP, ASP, SSI, CGI) - E.g. http//www.example.com/path/file.html is
mapped to //server2//home/www/path/file.html - Deliver webpages to clients
12Functionality
- Virtual hosting many websites can be served
from a single server with a single IP address - Bandwidth control to limit upload speeds to
prevent clients hogging bandwidth, and share
bandwidth with many clients - Server-side scripting to generate dynamic
websites without interfering with the web server
software
13(No Transcript)
14Web Server Protocols
- TCP/IP, of course to get files between browsers
and the web server - Web servers must run HTTP
- File transfer FTP to upload pages to the web
server
15Web Server Protocols
- May also need mail SMTP Simple Mail Transfer
Protocol) to send/receive mail. - Client mail apps use SMTP to send mail, and POP
or IMAP to download mail from a server. - SSL (Secure Socket Layer) or the newer TLS
(Transport Layer Security) to encrypt outgoing
web traffic and decrypt incoming data.
16Other Web Server Protocols
- telnet protocol to remotely control a server
- NNTP - to send Usenet news posts
- RIP a dynamic routing protocol
- NTP network time protocol, to synchronise
clocks of computers and servers - RTP - Real-time Transport Protocol, delivers
audio video, and is foundation for VoIP
17Web Server Security
- Protecting yourself The moment you install a Web
server at your site, you've opened a window into
your local network that the entire Internet can
peer through. - Protecting the site Unauthorised access can lead
to damaged or stolen data
18Create a written Security Policy
- Lays down your organisation's policies about
- who is allowed to use the system
- when they are allowed to use it
- what they are allowed to do (different groups may
be granted different levels of access) - procedures for granting access to the system
- procedures for revoking access (e.g. when an
employee leaves) - what is acceptable use of the system
- remote and local login methods
- system monitoring procedures
- protocols for responding to suspected security
breaches
19Benefits of a security policy
- You will understand what is and is not permitted
on the system. If you don't have a clear picture
of what is permitted, you can never be sure when
a violation has occurred. - Others in your organisation will understand what
is allowed. People cant claim ignorance of the
rules when they misbehave. - A written policy raises the level of security
consciousness. - The security policy serves as a requirements
document to guide later equipment purchases, rule
changes etc. (Thanks to w3.org)
20Web server security
- Put the server in a secure location (e.g. data
centre) - Environmental control, flood fire prevention
- Uninterruptible power supply, including backup
generators - Backup servers redundant data feeds
- Effective firewall
- Secured operating system, with patches up to date
21Security
- Dont do application testing on working servers
bad software can make systems vulnerable to
attack or crashing. - Monitor and audit the server regularly, looking
for suspicious activity in the logs. - Disable idle accounts
22Web server security
- Disable unnecessary services e.g. remote access.
- Secure remote access with encryption and strong
passwords, limit user privileges, use single-use
sign-ons. - Tight control over administrator passwords and
permissions - Disable unnecessary anonymous access (e.g. FTP
without needing a login)
23Web server security
- Dont store sensitive corporate or financial data
on web servers.
24Proxy servers
- Proxy server is hardware or software that sits
between a web server and its users - E.g. at an ISP, in large LANs
- Stores recent downloads
- Filters new download requests
- If a user requests content thats stored in the
proxy, a caching proxy delivers a copy from its
store
25Proxy advantages
- Faster access to resources the original data
does not have to be downloaded again from the
source. - Cheaper on bandwidth.
- Gives control over local internet usage
26Proxy power
- Proxy servers can also be used to
- Keep machines behind it anonymous (for
security). - Block undesired sites
- Filter out undesired content.
- To log / audit usage, i.e. record who downloads
what via user authentication and access logs. - Rewrite requests (e.g. if the named server is
overloaded it can use an idle server instead)
27Proxy power
- To bypass security/ parental controls using an
open proxy. - To scan content for malware before delivery.
- To scan outbound content, e.g. to detect and
prevent the leaking of sensitive data. - To circumvent regional restrictions.
28Proxy Problems
- Since all data flow goes through a proxy,
operators can eavesdrop on the data-flow between
client machines and the web including passwords
and account numbers. - Is vital that passwords to online services (e.g.
webmail and banking) should always be exchanged
using SSL or TLS.
29Resources
- wikipedia.org/wiki/Web_server
- w3.org
- www.ibm.com/developerworks/linux/library/s-wssec.h
tml - www.acunetix.com/websitesecurity/webserver-securit
y.htm
30VCE IT THEORY SLIDESHOWS
- By Mark Kelly
- mark_at_vceit.com
- vceit.com
These slideshows may be freely used, modified or
distributed by teachers and students anywhere on
the planet (but not elsewhere). They may NOT be
sold. They must NOT be redistributed if you
modify them.