Chapter 5: Installation of Application Server and Management

This chapter aims to provide an in-depth understanding of the installation and configuration of
essential application servers, as well as the management of network services on those servers.
The content focuses on configuring core services such as DHCP, DNS, and Telnet, and explores
how they differ from network services provided by other Network Operating Systems (NOS).
Furthermore, it covers the secure setup of OpenSSH, a critical protocol for encrypted
communication over networks.

5.1 DHCP, DNS, Telnet Server: Comparison with Other NOS Setup of
Corresponding Network Services

The chapter begins by discussing three vital network services: DHCP (Dynamic Host
Configuration Protocol), DNS (Domain Name System), and Telnet. These services are
essential for network configuration, management, and communication.

DHCP (Dynamic Host Configuration Protocol)

DHCP is used to automatically assign IP addresses and network configuration parameters to

devices within a network. The server manages a pool of IP addresses and assigns them
dynamically to client machines as they connect to the network, which simplifies network
management by eliminating the need for manual IP address configuration.

Key Topics:

 Functionality: DHCP operates based on a client-server model where the client sends a
request for network parameters, and the DHCP server responds with an IP address and
additional network configuration.
 Server Configuration: The configuration of a DHCP server involves setting up a range
of IP addresses, lease durations, and additional parameters like subnet masks, gateways,
and DNS servers.
 Comparison with Other NOS: In contrast, other Network Operating Systems (such as
Windows Server) might use DHCP as a part of their integrated management tools, where

Page 1 of 17
 it often ties in with Active Directory for network-wide management of clients and
devices. In Linux-based systems, DHCP is commonly configured using isc-dhcp-server
or dnsmasq, which provide flexible configuration options but may require additional
knowledge of configuration files.

DNS (Domain Name System)

DNS is responsible for translating human-readable domain names into IP addresses that
computers use to identify each other on the network. This service is critical for ensuring the
accessibility of websites, applications, and resources over the internet and local networks.

Key Topics:

 Functionality: DNS operates through a distributed system of DNS servers that cache and
resolve domain names to IP addresses. It also supports reverse lookup and provides the
foundation for service discovery.
 Server Configuration: DNS servers are typically configured to handle requests for
domain names and can be set up in master-slave configurations for redundancy. Common
tools for DNS server configuration include BIND (Berkeley Internet Name Domain) on
Linux-based systems and Windows DNS Server in Windows environments.
 Comparison with Other NOS: Windows Server integrates DNS with Active Directory,
offering centralized management of domain resources, while Linux-based systems
generally use BIND or dnsmasq for more granular control over DNS records and
configurations.

Telnet Server

Telnet is a network protocol used to provide text-based access to remote systems. Although
Telnet itself is not secure due to the transmission of data in plain text, it can still be useful in
certain situations for remote administration of devices.

Page 2 of 17
Key Topics:

 Functionality: Telnet operates on a client-server model where the client connects to a

Telnet server to issue commands remotely. The communication happens over port 23,
and data is transmitted unencrypted.
 Server Configuration: To configure a Telnet server, administrators typically install a
Telnet daemon (e.g., telnetd in Unix/Linux systems) and ensure that the server is
reachable through network firewalls.
 Comparison with Other NOS: While Telnet is common in some legacy systems,
modern network environments prefer SSH (Secure Shell) due to its encryption. On
Windows, Telnet may be included as part of the "Telnet Client" feature, but for secure
remote access, PowerShell Remoting or Remote Desktop Protocol (RDP) are often
used instead.

Comparison and Challenges

When comparing the setup of these services across various NOS platforms:

 Windows Server typically includes a user-friendly graphical interface for managing

DHCP, DNS, and Telnet services, as well as seamless integration with other features like
Active Directory.
 Linux/Unix-based systems often provide greater flexibility but may require manual
configuration through text files and command-line tools (e.g., dhclient, systemd-
resolved, telnetd).

 Security Considerations: Many modern setups are transitioning away from Telnet due
to security concerns, favoring SSH or RDP for secure remote access.

5.2 OpenSSH: Secure Network Communication

The second part of this chapter focuses on OpenSSH, a robust and secure communication
protocol that ensures encrypted network communications. OpenSSH is widely used for securely
accessing remote systems, transferring files, and tunneling network traffic.

Page 3 of 17
Introduction to OpenSSH

OpenSSH (Open Secure Shell) provides encrypted communication between clients and servers,
enabling secure login, command execution, file transfer, and tunneling. It is a replacement for
insecure protocols like Telnet and rlogin.

Key Topics:

 Functionality: OpenSSH ensures confidentiality by encrypting data during transmission,

integrity by verifying that data has not been tampered with, and authenticity by verifying
the identity of both communicating parties through public-key cryptography.
 Server Configuration: The OpenSSH server is usually installed as a service on
Linux/Unix systems (sshd daemon). Configuration involves adjusting the
/etc/ssh/sshd_config file, where administrators can enable or disable features like
password authentication, key-based authentication, and port forwarding.
o Key-based Authentication: OpenSSH supports both password-based and key-
based authentication, with the latter being considered more secure. Administrators
can configure SSH to accept only key-based authentication, which requires the
use of a private key on the client side and a corresponding public key on the
server side.
o Firewall Configuration: Since SSH operates over TCP port 22 by default,
administrators must ensure this port is open in firewalls to allow for secure remote
access.
 SSH Features:
o Port Forwarding: SSH allows secure tunneling of other services (like HTTP,
VNC, etc.) through encrypted channels.
o File Transfer: OpenSSH supports secure file transfer through the SFTP (SSH
File Transfer Protocol) and SCP (Secure Copy Protocol), both of which are used
for transferring files between remote machines in a secure manner.
o X11 Forwarding: OpenSSH can forward X11 (graphical user interface)
applications from a remote server to a local machine over the encrypted SSH
connection, useful in a graphical remote environment.

Page 4 of 17
  Comparison with Other NOS:
o Windows Server: Windows Server provides PowerShell Remoting as a secure
alternative to SSH for remote management. While SSH support has been included
in recent versions of Windows, PowerShell Remoting provides a more integrated
and feature-rich approach for managing Windows environments.
o Linux/Unix-based systems: OpenSSH is the default solution for remote access
and file transfers. It is integrated seamlessly into most Linux distributions and can
be extended with additional security measures like two-factor authentication
and fail2ban (a tool for protecting against brute-force attacks).

Security Considerations

 Brute-Force Protection: OpenSSH can be configured to limit the number of login

attempts to prevent brute-force attacks. Tools like fail2ban or DenyHosts can further
enhance SSH security by blocking IP addresses that repeatedly attempt to authenticate
unsuccessfully.
 Key Management: Managing SSH keys securely is critical. Best practices involve using
strong passphrases for private keys and regularly rotating keys to prevent unauthorized
access.
 SSH Version 2: It is important to disable SSH version 1, as it has several security
vulnerabilities. OpenSSH uses SSH version 2 by default, which provides stronger
encryption and better security overall.

Conclusion

In this chapter, we have delved into the configuration and management of fundamental network
services such as DHCP, DNS, and Telnet, while also highlighting the differences between these
services on various Network Operating Systems. Additionally, we explored the installation and
configuration of OpenSSH for secure network communication, emphasizing its importance in
replacing older, insecure protocols like Telnet. A comprehensive understanding of these network
services and secure communication protocols is crucial for any system administrator or network
engineer looking to manage modern network infrastructures effectively and securely.

Page 5 of 17
5.3 FTP and Setting-up Mail Servers and Client

In this section, we focus on two crucial network services that are essential for file transfer and
communication: FTP (File Transfer Protocol) and Mail Servers. These services play a pivotal
role in transferring files over networks and ensuring reliable email communication within and
outside an organization.

FTP (File Transfer Protocol)

FTP is a standard network protocol used to transfer files between a client and a server over a
TCP/IP-based network. FTP is widely used for downloading, uploading, and managing files
remotely on servers.

Key Topics:

 Functionality: FTP works by establishing a connection between a client and an FTP

server, where the client sends commands to list, upload, download, or delete files on the
server. FTP operates on two channels: a command channel (usually port 21) for sending
commands and a data channel for transferring actual files.
 Server Configuration: FTP servers like vsftpd (Very Secure FTP Daemon) and
ProFTPD on Linux and FileZilla Server on Windows are commonly used.
Administrators configure FTP servers by specifying user access control, directory
permissions, and encryption settings.
o Anonymous Access: FTP servers can be configured to allow anonymous access,
where users can log in without credentials, typically for public file sharing.
o Authentication: For secure access, FTP can be configured to require user
authentication, where usernames and passwords are needed to log in.
o Secure FTP: To enhance security, administrators may set up FTPS (FTP Secure)
or SFTP (SSH File Transfer Protocol), both of which encrypt file transfers to
prevent interception.
 Comparison with Other NOS: FTP is generally easy to configure across various
Network Operating Systems (NOS), with specific server software available for Linux
(e.g., vsftpd, ProFTPD) and Windows (e.g., FileZilla Server, IIS FTP). Windows
Page 6 of 17
 Server offers built-in FTP services through Internet Information Services (IIS), which
can be managed via the graphical interface. In Linux environments, FTP configuration
often requires editing configuration files and managing permissions via the command
line.

Mail Servers and Clients

Mail servers handle the sending, receiving, and storage of email messages, while mail clients
allow users to interact with these services. Two of the most widely used email protocols are
SMTP (Simple Mail Transfer Protocol) for sending emails and IMAP (Internet Message
Access Protocol) or POP3 (Post Office Protocol) for retrieving them.

Key Topics:

 Mail Server Setup: The mail server typically involves three main components:
o MTA (Mail Transfer Agent): The MTA is responsible for sending and receiving
email messages. Postfix and Sendmail are popular choices for Linux servers,
while Microsoft Exchange is widely used in Windows environments.
o MDA (Mail Delivery Agent): The MDA is responsible for delivering the email
to the recipient's mailbox. Dovecot is a commonly used MDA in Linux
environment.
o MUA (Mail User Agent): This is the client software used by end-users to send,
receive, and manage emails. Popular MUAs include Outlook, Thunderbird, and
Apple Mail.
 Mail Server Configuration:
o For SMTP, administrators configure settings like relay restrictions, authentication
methods (e.g., SASL - Simple Authentication and Security Layer), and spam
filtering.
o IMAP and POP3 servers allow clients to retrieve email from the server. IMAP
enables multiple clients to manage email from different devices, whereas POP3
downloads the email and deletes it from the server.

Page 7 of 17
 o Security configurations for mail servers include enabling SSL/TLS encryption for
email transmission, which ensures that emails are securely sent and received.
 Comparison with Another NOS:
o Windows Server integrates Microsoft Exchange as an enterprise mail solution,
which is tightly integrated with Active Directory for user authentication and email
management.
o In Linux environments, Postfix or Sendmail combined with Dovecot (for IMAP)
provides a robust and customizable mail server solution.

5.4 Network Information Service (NIS) and Sharing File Systems (NFS)

In this section, we cover the Network Information Service (NIS), which helps in managing
centralized configurations and user authentication in a distributed network environment, and
NFS (Network File System), which allows file sharing between Unix/Linux systems over a
network.

Network Information Service (NIS)

NIS is a directory service protocol used to manage networked systems. It allows administrators
to centralize system information, such as user accounts, group accounts, hostnames, and
password files, making it easier to manage a large number of systems.

Key Topics:

 Functionality: NIS provides a mechanism for distributing administrative data across a

network, so that individual machines do not need to maintain local copies of critical
configuration files (e.g., /etc/passwd, /etc/group).
 Server Configuration: To set up NIS, an NIS server must be configured to manage and
distribute information, while client machines need to be set up to query the NIS server for
this data.
o Master and Slave Servers: The NIS server setup consists of a master server that
holds the authoritative database and optional slave servers that replicate the data
for redundancy and load balancing.

Page 8 of 17
 o NIS Maps: NIS data is stored in "maps," such as [Link],
[Link], etc. These maps are shared across all clients.
o Authentication: NIS can be integrated with systems like Kerberos for secure
authentication in a networked environment.
 Comparison with Another NOS:
o On Linux, NIS is often used to centralize user authentication and another network
information. However, newer solutions like LDAP (Lightweight Directory
Access Protocol) are now preferred over NIS due to security concerns.
o Windows environments rely heavily on Active Directory (AD) for similar
functionalities, providing centralized authentication and user management.

NFS (Network File System)

NFS is a protocol that allows file sharing between Unix/Linux systems over a network. It enables
users on one machine to access files on another machine as if they were local files.

Key Topics:

 Functionality: NFS works by exporting directories on a server that can then be mounted
as file systems on client machines. The NFS server shares specific directories, and
clients can mount these directories to access files over the network.
 Server Configuration: On the server, directories that are to be shared are specified in the
/etc/exports file. Clients mount these directories using the mount command.
o Permissions: Administrators configure permissions on shared directories to
control access by IP address or user credentials.
o Versioning: NFS operates in different versions (e.g., NFSv3, NFSv4), with
NFSv4 providing better security and performance improvements.
 Security: NFS is traditionally not secure, so administrators often use firewalls and
configure Kerberos authentication to secure the file sharing.
 Comparison with Other NOS:

Page 9 of 17
 o Linux/Unix-based systems rely heavily on NFS for file sharing. However,
Windows uses the SMB/CIFS protocol for file sharing, which is comparable to
NFS.
o NFS is less commonly used in Windows-based networks, where solutions like
SMB or DFS (Distributed File System) are preferred.

5.5 SAMBA: Linux and Windows File and Printer Sharing

SAMBA is an open-source software suite that provides file and printer sharing services between
Unix/Linux and Windows systems using the SMB/CIFS protocol. SAMBA allows Linux/Unix
machines to act as file and print servers for Windows clients, and vice versa.

SAMBA: Linux and Windows File and Printer Sharing

SAMBA enables seamless interoperability between Linux/Unix systems and Windows machines,
making it a crucial tool for mixed-OS networks.

Key Topics:

 Functionality: SAMBA allows Linux/Unix systems to share files and printers with
Windows clients and servers. It implements the SMB/CIFS protocol, enabling Windows
systems to access shared resources on Linux/Unix machines and vice versa.
 Server Configuration: SAMBA’s configuration file (/etc/samba/[Link]) specifies
shared resources (directories and printers) and permissions for each share.
o Share Definitions: Each shared directory or printer is defined in the configuration
file, along with access control (e.g., read-only or read-write access).
o Authentication: SAMBA supports multiple authentication modes, including local
Linux authentication and integration with Windows Active Directory for
centralized user authentication.
o Security: Secure authentication mechanisms such as Kerberos and NTLM can
be configured for SAMBA shares to prevent unauthorized access.
 Printer Sharing: SAMBA allows shared access to printers on Linux/Unix systems from
Windows clients, facilitating a common printing infrastructure in mixed environments.

Page 10 of 17
  Comparison with Another NOS:
o Windows Servers natively support the SMB protocol, and SAMBA on Linux
allows Windows machines to access file shares and printers hosted on Linux
servers.
o Linux systems typically use NFS for native file sharing, but SAMBA is more
suitable for environments with both Linux and Windows clients.
o Windows environments also support SMB for file sharing but typically do not use
NFS.

5.6 DNS/BIND: Tracking Domain Names and Address

DNS (Domain Name System) is a fundamental service that translates human-readable domain
names (like [Link]) into machine-readable IP addresses. BIND (Berkeley Internet
Name Domain) is the most commonly used DNS software on Linux and Unix-based systems.
This section will focus on how DNS works, how BIND facilitates domain name resolution, and
the steps required to set up and manage a DNS server.

Functionality of DNS and BIND

DNS operates as a distributed database that stores mappings of domain names to IP addresses.
When a user enters a URL into a web browser, the browser sends a request to a DNS server to
resolve the domain name to an IP address, enabling the connection to the target server.

Key Topics:

 DNS Structure: The DNS system is hierarchical and involves multiple types of servers:
o Root Servers: The highest level in the DNS hierarchy, responsible for directing
queries to the appropriate Top-Level Domain (TLD) servers.
o TLD Servers: These servers handle specific top-level domains like .com, .org,
.net.

o Authoritative DNS Servers: These servers hold the actual DNS records for a
domain, such as A (address), MX (mail exchange), and CNAME (canonical name)
records.

Page 11 of 17
 o Recursive DNS Servers: These servers perform the work of querying other DNS
servers to resolve a domain name when an authoritative answer is not available
locally.

BIND (Berkeley Internet Name Domain)

BIND is the most widely used software for providing DNS services on Unix-like systems. It
allows systems to function as both DNS resolver and authoritative DNS servers.

Key Topics:

 BIND Installation: BIND is typically installed through package managers on Linux

(e.g., apt-get install bind9 on Debian-based systems, or yum install bind on Red
Hat-based systems).
 Configuration Files: The main configuration file for BIND is /etc/bind/[Link].
This file contains various directives that define zones and other options for DNS
resolution.
o Zone Files: Zone files define the DNS records for a domain, such as A (address),
MX (mail exchange), NS (name server), and PTR (reverse lookup). These files are
located in the /var/named/ directory or /etc/bind/ depending on the system
configuration.
o Forwarders: In some configurations, a DNS server might not be authoritative for
certain domains but can forward queries to other DNS servers that are
authoritative for those domains. This is known as forwarding and is specified in
the BIND configuration.

Managing DNS Records

 A Record: Maps a domain to an IP address (e.g., [Link] A [Link]).

 MX Record: Defines mail servers responsible for accepting email for the domain (e.g.,
[Link] MX 10 [Link]).

 CNAME Record: Maps an alias to a canonical domain name (e.g., [Link]

CNAME [Link]).

Page 12 of 17
  NS Record: Specifies the authoritative DNS servers for the domain (e.g., [Link]
NS [Link]).

DNS Resolution Process

When a user accesses a website, the following steps occur:

1. The browser checks its local cache for the IP address.

2. If not cached, it queries the local DNS resolver.
3. If the resolver doesn't know the address, it forwards the request to an authoritative DNS
server, which responds with the correct IP address.
4. The IP address is then returned to the browser, and the connection to the web server is
established.

Security and Troubleshooting

 DNS Security: DNS is vulnerable to attacks like DNS spoofing and DDoS (Distributed
Denial of Service). To mitigate these risks, administrators can use DNSSEC (DNS
Security Extensions) for data integrity and authenticity.
 Logging and Debugging: BIND includes logging features that allow administrators to
troubleshoot issues like zone file errors, query problems, and unauthorized access
attempts. Tools like dig and nslookup can be used to query DNS servers and test name
resolution.

Comparison with Another NOS

In Windows environments, Microsoft DNS integrates directly with Active Directory,

simplifying DNS management for large enterprise networks. While BIND is more customizable
and widely used in Unix/Linux environments, Windows DNS offers a more user-friendly
graphical interface for configuration.

5.7 Setting up a Firewall and a Web Server

Page 13 of 17
Firewalls and web servers are critical components of network security and web hosting. A
Firewall controls the flow of network traffic between trusted and untrusted networks, ensuring
that only authorized traffic is allowed. A Web Server hosts website and serves web content to
clients over HTTP or HTTPS. This section covers how to configure both services to secure and
manage a network effectively.

Setting Up a Firewall

A firewall is an essential security tool that filters network traffic based on predefined security
rules. Firewalls can be implemented as hardware devices or software on servers or routers.

Key Topics:

 Types of Firewalls:
o Packet Filtering Firewalls: These firewalls inspect each packet passing through
the network and make decisions based on rules like IP addresses, ports, and
protocols.
o Stateful Firewalls: Stateful firewalls keep track of the state of active connections
and make decisions based on the state of the traffic. They are more secure than
simple packet filtering.
o Application Layer Firewalls: These firewalls operate at the application layer,
filtering traffic based on the specific application protocols (e.g., HTTP, FTP).
 Firewall Configuration:
o On Linux, tools like iptables (command-line interface) or firewalld (for more
dynamic management) are commonly used to configure firewall rules.
o For a basic iptables firewall configuration, administrators define rules to allow or
block traffic based on ports, protocols, and IP addresses. For example:
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT allows incoming
HTTP traffic on port 80.
 iptables -A INPUT -p tcp --dport 22 -j DROP blocks SSH traffic.

Page 14 of 17
 o On Windows, Windows Firewall is configured through the Control Panel or
Windows Security settings. Windows Firewall allows setting inbound and
outbound rules based on program, port, and IP address.
 Firewall Security Best Practices:
o Least Privilege: Only open ports necessary for the functioning of the system or
services. Block all other ports by default.
o Logging: Enable logging to monitor unauthorized access attempts and suspicious
activity.
o Regular Updates: Ensure that firewall software is kept up-to-date to protect
against new vulnerabilities and exploits.

Setting Up a Web Server

A web server is responsible for hosting websites and delivering web content to users' browsers.
Apache and Nginx are the most popular open-source web servers used in Linux-based
environments.

Key Topics:

 Apache Web Server: Apache is a widely used web server that can serve static and
dynamic content. It supports various features, including URL rewriting, access control,
and SSL encryption.
o Installation: On Linux systems, Apache can be installed using a package
manager (e.g., apt-get install apache2 on Debian/Ubuntu systems, or yum
install httpd on Red Hat/CentOS systems).
o Configuration: Apache’s main configuration file is located at
/etc/apache2/[Link] or /etc/httpd/[Link] (depending on the
distribution). Configuration includes specifying document root directories,
enabling virtual hosts, and setting up security features like SSL.
 Virtual Hosts: Apache allows multiple websites to be hosted on a single
server using virtual hosts. Configuration for each site is specified in
separate files located in the /etc/apache2/sites-available/ directory.

Page 15 of 17
  SSL Setup: Apache can serve content securely over HTTPS by
configuring SSL certificates. This can be achieved by enabling the
mod_ssl module and configuring SSL settings in the virtual host
configuration.
 Nginx Web Server: Nginx is a high-performance, lightweight web server often used for
serving static content, load balancing, and acting as a reverse proxy.
o Installation: Nginx is installed through package managers (e.g., apt-get
install nginx for Ubuntu, or yum install nginx for CentOS).
o Configuration: Nginx's configuration file is located at /etc/nginx/[Link].
Nginx allows flexible configuration for handling high traffic and load balancing,
with support for reverse proxy setups.

Web Server Security Best Practices:

 Keep Software Up-to-Date: Ensure web server software and operating systems are
regularly updated to patch security vulnerabilities.
 SSL/TLS Encryption: Enable SSL or TLS encryption to secure HTTP traffic, ensuring
that sensitive data like passwords and credit card information is protected.
 File Permissions: Restrict file and directory access to prevent unauthorized users from
accessing sensitive files or executing scripts.
 Web Application Firewall: Utilize a web application firewall (WAF) like ModSecurity
to protect against web attacks such as SQL injection, cross-site scripting (XSS), and other
vulnerabilities.

Comparison with Another NOS

 Windows Servers: Windows Server comes with IIS (Internet Information Services), a
feature-rich web server that integrates seamlessly with Active Directory and Windows
authentication. IIS is managed through a graphical interface, making it more accessible
for those unfamiliar with command-line tools.

Page 16 of 17
 Linux Servers: On Linux, Apache and Nginx are commonly used, with Apache being
known for its flexibility and Nginx for its performance and scalability. Both are open-
source and highly customizable.

Page 17 of 17