Chapter Two

Clients and Servers: Who’s the Boss?

Objectives

• To determine the differences between a client and a server

• To examine peer-to-peer networks and client/server networks

• To receive a basic introduction to network operating systems (NOS)

• To examine the role of the network client

• To see the difference between networking models

Peer-to-Peer (P2P) Networks

• Each device is a client and each device is a server.

• Network security is an oxymoron.

Client Server Networks

• A dedicated server maintains a security database.

• Each user who logs onto the network is assigned permissions and privileges, based on their credentials.

Permissions

• Determines what access rights a user has to specific network resources– Resources can include files and/or access to

devices.

Privileges

• Determines what actions a user is permitted to perform on a workstation or on the network– Can include issues such as creating user

accounts, shutting down the server, and so forth

Administrative Accounts

• An account that allows full power on the network

• Name of account varies with NOS– Microsoft = Administrator– Novell = Supervisor– Unix = Super User

• In a secure environment– These accounts should be disabled and new accounts

with full permissions created.

Major Network Operating Systems

• Linux

• Microsoft

• Novell

• Unix

Linux

• Open source

• While companies can charge for distribution packages, the OS must always be available for free

• Supports everything from desktop systems to multi-processor servers right out of the box

Microsoft

• NT– Started with 3.51 and ended with 4.0– Server, Enterprise Edition, and Terminal Server

• Windows 2000– Server– Advanced Server– Data Center

• Windows 2003

Novell

• Versions prior to 5.0 used IPX/SPX as default protocol

• Heavily dependent on broadcast messages for advertising services

• Uses Directory Services to manage network resources

Unix

• One of the most robust NOS that money can buy

• Comes in a variety of packages customized by different manufacturers

• Supports 16 processors out of the box with a custom version that supports up to 64

• Provided the base code for Linux

Network Clients

• Acts as the redirector

• Provides network access to the applications running on the system

• Must be specific to both the host OS and the NOS

Network Models

• Workgroup

• Domain

• Directory services

Workgroup

• The most basic network model

• A group of networked devices that share common resources and responsibilities

• Used in peer-to-peer networks

• Can also be set up within domains

Domain

• A favorite of Microsoft NOS

• All devices or resources on a network that fall under a single administrative umbrella

• Can be geographically scattered, administered from a single location

Domains in NT

• Two or more domains can be linked by trusts.• Trusts are always one-way.

– For a two-way trust, you must set up two distinct one-way trusts in each direction.

• NT trusts are non-transitive.– If you set up a trust between A and B, and another

between B and C, A will NOT automatically trust C.• Primary domain controllers house the master database

and periodically copy it to backup domain controllers.

Trusts in WIN2K and Higher

• Trusts are still one-way.

• Now trusts are transitive.– If you set up a trust between A and B, and

another between B and C, A WILL automatically trust C.

• A domain controller is a domain controller is a domain controller.

Understanding Trusts

• The “trusted” domain holds the security database.

• The “trusting” domain is requesting access or authentication.

• A user logs on to the trusting domain, which forwards the authentication request to the trusted domain.

• Pass-through authentication is the process of sending authentication requests to another domain.

Domain Structures

• Single domain

• Single master domain

• Multiple master domain

• Complete trust

The Single Domain

• This is the simplest form.

• One security database controls all resources, including user authentication and resource access.

Single Master Domain

• One domain handles user authentication.– May include multiple BDUs in NT

• One or more resource domains control access to network resources.

• It allows for tighter security than the single domain.

Multiple Master

• Two or more domains manage user authentication and allow pass-through authentication with those they trust.

• Other domains may or may not manage resources.

• This is excellent for very large or complex networks.

Complete Trust

• Every domain on the network trusts every other domain on the network.

• This is generally considered a very bad idea.

• It usually occurs either through accident or mismanagement.

Directory Services

• Based on the Lightweight Directory Access Protocol (LDAP)

• All network resources arranged in a tree structure, similar to the hierarchy used on a hard disk

The Directory Services Structure

• Starts with the root (country or top-level domain)• Organizations beneath the root (Delmar, IBM, Dell,

etc.)• Organizational units or container objects beneath the

organization• Leaf objects

– Specific entities• Distinguished name

– The entire path to an object

Microsoft Active Directory

• Microsoft’s implementation of LDAP

• Structure very similar to Novell’s directory services

• Generally accessible through Microsoft Management Consoles– Small applets running on a Microsoft machine