Web ServerApache, Proxy ServerSquid

1
Web Server(Apache),Proxy Server(Squid)
Server Logs By Sanjay Kumar MalikLecturerUnive
rsity School of ITGGS Indraprastha
UniversityKashmere Gate, Delhi -110403
2
Contents

• Web Server and its types.
• Apache Web Server.
• Requirements for hosting web server.
• How web server works.
• Web server security.
• Proxy server,Types, Advantages.
• Network Devices.
• Linux Its features.
• A few Linux commands.
• Server log.
• Network Security.
• Anti-x.
• Malicious Software (virus,worms,trojan horse).
• GGSIPU Website updating through VPN

3
Webserver its types

• A computer that delivers.serves Web pages.
• Every Web server has an IP address and possibly a
  domain name. For example www.yahoo.com.
• A computer with appropriate configuration may be
  turned into a Web server by installing server
  software
• There are many Web server software applications
  like commonly used are -
• Apache(Linux based)
• IIS(Internet Information Services by Microsoft)

4
Apache Web Server

• Apache is developed and maintained by an open
  community of developers.
• The first version of the Apache web server was
  created by Robert McCool.
• The application is available for a wide variety
  of operating systems including Unix, FreeBSD,
  Linux, Solaris, Novell NetWare, Mac OS X, and
  Microsoft Windows but commonly used for Linux.
• A free and open source software.
• As of November 2005, Microsoft IIS (Internet
  Information Services) gained popularity,
• Apache serves more than 50 of all websites.

5
Requirement for Hosting WebServer(WebSite).

• 1.Registere a DOMAIN Name.
• 2.High Bandwidth.
• 3.Public IP Addresses.
• 4.HighEnd Server (Hardware)
• 5.HTML/PHP/ASP(Language to write static
  interactive web pages)
• Apache webserver/IIS. (s/w)

6
How Webserver works

• First the User enter www.yahoo.com in his/her
  Browser ( Internet Explorer/Netscape etc).
• The Request goes to Proxy server which is
  providing internet facility.
• Proxy Server then Forwards the Request(www.yahoo.c
  om) to ISP Domain(say MTNL).
• ISP Domain contains list of all Web servers like
  yahoo.com, hotmail.com , google.com etc. and
  forward the Request to appropriate Web Servers.
• When the Request reaches at www.yahoo.com, it
  looks into its webpages directory to send back
  the desired webpage to the ISP(MTNL).
• ISP then forwards the webpage to Proxy server.
• Finally Proxy server sends the Request back to
  the original client from where is originated.

www.yahoo.com
ISP Domain
Proxy server
www.yahoo.com
Note-For Home users, request will go directly to
ISP since home users dont use proxy servers.
7
Web Server Security

• HTTPS stands for Hypertext Transfer Protocol over
  Secure Socket Layer, or HTTP over SSL.
• HTTPS encrypts and decrypts the page requests and
  page information between the client browser and
  the web server using a secure Socket Layer (SSL,
  like a Tunnel).
• HTTPS by default uses port 443 as opposed to the
  standard HTTP port of 80.
• SSL transactions are negotiated by means of a
  keybased encryption algorithm between the client
  and the server,
• This key is usually either 40 or 128 bits in
  strength (the higher the number of bits , the
  more secure the transaction).

8
Proxy Server,Advantages Types(Squid Others)

• A proxy server is a server (an application
  program) which serves the requests of its clients
  by forwarding requests to other servers.
• Advantages-
• Provide internet access to its clients. Its a
  centralize server for managing internet. Provide
  Monitoring services. Reduce the workload of
  router (client dont connect to router directly).
  Proxy hides the clients from outside world.
• Squid (Linux based), ISA (Microsoft), Wingate
  (windows based).
• Squid is free and work on Linux. It doesnt
  require high end servers. It provide blocking,
  filtering, monitoring services and other
  features.

Proxy Server
WAN Link
LAN
Clients
Cables
9
Networking Devices

• Router- It connects internal network to the
  external network. Works as a gateway for a
  network. Any computer which want to access a
  computer outside of its network has to use a
  Router.
• Features/specifications/commands-
• Router provide security/authentication/monitoring
  .It provide connectivity between two different
  LAN, one LAN to WAN WAN to WAN.
• Router comes with RAM, Flash Memory, OS, Physical
  port (Serial/Ethernet).
• Cisco has following series of router-1600,1700,18
  00,2400,2600,2800 etc.
• Connecting to a router(commands)- sh run to
  show current config. To change password- enable
  config (to go to config mode) line console
  0 login password cisco end exit (to exit)

10
Switches
1. A Network device. Provides connectivity to all
machines. Basically a centralize device with
intelligence to forward data. Generally ,
superior than hubs. It maintains a table by which
it takes decision to forward data. It has speed
of upto 1000 mbps. It comes with
8port,16port,24port,48port,72port and so on)

• MODEMS
• Modems(Modulator Demodulator) are used to
  convert analog signals to digital signals and
  vice versa. Basically its converter.

• Cables
• FiberOptics-It has speed upto 40000Mbps.Signals
  flow in lights form. Can cover 1000 mtr. Data
  travels with speed of light.
• UTP- It has speed up to 1000Mpbs,signals flow in
  digital form.cover upto 100 mtr.
• Co-axial cable-it has upto 100Mbps,can cover 100
  mtr.

11
Linux Introduction features

• Linus Benedict Torvalds was a second year student
  of Computer Science at the University of
  Helsinki.
• Linux Torvalds wanted to create a Free/Open
  Source OS.
• In 1991 he created the kernel(main part of OS)
  for Linux.
• Then he called several volunteer programmers
  across the world to participate in developing a
  free OS like Linux.
• Earlier he was using MINIX which has limitations.
• So he decided to devolope linux for
  enterprise/home users.
• Linux Features
• 1.Linux is free/open source(source codes are
  freely available).
• 2.Linux doesnt require high end machines to
  start with.
• 3.Linux can be installed on 80286(first computer
  series).
• 4.Linux is Multitasking/Multiuser OS.
• 5.Linux is more secure than windows.
• 6.Linux is more stable and reliable.
• 7.Linux doesnt cost too much.(support isnt
  free).
• 8.Now Linux support various software like windows
  and coming with GUI features.

12
A few Linux commands

Commands Description touch create new
file mkdir create new dir. vi to edit
file. cd change dir. cp
copy file/dir. mv
move file/dir rm
remove file. rmdir
remove dir. date view date. cal
view calendar. bc
view calculator. Init -0 shutdown
the machine.
13
Server Logs

• Server log are basically records which indicated
  what had happened in a server.
• Logs gather the information about IP Services
  on a server.
• Every Services running on server has its own
  server logs.
• Apache has it logs under dir /var/log/httpd/access
  .log samle is attached.
• Squid has its logs under dir /var/log/squid/access
  .log sample is attached.

Apache Logs(mail.ipu.edu) 202.159.218.122 - -
22/Apr/2008094721 0530 "GET
/webmail/src/style.php?themeiddefault_themetempl
ateiddefault HTTP/1.1" 200 5627
"http//mail.ipu.edu/webmail/src/login.php"
"Mozilla/5.0 (X11 U Linux i686 en-US
rv1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" 59.
90.72.161 - - 22/Apr/2008091214 0530 "GET
/webmail/src/style.php?themeiddefault_themetempl
ateiddefault HTTP/1.1" 200 5627
"http//mail.ipu.edu/webmail/src/login.php"
"Mozilla/4.0 (compatible MSIE 6.0 Windows NT
5.1 Embedded Web Browser from
http//bsalsa.com/)" 202.159.218.122 - -
22/Apr/2008094721 0530 "GET
/webmail/src/login.php HTTP/1.1" 200 2363
"http//mail.ipu.edu/" "Mozilla/5.0 (X11 U
Linux i686 en-US rv1.8.1.14) Gecko/20080404
Firefox/2.0.0.14"
Squid logs 1209105932.207 3
172.16.78.42 TCP_IMS_HIT/304 303 GET
http//www.ncbi.nlm.nih.gov/blast/js/utils.js -
NONE/- application/x-javascript 1209105931.658
7 172.16.1.148 TCP_MEM_HIT/200 1212 GET
http//www.relbio.com/images/careers_hover.jpg -
NONE/- image/jpeg1208855587.146 5561
172.16.16.12 TCP_MISS/302 553 GET
http//mail.yahoo.com/ - DIRECT/202.86.7.110
text/html1208855687.590 712 172.16.1.1
TCP_MISS/302 572 GET http//orkut.com/ -
DIRECT/72.14.209.85 text/html
14
Network Security

• A.What is Network security?
• Network security is the process of preventing
  and detecting unauthorized use of your Network.
  Prevention measures help you to stop unauthorized
  users (also known as "intruders hackers,
  attackers, or crackers") from accessing any part
  of your computer system.
• Intruders may be able to watch all your
  actions on the computer, or cause damage to your
  computer by reformatting your hard drive or
  changing your data.
• Types of Attacks
• Dos (Denial of Services)- Attackers often flood
  lot of unwanted packets to a servers and cause
  the server to process them. As a result server
  get busy handling them and might come to a crash.
• Phishing- Its latest attack. Hacker creates a
  clone website of an authorized banks websites.
  When any user access that authorized banks
  website, the clone website comes up in place of
  the original and user insert all his accounts
  details which is actually going to a hacker.
• Social Networking-Hackers often develop
  friendship with IT administrator so that they can
  get valuable information about their network and
  perform the desirable task.

15
Securing Networks

• Today, there are lots of methods for securing
  a network. Following are examples.
• Firewalll
• Firewall is a network security device.
• Firewall may be both software (iptables, windows
  firewall,shorewall)/hardware device.(cisco
  pix,cisco ASA, cyber-roam)
• Firewall works like a wall to secure a network
• Firewall checks every incoming/outgoing packet
  through network.
• Firewall, according to the set rules allow
  authorized packet to pass through
• Firewall helps deny, DoS, Phishing, Spams.Access
  attacks etc.

• IDS/IPS(Instrusion Detection Systems and
  Prevention Systems)
• IDS/IPS is a hardware devices.
• IDS/IPS work as final resource for detecting a
  threat,attack.
• It is much advance technique for
  detecting/preventing attacks.
• It detect these threats by watching for trends,
  looking for attacks that use particular patterns
  of messages.

16
Anti-X

• Apart from using firewall and IPS/IDS there
  other technique that can be used to prevent
  virus/attacks/threat. Anti-X(X refer to various
  sub name of Anti)
• Anti-Virus Scans networks traffic to prevent
  the transmission of known viruses based on virus
  signatures. Scan for viruses, detect them and
  delete them.
• Anti-Spyware Scan network traffic to prevent
  the transmission of spyware programs.
• Anti-Spam Examines e-mail before it reaches the
  users, deleting or segregating junk e-mail.
• Anti-Phishing Monitors URLs sent in messages
  through the network, looking for the fake URL,
  inherent in Phishing attacks, preventing the
  attack from reaching the users.
• URL-Filtering Filters web traffic based on URL
  to prevent users from connecting to inappropriate
  sites.
• E-mail Filtering Provides anti-spam tools.
  Also filters e-mails containing offensive
  materials, potentially protecting the Enterprise
  from lawsuits.

17
A few NetworkingTools

• GFI LANGuard
• GFI LANguard Network Security Scanner (N.S.S.) is
  an award-winning solution that allows you to
  scan, detect, assess and rectify any security
  vulnerabilities on your network.
  http//www.gfi.com/lannetscan/
• Packet Trap
• The PacketTrap pt360 Tool Suite PRO consolidates
  dozens of network management and monitoring tools
  into a single, integrated interface. For more
  information visit http//www.packettrap.com/produ
  ct/index.aspx

OPManager - OPManager is a network monitoring
software that can automatically discover our
network, group your devices into intuitive maps,
monitor devices in real-time and alert
instantaneously on failure.
http//manageengine.adventnet.com/products/o
pmanager/
IPAudit IPAudit can be used to
monitor network activity for a variety of
purposes. It has proved useful for
monitoring intrusion detection, bandwith
consumption and denial of service attacks. .
For more informations visithttp//ipaudit.sourc
eforge.net/
Ethereal (Packet sniffer) http//www.ethereal.com
WireShark (packet sniffer) http//www.wireshark.or
g NMAP (port scanner) http//nmap.org MRTG
(Multi-route traffic generator)
http//www.mrtg.com Spamassassin (Mail Filter)
http//www.spamassassin.apache.org VNC (Remote
desktop) http//www.realvnc.com
18
Malicious Software

• Is a software that is intentionally included or
  inserted in a system for a harmful purpose.
• Virus-Computer viruses are small software
  programs that are designed to spread from one
  computer to another and to interfere with
  computer operation.
• Effects of Virus-
• 1.A virus might corrupt or delete data on your
  computer.
• 2.Due to virus drives are not opened.
• 3.Slows down the speed of the system.
• 4.Taskmanager is Disabled.

19
Threats other than virus

• Worm-A computer worm is a self-replicating
  computer program. It uses a network to send
  copies of itself to other nodes and it may do so
  without any user intervention.
• Trozan Horse- Trojan horse is a piece of
  software which appears to perform a certain
  action but in fact performs another such as a
  computer virus.
• Spyware- Spyware is software that performs
  actions such as creating unsolicited pop-ups,
  hijacks home/search pages, or redirects browsing
  results.

20
Antivirus

• Antivirus" is protective software designed to
  defend your computer against malicious software
  or "malware" includes viruses, Trojans, etc.
• Examples-
• Symantec antivirus.
• Trend micro.
• Mcafee antivirus.
• Panda antivirus etc.

21
How to use antivirus

• Install antivirus software on the computer.
• Update the virus definitions through internet.
• Download security patches from internet.
• Run security patch.
• Full Scan the system.
• Check the scan history of the system.
• Restart the system.

22
Symantec Antivirus Corporate Edition

• Centralized management and administration.
• Effective protection from spyware and adware.
• Protecting users from viruses that attempt to
  disable security measures.
• Virus protection and monitoring from a single
  management console.
• Backed by Symantec Security Response, the worlds
  leading Internet security research and support
  organization

23
Management of Symantec Antivirus in Indraprastha
University

• There is a centrally managed antivirus server
  which is managing networked clients in the
  campus.
• It pulls latest virus definition files from
  symantec web server and push the virus
  definitions on the managed clients.
• Antivirus server check regularly managed clients.
• It scans the all managed clients in the given
  schedule time by the antivirus server.
• No need of manual scan on client side.
• No need to update definition on client side
  manually.

24
GGSIPU Website Updating through VPN

• Install VPN Client Software configure VPN
  Certificate by following instructions given by
  NIC
• Click Start -gt Programs -gt Cisco Systems VPN
  Client -gt VPN Client
• Select VPN Certificate click on Connect
  enter login password
• Now you logon in NIC Server
• Open Internet Explorer enter ftp url e.g.
  ftp//ipu.ac.in
• Right click and enter login password
• Web Server Window containing files folder open
• Now to upload any file or folder just use copy
  past in desired folder
• Note Take care of correct path, deleting, or
  overriding any files / folders
• Thank You.