UNIVERSITY OF GONDAR

COLLEGE OF INFORMATICS
DEPARTMENT OF COMPUTER SCIENCE

System and Network Administration

Belayneh M.

Gondar, Ethiopia
November 2024
Chapter One: Introduction to System and Network Administration

Contents
▪ Definition of network administration, and system administration.
▪ Tasks of network administration, and system administration.
▪ Define OS and types and examples of OS.
▪ Differentiate Unix vs Window OS.
▪ Linux distributions and Uis.
▪ Linux file system hierarchies and standards.
▪ Essential and advanced shell commands and features.
Chapter One: Introduction to System and Network Administration

Definition
▪ A Network is just a combination of two or more objects to exchange or share
information.
▪ A system is a collection of elements or components that are organized for a common
purpose.
▪ All systems have inputs, outputs, and feedback mechanisms
▪ A computer network is a system in which a number of independent computers are
linked together to share data and peripherals, such as printers.
▪ A computer system is a collection of computer components (HW and SW component)
combined to perform complex tasks and achieve some objective.
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration

Batch OS
▪ Batch OS is the first operating system for second-generation computers.
▪ This OS does not directly interact with the computer.
▪ Instead, an operator takes up similar jobs and groups them together
into a batch, and then these batches are executed one by one based on
the first-come, first, serve principle.
Advantages of Batch OS
▪ Execution time taken for similar jobs is higher.
▪ Multiple users can share batch systems.
▪ Managing large works becomes easy in batch systems.
Chapter One: Introduction to System and Network Administration

Disadvantages of OS
▪ It is hard to debug batch systems.
▪ If a job fails, then the other jobs have to wait for an unknown time till
the issue is resolved.
▪ Batch systems are sometimes costly.
Examples of Batch OS: payroll system, bank statements, data entry,
etc.
Chapter One: Introduction to System and Network Administration

Distributed OS
▪ A distributed OS is a recent advancement in the field of computer
technology and is utilized all over the world that too with great pace.
▪ In this OS, various computers are connected through a single
communication channel.
▪ These independent computers have their memory unit and CPU and are
known as loosely coupled systems.
▪ The system processes can be of different sizes and can perform
different functions.
▪ The major benefit of such a type of operating system is that a user can
Chapter One: Introduction to System and Network Administration

Advantages of Distributed OS
▪ Failure of one system will not affect the other systems because all the
computers are independent of each other.
▪ The load on the host system is reduced and higher speed.
▪ The size cab be easily scalable as many computers can be added to the
network.
▪ Data exchange speed is increased with the help of electronic mail.
Disadvantages of Distributed OS
▪ The setup cost is high.
▪ Software used for such systems is highly complex.
Chapter One: Introduction to System and Network Administration

Multitasking OS
▪ The multitasking OS is also known as the time-sharing operating system
as each task is given some time so that all the tasks work efficiently.
▪ This system provides access to a large number of users, and each user
gets the time of CPU as they get in a single system.
▪ The tasks performed are given by a single user or by different users.
▪ The time allotted to execute one task is called a quantum, and as soon
as the time to execute one task is completed, the system switches over
to another task.
Chapter One: Introduction to System and Network Administration

Advantages of Multitasking OS
▪ Each task gets equal time for execution.
▪ The idle time for the CPU will be the lowest.
▪ There are very few chances for the duplication of the software.
Disadvantages of Multitasking OS
▪ Processes with higher priority cannot be executed first as equal priority
is given to each process or task.
▪ Various user data is needed to be taken care of from unauthorized
access.
▪ Sometimes there is a data communication problem.
Chapter One: Introduction to System and Network Administration

Network OS
o Network operating systems are the systems that often run on a server
and manage all the networking functions.
o They allow sharing of various files, applications, printers, security, and
other networking functions over a small network of computers like LAN
or any other private network.
o In the network OS, all the users are aware of the configurations of every
other user within the network, which is why network operating systems
are also known as tightly coupled systems.
Chapter One: Introduction to System and Network Administration

Advantages of Network OS
o New technologies and hardware can easily upgrade the systems.
o Security of the system is managed over servers.
o Servers can be accessed remotely from different locations and systems.
o The centralized servers are stable.
Disadvantages of Network OS
o Server costs are high.
o Regular updates and maintenance are required.
o Users are dependent on the central location for the maximum number
of operations.
Chapter One: Introduction to System and Network Administration

Real-Time OS
▪ Real-Time operating systems serve real-time systems.
▪ These operating systems are useful when many events occur in a short
time or within certain deadlines, such as real-time simulations.
Types of the real-time OS are:
o Hard real-time OS
o Soft real-time OS
Chapter One: Introduction to System and Network Administration

Hard real-time OS
▪ The hard real-time OS is the operating system for mainly the
applications in which the slightest delay is also unacceptable.
▪ The time constraints of such applications are very strict. Such systems
are built for life-saving equipment, which immediately need to be in
action if an accident happens.
Soft real-time OS
▪ The soft real-time OS is the operating system for applications where
time constraint is not very strict.
▪ An important task is prioritized over less important tasks, and this
Chapter One: Introduction to System and Network Administration

Mobile OS
▪ A mobile OS is an operating system for smartphones, tablets, and
PDA’s. It is a platform on which other applications can run on mobile
devices.
Advantages of Mobile OS
▪ It provides ease to users.
Disadvantages of Mobile OS
▪ Some of mobile operating systems give poor battery quality to users.
▪ Some of the mobile operating systems are not user-friendly.
▪ Examples of Mobile OS: Android OS, Symbian OS, and Windows
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration
Chapter One: Introduction to System and Network Administration

Advantage and Disadvantage of Window OS

Advantage and Disadvantage of Unix like OS

Chapter One: Introduction to System and Network Administration

Linux file system hierarchy

⮚ The Linux File Hierarchy Structure or the Filesystem Hierarchy Standard
(FHS) defines the directory structure and directory contents in Unix-like
operating systems.
⮚ It is maintained by the Linux Foundation.
⮚ In the FHS, all files and directories appear under the root directory /, even
if they are stored on different physical or virtual devices.
Chapter One: Introduction to System and Network Administration

Linux file system hierarchy

Chapter One: Introduction to System and Network Administration

1. / (Root): Primary hierarchy root and root directory of the entire file
system hierarchy.
• Every single file and directory starts from the root directory
• The only root user has the right to write under this directory
• /root is the root user’s home directory
• 2. /bin : Essential command binaries that need to be available in single-
user mode; for all users, e.g., cat, ls, cp.
• Contains binary executables
• Common Linux commands you need to use in single-user modes are
located under this directory.
• Commands used by all the users of the system are located here e.g. ps,
Chapter One: Introduction to System and Network Administration

3. /boot : Boot loader files

• The /boot/ directory contains static files required to boot the system, such
as the Linux kernel.
• These files are essential for the system to boot properly
• Kernel initrd, vmlinux, grub files are located under /boot
4. The /dev/ Directory: The /dev/ directory contains file system entries
which represent devices that are attached to the system.
• These files are essential for the system to function properly.
5. The /etc/ Directory: The /etc/ directory is reserved for configuration
files that are local to the machine. Only system wide configuration files but
not user-specific configuration files.
Chapter One: Introduction to System and Network Administration

6. The /lib/ Directory

• The /lib/ directory should contain only those libraries needed to execute
the binaries in /bin/ and /sbin/.
• These shared library images are particularly important for booting the
system and executing commands within the root file system.
7. The /media/ Directory
• The /media/ directory contains subdirectories used as mount points for
removable media, such as CD-ROMs, and Zip disks.
8. /home – home folders
• Contains a home folder for each user. E.g. /home/john
Chapter One: Introduction to System and Network Administration

9. /sbin – system administration binaries

• Run by the root user for system administration
10. /temp – temporary files
• Contain files that are available until the system is restarted.
8. /home – home folders
• Contains a home folder for each user. E.g. /home/john
9. The /mnt/ Directory
• The /mnt/ directory is reserved for temporarily mounted file systems, such
as NFS file system mounts.
Chapter One: Introduction to System and Network Administration

What is a Shell, and Why do we need them?

o Whenever a user logs in to the system or opens a console window, the
kernel runs a new shell instance.
o The kernel is the heart of any operating system.
o It is responsible for the control management, and execution of
processes, and to ensure proper utilization of system resources.
o A shell is a program that acts as an interface between a user and
the kernel.
o It allows a user to give commands to the kernel and receive responses
from it.
Chapter One: Introduction to System and Network Administration

Some common shell commands

1. sudo command - Syntax: sudo [command]
Short for superuser do, sudo is one of the most popular basic Linux
commands that lets you perform tasks that require administrative or root
permissions.
sudo can be used with additional options:
• -h – help; displays syntax and command options
• -V – version; displays the current version of the sudo application
• -v – validate; refresh the time limit on sudo without running a command
• -l – list; lists the user’s privileges, or checks a specific command
• -k – kill; end the current sudo privileges
Chapter One: Introduction to System and Network Administration

2. pwd command: Print Working Directory:

• Use the pwd command to find the path of your current working directory.
• Simply entering pwd will return the full current path – a path of all the
directories that starts with a forward slash (/).
• Syntax: pwd [option]
• For example, /home/username.
• The pwd command uses the following syntax:
• It has two acceptable options:
• -L or –logical prints environment variable content, including symbolic
links.
• -P or –physical prints the actual path of the current directory.
Chapter One: Introduction to System and Network Administration

3. cd command
• To navigate through the Linux files and directories, use the cd command. Depending on your
current working directory, it requires either the full path or the directory name.
• Running this command without an option will take you to the home folder.
• Keep in mind that only users with sudo privileges can execute it.
• cd Photos.
• If you want to switch to a completely new directory, for example, /home/username/Movies,
you have to enter cd followed by the directory’s absolute path:
• cd /home/username/Movies
• Here are some shortcuts to help you navigate:
• cd ~[username] goes to another user’s home directory.
• cd .. moves one directory up.
• cd- moves to your previous directory.
Chapter One: Introduction to System and Network Administration

4. ls command
• The ls command lists files and directories within a system. Running it
without a flag or parameter will show the current working directory’s
content.
• To see other directories’ content, type ls followed by the desired path. For
example, to view files in the Documents folder, enter:
• ls /home/username/Documents
• Here are some options you can use with the ls command:
• ls -R lists all the files in the subdirectories.
• ls -a shows hidden files in addition to the visible ones.
• ls -lh shows the file sizes in easily readable formats, such as MB, GB, and
Chapter One: Introduction to System and Network Administration

5. cat command
• Concatenate, or cat, is one of the most frequently used Linux commands.
It lists, combines, and writes file content to the standard output. To run
the cat command, type cat followed by the file name and its extension.
For instance:
• cat filename.txt.
• Here are other ways to use the cat command:
• cat > filename.txt creates a new file.
• cat filename1.txt filename2.txt >
filename3.txt merges filename1.txt and filename2.txt and stores the
output in filename3.txt.
Chapter One: Introduction to System and Network Administration
6. cp command: cp command copies files or directories and their content. Take a look at
the following use cases.
• To copy one file from the current directory to another, enter cp followed by the file name
and the destination directory. For example:
• cp filename.txt /home/username/Documents
• To copy files to a directory, enter the file names followed by the destination directory:
• cp filename1.txt filename2.txt filename3.txt /home/username/Documents
• To copy the content of a file to a new file in the same directory, enter cp followed by the
source file and the destination file:
• cp filename1.txt filename2.txt
• To copy an entire directory, pass the -R flag before typing the source directory, followed
by the destination directory:
• cp -R /home/username/Documents /home/username/Documents_backup
Chapter One: Introduction to System and Network Administration

7. mv command
• The primary use of the mv command is to move and rename files and
directories. Additionally, it doesn’t produce an output upon execution.
• Simply type mv followed by the filename and the destination directory.
For example, you want to move filename.txt to
the /home/username/Documents directory:
• mv filename.txt /home/username/Documents.
• You can also use the mv command to rename a file:
• mv old_filename.txt new_filename.txt
8. mkdir: Use the mkdir command to create one or multiple directories at
once and set permissions for each of them. Eg. mkdir Music
Chapter One: Introduction to System and Network Administration

9. rmdir command
• To permanently delete an empty directory, use the rmdir command.
Remember that the user running this command should
have sudo privileges in the parent directory.
• For example, you want to remove an empty subdirectory
named personal1 and its main folder mydir: rmdir -p
mydir/personal1
10. rm command
• The rm command is used to delete files within a directory. Make sure that
the user performing this command has write permissions.
• Remember the directory’s location as this will remove the file(s) and you
Chapter One: Introduction to System and Network Administration
• To remove multiple files, enter the following command:
• rm filename1 filename2 filename3
Here are some acceptable options you can add:
• -i prompts system confirmation before deleting a file.
• -f allows the system to remove without a confirmation.
• -r deletes files and directories recursively.
Chapter One: Introduction to System and Network Administration

11. find command

• Use the find command to search for files within a specific directory and
perform subsequent operations. Here’s the general syntax:
• find [option] [path] [expression]
• For example, you want to look for a file called notes.txt within
the home directory and its subfolders:
• find /home -name notes.txt
• Here are other variations when using find:
• find -name filename.txt to find files in the current directory.
• find ./ -type d -name directoryname to look for directories.
Chapter One: Introduction to System and Network Administration

12. chmod command:

• chmod is a common command that modifies a file or directory’s read,
write, and execute permissions.
• In Linux, each file is associated with three user classes – owner, group
member, and others.
• Here’s the basic syntax:
• chmod [option] [permission] [file_name]
• For example, the owner is currently the only one with full permissions to
change note.txt.
• To allow group members and others to read, write, and execute the file,
change it to the -rwxrwxrwx permission type, whose numeric value
Chapter One: Introduction to System and Network Administration

13. chown command

• The chown command lets you change the ownership of a file, directory,
or symbolic link to a specified username.
• Here’s the basic format:
• chown [option] owner[:group] file(s)
• For example, you want to make linuxuser2 the owner of filename.txt:
• chown linuxuser2 filename.txt
14. useradd and userdel command
• Eg. useradd[option] username password xxxxx. userdel username
There are many others and read more and try it …
Chapter Two: Access Control
Account Control
o Nobody in an organization should have free rein to access any resource.
o Access control is an essential element of security that determines who
is allowed to access a certain data, apps, and resources and in what
circumstance (read, write and execute).
o Access control is one of the easiest and most effective ways to meet your
security needs.
o Access control is the combination of policies and technologies that
decide which authenticated users may access which resources.
o Security requirements, infrastructure, and other considerations lead
companies to choose among the most common access control models:
Chapter Two: Access Control

Managing users and groups is large part of your job as a system

administrator.
User accounts
▪ Provide access
▪ Limit access
▪ Identify and track users actions
How are users and groups tracked? How else can it be? It is through files.
– Everything in Linux is a file. Remember? • To maintain user and group
information
– /etc/passwd: to store info about user accounts
– /etc/group: to stores information about groups
Chapter Two: Access Control

User
• User isn’t necessary a person
• Some user accounts exist only to execute the processes required by a
specific service
• In most cases, user means a particular individual who can log in, edit files,
run programs, and make use of the system.
Each user has a username that identifies him
• When adding a new user account to the system,
– the administrator assigns the username a user identification number (UID)
– Internally, the UID is the system's way of identifying a user
– The username is just mapped to the UID
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control

NB: tutonics2 is the name of the user

Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
Chapter Two: Access Control
▪ Identity and Access Management is an extremely vital part of information
security.
▪ An access control model is a framework which helps to manage the
identity and the access management in the organization.
The types of access control models: discretionary, rule-based, role-
based, attribute-based and mandatory access control model.
▪ Every model uses different methods to control how subjects access
objects.
▪ While one may focus on rules, the other focus on roles of the subject.
▪ As a security professional, we must know all about these different access
control models.
Chapter Two: Access Control

1. What is mandatory access control (MAC)?

❖ MAC uses a centrally managed model to provide the highest level of
security.
❖ A non-discretionary system, MAC reserves control over access policies to a
centralized security administration.
❖ MAC works by applying security labels to resources and individuals.
❖ These security labels consist of two elements:
❖ Classification and clearance
❖ MAC relies on a classification system (restricted, secret, top- secret, etc.)
that describes a resource’s sensitivity.
Chapter Two: Access Control
• Users’ security clearances determine what kinds of resources they may
access.
Compartment
▪ A resource’s compartment describes the group of people (department,
project team, etc.) allowed access.
▪ A user’s compartment defines the group or groups they participate in.
❖ A user may only access a resource if their security label matches the
resource’s security label.
❖ MAC originated in the military and companies’ most sensitive resources.
Banks and insurers, for example, may use MAC to control access to
customer account data.
Chapter Two: Access Control

2. What is discretionary access control (DAC)?

▪ Discretionary access control decentralizes security decisions to
resource owners.
▪ The owner could be a document’s creator or a department’s system
administrator.
▪ DAC systems use access control lists (ACLs) to determine who can
access that resource.
▪ These tables pair individual and group identifiers with their access
privileges.
▪ The sharing option in most operating systems is a form of DAC.
▪ For each document you own, you can set read/write privileges and
Chapter Two: Access Control

3. What is role-based access control (RBAC)?

▪ Role-based access control grants access privileges based on the work that
individual users do.
▪ Implementing RBAC requires defining the different roles within the
organization and determining whether and to what degree those roles
should have access to each resource.
▪ Is becoming one of the most widely adopted control methods.
▪ For some, RBAC allows you to group individuals together and assign
permissions for specific roles.
▪ If you decide to use RBAC, you can also add roles into groups or directly to
users.
Chapter Two: Access Control

4. Attribute-Based Access Control (ABAC)

• Attribute-Based Access Control (ABAC) is a security model that controls access to
resources based on attributes associated with users, resources, and the environment.
• It is a flexible and dynamic approach compared to traditional role-based access control
(RBAC).
Example:
• A user from the Finance Department can view payroll data only during business hours.
• An intern cannot delete company records.
Chapter Two: Access Control

File Permissions
▪ Access to files in Linux is based on permissions
▪ Each user and group has different permissions regarding access to files
▪ Available permissions – read, write, execute, and no permission
Three types of users in Linux
– User: username of the person who owns the file
– Group: set of users
– Other: user who isn't the owner of the file and doesn't belong in the same
group the file does.
• Everyone else other than user and group.
Chapter Two: Access Control

Permissions are assigned separately for user, group and other

– Each will be given permission for read, write, and execute.
Viewing existing permission: ls –l
o d = directory
o - = regular file
o l = symbolic link
o r = read permission
o w = write permission
o x = execute permission
o - = no permission
Chapter Two: Access Control

1. How Read, Write, and Execute Permissions Are Represented

▪ File permissions are identified through file mode bits.
▪ These bits represent what actions can be carried out by specific user
accounts.
▪ For example, if you run the command ls -l to list the files in the current
directory, you'll see something similar to this at the beginning of each line
in the results:
-rwxrwxrwx
▪ The repeated rwx sequences represent the notion of read (r), write (w),
and execute (x) permissions for user, group, and other (in that order).
Chapter Two: Access Control
▪ Hence the -rwxrwxrwx above indicates that user, group, and other have
read, write and execute permissions for that file or in other words: the
owner of the file, anyone in the file's group, and everybody else has read,
write, and execute permissions for that file).
▪ Note that the leading (-) you'll see in permissions like -rwxrwxrwx simply
indicates that this is a normal file (file type regular).
▪ 2. File Types The possible file types you may see are depicted by
preceding the permissions by one of these:
▪ - = Regular File
▪ d = Directory
▪ l = Symbolic Link
Chapter Two: Access Control
▪ Here are a few more examples of what you might see:
▪ -rw-rw-r-- A regular file, readable and writeable by user and group, but only readable by
everybody else.
▪ drwxr-xr-x
▪ Note that the d above indicates that the permissions are for a directory (i.e. the file's type is
a directory). This directory is readable, writeable, and executable by "user" whilst only
readable and executable by "group" and "other". Also note that for directories, the execute
mode bit x indicates access / searchability of that directory for a particular category of user.
▪ -rw------- The above permissions show that the owner of this regular file has read and write
permission but nobody else has any permissions for that file.
Chapter Two: Access Control

3. A File's "User" And "Group"

▪ The user name shown in the image above is the name of the user account
which owns the file (normally the creator, but this can be changed using
chown) whilst the group name is the creator's primary group (this can be
changed using chgrp).
▪ By default in Ubuntu, the default primary group is a group with the same
name as the user.
Chapter Two: Access Control

Changing File Permissions

- Chmod
- The chmod command is used to change the various permission bits of a
file or directory.
- The command takes the general form: chmod MODE file There are two
ways to represent the MODE:
1. Using symbolic modes (letters to indicate the categories and permission)
2. Using numeric modes (An octal (base 8) number that represents the
mode)
• Using the "numeric modes" way of setting these permissions is shorter
than the symbolic method, but not as flexible because you can't build on
Chapter Two: Access Control
▪ In Ubuntu / Linux everything is a file, so everything will have permissions
also.
▪ File permissions define which user or system accounts have permissions
to read, write, and execute specific files.
▪ Read write Permission Permissions can also be indicated and set using the
octal number program.

▪ The command chmod 755 cs.txt will permit the above privileges fore a specific files for the
owner, group, and others.
Chapter Two: Access Control

Using Symbolic Modes

▪ With chmod In order to change the permissions of a file using symbolic
permissions, use the command format: chmod SYMBOLIC-MODE
FILENAME where SYMBOLIC-MODE is the symbolic representation of
permissions (which we describe below) that you wish to apply to
FILENAME.
▪ The letters for user, group, and other are u, g, and o respectively.
▪ The letter a is used to mean all three of these categories.
Chapter Two: Access Control
▪ [ugoa...][[+-=][permissions...]...]
▪ So, the operations available are:
✔ + (add the permissions to what currently exists).
✔ - (remove the permissions from what currently exists).
✔ = (set to this value only, replacing existing permissions).
▪ When you combine the above with the permission letters r, w, and x you
can run chmod commands like those shown below.
▪ For example, to use chmod to set permissions of file "filename" to -
rwxrwxrwx you could run: chmod a=rwx filename
Chapter Two: Access Control
▪ chmod ugo+=rwx filename Regarding just the symbolic mode part of the
command, here are a few more examples: To add read permission for all:
a+r
▪ To remove permissions for all: a-r
▪ To add execute permissions for all: a+x
▪ To remove execute permissions for all: a-x
▪ To assign read, write permissions only for user and group: ug=rw
▪ To add read, write permissions to user and group to the permissions that
already exist: ug+=rw
▪ To remove execute permissions from group and other (i.e from all users
except the file's owner): go-x
Chapter Two: Access Control

Using Numeric Modes With Chmod

• To set the permissions of a file or directory using numeric modes, simply
use the format:
• chmod OCTAL-MODE FILENAME where OCTAL-MODE is the octal form of
the permissions.
• For example, to set the permissions of filename to -rw-r--r– you could run
the command: chmod 644 filename.
• To change permissions to –rwxrwxrwx you could use the command:
chmod 777 filename
• Be careful when setting permissions to 777 as this means every single
user account can read, write, and execute that file.
Chapter Two: Access Control

Permissions: Octal Representation

Sometimes, you'll see permissions referred to numerically in base 8 octal
(i.e. using digits 0-7).
Chapter Two: Access Control
▪ So for example, using the table above, we can see that the file
permissions -rwxrwxrwx can be represented in octal as 777 (because each
rwx translates to an octal digit 7).
▪ Note that the octal number refers to permissions, the file type does not
matter.
▪ So, if we wanted to represent the permissions drwxrwxrwx of a directory
in octal, the same octal number 777 would also apply. Look the following
octal equivalents.
Chapter Two: Access Control

Umask - Configuring Default File / Directory Permissions

o When a user creates a file, how does the system determine that file's
initial permissions?
o This is done based on the user's umask value.
o The umask value specifies which permissions are not to be set.
o In Ubuntu, the default umask value for a normal user is 002, while the
default for root is 022.
o You can find out the current umask value (or set it) using the
umaskcommand.
o If (as a normal user) you run the command: umask
o You'll see something like 0002 displayed, however octal numbers are
Chapter Two: Access Control
• This value is an octal (base 8, digits 0-7) value which is subtracted from a
base value of 777 for directories, or subtracted from a base value of 666
for files.
• A umask of 002 basically means don't remove any permissions from the
base value for "user" or "group", but "other" is not allowed write
permission (write permission is octal 2, or binary 010 meaning -w-).
• So if we create a new file:
• touch newfile.txt
• The file permissions for this new file will be 666-002 = 664, i.e. rw-rw-r--
(readable and writeable by user and group, but only readable by everyone
else).
Chapter Two: Access Control
• The file permissions for the directory newDir will be 777-002 = 775,
• i.e. drwxrwxr-x (readable, writeable, executable by user and group, but
only readable and executable by everyone else).
• If you wish to set the umask value to something else, simply use umask
command like so: umask newvalue where "newvalue" is an octal number
representing which permissions you do not want to be set when files are
created.
Chapter Three: File Systems and Management of Data Storage

▪ Files are used to provide a uniform view of data storage by the operating
system.
▪ All the files are mapped onto physical devices that are usually non
volatile so data is safe in the case of system failure.
File Attributes
• The attributes of a file may vary a little on different operating systems.
However, the common file attributes are −
Name
• This denotes the symbolic name of the file. The file name is the only
attribute that is readable by humans easily.
Chapter Three: File Systems and Management of Data Storage

Identifier
• This denotes the file name for the system. It is usually a number and
uniquely identifies a file in the file system.
Type
• If there are different types of files in the system, then the type attribute
denotes the type of file.
Location
• This points to the device that a particular file is stored on and also the
location of the file on the device.
Chapter Three: File Systems and Management of Data Storage

Size
• This attribute defines the size of the file in bytes, words or blocks. It may
also specify the maximum allowed file size.

Protection
• The protection attribute contains protection information for the file such
as who can read or write on the file.
Chapter Three: File Systems and Management of Data Storage

The operations that can performed on a file are −

Creating a file
• To create a file, there should be space in the file system.
• Then the entry for the new file must be made in the directory.
• This entry should contain information about the file such as its name, its
location etc.

Reading a file
• To read from a file, the system call should specify the name and location
of the file.
Chapter Three: File Systems and Management of Data Storage

Writing a file
• To write into a file, the system call should specify the name of the file
and the contents that need to be written.
• There should be a write pointer at the location where the write should
take place.
• After the write process is done, the write pointer should be updated.

Deleting a file
• The file should be found in the directory to delete it. After that all the file
space is deleted so it can be reused by other files.
Chapter Three: File Systems and Management of Data Storage

Repositioning in a file
• This is also known as file seek. To reposition a file, the current file value
is set to the appropriate entry. This does not require any actual I/O
operations.

Truncating a file
• This deletes the data from the file without destroying all its attributes.
Only the file length is reset to zero and the file contents are erased. The
rest of the attributes remain the same.
Chapter Three: File Systems and Management of Data Storage

⮚ In Linux, files are arranged in a hierarchical structure of directories or

folders.
⮚ A directory is simply a container for your files or sub directories.
⮚ Directories can further have subdirectories.
⮚ The Linux file structure spans in a manner similar to branches of a tree
and is hence commonly referred to as a tree structure.
⮚ It begins with a root directory, which is referenced using /, or forward
slash, on the terminal.
⮚ The root directory contains a number of system directories and files that
govern your Linux system.
Chapter Three: File Systems and Management of Data Storage

Logical Volume Management

⮚ Logical Volume Manager (LVM) is used on Linux to manage hard
drives and other storage devices.
⮚ Logical volume management (LVM) is a form of storage virtualization that offers system
administrators a more flexible approach to managing disk storage space than traditional
partitioning.
⮚ As the name implies, it can sort raw storage into logical volumes,
making it easy to configure and use.
⮚ LVM to create partitions, physical volumes, logical volumes, and
filesystems on a hard disk, extend, and remove our newly created
Chapter Three: File Systems and Management of Data Storage

• LVM is a method of disk space management in the Linux operating system (OS).
By creating a layer of abstraction over physical storage, LVM also allows system
administrators (sys admins) to manage storage volumes across multiple
physical hard disks.
• LVM first became available in Fedora Linux.
• Over time, LVM version 2 (LVM2) evolved, and it is now available in other Linux
versions like RedHat
• An appropriate LVM tool makes it easy to allocate hard drives to physical volumes,
create logical volumes from the physical volumes, and ultimately, increase the size
of a hard drive partition.
Chapter Three: File Systems and Management of Data Storage
Example:
▪ Suppose there are three disks of 1 terabyte (TB) capacity each.
▪ Each of these physical disks is a physical volume (PV), designated PV 1, PV 2, and PV 3.
▪ The total or aggregate available physical storage is 3 TB.
▪ All three disks are added to Volume Group 1.
Two logical volumes (LVs) are created from the volume group: LV1 and LV2. Each LV has a
capacity of 1.5 TB.

Other LV combinations with different capacities can also be created, such as the following:
•3 LVs of capacities 1 TB, 500 gigabytes (GB), 1.5 TB.
•4 LVs of capacities 500 GB, 500 GB, 1 TB, and 1 TB.
•5 LVs of capacities 500 GB, 500 GB, 500 GB, 500 GB, 1 TB.
In this way, LVM adds flexibility to storage needs without increasing the complexity of
storage management.
Chapter Three: File Systems and Management of Data Storage

Contents:
o How to install LVM on major Linux distros
o How to create partitions
o How to create physical volumes
o How to create a virtual group
o How to create logical volumes
o How to create a filesystem on logical volumes
o How to extend a logical volume
o How to remove a logical volume
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage

✔ Install LVM on major Linux distros

✔ Your Linux system may already have LVM installed, but it doesn’t come
installed by default on every distro.
✔ Use the appropriate command below to install LVM with your system.
✔ To install LVM on Ubuntu, Debian, and Linux Mint:
$ sudo apt install lvm2
Chapter Three: File Systems and Management of Data Storage

Create partitions
✔ The first thing we will do is create partitions on our disk.
✔ This is to facilitate the creation of physical volumes in the next section,
which can either be created on raw, unpartitioned block devices or single
partitions.
✔ For this example, the disk we’ll be working with is /dev/sdb, which is a
5GB (and currently unpartitioned) hard disk.
✔ We can see our /dev/sdb disk and its pertinent details with the following
command.
# fdisk -l
Chapter Three: File Systems and Management of Data Storage

Finalize your changes by choosing “write,” then exit the utility when done.
We can now see our partition listed when we execute fdisk -l again.
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage
Chapter Three: File Systems and Management of Data Storage

LVM provides several benefits, including:

•Flexibility: It allows for easy resizing of volumes, adding or removing storage devices, and
migrating data between physical devices.
•Performance: By utilizing features like striping and mirroring, LVM can improve disk
performance.
•Reliability: Features like mirroring and snapshots enhance data reliability and provide
mechanisms for backup and disaster recovery.
•Ease of Management: LVM provides a logical layer on top of physical storage devices,
making it easier to manage storage resources.
Chapter Three: File Systems and Management of Data Storage

RAID (Redundant Arrays of Independent Disks)

❖ RAID, or “Redundant Arrays of Independent Disks” is a technique which
makes use of a combination of multiple disks instead of using a single
disk for increased performance, data redundancy or both.
Why data redundancy?
o Data redundancy, although taking up extra space, adds to disk reliability.
This means, in case of disk failure, if the same data is also backed up
onto another disk, we can retrieve the data and go on with the
operation.
o On the other hand, if the data is spread across just multiple disks without
Chapter Three: File Systems and Management of Data Storage

Key evaluation points for a RAID System

✔ Reliability: How many disk faults can the system tolerate?
✔ Availability: What fraction of the total session time is a system in
uptime mode, i.e. how available is the system for actual use?
✔ Performance: How good is the response time? How high is the
throughput (rate of processing work)? Note that performance contains a
lot of parameters and not just the two.
✔ Capacity: Given a set of N disks each with B blocks, how much useful
capacity is available to the user?
Chapter Three: File Systems and Management of Data Storage

• RAID is very transparent to the underlying system.

• This means, to the host system, it appears as a single big disk
presenting itself as a linear array of blocks.
• This allows older technologies to be replaced by RAID without making
too many changes in the existing code. Different RAID levels are:
RAID 0 – striping
RAID 1 – mirroring
RAID 5 – striping with parity
RAID 6 – striping with double parity
RAID 10 – combining mirroring and striping
Chapter Three: File Systems and Management of Data Storage

RAID 0 – dividing data into blocks and spread blocks across multiple disks
Advantages of RAID 0 – dividing data into blocks and spread
across multiple disks
✔ RAID 0 offers great performance, both in read and write
operations. There is no overhead caused by parity controls.
✔ All storage capacity is used, there is no overhead.
✔ The technology is easy to implement.
Disadvantages of RAID 0
✔ RAID 0 is not fault-tolerant.
✔ If one drive fails, all data in the RAID 0 array are lost. It should not be
Chapter Three: File Systems and Management of Data Storage

RAID level 1 – Mirroring

▪ Data are stored twice by writing them to both the data drive (or set of
data drives) and a mirror drive (or set of drives).
▪ If a drive fails, the controller uses either the data drive or the mirror
drive for data recovery and continuous operation.
▪ You need at least 2 drives for a RAID 1 array.
Chapter Three: File Systems and Management of Data Storage

Advantages of RAID 1
• Offers excellent read speed and a write-speed that is comparable to that
of a single drive.
• In case a drive fails, data do not have to be rebuild, they just have to be
copied to the replacement drive. RAID 1 is a very simple technology.
Disadvantages of RAID 1 The main disadvantage is that the effective
storage capacity is only half of the total drive capacity because all data get
written twice.
• Software RAID 1 solutions do not always allow a hot swap of a failed
drive. That means the failed drive can only be replaced after powering
Chapter Three: File Systems and Management of Data Storage

RAID level 5 – Striping with parity RAID 5 is the most common secure
RAID level.
• It requires at least 3 drives but can work with up to 16. Data blocks are
striped across the drives and on one drive a parity checksum of all the
block data is written.
• The parity data are not written to a fixed drive, they are spread across all
drives.
• Using the parity data, the computer can recalculate the data of one of
the other data blocks, should those data no longer be available.
• That means a RAID 5 array can withstand a single drive failure without
Chapter Three: File Systems and Management of Data Storage

• This is a slight modification of the RAID-4 system where the only

difference is that the parity rotates among the drives.
Chapter Three: File Systems and Management of Data Storage

Advantages of RAID 5
• Read data transactions are very fast while write data transactions
are somewhat slower (due to the parity that has to be calculated).
• If a drive fails, you still have access to all data, even while the failed
drive is being replaced and the storage controller rebuilds the data on the
new drive.
Disadvantages of RAID 5
• Drive failures have an effect on throughput, although this is still acceptable.
• This is complex technology.
• If one of the disks in an array using 4TB disks fails and is replaced, restoring
the data (the rebuild time) may take a day or longer, depending on the load
Chapter Three: File Systems and Management of Data Storage

RAID level 6 – Striping with double parity

✔ RAID 6 is like RAID 5, but the parity data are written to two drives.
✔ That means it requires at least 4 drives and can withstand 2 drives dying
simultaneously.
✔ The chances that two drives break down at exactly the same moment
are of course very small.
✔ However, if a drive in a RAID 5 systems dies and is replaced by a new
drive, it takes hours or even more than a day to rebuild the swapped
drive.
✔ If another drive dies during that time in RAID 5, you still lose all of your
Chapter Three: File Systems and Management of Data Storage

RAID 6
Chapter Three: File Systems and Management of Data Storage

Advantages of RAID 6
• Like with RAID 5, read data transactions are very fast.
• If two drives fail, you still have access to all data, even while the
failed drives are being replaced. So RAID 6 is more secure than RAID
5.
Disadvantages of RAID 6
• Write data transactions are slower than RAID 5 due to the
additional parity data that have to be calculated. The write
performance was almost 20% lower.
• Drive failures have an effect on throughput, although this is still
Chapter Three: File Systems and Management of Data Storage

RAID level 10 – combining RAID 1 & RAID 0

❖ It is possible to combine the advantages (and disadvantages) of RAID
0 and RAID 1 in one single system.
❖ This is a nested or hybrid RAID configuration.
❖ It provides security by mirroring all data on secondary drives
while using striping across each set of drives to speed up data
transfers.
Chapter Three: File Systems and Management of Data Storage

Advantages of RAID 10
• If something goes wrong with one of the disks in a RAID 10 configuration,
the rebuild time is very fast since all that is needed is copying all the
data from the surviving mirror to a new drive.
• This can take as little as 30 minutes for drives of 1 TB.
Disadvantages of RAID 10
• Half of the storage capacity goes to mirroring, so compared to
large RAID 5 or RAID 6 arrays, this is an expensive way to have
redundancy.
What about the other RAID levels?
Chapter Three: File Systems and Management of Data Storage

What about the other RAID levels?

✔ RAID-2 consists of bit-level stripping using a Hamming Code parity.
✔ RAID-3 consists of byte-level striping with dedicated parity.
✔ These two are less commonly used.
RAID-6 is a recent advancement that contains a distributed double
parity, which involves block-level stripping with 2 parity bits instead of
just 1 distributed across all the disks.
✔ There are also hybrid RAIDs, which make use of more than one RAID
levels nested one after the other, to fulfill specific requirements.
Chapter Three: File Systems and Management of Data Storage

▪ RAID (Redundant Arrays of Independent Disks) is a technology that

allows multiple hard drives to work together as a single logical unit.
There are several types of RAID configurations, each with its own
advantages and disadvantages.
Advantages of RAID:
▪ Increased data reliability: RAID provides redundancy, which means
that if one disk fails, the data can be recovered from the remaining disks
in the array. This makes RAID a reliable storage solution for critical data.
▪ Improved performance: RAID can improve performance by spreading
data across multiple disks. This allows multiple read/write operations
Chapter Three: File Systems and Management of Data Storage

▪ Scalability: RAID can be scaled by adding more disks to the array. This
means that storage capacity can be increased without having to replace
the entire storage system.
▪ Cost-effective: Some RAID configurations, such as RAID 0, can be
implemented with low-cost hardware. This makes RAID a cost-effective
solution for small businesses or home users.
Disadvantages of RAID:
▪ Cost: Some RAID configurations, such as RAID 5 or RAID 6, can be
expensive to implement because they require additional hardware or
software to provide redundancy.
Chapter Three: File Systems and Management of Data Storage

✔ Performance limitations: Some RAID configurations, such as RAID 1 or

RAID 5, can have performance limitations.
✔ For example, RAID 1 can only read data as fast as a single drive, while
RAID 5 can have slower write speeds due to the parity calculations
required.
✔ Increased risk of data loss: While RAID provides redundancy, it is not
a substitute for proper backups.
✔ If multiple drives fail simultaneously, data loss can still occur.
✔ RAID can be a useful storage solution for many users and organizations,
but it is important to understand the advantages and disadvantages of
Chapter Three: File Systems and Management of Data Storage

• All RAID levels except RAID 0 offer protection from a single drive failure.
• A RAID 6 system even survives 2 disks dying simultaneously.
• For complete security, you do still need to back-up the data stored on a
RAID system.
• That back-up will come in handy if all drives fail simultaneously because
of a power spike.
• It is a safeguard when the storage system gets stolen.
• Back-ups can be kept off-site at a different location.
• This can come in handy if a natural disaster or fire destroys your
workplace.
Chapter Four: Network Management

TCP/IP Networking
TCP – Transmission Control Protocol and IP – Internet Protocol
o TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of
communication protocols used to interconnect network devices on the Internet.
o It provides a set of rules for how data should be formatted, transmitted, and
received over networks.
o TCP/IP is the foundation of the modern internet and is used for a wide range of
applications, from web browsing to email to file transfer.
o TCP defines how applications can create channels of communication across a
network.
Chapter Four: Network Management

o It manages how a message is assembled into smaller packets before they are
transmitted over the internet and reassembled in the right order at the
destination address.
o IP defines how to address and route each packet to make sure it reaches the right
destination.
o IP (Internet Protocol): IP is responsible for addressing and routing packets of data
so they can travel across networks and reach their intended destination.
o Each device on a network is assigned a unique IP address.
o TCP (Transmission Control Protocol): TCP is a connection-oriented protocol
that provides reliable, ordered delivery of data between devices on a network.
Chapter Four: Network Management

Configuring a Linux Box for Networking

o Configuring networking on a Linux box involves setting up your network interface
and assigning it an IP address and other network settings.
There are two main approaches:
1. Using Configuration Files: This is the traditional method and involves editing text
files that define network settings for each interface.
The location and format of these files can vary depending on your Linux distribution.
• RedHat-based systems: /etc/sysconfig/network-scripts/ifcfg-<interface> (e.g., /
etc/sysconfig/network-scripts/ifcfg-eth0 for the first ethernet interface)
• Ubuntu-based systems: /etc/netplan/01-netcfg.yaml (uses YAML format)
Chapter Four: Network Management

Configuration Options:
• IPADDR: Assigns the IP address to the interface.
• NETMASK: Defines the subnet mask for your network.
• BROADCAST: Sets the broadcast address for the subnet.
• ONBOOT: Controls if the interface starts automatically at boot (set to yes or no).
• There are other options for setting up DNS servers, gateways, etc.
2. Using a GUI Tool: Many Linux distributions offer a graphical user interface (GUI)
tool for configuring networking.
• This tool typically resides in the network settings of your desktop environment.
• It provides a user-friendly interface to set up IP addresses, DNS servers, and other
network parameters.
Chapter Four: Network Management

✔ Configuring a Linux box for networking involves several steps to ensure that it can
communicate with other devices on the network and access the internet.
Here's a general guide to configuring network settings on a Linux system:
1. Check Network Interfaces: First, you need to identify the network interfaces
available on your Linux box.
✔ You can do this using the ifconfig or ip addr command. Common network
interfaces include eth0 (Ethernet) and wlan0 (Wi-Fi).
2. Edit Network Configuration Files: Network configuration files are typically located
in the /etc/network/ directory or /etc/sysconfig/network-scripts/ directory,
depending on the Linux distribution you're using.
Chapter Four: Network Management

3. Configure Network Settings: Within the network configuration file, you can set
various parameters such as IP address, subnet mask, gateway, DNS servers, and
more.
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8 8.8.4.4
Apply Changes: After editing the network configuration file, save your changes and
Chapter Four: Network Management

• Verify Connectivity: Once the configuration is applied, verify that your Linux box
can communicate with other devices on the network and access the internet.
• You can use commands like ping, traceroute, or curl to test connectivity.
ping google.com
traceroute google.com
• Configure Additional Network Settings (Optional): Depending on your network
setup, you may need to configure additional settings such as firewall rules, VLANs,
bonding, or bridging.
• Refer to the documentation specific to your Linux distribution for detailed
instructions on configuring these features.
Chapter Four: Network Management

How to Configure and use Linux as a Router

• On an IP network, two computers can communicate only if they belong
to the same IP subnet.
• If two computers belong to different IP subnets, they need a router to
connect.
• A router is a special device that not only provides IP forwarding as the
main function but also supports many other IP-based features such as;
packet filtering, voice over IP, IP firewall, etc.
• A router is an expensive device. Configuring it is also a complex task.
• If you have a Linux system and need only IP forwarding, you can use it.
Chapter Four: Network Management

• Configuring Linux as a router involves setting up the necessary networking

components and configuring the Linux kernel to forward packets between different
network interfaces.
• Here's a basic guide on how to configure and use Linux as a router:
1.Ensure Network Interface Cards (NICs) are installed: You need at least two NICs
installed in your Linux system to act as a router, one for the external network (usually
WAN) and another for the internal network (usually LAN).
2.Enable IP forwarding: By default, IP forwarding is disabled on many Linux
distributions. You can enable it temporarily by running the following command:
sudo sysctl -w net.ipv4.ip_forward=1
Chapter Four: Network Management

3. Assign IP addresses: Assign IP addresses to each network interface. You can do

this using the ip command or by editing the network configuration files. For example:
• sudo ip addr add 192.168.1.1/24 dev eth0 # Internal network interface
• sudo ip addr add 10.0.0.2/24 dev eth1 # External network interface
4. Set up NAT (Network Address Translation): If your internal network uses private
IP addresses and you want to allow devices on that network to access the internet,
you need to set up NAT.
Use iptables to configure NAT:
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Chapter Four: Network Management

5. Set up DHCP: If you want your router to assign IP addresses to devices on your
internal network dynamically, you can install and configure a DHCP server such as
dhcpd or dnsmasq.
6. Configure routing: If your internal and external networks are on different subnets,
you may need to configure static routes or use a dynamic routing protocol such as
OSPF or RIP to ensure that packets are routed correctly between them.
7. Firewall Configuration: Optionally, configure firewall rules using iptables or
another firewall management tool to control which packets are allowed to pass
through your router.
8. Testing: Once configured, test your router by connecting devices to both the
Chapter Four: Network Management

Apache Web Server

▪ Majority of web servers around the world use Apache or Apache HTTP
Server software.
▪ Apache Web Server is quite fast, secure and can be customized easily for
different environments by using extensions and modules.
▪ Apache runs smoothly on both Windows and Linux web servers.
▪ Is an open source software developed and maintained by the Apache
Software Foundation.
▪ Apache HTTP Server is not a physical server, but rather a software that
runs on a server.
Chapter Four: Network Management

What is a Web Server?

✔ The primary function of Web Server is to store, process and serve the
web pages to the clients. It uses HTTP protocol to bring the user the
webpage he wants to see.
✔ Apache helps in establishing a connection between a server and the
browsers of website visitors (Firefox, Google Chrome, Safari, etc.) while
delivering files back and forth between them (client-server structure).
Chapter Four: Network Management

✔ The browser requests for a specific file or resource and initiates the
process.
✔ In response, Web Server read the request and grab the resources and
serve them as web pages so the user can interpret them.
✔ All the communication occurs via HTTP or HTTPS.
✔ It is not as easy as it looks.
✔ Many users are requesting different web pages at the same time.
✔ Web Server has to respond to all requests and provide the correct
files to each one.
Chapter Four: Network Management

Why Choose Apache?

⮚ Apache is open-source software, which means that the source code
can be viewed and collaborated for free.
⮚ Being open-source has made apache very popular for developers who
have built and configured their modules to apply specific features and
improve their core functionality.
Alternative of Apache
• Nginx, LiteSpeed Web Server, Microsoft Internet Information Services (IIS), etc…
Chapter Four: Network Management

Pros of Apache Server:

▪ Apache is open-source, and anyone can get it for free
▪ Customizable code can be adjusted to the needs
▪ Ability to add more features and modules to improve functions
▪ Highly reliable and excellent performance and Highly flexible Web Server
▪ Apache is straightforward to install
▪ Immediate recording of changes
▪ Can be run on every operating system
▪ Actively maintained and upgraded by a community
▪ Impressive Documentation that is quite extensive and helpful
Chapter Four: Network Management

Cons of Apache Server

▪ Ability to modify the configuration offered an invitation to various threats
when you meddled with code, insecure gates open.
▪ Again, the customization means new bugs and errors.
▪ Debugging means time and resources consumption
▪ Recognizing and disabling unwanted services and modules.
▪ Performance issues on extremely traffic-heavy websites.
Chapter Four: Network Management
Chapter Four: Network Management

2. Installing Apache
✔ To install Apache, install the latest meta-package apache2
by running:
• sudo apt update
• sudo apt install apache2
✔ After letting the command run, all required packages are installed
and we can test it out by typing in our IP address for the web server
✔ After that if you type “localhost” in your browser, you will get the
following interface if you are installed apache web server successfully.
Chapter Four: Network Management
Chapter Four: Network Management

3. Creating Your Own Website

⮚ By default, Apache comes with a basic site (the one that we saw in the
previous step) enabled. We can modify its content in /var/www/html or
settings by editing its Virtual Host file found in /etc/apache2/sites-
enabled/000-default.conf.
⮚ We can modify how Apache handles incoming requests and have
multiple sites running on the same server by editing its Virtual Hosts
file.
⮚ Today, we’re going to leave the default Apache virtual host configuration
pointing to www.example.com and set up our own at gci.example.com.
Chapter Four: Network Management

• We have it named gci here but any name will work, as long as we point
to it in the virtual hosts configuration file later.

• Now that we have a directory created for our site, lets have an HTML file
in it.

• Let’s go into our newly created directory and create one by typing:

• cd /var/www/gci/ nano index.html

Chapter Four: Network Management

Paste the following code in the index.html file:

<html>
<head>
<title> Ubuntu rocks! </title>
</head>
<body>
<p> I'm running this website on an Ubuntu Server server!
</body>
</html>
And save your files.
Chapter Four: Network Management

• Now let’s create a VirtualHost file so it’ll show up when we type

in gci.example.com.
4. Setting up the VirtualHost Configuration File
• VirtualHosts allow a single Apache server to host multiple websites or domains on the
same IP address or port
• We start this step by going into the configuration files directory:
• cd /etc/apache2/sites-available/
• Since Apache came with a default VirtualHost file, let’s use that as a
base. (gci.conf is used here to match our subdomain name):
• sudo cp 000-default.conf gci.conf
Chapter Four: Network Management

✔ We should have our email in ServerAdmin so users can reach you in

case Apache experiences any error:
✔ ServerAdmin [email protected]
✔ We also want the DocumentRoot directive to point to the directory our
site files are hosted on:
✔ DocumentRoot /var/www/gci/
✔ The default file doesn’t come with a ServerName directive so we’ll have
to add and define it by adding this line below the last directive:
✔ ServerName gci.example.com
• This ensures people reach the right site instead of the default one when
they type in gci.example.com. We done configuring our site, save and
Chapter Four: Network Management

5. Activating VirtualHost file

✔ After setting up our website, we need to activate the virtual hosts
configuration file to enable it.
✔ We do that by running the following command in the configuration file
directory:
✔ sudo a2ensite gci.conf : apache to enable site
✔ You should see the following output
Enabling site gci.
To activate the new configuration, you need to run:
service apache2 reload
Chapter Four: Network Management
Chapter Four: Network Management

Configuring a DNS server (BIND)

❖ BIND (Berkeley Internet Name Domain) is the most widely used software for managing
DNS (Domain Name System) servers on the internet.
❖ It provides the functionality needed for translating domain names into IP addresses and
vice versa, facilitating the routing of internet traffic.
Alternatives of BIND
• PowerDNS
• Unbound
• NSD (Name Server Daemon)
• CoreDNS
Chapter Four: Network Management

How to use the Linux BIND command to install and configure DNS
• Much like a phone book, a domain name system (DNS) bridges the
communication gap between humans and computers by matching
domain names to their respective Internet Protocol (IP) addresses.
How Does DNS Work?
• When users enter a domain name into the address bar of their web
browser, they will be taken to the site they want to visit.
• However, this seemingly instant task consists of several steps known as
the DNS lookup or DNS resolution process.
Chapter Four: Network Management

What DNS Servers Are Involved in Loading a Website?

• If your computer can’t find a matching IP address in your hosts file
or cache, it will submit your DNS query or request to a network of four
DNS servers.
1. DNS Resolver
• The DNS resolver or recursive resolver acts as the primary
intermediary between a computer and other DNS servers. Its purpose
is to forward a request to other domain name system servers and
then send it back once fulfilled.
• When the DNS resolver receives a request, it will first search its
Chapter Four: Network Management

• However, if no match is found in its cache, the DNS resolver will

send the request to the next DNS server – the root nameserver.
2. Root Nameserver
• The root nameserver or root DNS server is at the top of the DNS
hierarchy.
• Think of it as a bank of reference.
• It doesn’t keep the information you’re looking for, which is the IP
address to match the domain name – but it gives directions to where
it can be found.
• Once the root nameserver receives a request from the recursive DNS
Chapter Four: Network Management

TLD Nameserver
• The TLD nameserver is a DNS server function that is responsible for
storing and managing information about domain names that use
a specific top-level domain (TLD).
• A TLD is the far end of a domain name, such as .com, .org, .online,
and .net.
• If your query is to find the IP address of hostinger.com, the root
nameserver will redirect the DNS recursive resolver to the .com TLD
nameserver.
• Next, the TLD nameserver will inform the resolver about the location of
Chapter Four: Network Management

Authoritative Nameserver
• The authoritative nameserver or authoritative DNS server is the
final authority in the DNS resolution process.
• It stores all information related to the domain name you want to
visit, including its IP address. The recursive resolver will obtain the
IP address and send it back to your computer, directing you to the site.
• Finally, the domain name system resolver performs DNS caching,
storing IP addresses collected from authoritative nameservers as
temporary data.
• In other words, DNS caching makes it so that the next time you want to
Chapter Four: Network Management

• Sending a request from the DNS client to the DNS server is called
a lookup request.
• Getting a response from the DNS server to the DNS client is called
a lookup response.
• The system on which the DNS service is configured is called a DNS
server.
• The system that accesses the DNS server is called a DNS client.
Chapter Four: Network Management
Chapter Four: Network Management
Chapter Four: Network Management
Chapter Four: Network Management

Configuring Mail Transfer Agents – Postfix

⮚ A mail server can have many names: mail relay, mail router, and Internet mailer. But
the most common alias is an MTA.
⮚ This may refer to a mail transfer agent, a message transfer agent, or a mail
transport agent.
⮚ No matter which name you use, MTAs play an essential role in the Internet
message handling system. They transfer electronic mail messages between users.
What is an MTA?
⮚ A mail/message transfer agent (MTA) is a software that transfers emails between
the computers of a sender and a recipient.
Chapter Four: Network Management

❖ An MTA is just an element of the email delivery process.

❖ It receives an email from the mail/message submission agent (MSA), which, in
turn, receives it from the mail user agent (MUA).
❖ The MUA is commonly known as an email client – an app you use to handle email-
related stuff.
Chapter Four: Network Management

❖ Once the MTA gets the email, relaying comes into play.
❖ That’s why mail transfer agents are often called mail relays.
❖ The email can be forwarded to other MTAs if the recipient is not hosted locally.
❖ Then it hits the mail delivery agent (MDA).
❖ This is the email’s last stopover before it is delivered to the recipient’s mailbox.
❖ The email sending is carried out using SMTP, and for the final stage (MDA to MUA),
POP3 is often used.
Chapter Four: Network Management

To sum up, MTAs do the following:

✔ Accept emails sent from mail user agents
✔ Query the Mail Exchange (MX) records and select a mail server to transfer emails
✔ Send auto-response messages if an email has failed to reach the destination
Chapter Four: Network Management

o Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and
secure, with flexibility in administration.
o Postfix is an open-source mail transfer agent (MTA) that routes and delivers
email on a Unix-like operating system.
o Developed by Wietse Venema, Postfix is widely used due to its security
features, performance, and flexibility.
o It's licensed under the IBM Public License making it free to use and modify.
Other Alternative of MTA are:-
Postfix Exim Postfix Sendma Qmail Microso
il ft
Exchan
ge
Chapter Four: Network Management

Installation and Configuration

Chapter Four: Network Management
Chapter Four: Network Management

o During the installation, you will be asked to choose your general type of mail configuration.
You can choose “Internet Site” and press ok to install postfix with the default values.

Then, you need to enter your FQDN (Fully Qualified Domain Name) as your mail-domain
name.
Chapter Four: Network Management

• After setting up the mail domain, you will be asked to set up the user account of the
system administrator, where all the mail will be redirected to.
• You can use this format “[email protected]” and replace the user and domain
names with those you have.
Chapter Four: Network Management
Chapter Four: Network Management

Proxy Server and Proxy Caching

o It acts as a gateway between you and the internet. It’s an
intermediary server separating end users from the websites
they browse.
o Proxy servers provide varying levels of functionality, security, and
privacy depending on your use case, needs, or company policy.
o It work by facilitating web requests and responses between a user
and web server.
o Typically, a user accesses a website by sending a direct request to its
web server from a web browser via their IP address.
Chapter Four: Network Management

✗A proxy server is basically a computer on the internet with its own IP

address that your computer knows.
✗When you send a web request, your request goes to the proxy
server first.
✗The proxy server then makes your web request on your behalf,
collects the response from the web server, and forwards you the web
Chapter Four: Network Management

✗When the proxy server forwards your web requests, it can make

changes to the data you send and still get you the information that you

expect to see.

✗A proxy server can change your IP address, so the web server

doesn’t know exactly where you are in the world.

✗It can encrypt your data, so your data is unreadable in transit.

✗And lastly, a proxy server can block access to certain web pages,

based on IP address.
Chapter Four: Network Management

Why Should You Use a Proxy Server?

✗To control internet usage of employees and children

✗Bandwidth savings and improved speeds

✗Privacy benefits

✗Improved security

✗Get access to blocked resources - VPN

Chapter Four: Network Management

✗Proxy caching is a feature of proxy servers that stores content on the

proxy server itself, allowing web services to share those resources to

more users.

✗The proxy server coordinates with the source server to cache

documents such as files, images and web pages.

✗Caching Proxy reduces bandwidth use and improves a website's

speed and reliability by providing a point-of-presence node for one

or more back-end content servers.

Chapter Four: Network Management

Squid- is a stable, popular, open-source HTTP proxy.

✗This means that it stores requested Internet objects, such as data on a Web or FTP
server, on a machine that is closer to the requesting workstation than the server.
✗Squid is a widely-used caching proxy server for Linux and Unix platforms.
✗It can be set up in multiple hierarchies to assure optimal response times and
bandwidth usage, even in modes that are transparent to end users.
Chapter Four: Network Management

✗Squid acts as a caching proxy server. It redirects object requests from

clients (in this case, from Web browsers) to the server.

✗When the requested objects arrive from the server, it delivers the

objects to the client and keeps a copy of them in the hard disk

cache.

✗An advantage of caching is that several clients requesting the same

object can be served from the hard disk cache.

✗This enables clients to receive the data much faster than from the
Chapter Four: Network Management

Along with actual caching, Squid offers a wide range of features:

✗Distributing load over intercommunicating hierarchies of proxy

servers

✗Defining strict access control lists for all clients accessing the proxy

server

✗Allowing or denying access to specific Web pages using other

applications

✗Generating statistics about frequently-visited Web pages for the

Chapter Four: Network Management

How to install and configure Squid?

• Step 1: run the following command

Sudo apt update

sudo apt install squid

• Step 2: Go to squid configuration

/etc/squid/squid.conf
Chapter Four: Network Management

TCP/IP Troubleshooting Issues

✔ Any computer connected to a network needs to be able to process
communication protocols.
✔ This requirement has the benefit of offering query commands that give
live feedback on different utilities that operate the network.
✔ The commands that launch those enquirers provide very useful
information for network troubleshooting.
✔ This guide to network troubleshooting commands includes a number of
utilities of which you are probably already aware.
Chapter Four: Network Management

✔ However, the aim of this guide is to provide information on how to get

the best out of these free facilities.
✔ Although network monitoring tools offer better automation, using free
network commands helps the network administrator get a better
understanding of how a network operates.
You will find out about:
• Ping
• Telnet
• TraceRoute
• IPConfig/IFConfig
• Netstat
Chapter Four: Network Management

Ping
✔ Ping command is one of the most helpful network diagnostic tools.
✔ For finding problems for both local network and the wider internet.
✔ To “ping” something on a network means sending an internet packet to a destination
computer or other network device, asking for a response.
✔ That device then sends a packet back to you.
The ping command has two primary uses:
• To check whether your connection to a remote computer works at all.
• To check how healthy that connection is.
Chapter Four: Network Management

• Even if your ping reaches its destination and you get a reply, the ping response will
tell you how long a packet took to return and how many packets have been lost.
• You can use the ping command to diagnose if the connection is too slow or unreliable.
✔ Packets are the fundamental units of the modern internet.
✔ When you send someone data, like a photo, it gets broken up into tiny pieces.
✔ Each packet is marked with a source and destination address and then sent off into
the internet.
✔ These packets pass through many other computers, such as web servers and internet
routers.
✔ Packets keep getting passed along until they reach the target system.
Chapter Four: Network Management

▪ Open Command Prompt or PowerShell, then type a command like "ping

google.com" to test your connection.
▪ Run "ping" followed by an IP address to check if that IP address is
accessible to you.
▪ Run "ping" followed by a domain name (website) to check if the website
is available, and to find the page's IP address.
If the connection is successful, you will get the following replay:
Chapter Four: Network Management

Traceroute
o Traceroute is a command-line tool included with Windows and other operating
systems.
o It is used to track the pathway taken by a packet on an IP network from the
source to the destination. It shows the number of hops (routers) between the
source and the destination and the time taken for each hop.
o If you’re having trouble connecting to a website, traceroute can tell you where the
problem is.
o It can help visualize the path traffic takes between your computer and a web server.
o Tell us more information than the ping command
Chapter Four: Network Management

How Traceroute Works

▪ When you connect to a website – say, howtogeek.com – the traffic has to go through
several intermediaries before reaching the website.
▪ The traffic goes through your local router, your Internet service provider’s routers,
onto larger networks, and so on.
▪ Traceroute shows us the path traffic takes to reach the website and the time
delay.
Example: traceroute google.com
Chapter Four: Network Management

Ifconfig vs ipconfig
✔ ifconfig stands for Interface Configuration. This command displays all the TCP/IP
network configurations of the computer. Eg. ifconfig eth0
✔ We use ifconfig command mainly in Unix-based operating systems.
✔ Initially, the ifconfig command only displays the network configurations of enabled
network devices that are currently connected to the system.
Furthermore, let’s see some of the most common ifconfig commands:
• ifconfig [interface name]: displays the network configuration information of the
specified interface only
• ifconfig -a: displays all the interfaces that are currently available even if they are down.
Chapter Four: Network Management
Chapter Four: Network Management

Netstat
• It displays various network related information such as network connections,
routing tables, interface statistics, connections, multicast memberships etc.,
• Netstat stands for "network statistics".
• Shows list of ports with a specific status and check if a specific port is in use or not and
check which process is using a specific port.
• If you're having difficulties accessing the internet, the netstat command can help
you identify where the problem lies.
• Netstat will display all of your computer's active network connections and the
status of those connections.
Chapter Four: Network Management

• If a connection is not working, netstat can often provide more information about why
it is not working.
• Netstat can also be used to monitor your computer for security threats.
• To view a list of active network connections, open a terminal and type netstat -
tuln.
Chapter Four: Network Management

Remote Administration with SSH and SCP

▪ In the modern world, where working from home has become prevalent and most
organizations use cloud systems, it's not practical to always be physically at a
server to perform an administrative task.
Remote access methods
There are two forms of remote mostly on Unix and other Linux systems:
✔ Secure Shell (SSH) provides a text console on a server, with the option to forward
graphics as needed.
✔ Virtual Network Computing (VNC) provides a graphical login to a system, with a full
desktop in a VNC client.
Chapter Four: Network Management

✔ Both are common, but most sysadmins default to the simplicity, flexibility, and
efficiency of SSH.
✔ SSH (Secure Shell) is a network protocol that enables secure communication
between two devices, often used to access remote servers as well as to transfer
files or execute commands.
✔ SSH was originally developed by Tatu Ylonen in 1995 to replace Telnet, a network
protocol that allowed users to connect to remote computers, most often to test
connectivity or to remotely administer a server.
✔ This was necessary because Telnet was not secured or encrypted in any way.
Chapter Four: Network Management

▪ Today, SSH has become the standard for remote access for many organizations,
and is used by system administrators to manage servers remotely or to securely
connect to their personal computers.
What is SSH access used for?
✔ SSH access is used for a variety of tasks, including remotely logging into servers,
transferring files, and running commands.
✔ Some popular SSH clients include PuTTY (Windows), Terminal (Mac), and Linux Shell.
Chapter Four: Network Management

How does SSH encryption work?

⮚ SSH encryption is a process that uses mathematical algorithms to encode data.
⮚ Sender and receiver of the encoded data can then use a secret key to decode the data.
⮚ This process helps to ensure that the data remains confidential and is not tampered
with during transit. SSH also provides authentication, which helps to prevent
unauthorized access to systems and data.
⮚ There are two main types of SSH encryption: public-key encryption and symmetric
key encryption.
⮚ Public key encryption uses two different keys, one for encoding and one for
decoding, while symmetric uses one encryption key.
Chapter Four: Network Management

How to set up SSH keys

Step 1. You will need to create the SSH KEY. To do this, use the SSH-KEYGEN command.
After that, you need to copy the ssh-key.
Step 2. You will now install the SSH-KEY. To do this, you will use the SSH-COPY-ID
command. This works on a Unix or Linux server.
Step 3. Next, you need to add yourself to the Wheel or Sudo group admin account.
Step 4. Next, you should DISABLE password Login.
Step 5. Now, you need to test your passwordless SSH-KEY Login. To do this, use: the
SSH_USER@server-name command.
Chapter Four: Network Management

SCP (secure copy)

▪ SCP (secure copy) is a command-line utility that allows you to securely copy files
and directories between two locations.
With scp, you can copy a file or directory:
✔ From your local system to a remote system.
✔ From a remote system to your local system.
✔ Between two remote systems from your local system.
▪ When transferring data with scp, both the files and password are encrypted so that
anyone snooping on the traffic doesn’t get anything sensitive.
Chapter Four: Network Management

o The scp command relies on ssh for data transfer, so it requires an ssh key or
password to authenticate on the remote systems.
o To be able to copy files, you must have at least read permissions on the source file
and write permission on the target system.
o Be careful when copying files that share the same name and location on both
systems, scp will overwrite files without warning.
Chapter Four: Network Management

SAMBA
o Samba is an open-source software suite that provides file and print services to
various clients across different operating systems.
o It allows interoperability between Unix/Linux servers and Windows-based
clients on a network.
o It allows these systems to share files, printers, and other resources, making it
possible for users on different platforms to collaborate and access shared
resources transparently.
Chapter Four: Network Management

Main Components and Features

✔ File Sharing
✔ Print Services
✔ Authentication and Authorization
✔ Name Resolution
✔ Security- encrypted communication using the Secure Sockets Layer (SSL)
✔ Cross-Platform Compatibility
Chapter Four: Network Management

Network Information Service

✔ "NIS" typically stands for "Network Information Service."
✔ It's a network service used for distributing system configuration
data such as user and group information, hostnames, and other
network-related information in a distributed computing environment.
✔ It is a remote-procedure-call based client-server system that permits a group of
machines within an NIS domain to share a common set of configuration files.
✔ This allows system administrators to set up NIS client systems with the least
configuration data and add, remove or alter configuration data from a single
location.
Chapter Four: Network Management
Purpose:
● NIS centralizes administration and reduces the need for manually
updating configuration files on each computer in a network.
● It provides a centralized repository for user authentication and
authorization information, simplifying user management in a
networked environment.

Components:
● NIS Server: The server hosts the NIS database, which contains user,
group, and other network-related information.
● NIS Client: Systems that use NIS to retrieve network information from
the NIS server.
Chapter Four: Network Management
Chapter Four: Network Management
● These characteristics are defined in maps, or databases, that specify certain
system information such as user names, passwords, and host names.
● An NIS server is a host that provides configuration information to other hosts on
the network.
● Servers retain a set of maps and run the ypserv daemon, which processes
requests from clients for information contained in maps.
● There are two types of servers: a master server and a slave server.
Master Servers
● A master server is the single host in a particular domain that maintains the
authoritative maps.
● The master server runs ypupdated daemon, which prompts slave servers to
update their copies of the maps (all other hosts in the domain must obtain their
map information from the master server, either directly or indirectly).
Chapter Four: Network Management
● The master server also runs the yppasswdd daemon, which processes requests
to change users' passwords.
● For a small number of hosts, each host can access the master server directly.
● However, for a larger number of hosts in a domain, the master server can become
overloaded.
● To balance the NIS processing load and provide services when the master server
is unavailable, additional hosts can be designated as slave servers.
Slave Servers
● NIS slave servers act as intermediaries between clients and the master server by
keeping exact replicas of the master server's maps.
● All changes to the maps are made on the master server.
Chapter Four: Network Management
● Then, the changes are propagated from the master server to the slave servers.
● Once a slave server is added to the domain, it is able to answer the same queries
that the master is able to answer.
● In this way, slave servers can help with extra load on the master server without
violating the authority of the master server.
● Slave servers also act as a backup in case the master server or the network fails.
Clients
● NIS clients make up the majority of hosts in a NIS domain.
● Clients run the ypbind daemon, which enables client processes to obtain
information from a server.
Chapter Four: Network Management
● Clients do not maintain maps themselves, but rather query servers for system
and user account information. (Clients do not make a distinction between querying
the master server or a slave server.)
● To access system information contained in an map, a client makes a Remote
Procedure Call (RPC) to a server.
● The server searches its local database and returns the requested information to
the client.
NIS Domain
● An NIS domain is a collection of systems that are logically grouped together.
● A group of hosts that share the same set of NIS maps belong to the same domain.
Chapter Four: Network Management
● The hosts are usually grouped together in the domain for a common reason; for
example, when working in the same group at a particular location.
● Each NIS host is assigned to a domain when the system starts.
● The domain name must be set on all hosts that intend to use NIS.
● There is one master server per NIS domain, and the systems in the domain are
typically on the same network.
NIS Maps
● NIS maps are databases that specify certain system information such as user
names, passwords, and host names, in a database format called DBM (Database
Management).
● Each map is constructed from a standard text file by associating an index key with
a value.
Chapter Four: Network Management
How it Works:
● The NIS server maintains a centralized database called the "map,"
which contains various network-related information.
● NIS clients query the NIS server for information like user accounts,
group memberships, and other configuration data.
● When a client needs information, it sends a request to the NIS server,
which responds with the requested information from its database.
Chapter Four: Network Management
Advantages:
● Simplifies user and group management in a networked environment by
centralizing administration.
● Reduces the administrative overhead of managing configuration files on
multiple systems.
● Provides a unified mechanism for authentication and authorization
across the network.

Disadvantages:
● Security concerns: NIS does not encrypt the data it transmits, making it
vulnerable to eavesdropping and other security risks.
● Single point of failure: If the NIS server goes down, NIS may become
unavailable.
Chapter Four: Network Management
What is virtual network computing (VNC)?
● Virtual Network Computing is a platform-independent remote desktop-sharing
application.
● It is a technology that allows users to remotely access and control a computer
desktop or server over a network
● The desktop display of one computer can be controlled remotely by another via a
network.
● VNC is among several kinds of desktop remote-sharing systems available for
professionals.
● With its flexible configuration, VNC is highly popular with IT professionals and
system administrators as it provides a powerful tool to manage remote desktops.
Chapter Four: Network Management
How does VNC work?
● VNC works by using a client-server model.
● The user intending to access the remote computer needs a VNC viewer
application installed on their local machine that connects to the server running on
the remote machine
● VNC operates using a specific protocol known as the VNC protocol.
● This protocol transmits the keyboard inputs and mouse movements from one
computer to another.
● The screen changes made on the computer being controlled are sent to the
controlling computer in the form of small rectangles.
● Upon receipt, the controlling computer updates its display.
Chapter Four: Network Management
Advantages of virtual network computing

1. It facilitates remote access to a computer, allowing users to work from any

location.
2. It is platform-independent, meaning it can operate on different operating systems.
3. It requires minimal technical knowledge, making it user-friendly.

Alternatives to VNC: Remote Desktop Protocol (RDP), Splashtop, and TeamViewer.

● VNC is a good choice for users who need a basic and customizable
remote desktop access solution, while TeamViewer is suitable for users
who require a more feature-rich and user-friendly experience, especially
for commercial use and collaboration.
Chapter Four: Network Management
Port Forwarding
➔ Port forwarding is a crucial concept that often comes into play when engaging in
certain activities.
➔ Whether you’re setting up a game server to facilitate seamless gaming
experiences, hosting your own website directly from your home, or ensuring
remote access to security cameras while you’re away, port forwarding plays a
pivotal role.
➔ The examples above all involve setting up servers to be accessed from an outside
source.
➔ Port forwarding establishes a connection between a router’s public IP address and
the IP addresses and ports of services on a network.
Chapter Four: Network Management
How a router works

➔ A router connects the devices in a network by forwarding data packets

between them.
➔ This allows devices to communicate with each other and the internet.
➔ The router tracks all the devices on the network by assigning a local
IP address to each one.
➔ In the early days of the internet, a modem sufficed for single-device
connections, but with the prevalence of multiple connected devices,
routers became essential.
Chapter Four: Network Management

➔ When you browse the internet, router forwards your request to the
modem.
➔ When the response comes back, the router routes it back to the right
device using its assigned IP address.
➔ This forwarding is necessary because only by the router knows the local
IP addresses assigned to each device in the network.
➔ Any data traveling to your device never ​gets​ there directly. It must be
forwarded.
Chapter Four: Network Management
What are ports?

➔ Local IP addresses are assigned to each device connected to a router.

➔ These IP addresses are only known by the router, unlike public IP
addresses that are used by DNS servers to connect you to the right
server or the one that your router uses to connect to the internet.
➔ But there is another number that works with the IP address that allows
you to connect to the website: the port number.
➔ When you browse an insecure site, one that begins with http, you are
connecting to port 80 on the server.
➔ When you visit a secure site, one that starts with https, you are
connecting to port 443.
Chapter Four: Network Management

Here are the default port numbers of some common applications:

● 22. ​for ​Secure Shell (SSH)​.​

● 80. ​for ​HyperText Transfer Protocol (HTTP)​.​
● 110. ​for ​Post Office Protocol (POP3)​.​
● 443. ​for ​HTTP with Secure Sockets Layer (SSL)​.​
● 3306. ​for ​MySQL database​.​
● 5432. ​for ​PostgreSQL​.​
➢ When you connect to any one of these services, you have to know the
port number.
Chapter Four: Network Management

What is port forwarding?

● Port forwarding is a map between a router’s public IP address and the IP

addresses and ports of the services running on a network.
● It tells your router to relay data that it receives on a specific port to a
specific port on a specific private IP address on the network. ​
● W​hen you set up a server to host your website at home, you have to
add port forwarding rules to your router.
● You do this by finding the IP address of the computer running your
website and setting a rule to forward all traffic on port 80 to that IP
address.
Chapter Four: Network Management
Network Address Translation (NAT)
 It is a service that is used in routers.

 Its purpose is to translate a set of IP address to another set of IP address.

 IP version 4 is the fourth version of the Internet Protocol.

 When the IP version 4 address was created, engineers had no concept of how
big the internet would become.
 So having 4 billion IP version 4 addresses available seemed like more than
enough.
 In fact, the rate of growth has been such that the Internet is effectively doubling in
size each year.
Chapter Four: Network Management
Chapter Six: Managing Network Services

Boot Problem

 A boot problem refers to any issue that prevents a computer from starting up
properly or accessing the operating system.
• Resolving boot problems can be tricky, but here's a general step-by-step guide to
help you troubleshoot and fix common issues:
1. Check Hardware Connections: Ensure all cables, including power and data
cables for hard drives and other peripherals, are securely connected.
• Loose connections can prevent your computer from booting properly.
Chapter Six: Managing Network Services

2. Boot into Safe Mode: Try booting into Safe Mode by pressing F8 or Shift + F8
during startup.
• Safe Mode loads only essential drivers and system services, which can help you
identify if the problem is caused by third-party software or drivers. If you can boot
into Safe Mode, you may be able to troubleshoot further from there.
3. Use System Restore: If your computer was previously working fine, try using
System Restore to revert your system to a previous state where it was functioning
properly.
Chapter Six: Managing Network Services

4. Check BIOS Settings: Ensure that your BIOS settings are correctly configured,
especially settings related to boot order and disk detection.
• Incorrect BIOS settings can prevent your computer from booting into the operating
system.
5. Run Startup Repair: Boot from your Windows installation media and select
"Repair your computer" to access Startup Repair.
• Automatically fix certain boot problems, such as missing or damaged system files.
6. Check Disk for Errors: Boot into the Windows Recovery Environment and run the
"chkdsk" command to check your system drive for errors.
• Go to “cmd” and run as an administrator and type CHKDSK C:
Chapter Six: Managing Network Services

7. Update Drivers and Firmware: Ensure that all device drivers and firmware are
up to date, especially drivers for critical hardware components such as the
motherboard, graphics card, and storage devices.
8. Perform a Clean Boot: Disable unnecessary startup programs and services using
the System Configuration utility (msconfig). This can help identify if a third-party
program or service is causing the boot problem.
9. Repair or Reinstall Windows: If none of the above steps work, you may need to
repair or reinstall Windows. You can perform a repair installation from your Windows
installation media or use the "Reset this PC" feature in Windows Settings.
10. Seek Professional Help or contacting the manufacturer for support.
Chapter Six: Managing Network Services

Backup and restore

 Backup and restore refer to the processes of creating copies of data (backup)
and then using those copies to recover or restore the original data if it is lost,
corrupted, or otherwise damaged.

Backup Methods
1. File Backup: Copying individual files and folders to the backup location.
2. System Image Backup: Creating a complete image of your system drive,
including the operating system and installed programs.
3. Cloud Backup: Using a cloud storage to back up your files over the internet.
Chapter Six: Managing Network Services

Restore
Restore is the process of recovering data from backups when it has been lost,
corrupted, or deleted.
Types:
• File Restore: Recovering individual files or folders from a backup.
• System Restore: Restoring the entire operating system or system drive from
a backup.
Chapter Six: Managing Network Services

Common System Problems and Solutions

1. Slow Performance:
• Check for malware using antivirus software and remove any detected threats.
• Free up disk space by deleting unnecessary files and programs.
• Increase system memory (RAM) if possible.
• Disable startup programs that may be slowing down boot time.
• Upgrade hardware components such as CPU or storage drive if necessary.
2. Internet Connection Issues:
• Restart your router and modem.
• Check network cables and connections.
• Update network drivers. And finally contact the ISP
Chapter Six: Managing Network Services

3. Blue Screen of Death (BSOD):

• Note down the error code displayed on the screen.
• Restart your computer and boot into Safe Mode.
• Update device drivers, especially graphics and chipset drivers.
• Run hardware diagnostics to check for hardware issues.
• Use System Restore to revert to a previous stable state.
4. Software Crashes or Freezes:
• Close the frozen application using Task Manager (Ctrl + Shift + Esc).
• Update the application to the latest version.
• Disable unnecessary background processes.
• Check for disk errors using CHKDSK.
• Reinstall the problematic software if necessary.
Chapter Six: Managing Network Services

5. File System Corruption

• Run CHKDSK to check and repair disk errors.
• Use System File Checker (sfc /scannow) to repair corrupted system files.
• Restore from a recent backup if available.
• Reinstall the operating system as a last resort.
6. Startup Problems:
• Check for loose cables and connections.
• Run startup repair using Windows Recovery Environment.
• Check BIOS/UEFI settings for boot order and configuration.
• Repair or reinstall the operating system if necessary.
Chapter Six: Managing Network Services

Event Viewer

 A Windows utility that logs system, security, and application events, allowing
users to monitor and troubleshoot various aspects of their computer's operation.

 It provides a centralized location to view detailed information about events such as

system errors, warnings, and informational messages, helping users diagnose
issues ranging from software conflicts to hardware failures.

 By analyzing the logs within Event Viewer, users can identify patterns, diagnose
problems, and take appropriate actions to maintain the stability and security of
their system.
Chapter Six: Managing Network Services

• Once you've opened Event Viewer, you'll see a tree structure on the left side
containing different types of logs:
• Application: Logs related to applications.
• Security: Logs related to security events like logon attempts, etc.
• System: Logs related to system events like hardware failures, driver issues, etc.
• Setup: Logs related to system setup and installation.
• Within each category, you'll find specific events listed in the center pane.
• You can click on an event to view more details about it, including its description
and any associated error codes.
• Critical errors are highlighted with a red exclamation mark icon. Look for events with "Critical"
level.
Chapter Six: Managing Network Services

• The Event Viewer can track three kinds of event levels,

including Error, Warning, and Information.
• The "Error" logs, as the name implies, indicate problems that require immediate
attention.
• The "Warning" logs are not necessarily significant.
• However, they might signal that something is not working as expected.
• The "Information" logs are simply events that record normal operation of apps
and services.
Chapter Six: Managing Network Services

Here's how you can access it:

1. Using the Start Menu:
1. Click on the Start menu.
2. Type "Event Viewer" and Enter.

3. Using the Run dialog:

1. Press Win + R to open the Run dialog.
2. Type "eventvwr.msc“ or "eventvwr“ and press Enter.
Chapter Seven: Systems Security

Application and System Security

Application and login security are critical components of overall cybersecurity,
ensuring that access to systems and sensitive data is protected from unauthorized
access and malicious activities.
1. Strong Authentication:
• Password Policies: Enforce strong password requirements, including length,
complexity, and expiration.
• Multi-factor Authentication (MFA): Require users to provide multiple forms of
verification, such as a password and a one-time code sent to their mobile device.
Chapter Seven: Systems Security

2. Secure Login Mechanisms:

• HTTPS: Use HTTPS to encrypt data transmitted between the user's browser and
the application server, preventing eavesdropping and man-in-the-middle attacks.
• Captcha: Implement CAPTCHA or reCAPTCHA to prevent automated login
attempts and protect against brute-force attacks.
3. Access Control:
4. Session Management:
• Session Timeout: Set session timeouts to automatically log users out after a
period of inactivity to prevent unauthorized access to their accounts.
Chapter Seven: Systems Security

Firmware and Bootloaders

• Firmware is program that's written to a hardware device's non-volatile memory.
• Non-volatile memory is a form of static memory where the content is saved when
a hardware device is turned off or loses its external power source.
• Firmware is installed directly onto a piece of hardware during manufacturing.
• Firmware is embedded directly into hardware components such as
microcontrollers, integrated circuits, or other programmable devices.
Chapter Seven: Systems Security

Bootloader
• A bootloader is a critical piece of software running on any system.
• Whenever a computing system is initially powered on, the first piece of code to
be loaded and run is the boot loader.
• A software program that is responsible for “actually loading” the operating
system
• LILO (LInux LOader) and GRUB (GRand Unified Bootloader) are both bootloaders
used in Linux systems to load the operating system kernel into memory during
the boot process.
Chapter Seven: Systems Security

LILO served as the default boot loader for Linux systems for a long time, but GRUB
has recently taken its place.
Chapter Seven: Systems Security
Chapter Seven: Systems Security

Iptable
• Iptables is a firewall application that works with the Linux kernel.
• Controls incoming and outgoing traffic and provides a method to filter, block, or
allow traffic based on criterias, such as port number, IP address, protocol…
• Iptable is designed to protect system from unauthorized access and provide a
secure environment for applications and services.
• Iptables works by defining a set of rules that determine how traffic is handled.
• These rules are stored in kernel and are evaluated for each incoming or outgoing
packet. If a packet matches a rule, it is allowed or blocked based on action
specified in rule.
Chapter Seven: Systems Security

Here's what iptable does:

1.Packet Filtering: Iptables allows you to define rules for filtering incoming and
outgoing network packets based on various criteria such as source/destination IP
addresses, ports, protocols, and packet states
2.Network Address Translation (NAT): This is commonly used for creating NAT
gateways and enabling multiple internal hosts to share a single public IP address.
3.Packet Mangling: Iptables allows you to alter packet headers and modify packet
content using various matching criteria and target actions.
4.Connection Tracking: Iptables maintains a connection tracking table that tracks
the state of network connections.
------------------------------ THE END ------------------------------

Thank You !!!

???