1. The Linux DHCP server dhcpd.conf configuration file is as follows:
1. The default lease period of the client IP address is: 1 hour, analysis, default-lease-time 3600 indicates the default lease period of the IP address, as shown in the following figure:
2. The DHCP client can obtain the IP address of the DHCP server, the IP address of the DNS server, and the IP address of the default gateway from the DHCP server. The IP address of the web server has nothing to do with the DHCP server, and the DHCP client cannot obtain the IP address of the web server.
3. The Linux server startup is to automatically start the DHCP process. The configuration item dhcp=no should be changed to dhcp=yes in the /etc/rc.d/rc.inet1 file. The TCP/IP network configuration in the Linux system is configured in /etc/ rc.d/rc.inet1 file and implemented in /etc/rc.d/rc.inet2 file
4. The /etc/rc.d/rc.inet2 file is mainly used to start some network monitoring processes, such as inetd portmapper, etc.
5. In the Linux system, the default configuration file for installing the DHCP service is /etc/dhcpd.conf
2. Authentication methods supported by IIS
1. NET Passport authentication (anonymous authentication): The username and password are encrypted and sent. If anonymous authentication is enabled, when accessing the site, it is not required to provide authenticated user credentials. When it is necessary to allow everyone to publicly access those without security requirements information, it is most appropriate to use anonymous authentication
2. Integrated windows authentication: username and password are encrypted and sent
(1) Username and password encryption processing, is a secure authentication scheme
(2) This authentication scheme combines Windows NT challenge/corresponding authentication and kerberos v5 authentication
(3) If the user system has an active directory service installed in the domain controller, and the browser supports kerberos v5 authentication, use kerberos v5 authentication
(4) Although the integrated windows authentication scheme is relatively safe, this scheme will not work when establishing a connection through a proxy server. The integrated windows authentication is most suitable for the Internet environment, so that the user and the web server are in the same domain, and the administrator can ensure that each All user browsers are above IE2.0, which is guaranteed to support this authentication scheme
(5) If the Windows authentication scheme is integrated, the user's cotton and linen are not transmitted to the server. If the user logs in to the local computer as a domain user, the user does not need to confirm the identity again when accessing the network computer in the domain.
3. Digest authentication: The username and password are sent encrypted, the username and password are a digest of the information, which provides a moderate level of security, this method can be used if the user wants to allow access to secure information from a public network, digest authentication Overcomes many of the shortcomings of basic authentication
4. Basic authentication: The user name and password are passed in clear text, the user must enter the credentials, and the access is based on the user ID, and the user ID and password are sent between the networks in clear text
Three, Linux operating system configuration file
1.server-name.conf file: the configuration data storage file of the service
2.inet.conf is the initialization file of /usr/sbin/inetd
3.lilo.conf is the configuration file of the multi-boot program lilo in Linux
4.wesolv.conf is the configuration file of DNS domain name resolution service
5.http.conf is the configuration file of Apache Web service in Linux, and the Listen option in it is used to configure the ip address and port number of the service
6. Linux configuration example
Fourth, windows Server 2008 IIS 7.0
1. Windows Server 2008 IIS7.0 provides web services, create a web site and copy the home page file index.asp to the main directory of the web site, add index.asp to the default startup file of the web site, where the default The startup document is a file sent by the web server when it receives a request. The default document can be a website or the home page of an index interface that displays a hypertext listing of the site or folder contents.
2. When configuring the web server, you can specify multiple web sites or folders as default documents. IIS searches according to the default document order and returns the first document it finds. If a match is found, IIS will activate the site or folder. , returns a list of folders, if folder browsing is not activated, IIS returns HTTP Error 403 - Forbidden message to the browser
3. Examples of default document names include default, default.asp and index.htm, etc.
5. FTP
1. The connection established on port 20 when FTP uploads a file is a data connection established on top of TCP
2. FTP adopts client/server mode. The client connects to the server through a TCP connection. The FTP client and server need to establish a dual connection:
(1) Control connection: The control connection uses TCP port number 21; it is used to transmit FTP control commands and command execution information between the FTP client and the FTP server; the control connection remains open during the entire FTP session
(2) The data connection uses the TCP port number (20 in active mode, random in passive mode); it is used to transmit data, including data upload, download, file list sending, etc. The data connection will be terminated after the data transfer is over
3. If Linux users need to change the default port 21 of FTP to port 8800, they can modify the /etc/vsftpd/vsftpd.conf configuration file
4. There are two modes of data connection:
(1) Active mode: When the client sends a data transmission command to the server, the client passively opens the data transmission process on a random port of TCP, and uses the PORT command through the control connection to transmit the data of the client to the port used. The number is sent to the server, the server establishes a data transmission process on TCP port 20, and establishes a data connection with the client's data transmission process
(2) Passive mode: When the client sends a data transmission command to the server, it sends a PASV command to the server through the control connection, requesting to enter passive mode, and the server passively opens the data transmission process on a port 20 of TCP, and passes the PASV command. The response of the command informs the client of the port used by the server data transmission process, and the client actively opens the data transmission process on a random port of TCP, and establishes a data connection with the data transmission process on the server side.
Note: The random port mentioned in the analysis, because the port below 1024 has been occupied by a specific service. For example, HTTP occupies TCP port 80. Usually, the random port refers to the port above 1024.
5. Through the Internet Information Service IIS Manager, the snap-in unit can configure the FTP service. If the control port is set to 2222, the data port is automatically set to 2221
6. Other knowledge points
1. In Windows Server 2008, IIS provides many options for the web, and the option to limit network bandwidth belongs to the Performance tab
2. Example: If a company creates a virtual host with the name www.business.com, it needs to add address records in the DNS server, so that domains with different names point to the same server ip address
3. The Apache server can implement multiple web sites through virtual hosts. The virtual hosts can be IP-based virtual hosts or name-based virtual hosts.
Seven, proxy server
1. The function of the proxy server:
(1) Shared IP address
(2) Information caching: The proxy server provides local caching of remote information to reduce repeated transmission of information
(3) Information forwarding
(4) All users who use a proxy server must access remote sites through the proxy server, so corresponding restrictions can be set on the proxy server to filter or block some information, so the proxy server can play the role of a firewall
(5) Some websites that cannot be accessed directly can be accessed through the proxy server. Domestic colleges and universities mostly use the education network and cannot access some foreign Internet sites, but they can be accessed through the proxy server.
(6) The security has been improved. Whether it is chatting or browsing the website, the destination website can only know that you are from the proxy server, and cannot know your real IP, which improves the security of users.
2. The proxy server is a bit:
(1) Improve the efficiency of client access to the external network
(2) Hide network details within the enterprise
(3) Save IP overhead
(4) Set up user verification and accounting functions, which can be used for accounting by user, and statistics on user access time, location, and information flow
(5) Perform hierarchical management on users, set permissions for different users, filter external or internal Internet addresses, and set different access permissions
(6) Increase the buffer Cache, improve the access speed, and create a buffer for frequently accessed addresses, which greatly improves the access efficiency of popular sites
(7) Connect the internal network and the external network to act as a firewall, because when all internal network users access the outside world through the proxy server, they are only mapped to an IP address, and the outside world cannot directly access the internal network. At the same time, IP address filtering can be set to restrict the internal network. Network access to the outside world
3. The proxy server is essentially a bridge between the internal network user group and the Internet to achieve user access to the Internet
2. The proxy server needs the server software to be configured, the client needs to configure the proxy server, and point to the IP address and port number of the proxy server
Eight, Linux-related knowledge points
1. In the Linux system, the role of the Samba service is similar to that of the Windows shared file service, providing network-based shared file/print services
2. Samba service supports WIN name server resolution and browsing
3. Provide SMB customer function
4. Backup resources on your PC
5. Support Windows domain controller and Windows member server to authenticate users who use Samba resources
6. Support condom layer protocol
Nine, IIS7.0 related knowledge points
1.IIS7.0 combines multiple protocols to form a component, which does not include DNS
2.IIS can be used to build:
(1) WWW server
(2) FTP server
(3) SMTP server
(4) POP3 server
3. IIS service combines HTTP protocol, FTP protocol and excellent management functions and security features of Windows Server 2000 to provide a comprehensive software package
4.Samba, DHCP, DNS do not belong to the services provided by IIS7.0!
5. In the properties window of the FTP server as shown in the figure below, the value in the "Local Path" text box is c:\inetpub\ftproot by default. This path is used as the starting point for other visitors to access the user's FTP site. In the FTP site, all Files are stored in the home directory as the root directory, which makes it very convenient for other visitors to find files in the user's FTP site
10. DNS server
1. The DNS server provides a variety of resource records. DNS resource records are the basic data elements in the domain name resolution system. Each record contains a type, a time-to-live, a category and some type-related data. Different types of resource records are required for domain name resolution, subdomain management, Email server settings, and other domain name-related management.
(1) A record: represents the corresponding relationship between "host name" and "ip" address, and the left and right are to convert the name into an ip address
(2) CNAME records represent the direct correspondence between aliases and canonical host names
(3) MX records provide mail routing information: provide the host name of the network's "mail exchanger" and the corresponding priority value
(4) The PTR record represents the correspondence between "ip address" and "host name", which is the opposite of the A record
(5) The NS record is used to identify the DNS server of the zone, that is, the authoritative name server responsible for this DNS zone, and which DNS server is used to resolve the zone
2. When Windows performs domain name resolution, the client system will first find the IP address corresponding to the domain name from the hosts file of the local machine. In this file, a record that must exist by default is "127.0.0.1 localhost"
Eleven, windows system DHCP server
1. When the usage time reaches 50% of the lease period, the DHCP client and DHCP server will renew the lease
2. When the lease reaches 87.5%, it enters the re-application state, and the client sends a DHCPDiscover packet
3. The DHCP client can obtain the IP address from the external network segment
4. DHCP will not lease the same ip address to two hosts at the same time
5. The default lease period of the IP address assigned by DHCP is 8 days
6. The DHCP client can receive multiple dhcpoffers, and usually select the one that arrives first as the ip address of the machine