Diskusije : Zaštita

 Komentar
Iis 8-8.5
redorange
(poke, mem, kill)
18. maj 2020. u 09.28
Chapter 19: Web Server Management with IIS
Plan for and install IIS 8.5. Relatively lean by default, IIS 8.5 must be carefully and pains-
takingly planned so as not to install more modular functionality than you need. More than a
resource concern, leaving unnecessary role services off the server is also a method of securing
your websites. As always with Microsoft, there are multiple ways to install IIS 8.5, from an
interactive GUI to PowerShell.
Master It You are about to install IIS 8.5 on a Windows Server 2012 R2 with the GUI
removed. You want to install only the default roles as well as the ASP.NET role and what
that role requires. What is the PowerShell command needed to accomplish this?
Solution The PowerShell command is Install-WindowsFeature -Name Web-Server,
Web-ASP-Net45 .
Manage IIS 8’s global default. IIS 8 modules are only one piece of evidence of the product’s
compartmentalization. Web applications and individual confi guration settings per site can be
independently managed as well. A hierarchical ladder of global, web, application, and page
settings allows granular administration by multiple engineers.
Master It What is feature delegation?
Solution Feature delegation is the art of allowing site administrators to confi gure a spe-
cifi c IIS feature at their own sites rather than accepting the feature behavior dictated by
the global settings on the server. Delegation is enabled by unlocking specifi c sections of
the web.config fi les on one or more sites.
Create and secure websites in IIS 8. Designing and generating new websites in IIS 8 can be
accomplished via the GUI or CLI, allowing you to automate routine site creation. Permission
structure can be copied from one site to another or managed from the upper layers of the set-
tings hierarchy to simplify permission granting. IIS 8 eases site generation by packaging your
website.
Master It You need to create a new website that has all the characteristics of the Default
Web Site but must also support ASP.NET pages. You do not want to add ASP.NET sup-
port to the Default Web Site for fear of adding vulnerability to existing web content. How
would you implement this?
1612
| APPENDIX THE BOTTOM LINE
Solution Create a new website, and add the ASP.NET module to the new site. Use a cus-
tom TCP/IP port number or host header to differentiate the new site from existing sites.
Consider confi guring a unique application pool identity for the site to isolate ASP.NET
activity during troubleshooting.
Manage IIS 8 with advanced administration techniques. Day-to-day site maintenance
and content posting may be the bulk of your IIS 8 administration. But additional higher-
level management is what assures consistent and uninterrupted service of your web pages.
Important confi guring tasks, including recovering from disasters, monitoring performance,
setting access or code security, and defi ning encryption, can be accomplished either locally or
remotely.
Master It Because of limited storage space, you are revising your disaster-recovery
plan. You are considering delaying backups of the IIS applicationhost.config fi le to
monthly. However, you are concerned that minor global confi guration changes made
throughout the month may get lost if a failure occurs before the monthly backup. How
would you recover a mid-month edit?
Solution IIS 8 maintains a confi guration history of applicationhost.config accord-
ing to the default schedule found in the iis_schema.xml fi le. Previous versions of the fi le
can be restored with the Restore-WebConfiguration PowerShell command. By default,
the automatically generated historical versions of applicationhost.config are stored in
the history subdirectory under %systemdrive%inetpub .
Chapter 20: Advanced IP: Routing with Windows
Document the life of an IP packet routed through your network. Understanding how the
routing components work inside your hosts and routers will allow you to predict where net-
work traffi c will travel throughout your network. With this understanding comes the ability to
troubleshoot network issues that appear perplexing.
Master It In the New York/London network from Figure 20.1, use your understand-
ing of the route taken by an IP packet from host A in the New York site to host C in the
London site to determine which addresses you should ping in order to discover routing
issues that are preventing packets from traveling between A and C.
Solution When using the ping tool to track traffi c from one host to another, it is impor-
tant to realize that you are tracking return traffi c. If a route is broken, it may well be in
the return journey. Having said that, when debugging router issues from system A (New
York) to system C (London), you should ping, in order, the following IP addresses:
A—192.168.0.1—To ensure that IP is confi gured on host A (New York)
D—192.168.0.100—To ensure that the router is on the network
D—192.169.0.100—To ensure that the router is routing traffi c
B—192.169.0.3—To ensure that host B (London) is receiving, and responding to, traffi c
CHAPTER 20: ADVANCED IP: ROUTING WITH WINDOWS | 1613
Explain the class-based and classless views of IP routing. When discussing routing with
networking professionals, it is important to understand the old class-based terminology to
allow for conversations and documentation that may still linger on these terms. Understand-
ing how classless IP routing works is key to avoiding ineffi ciencies brought on by too strict an
adherence to class boundaries in network addressing.
Master It The address 172.24.255.255 lies inside class B, whose default netmask is
255.255.0.0. It also lies in the 172.16/20 RFC 1918 private network range, whose default net-
mask is 255.255.240.0. Given this information, is the address 172.24.255.255 a host address
or a subnet broadcast address?
Solution The information given is insuffi cient to determine whether the address
172.24.255.255 is a host address or a subnet broadcast address. The default netmask is not
relevant; only the netmask that is actually in use is relevant. If this is a network built by
a network designer who was not thinking about supernetting or CIDR, this address may
very well be treated as a subnet broadcast address. It is more likely, given that RFC 1918
talks about supernetting this address range, that this is a simple host address.
Use NAT devices to route TCP traffi c. Until we all switch to using IPv6, we will need to use
NAT devices to route TCP traffi c from our many networked hosts to the outside world, while
using only a few of the increasingly rare public IP addresses. Understanding how NAT devices
change the source and destination addresses of IP packets will allow you to read network
packet traces and interpret which systems are intended as recipients of data.
Master It A user complains that when he tries to connect to an FTP site, the connection
initially succeeds, but the fi rst time that a fi le listing is attempted, his connection is sev-
ered, and the server states that it cannot connect to 192.168.0.10.
What are likely causes of this problem, and how could this be addressed?
Solution FTP, like SIP and several other protocols, often includes the IP address of the
host in its communication.
Whenever an RFC 1918 address such as 192.168.*.* is seen as part of an error, your fi rst
thought should be that there may be a problem with a NAT router between the two hosts.
With FTP, there are a number of possible causes and fi xes:
◆ The FTP ALG in the NAT should be changing the IP address and port in the control
channel—the usual cause for it not doing so is that the FTP server is running on a
port other than the default port, 21. If possible, moving the server back to port 21 will
allow the ALG to work correctly.
◆ If the FTP server is on port 21, it is possible that encryption is being used on the con-
trol channel, using FTP over SSL or FTP over GSSAPI. In this case, the ALG cannot
see or modify the traffi c.
◆ Many FTP clients allow the user to select „passive mode” communications for data
transfers, in which case it is the server’s IP address that needs to pass through the
NAT, and this may allow for data to travel between client and server.
◆ If this is not possible, the use of an FTP proxy service may prove necessary to ensure
that data connections can fl ow correctly.
redorange
(poke, mem, kill)
18. maj 2020. u 09.46
mastering windows server 2016 hyper-v je dobra knjiga za ip filtriranje, sto 2012 sto 2016. da napisem nešto. mislim da su 192-bitne graficke kartice, dakle, amd, najbolje i kupis sto jeftiniju takvu a operativni sistem bi trebao da bude home premium na novim kompjuterima koji bi trebalo da dodji od novembra, kod nas nisam siguran. amd naravno. hp ili kingstone memorija.
redorange
(poke, mem, kill)
18. maj 2020. u 09.53
na windowsu je moguće instalirati stari bsd fajl sistem, pronadjite preko googla. interesantna i funkcionalna stvarcica, imaje posle i u pop-up meniju windowsa... konacno ono o cemu je minasi pricao sve vreme...

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

u neizbeznom powershellu
redorange
(poke, mem, kill)
18. maj 2020. u 16.37
motimoto 2016 unlesshed, o osnovnim servisima u monitoringu... imao sam grupu autora ne znam gde mi je. dl ću opet...
 Komentar Zapamti ovu temu!

Looking for Chakra Necklaces and Bracelets?
.