Survey of client tools
-
Upload
ashwin-ananthapadmanabhan -
Category
Education
-
view
230 -
download
1
Transcript of Survey of client tools
Server
Any computerized process that shares a resource to one or more client processes is a server.
Server types The different types of servers are as below,
Application server
Catalog server
Communications server
Compute server
Database server
Fax server
File server
Game server
Home server
Mail server
Media server
Name server
Print server
Proxy server
Sound server
Stand-alone server
Web server
2
Application Server
An application server is a component-based product that resides in the middle-tier of a server centric architecture.
It provides middleware services for security and state maintenance, along with data access and persistence.
Java application servers are based on the Java 2 Platform, Enterprise Edition (J2EE).
Java application servers
Java Platform, Enterprise Edition or Java EE (was J2EE) defines the core set of API and features of Java Application Servers.
The Web modules include servlets, and JavaServer Pages. Enterprise JavaBeans are used to manage transactions.
According to the J2EE blueprints the business logic of an application resides in
Enterprise JavaBeans - a modular server component providing many features,
including declarative transaction management, and improving application
scalability.
Some Java Application Servers leave off many Java EE features like EJB and JMS including Tomcat from Apache, and Jetty from Eclipse Foundation.
Their focus is more on Java Servlets and JavaServer Pages.
There are many open source Java application servers that support Java EE
including JOnAS from Object Web, JBoss AS from JBoss (division of Red Hat),
Geronimo from Apache, TomEE from Apache, Resin Java Application Server
from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from
Enhydra.org, and GlassFish from Oracle.
Commercial Java application servers have been dominated by WebLogic
Application Server by Oracle, WebSphere Application Server from IBM and the
open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.
3
A Java Server Page (JSP) executes in a web container. JSPs provide a way to create HTML pages by embedding references to the server logic within the page.
HTML coders and Java programmers can work side by side by referencing each other's code from within their own.
The application servers mentioned above mainly serve web applications, and services via RMI, EJB, JMS and SOAP.
Some application servers target networks other than web-based ones: Session Initiation Protocol servers, for instance, target telephony networks.
J2EE application server
B) Catalog servers
A catalog server provides a single point of access that allows users to centrally search for information across a distributed network.
In other words, it indexes databases, files and information across large network and allows keywords, Boolean and other searches.
Example: VPN, Intranet, Extranet, Internet and etc….
4
Communications server
Communications servers are open, standards-based computing systems that
operate as a carrier-grade common platform for a wide range of communication
applications and allow equipment providers to add value at many levels of the
system architecture.
Support for communications servers as a category of server is developing rapidly throughout the communications industry.
Standards bodies, industry associations, vendor alliance programs, hardware and
software manufacturers, communications server vendors and users are all part of
an increasingly robust communications server ecosystem.
Regardless of their specific, differentiated features, communications servers have the following attributes:
Open
Flexible
Carrier-grade and
Communications-focused.
5
Open
Based on industry-managed open standards.
Broad, multi-vendor ecosystem.
Industry certified interoperability.
Availability of tools that facilitate development and integration of applications at
the standardized interfaces.
Multiple competitive options for standards-based modules.
Flexible
Designed to easily incorporate application-specific added value at all levels of the
solution.
Can be rapidly repurposed as needs change to protect customer investment.
Multi-level, scalable, bladed architecture.
Meets needs of multiple industries beyond telecommunications, such as medical
imaging, defense and aerospace.
Carrier grade
Designed for
Longevity of supply. Extended lifecycle (>10 years) support.
High availability (>5NINES).
“Non-disruptively” upgradeable and updateable.
Hard real time capability to ensure quality of service for critical traffic.
Meets network building regulations.
6
Communications server
D) Compute server
It is a kind of parallel processor where the parallel processors have no I/O except
via a bus or other connection to a front-end processor which handles all I/O to
disks, terminals and network.
In some antiquated IBM mainframes, a second CPU was provided that could not access I/O devices, known as the slave or attached processor, while the CPU having access to all devices was known as the master processor.
Example: IBM mainframe series.
Compute server
7
E) Database server
A database server is a computer program that provides database services to other computer programs or computers, as defined by the client–server model.
Database management systems frequently provide database server functionality,
and some DBMSs (e.g., MySQL) rely exclusively on the client–server model for
database access.
Such a server is accessed either through a "front end" running on the user’s
computer which displays requested data or the "back end" which runs on the server
and handles tasks such as data analysis and storage.
In a master-slave model, database master servers are central and primary locations
of data while database slave servers are synchronized backups of the master acting
as proxies.
Most of the Database servers works with the base of Query language. Each
Database understands its query language and converts it to Server readable form
and executes it to retrieve the results.
Some examples of proprietary database servers are Oracle, DB2, Informix, and
Microsoft SQL Server. Examples of GNU General Public License database servers
are Ingres and MySQL. Every server uses its own query logic and structure. The
SQL query language is more or less the same in all relational database servers.
DB-Engines lists over 200 DBMSs in its ranking.
Database server
8
F) Fax server
A fax server is a system installed in a local area network (LAN) server that allows
computer users whose computers are attached to the LAN to send and receive fax
messages.
Alternatively the term fax server is sometimes used to describe a program that
enables a computer to send and receive fax messages, set of software running on a
server computer .
It is equipped with one or more fax-capable modems (or dedicated fax boards)
attached to telephone lines or, more recently, software modem emulators which
use T.38 ("Fax over IP") technology to transmit the signal over an IP network.
Its function is to accept documents from users, convert them into faxes, and
transmit them, as well as to receive fax calls and either store the incoming
documents or pass them on to users.
Users may communicate with the server in several ways, through either a local network or the Internet.
In a big organization with heavy fax traffic, the computer hosting the fax server
may be dedicated to that function, in which case the computer itself may also be
known as a fax server.
Fax server
9
In computing, a file server (or fileserver) is a computer attached to a network that
has the primary purpose of providing a location for shared disk access, i.e. shared
storage of computer files (such as documents, sound files, photographs, movies,
images, databases, etc.) that can be accessed by the workstations that are attached
to the same computer network.
The term server highlights the role of the machine in the client–server scheme, where the clients are the workstations using the storage.
A file server is not intended to perform computational tasks, and does not run programs on behalf of its clients.
It is designed primarily to enable the storage and retrieval of data while the computation is carried out by the workstations.
File servers are commonly found in schools and offices, where users use a LAN to connect their client computers.
File server
10
Game Server
A game server (sometimes host or shard) is a server which is the authoritative source of events in a multiplayer video game.
The server transmits enough data about its internal state to allow its connected
clients to maintain their own accurate version of the game world for display to
players.
They also receive and process each player's input.
Game server
11
I) Home Server
A home server is a server located in a private residence providing services to
other devices inside or outside the household through a home network or the
Internet.
Such services may include file and printer serving, media center serving, web
serving (on the network or Internet), web caching, account authentication and
backup services.
Because of the relatively low number of computers on a typical home network, a
home server commonly does not require significant computing power and can be
implemented with a re-purposed, older computer, or a plug computer.
An uninterruptible power supply is sometimes used in case of power outages that can possibly corrupt data.
Firefox home server architecture
12
A mail server (also known as a mail transfer agent or MTA, a mail transport agent,
a mail router or an Internet mailer) is an application that receives incoming e-mail
from local users (people within the same domain) and remote senders and forwards
outgoing e-mail for delivery.
Mail server
13
K) Media server
A media server refers either to a dedicated computer appliance or to a specialized
application software, ranging from an enterprise class machine providing video on
demand, to, more commonly, a small personal computer or NAS (Network
Attached Storage) for the home, dedicated for storing various digital media
(meaning digital videos/movies, audio/music, and picture files).
Media server
L) Name server
A name server is a computer hardware or software server that implements a network service for providing responses to queries against a directory service.
It translates an often humanly-meaningful, text-based identifier to a system-internal, often numeric identification or addressing component.
This service is performed by the server in response to a service protocol request.
14
An example of a name server is the server component of the Domain Name System (DNS), one of the two principal name spaces of the Internet.
The most important function of DNS servers is the translation (resolution) of
human-memorable domain names and hostnames into the corresponding numeric
Internet Protocol (IP) addresses, the second principal name space of the Internet
which is used to identify and locate computer systems and resources on the
Internet.
Name server
M) Print server
A print server, or printer server, is a device that connects printers to client computers over a network.
It accepts print jobs from the computers and sends the jobs to the appropriate
printers, queuing the jobs locally to accommodate the fact that work may arrive
more quickly than the printer can actually handle.
Ancillary functions include the ability to inspect the queue of jobs to be processed, the ability to reorder or delete waiting print jobs, or the ability to do various kinds
15
of accounting (such as counting pages, which may involve reading data generated
by the printer(s)).
Print servers may support a variety of industry-standard or proprietary printing
protocols including Internet Printing Protocol, Line Printer Daemon protocol,
NetWare, NetBIOS/NetBEUI, or JetDirect.
A print server may be a networked computer with one or more shared printers.
Alternatively a print server may be a dedicated device on the network, with
connections to the LAN and one or more printers.
Dedicated server appliances tend to be fairly simple in both configuration and
features. Print server functionality may be integrated with other devices such as a
wireless router, a firewall, or both.
A printer may have a built-in print server.
All printers with the right type of connector are compatible with all print servers.
Manufacturers of servers make available lists of compatible printers because a
server may not implement all the communications functionality of a printer (e.g.
low ink signal).
Print server
16
N) Proxy server
In computer networks, a proxy server is a server (a computer system or an
application) that acts as an intermediary for requests from clients seeking resources
from other servers.
A client connects to the proxy server, requesting some service, such as a file,
connection, web page, or other resource available from a different server and the
proxy server evaluates the request as a way to simplify and control its complexity.
Proxies were invented to add structure and encapsulation to distributed systems.
Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity.
Proxy server
17
O) Sound server
A sound server is software that manages the use of and access to audio devices (usually a sound card).
It commonly runs as a background process.
The term could also apply to a complete computer which is in a server role,
dedicated to audio streaming or a networked or stand-alone appliance for playing
sounds and sound files.
Sound server
P) Stand-alone server
A stand-alone server is a server that does not belong to or govern a Windows
domain; the server may, however, belong to a workgroup (a peer-to-peer network
of Microsoft Windows computers).
This definition could also apply to any non-virtualized singular instance operating system running on dedicated hardware, usually rack mounted.
The operating system need not only be Microsoft Windows but can include IBM AIX, Red Hat Linux, Oracle Solaris and many other operating system.
18
Stand alone server
Q) Web server
A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web.
The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests.
19
Web server
20
COMMUNICATION PROTOCOLS
The different communication protocols and the port numbers they use for communication is as below,
S.NO PROTOCOL NAME PORT NUMBER
1. File transfer protocol(FTP) 20,21
2. Hyper text transfer protocol(HTTP) 80
3. HTTP secure(HTTPS) 443
4. Simple mail Transfer protocol(SMTP) 25
5. SMTP secure(SMTPS) 465
6. Secure shell(SSH) 22
7. Post office protocol(POP3) 110
8. Network news transfer protocol(NNTP) 119
9. Internet message access protocol(IMAP) 143
10. Simple network management protocol(SNMP) 161
11. Telnet remote login service. 23
12. Domain name system(DNS) 53
13. Internet relay chat(IRC) 194
WELL KNOWN PROTOCOLS AND THEIR PORT NUMBERS
1. FILE TRANSFER PROTOCOL (FTP) FTP is a network model based on client-server architecture.
It is used to transfer files from one host to another.
It basically, works on TCP-based connections like Internet.
To sign into a FTP server we can follow either of the below,
A).We can use clear-text sign-in protocol, in the form of username and password.
B).Can anonymously connects to the server if it is configured to allow that.
21
FTP usually uses SSL/TLS (FTPS) for protecting username, password and data by encrypting them.
At rare cases, FTP also uses SSH File transfer protocol (SFTP) with a different technology.
Origin The original specification for FTP was written by Abhay Bhushan .
It was published on 16 April 1971 as RFC 114.
Until 1980, FTP ran on NCP which is the predecessor of TCP/IP.
The protocol was later replaced by a TCP/IP version, RFC 765 (June 1980) and RFC 959 (October 1985).
RFC (October 1985) acts as the current specification.
Several proposed standards amend RFC 959,
Example- 1 RFC 2228 (June 1997) proposes security extensions
Example-2 RFC 2428 (September 1998) adds support for IPv6 and defines a new type of passive mode.
How protocol works?
Communication and data transfer
1. FTP may run in active or passive mode.
2. In both the cases, the client creates a TCP control connection from a random,
usually an unprivileged, port N to the FTP server command port 21.
3. The mode determines the communication establishing method.
4. In active mode, the client starts listening for incoming data connections from the
server on port M.
5. Then, it sends the FTP command PORT M to inform the server on which port it is
listening.
6. By default, the port numbers M and N are equal.
7. The server then initiates a data channel to the client from its port 20, the FTP
server data port.
8. In situations where the client is behind a firewall and unable to accept incoming
22
TCP connections, passive mode can be used. 9. In this mode, the client uses the control connection to send a PASV command to
the server and then receives a server IP address and server port number from the
server.
10. From which the client then uses to open a data connection from an arbitrary client
port to the server IP address and server port number received.
11. Both modes were updated in September 1998 to support IPv6. 12. Further changes were introduced to the passive mode at that time, updating it
to extended passive mode. 13. The server responds over the control connection with three-digit status codes in ASCII
with an optional text message. 14. The numbers represent the code for the response and the optional text represents a human-
readable explanation or request (e.g. <Need account for storing file>).
15. An ongoing transfer of file data over the data connection can be aborted using an interrupt
message sent over the control connection.
16. While transferring data over the network, four data representations can be used.
They are as below,
ASCII mode.
Image mode.
EBCDIC mode.
Local mode.
Mode 1-ASCII It is used for text.
Data is converted, if needed, from the sending host's character representation to
8-bit ASCII before transmission, and (again, if necessary) to the receiving
host's character representation.
As a consequence, this mode is inappropriate for files that contain data other than plain text.
23
Mode 2-Image (commonly called Binary mode)
The sending machine sends each file by consequent bytes, and the recipient stores them as it receives it.
It is the recommended mode for all implementation of FTP.
Mode 3-EBCIDIC mode
It is used for plain text between hosts using the EBCDIC character set.
Mode 4- Local mode
It allows two computers with identical setups to send data in a proprietary format without the need to convert it to ASCII.
17. For text files, different format control and record structure options are provided.
18. These features were designed to facilitate files containing ASA or Telnet.
19. Data transfer can be done in any of three modes as below, Stream mode.
Block mode.
Compressed mode.
Mode 1- Stream mode Data is sent as a continuous stream, relieving FTP from doing any processing.
Rather, all processing is left up to TCP.
Unless the data is divided into records, no end-of-file indicator is needed.
Mode 2-Block mode
FTP breaks the data into several blocks (block header, byte count, and data field) and then passes it on to TCP.
Mode 3-Compressed mode Data is compressed using a single algorithm.
Usually by using an algorithm called run-length-encoding.
Illustration of starting a passive connection using port 21
24
Illustration of starting a passive connection using port 21
Login FTP login utilizes a normal username and password scheme for granting access.
The username is sent to the server using the USER command, and the password is sent using the PASS command.
If the information provided by the client is accepted by the server, the server will send a
greeting to the client and the session will commence.
If the server supports it, users may log in without providing login credentials, but the same server may authorize only limited access for such sessions.
Anonymous FTP A host that provides an FTP service may provide anonymous FTP access.
Users typically log into the service with an 'anonymous' (lower-case and case-sensitive in some FTP servers) account when prompted for user name.
Although users are commonly asked to send their email address instead of a password, no verification is actually performed on the supplied data.
Many FTP hosts whose purpose is to provide software updates will allow anonymous logins.
25
NAT and firewall traversal
FTP normally transfers data by having the server connect back to the client, after the PORT command is sent by the client.
This is problematic for both NAT and firewalls, which do not allow connections from the Internet towards internal hosts.
For NATs, an additional complication is that the representation of the IP addresses and
port number in the PORT command refer to the internal host's IP address and port, rather
than the public IP address and port of the NAT.
There are two approaches to this problem. One is that the FTP client and FTP server use
the PASV command, which causes the data connection to be established from the FTP
client to the server.
This is widely used by modern FTP clients. Another approach is for the NAT to alter the values of the PORT command, by using an application-level gateway for this purpose.
2. HYPER TEXT TRANSFER PROTOCOL(HTTP)
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed,
collaborative, hypermedia information systems.
HTTP is the foundation of data communication for the World Wide Web.
Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.
HTTP is the protocol to exchange or transfer hypertext.
Origin
The term “hypertext” was coined by Ted Nelson in 1965 in the Xanadu Project,
which was in turn inspired by Vannevar Bush's vision (1930s) of the microfilm-
based information retrieval and management "memex" system described in his
essay As We May Think (1945).
26
Tim Berners-Lee and his team at CERN are credited with inventing the original
HTTP along with HTML and the associated technology for a web server and a
text-based web browser.
The standards development of HTTP was coordinated by the Internet Engineering
Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in
the publication of a series of Requests for Comments (RFCs).
Among them, most notable one is RFC 2616 (June 1999), which defined HTTP/1.1, the version of HTTP most commonly used today.
In June 2014, RFC 2616 was retired and HTTP/1.1 was redefined by RFCs: RFC
7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, and RFC 7235.
HTTP/2 was published as RFC 7540 in May 2015.
How protocol works?
1. HTTP functions as a request-response protocol in the client-server computing model.
2. A web browser, for example, may be the client and an application running on a computer
hosting a web site may be the server.
3. The client submits an HTTP request message to the server.
4. The server, which provides resources such as HTML files and other contents, or performs
other functions on behalf of the client, returns a response message to the client.
5. The response contains completion status information about the request and may also
contain requested content in its message body.
6. A web browser is an example of a user agent (UA).
7. Other types of user agent include the indexing software used by search providers (web
crawlers), voice browsers, mobile apps, and other software that accesses, consumes, or
displays web content.
8. HTTP is designed to permit intermediate network elements to improve or enable
communications between clients and servers.
9. High-traffic websites often benefit from web cache servers that deliver content on behalf
of upstream servers to improve response time.
10. Web browsers cache previously accessed web resources and reuse them when possible to
reduce network traffic.
27
11. HTTP proxy servers at private network boundaries can facilitate communication for
clients without a globally routable address, by relaying messages with external servers.
12. HTTP is an application layer protocol designed within the framework of the Internet
Protocol Suite.
13. Its definition presumes an underlying and reliable transport layer protocol, and
Transmission Control Protocol (TCP) is commonly used.
14. However HTTP can use unreliable protocols such as the User Datagram Protocol (UDP),
for example in Simple Service Discovery Protocol (SSDP).
15. HTTP resources are identified and located on the network by Uniform Resource
Identifiers (URIs)—or, more specifically, Uniform Resource Locators (URLs)—using the
http or https URI schemes.
16. URIs and hyperlinks in Hypertext Markup Language (HTML) documents form webs of
inter-linked hypertext documents.
17. HTTP/1.1 is a revision of the original HTTP (HTTP/1.0). In HTTP/1.0 a separate
connection to the same server is made for every resource request.
18. HTTP/1.1 can reuse a connection multiple times to download images, scripts, style sheets,
etc after the page has been delivered. HTTP/1.1 communications therefore experience less
latency as the establishment of TCP connections presents considerable overhead.
HTTP session
An HTTP session is a sequence of network request-response transactions.
An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a server (typically port 80, occasionally port 8080)
An HTTP server listening on that port waits for a client's request message.
Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own.
The body of this message is typically the requested resource, although an error message or other information may also be returned.
28
HTTP Authentication
HTTP provides multiple authentication schemes such as Basic access authentication and
Digest access authentication which operate via a challenge-response mechanism whereby
the server identifies and issues a challenge before serving the requested content.
HTTP provides a general framework for access control and authentication, via an
extensible set of challenge-response authentication schemes, which can be used by a
server to challenge a client request and by a client to provide authentication information.
Authentication Realms
The HTTP Authentication spec also provides an arbitrary, implementation specific construct for further dividing resources common to a given root URI.
The realm value string, if present, is combined with the canonical root URI to form the protection space component of the challenge.
This in effect allows the server to define separate authentication scopes under one root URI.
Request methods
HTTP defines methods (sometimes referred to as verbs) to indicate the desired action to be performed on the identified resource.
What this resource represents, whether pre-existing data or data that is generated dynamically, depends on the implementation of the server.
Often, the resource corresponds to a file or the output of an executable residing on the server.
The HTTP/1.0 specification defined the GET, POST and HEAD methods and the HTTP/1.1 specification added 5 new methods namely,
OPTIONS.
PUT.
DELETE.
TRACE and
CONNECT.
29
By being specified in these documents their semantics are well known and can be depended upon.
Any client can use any method and the server can be configured to support any combination of methods.
If a method is unknown to an intermediate it will be treated as an unsafe and non-idempotent method.
There is no limit to the number of methods that can be defined and this allows for future methods to be specified without breaking existing infrastructure.
For example, WebDAV defined 7 new methods and RFC 5789 specified the PATCH method.
GET Requests a representation of the specified resource.
Requests using GET should only obtain data and should have no other effect.
(This is also true of some other HTTP methods.)
HEAD
Asks for the response identical to the one that would correspond to a GET request, but without the response body.
This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
POST
Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
The data POSTed might be, for example, an annotation for existing resources; a
message for a bulletin board, newsgroup, mailing list, or comment thread; a block
of data that is the result of submitting a web form to a data-handling process; or an
item to add to a database.
30
PUT Requests that the enclosed entity be stored under the supplied URI.
If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.
DELETE
Deletes the specified resource.
TRACE
Echoes back the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.
OPTIONS Returns the HTTP methods that the server supports for the specified URL.
This can be used to check the functionality of a web server by requesting '*' instead of a specific resource.
CONNECT
Converts the request connection to a transparent TCP/IP tunnel, usually to
facilitate SSL-encrypted communication (HTTPS) through an unencrypted
HTTP proxy.
PATCH Applies partial modifications to a resource.
All general-purpose HTTP servers are required to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method.
31
HTTP PROTOCOL
3.HTTP SECURE(HTTPS)
HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communication over a computer network which is widely used on the Internet.
HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a
connection encrypted by Transport Layer Security or its predecessor, Secure Sockets
Layer.
The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.
In its popular deployment on the internet, HTTPS provides authentication of the website
and associated web server that one is communicating with, which protects against man-in-
the-middle attacks.
Additionally, it provides bidirectional encryption of communications between a client and
server, which protects against eavesdropping and tampering with and/or forging the
contents of the communication.
32
In practice, this provides a reasonable guarantee that one is communicating with precisely
the website that one intended to communicate with (as opposed to an impostor), as well as
ensuring that the contents of communications between the user and site cannot be read or
forged by any third party.
Origin
Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.
In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.
How protocol works?
1. HTTPS is a URI scheme which has identical syntax to the standard HTTP scheme, aside
from its scheme token.
2. However, HTTPS signals the browser to use an added encryption layer of SSL/TLS to
protect the traffic.
3. SSL is especially suited for HTTP since it can provide some protection even if only one
side of the communication is authenticated.
4. This is the case with HTTP transactions over the Internet, where typically only the server
is authenticated (by the client examining the server's certificate).
5. HTTPS creates a secure channel over an insecure network.
6. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks,
provided that adequate cipher suites are used and that the server certificate is verified and
trusted.
7. Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying
HTTP protocol can be encrypted.
8. This includes the request URL (which particular web page was requested), query
parameters, headers, and cookies (which often contain identity information about the
user).
33
9. However, because host (website) addresses and port numbers are necessarily part of the
underlying TCP/IP protocols, HTTPS cannot protect their disclosure.
10. In practice this means that even on a correctly configured web server, eavesdroppers can
infer the IP address and port number of the web server that one is communicating with as
well as the amount (data transferred) and duration (length of session) of the
communication, though not the content of the communication.
11. Web browsers know how to trust HTTPS websites based on certificate authorities that
come pre-installed in their software.
12. Certificate authorities, such as Symantec, Comodo, GeoTrust, are in this way being
trusted by web browser creators to provide valid certificates.
13. Therefore, a user should trust an HTTPS connection to a website if and only if all of the
following are true:
The user trusts that the browser software correctly implements HTTPS with
correctly pre-installed certificate authorities.
The user trusts the certificate authority to vouch only for legitimate websites.
The website provides a valid certificate, which means it was signed by a
trusted authority.
The certificate correctly identifies the website
The user trusts that the protocol's encryption layer (TLS/SSL) is sufficiently
secure against eavesdroppers.
14. HTTPS is especially important over insecure networks (such as public WiFi access
points), as anyone on the same local network can packet sniff and discover sensitive
information not protected by HTTPS. 15. Additionally, many free to use and even paid for WLAN networks engage in packet
injection in order to serve their own ads on web pages.
16. However, this can be exploited maliciously in many ways, such as injecting malware onto
web pages and stealing users' private information.
17. HTTPS is also very important for connections over the Tor anonymity network, as
malicious Tor nodes can damage or alter the contents passing through them in an insecure
fashion and inject malware into the connection.
34
18. This is one reason why the Electronic Frontier Foundation and the Tor project started the
development of HTTPS Everywhere, which is included in the Tor Browser Bundle.
19. As more information is revealed about global mass surveillance and hackers stealing
personal information, the use of HTTPS security on all websites is becoming increasingly
important regardless of the type of Internet connection being used.
20. While metadata about individual pages that a user visits is not sensitive, when combined
together, they can reveal a lot about the user and compromise the user's privacy.
21. Deploying HTTPS also allows the use of SPDY, a networking protocol designed to
reduce page load times and latency.
22. It is recommended to use HTTP Strict Transport Security (HSTS) with HTTPS to protect
users from man-in-the-middle attacks, especially SSL stripping
23. HTTPS should not be confused with the little-used Secure HTTP (S-HTTP) specified in
RFC 2660.
HTTPS PROTOCOL
4.SIMPLE MAIL TRANSFER(SMTP)
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission.
SMTP by default uses TCP port 25.
The protocol for mail submission is the same, but uses port 587.
35
SMTP connections are secured by SSL, known as SMTPS, default to port 465 (nonstandard, but sometimes used for legacy reasons).
Although electronic mail servers and other mail transfer agents use SMTP to send and
receive mail messages, user-level client mail applications typically use SMTP only for
sending messages to a mail server for relaying.
For receiving messages, client applications usually use either POP3 or IMAP.
Although proprietary systems (such as Microsoft Exchange and IBM Notes) and webmail
systems (such as Outlook.com, Gmail and Yahoo! Mail) use their own non-standard
protocols to access mail box accounts on their own mail servers, all use SMTP when
sending or receiving email from outside their own systems.
Origin
SMTP can trace its roots to two implementations described in 1971 as below,
A)The Mail Box Protocol, whose implementation has been disputed, but is
discussed in RFC 196 and other RFCs, and
B)the SNDMSG program, which, according to RFC 2235, Ray Tomlinson of BBN
invented for TENEX computers to send mail messages across the ARPANET.
Fewer than 50 hosts were connected to the ARPANET at this time.
Further implementations include FTP Mail and Mail Protocol, both from 1973.
Development work continued throughout the 1970s, until the ARPANET transitioned into the modern Internet around 1980.
Jon Postel then proposed a Mail Transfer Protocol in 1980 that began to remove the mail's reliance on FTP.
SMTP was published as RFC 788 in November 1981, also by Postel.
The SMTP standard was developed around the same time as Usenet, a one-to-many communication network with some similarities.
36
How protocol works?
1. SMTP is a connection-oriented, text-based protocol in which a mail sender communicates
with a mail receiver by issuing command strings and supplying necessary data over a
reliable ordered data stream channel, typically a Transmission Control Protocol (TCP)
connection.
2. An SMTP session consists of commands originated by an SMTP client (the initiating
agent, sender, or transmitter) and corresponding responses from the SMTP server (the
listening agent, or receiver) so that the session is opened, and session parameters are
exchanged.
3. A session may include zero or more SMTP transactions.
4. An SMTP transaction consists of three command/reply sequences (see example below.)
5. They are as below,
MAIL COMMAND
RCPT COMMAND
DATA COMMAND
MAIL COMMAND
It is used to establish the return address, Return-Path,reverse-path, bounce address, mfrom, or envelope sender.
This is the address to which bounce messages should be sent.
RCPT COMMAND It is used to establish a recipient of this message.
This command can be issued multiple times, one for each recipient.
These addresses are also part of the envelope.
DATA COMMAND
37
It is used to signal the beginning of the message text-the content of the message, as opposed to its envelope.
It consists of a message header and a message body separated by an empty line. DATA is actually a group of commands.
And the server replies twice:
Once to the DATA command proper, to acknowledge that it is ready to receive the text and
The second time after the end-of-data sequence, to either accept or reject the entire message.
6. Besides the intermediate reply for DATA, each server's reply can be either positive (2xx
reply codes) or negative.
7. Negative replies can be permanent (5xx codes) or transient (4xx codes). 8. A reject is a permanent failure by an SMTP server; in this case the SMTP client should
send a bounce message.
9. A drop is a positive response followed by message discard rather than delivery. 10. The initiating host, the SMTP client, can be either an end-user's email client, functionally
identified as a mail user agent (MUA), or a relay server's mail transfer agent (MTA), that
is an SMTP server acting as an SMTP client, in the relevant session, in order to relay mail. 11. Fully capable SMTP servers maintain queues of messages for retrying message
transmissions that resulted in transient failures.
12. A MUA knows the outgoing mail SMTP server from its configuration. 13. An SMTP server acting as client, i.e. relaying, typically determines which SMTP server
to connect to by looking up the MX (Mail eXchange) DNS resource record for each
recipient's domain name. 14. Conformant MTAs (not all) fall back to a simple A record in case no MX record can be
found. Relaying servers can also be configured to use a smart host.
15. An SMTP server acting as client initiates a TCP connection to the server on the "well-
known port" designated for SMTP: port 25. MUAs should use port 587 to connect to an
MSA.
38
16. The main difference between an MTA and an MSA is that SMTP Authentication is
mandatory for the latter only.
SMTP vs mail retrieval
SMTP is a delivery protocol only.
In normal use, mail is "pushed" to a destination mail server (or next-hop mail server) as it arrives.
Mail is routed based on the destination server, not the individual user(s) to which it is addressed.
Other protocols, such as the Post Office Protocol (POP) and the Internet Message
Access Protocol (IMAP) are specifically designed for use by individual users
retrieving messages and managing mail boxes.
To permit an intermittently-connected mail server to pull messages from a remote
server on demand, SMTP has a feature to initiate mail queue processing on a
remote server
POP and IMAP are unsuitable protocols for relaying mail by intermittently-
connected machines; they are designed to operate after final delivery, when
information critical to the correct operation of mail relay (the "mail envelope") has
been removed.
Remote Message Queue Starting
Remote Message Queue Starting is a feature of SMTP that permits a remote host
to start processing of the mail queue on a server so it may receive messages
destined to it by sending the TURN command.
This feature however was deemed insecure and was extended in RFC 1985 with
the ETRN command which operates more securely using an authentication
method based on Domain Name System information.
39
On-Demand Mail Relay
On-Demand Mail Relay (ODMR) is an SMTP extension standardized in RFC
2645 that allows an intermittently-connected SMTP server to receive email
queued for it when it is connected.
Internationalization
Users whose native script is not Latin based, or who use diacritic not in the ASCII character set have had difficulty with the Latin email address requirement.
RFC 6531 was created to solve that problem, providing internationalization
features for SMTP, the SMTPUTF8 extension and support for multi-byte and non-
ASCII characters in email addresses, such as Pelé@live.com (simple diacritic
Current support is limited, but there is strong interest in broad adoption of RFC
6531 and the related RFCs in countries like China that have a large user base
where Latin (ASCII) is a foreign script.
Outgoing mail SMTP server
An email client needs to know the IP address of its initial SMTP server and this has to be given as part of its configuration (usually given as a DNS name).
This server will deliver outgoing messages on behalf of the user.
Outgoing mail server access restrictions Server administrators need to impose some control on which clients can use the server.
This enables them to deal with abuse, for example spam.
Two solutions have been in common use,
In the past, many systems imposed usage restrictions by the location of the client,
only permitting usage by clients whose IP address is one that the server
administrators control. Usage from any other client IP address is disallowed.
Modern SMTP servers typically offer an alternative system that requires
authentication of clients by credentials before allowing access.
40
Restricting access by location
Under this system, an ISP's SMTP server will not allow access by users who are outside the ISP's network.
More precisely, the server may only allow access to users with an IP address provided by
the ISP, which is equivalent to requiring that they are connected to the Internet using that
same ISP.
A mobile user may often be on a network other than that of their normal ISP, and will then
find that sending email fails because the configured SMTP server choice is no longer
accessible.
This system has several variations.
For example, an organisation's SMTP server may only provide service to users on the same network, enforcing this by firewalling to block access by users on the wider Internet.
Or the server may perform range checks on the client's IP address.
These methods were typically used by corporations and institutions such as universities
which provided an SMTP server for outbound mail only for use internally within the
organisation.
However, most of these bodies now use client authentication methods, as described below.
By restricting access to certain IP addresses, server administrators can readily recognise the IP address of any abuser.
As it will be a meaningful address to them, the administrators can deal with the rogue machine or user.
Where a user is mobile, and may use different ISPs to connect to the internet, this kind of
usage restriction is onerous, and altering the configured outbound email SMTP server
address is impractical.
It is highly desirable to be able to use email client configuration information that does not need to change.
Client authentication
Modern SMTP servers typically require authentication of clients by credentials before allowing access, rather than restricting access by location as described earlier.
41
This more flexible system is friendly to mobile users and allows them to have a fixed choice of configured outbound SMTP server.
Open relay
A server that is accessible on the wider Internet and does not enforce these kinds of access
restrictions is known as an open relay.
This is now generally considered a bad practice worthy of blacklisting.
Ports
Server administrators choose whether clients use TCP port 25 (SMTP) or port 587
(Submission), as formalized in RFC 6409 (previously RFC 2476), for relaying outbound
mail to an initial mail server.
The specifications and many servers support both.
Although some servers support port 465 for legacy secure SMTP in violation of the
specifications, it is preferable to use standard ports and standard ESMTP commands
according to RFC 3207 if a secure session needs to be used between the client and the
server.
Some servers are set up to reject all relaying on port 25, but valid users authenticating on port 587 are allowed to relay mail to any valid address.
Some Internet service providers intercept port 25, redirecting traffic to their own SMTP server regardless of the destination address.
This means that it is not possible for their users to access an SMTP server outside the ISP's network using port 25.
Some SMTP servers support authenticated access on an additional port other than 587 or
25 to allow users to connect to them even if port 25 is blocked, but 587 is the standardized
and widely-supported port for users to submit new mail.
Microsoft Exchange Server 2013 SMTP can listen on ports 25, 587, 465, 475, and 2525, depending on server role and whether roles are combined on a single server.
Ports 25 and 587 are used to provide client connectivity to the front end transport service on the client access server (CAS) role.
Ports 25, 465, and 475 are used by the mailbox transport service. However, when the mailbox role is combined with the CAS role on a single server, port 2525 is used by the
42
mailbox role for SMTP from the CAS front end transport service, while CAS continues to
use port 25.
Port 465 is used by the mailbox transport service to receive client connections proxied by the CAS role.
Port 475 is used by the mailbox role to communicate directly with other mailbox roles,
transferring mail between the mailbox transport submission service and the mailbox
transport delivery service.
SMTP PROTOCOL
CLIENT TOOLS
CLIENT A client is a piece of computer hardware or software that accesses a service made
available by a server.
The server is often (but not always) on another computer system, in which case the client accesses the service by way of a network.
43
CLIENT TYPES
Client machines can be broadly classified into three as below,
Fat client.
Thin client.
Hybrid client.
A) Fat client
A fat client, also known as a rich client or thick client, is a client that performs the
bulk of any data processing operations itself, and does not necessarily rely on the
server.
The personal computer is a common example of a fat client, because of its relatively large set of features and capabilities and its light reliance upon a server.
For example, a computer running a CAD program (such as AutoCAD or CATIA) that ultimately shares the result of its work on a network is a fat client.
Common development tools for rich clients include Delphi, NetBeans and Visual Studio.
B) Thin client A thin client is a minimal sort of client.
Thin clients use the resources of the host computer.
A thin client generally only presents processed data provided by an application server, which performs the bulk of any required data processing.
A device using web application (such as Office Web Apps) is a thin client.
Programming environments for thin clients include JavaScript, ASP.NET, JSP, Ruby on Rails, HYPERLINK "https://en.wikipedia.org/wiki/Django_%28web_framework%29" Django, HYPERLINK "https://en.wikipedia.org/wiki/PHP" PHP and others.
Hybrid
A hybrid client is a mixture of the above two client models.
44
Similar to a fat client, it processes locally, but relies on the server for storing persistent data.
This approach offers features from both the fat client (multimedia support, high performance) and the thin client (high manageability, flexibility).
A device running the video game Diablo III is an example of hybrid client.
SOME CLIENT TOOLS TO CONNECT LINUX SERVER FROM WINDOWS
PuTTY
PuTTY is the most famous SSH and telnet client, developed originally by Simon Tatham for the Windows platform.
PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.
45
Putty is very easy to install and to use.You don’t usually need to change most of the configuration options.
To start the simplest kind of session, all you need to do is to enter a few basic parameters.
Bitvise SSH Client Bitvise SSH Client is an SSH and SFTP client for Windows.
It is developed and supported professionally by Bitvise.
The SSH Client is robust, easy to install, easy to use.
Bitvise SSH Client is a feature-rich graphical SSH/SFTP client for windows and allow
you dynamic port forwarding through an integrated proxy with auto-reconnecting
capability.
Bitvise SSH Client is free for personal use, as well as for individual commercial use inside organizations.
46
MobaXterm MobaXterm is your ultimate toolbox for remote computing.
In a single Windows application, it provides loads of functions that are tailored for
programmers, webmasters, IT administrators and pretty much all users who need to handle
their remote jobs in a more simple fashion.
MobaXterm provides all the important remote network tools (SSH, X11, RDP, VNC,
FTP, MOSH, …) and Unix commands (bash, ls, cat, sed, grep, awk, rsync, …) to
Windows desktop, in a single portable exe file which works out of the box.
MobaXterm is free for personal use.
47
DameWare SSH
It is the best free ssh client.
This free tool is a terminal emulator that lets you make multiple telnet and SSH connections from one easy-to-use console.
Manage multiple sessions from one console with a tabbed interface
Save favorite sessions within the Windows file system
Access multiple sets of saved credentials for easy log-in to different devices
Connect to computers and devices using telnet, SSH1, and SSH2 protocols
48
SmarTTY
SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly.
Most SSH servers support up to 10 sub-sessions per connection.
Cygwin
Cygwin is a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows.
49
Cygwin consists of a Unix system call emulation library, cygwin1.dll, together with a vast
set of GNU and other free software applications organized into a large number of optional
packages.
Among these packages are high-quality compilers and other software development tools,
an X11 server, a complete X11 development toolkit, GNU emacs, TeX and LaTeX,
OpenSSH (client and server), and much more, including everything needed to compile and
use PhysioToolkit software under MS-Windows.
REFERENCES
[For all topics]-
a) https://en.wikipedia.org/wiki/Client%E2%80%93server_model
b) https://simple.wikipedia.org/wiki/Client-server
50
[For client tools]-
a) http://www.hivemq.com/seven-best-mqtt-client-tools/ b) http://scn.sap.com/thread/3309579
c) http://toastytech.com/guis/remotecliserver.html
51