System and network administration network services
28
Transcript of System and network administration network services
Network services are the foundation of a
networked computing environment.
Generally network services are installed
on one or more servers to provide shared
resources to client computers. DNS
DHCP
FTP
SMTP
SNMP
Proxy
WWW
Active Directory Services
A system for converting host names and domain
names into IP addresses on the Internet or on
local networks that use the TCP/IP protocol. For
example, when a Web site address is given to
the DNS either by typing a URL in a browser or
behind the scenes from one application to
another, DNS servers return the IP address of the
server associated with that name.
Because of the large volume of requests generated in the DNS for the public Internet, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching of records for a period of time after an answer. This entails the local recording and subsequent consultation of the copy instead of initiating a new request upstream. The time for which a resolver caches a DNS response is determined by a value called the time to live (TTL) associated with every record. The TTL is set by the administrator of the DNS server handing out the authoritative response.
The period of validity may vary from just seconds to days or even weeks.
DNS was not originally designed with security in mind, and thus has a number of
security issues.
One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into
believing it has received authentic information when, in reality, it has not.
DNS responses are traditionally not cryptographically signed, leading to many
attack possibilities; The Domain Name System Security Extensions (DNSSEC)
modifies DNS to add support for cryptographically signed responses. There are
various extensions to support securing zone transfer information as well.
Even with encryption, a DNS server could become compromised by a virus (or
for that matter a disgruntled employee) that would cause IP addresses of that
server to be redirected to a malicious address with a long TTL. This could have
far-reaching impact to potentially millions of Internet users if busy DNS servers
cache the bad IP data. This would require manual purging of all affected DNS
caches as required by the long TTL (up to 68 years).
Some domain names can spoof other, similar-looking domain names. For
example, "paypal.com" and "paypa1.com" are different names, yet users may
be unable to tell the difference when the user's typeface (font) does not clearly
differentiate the letter l and the numeral 1
Forward Zone
Reverse Zone
Local Zone/Local Host
(Dynamic Host Configuration Protocol)
A function in software that automatically
assigns temporary IP addresses to client
machines logging into an IP network.
Residing in the router or a server, DHCP
eliminates the need to manually assign
permanent "static" IP addresses to devices.
In a home network, the DHCP is typically in
the wireless router or wired router.
dynamic allocation: A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its IPsoftware configured to request an IP address from the DHCP serverduring network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim (and then reallocate) IP addresses that are not renewed (dynamic re-use of IP addresses).
automatic allocation: The DHCP server permanently assigns a free IP address to a requesting client from the range defined by the administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had.
static allocation: The DHCP server allocates an IP address based on a table with MAC address/IP address pairs, which are manually filled in (perhaps by a network administrator). Only requesting clients with a MAC address listed in this table will be allocated an IP address. This feature (which is not supported by all devices) is variously called Static DHCP Assignment).
DHCP discovery
The client broadcasts messages (UDP) on the physical subnet to discover available DHCP servers
DHCP offer
When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client's MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer.
DHCP request
A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer and broadcast a DHCP request message. Based on the Transaction ID field in the request, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might have made to the client and return the offered address to the pool of available addresses. The DHCP request message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still not received an IP address.
DHCP acknowledgement
When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.
DHCP releasing
The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP address. As client devices usually do not know when users may unplug them from the network, the protocol does not mandate the sending of DHCP Release.
File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications, which solves the problem of different end host configurations (i.e., Operating System, file names).
FTP is used with user-based password authentication or with anonymous user access.
A client makes a connection to the server on TCPport 21. This connection, called the control connection, remains open for the duration of the session.
second connection, called the data connection, on port 20 opened as required to transfer file data.
The control connection is used to send administrative data (i.e., commands, identification, passwords).Commands are sent by the client over the control connection in ASCII and terminated by a carriage return and line feed.
The standard e-mail protocol on the Internet
and part of the TCP/IP protocol suite.
SMTP defines the message format and the
message transfer agent (MTA), which stores
and forwards the mail. SMTP was originally
designed for only plain text (ASCII text), but
MIME and other encoding methods enable
executable programs and multimedia files to
be attached to and transported with the e-
mail message.
A widely used network monitoring and control protocol. Data are passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc.) to the workstation console used to oversee the network.
The agents return information contained in a MIB(Management Information Base), which is a data structure that defines what is obtainable from the device and what can be controlled (turned off, on, etc.). Originating in the Unix community, SNMP has become widely used on all major platforms.
proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clientsseeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.
A proxy server has a large variety of potential purposes, including:
To keep machines behind it anonymous (mainly for security).
To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
To apply access policy to network services or content, e.g. to block undesired sites.
To log / audit usage, i.e. to provide company employee Internet usage reporting.
To bypass security/ parental controls.
To scan transmitted content for malware before delivery.
To scan outbound content, e.g., for data leak protection.
To circumvent regional restrictions.
Transparent and non-transparent proxy
server
Suffix proxy
Reverse proxy server
Open proxy server
Tunneling proxy server
Content filter
Web Proxy
The World Wide Web, abbreviated as WWW
and commonly known as the Web, is a
system of interlinked hypertext documents
accessed via the Internet. With a web
browser, one can view web pages that
may contain text, images, videos, and
other multimedia and navigate between
them by using hyperlinks.
A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their own websiteaccessible via the World Wide Web. Web hosts are companies that provide space on a server they own or lease for use by their clients as well as providing Internet connectivity, typically in a data center.
Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation.
Virtual Hosting
Collection of several web sites on a single
web server.
Virtually identified.
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
A Microsoft active directory, in simple terms, is like a giant telephone book that organizes within it all of the computers and people that have been entered into it. In our case our active directory is called ADS (for Active Directory Service). Unlike a telephone book however ADS is not sorted alphabetically, but rather like the yellow pages by category, in our case by department. This allows us to mimic the universities administrative structure for Academic Support departments.
Administrators use an active directory to apply policies to objects (computers and users), put people into security groups (to allow and deny access to resources), and to better keep track of things in groups (called Organizational Units). Clients can make use of an active directory to look up names, phone numbers and any number of other attributes allowed by administrators.
ObjectsEverything that Active Directory tracks is considered an object. An object is any user, system, computer, resource, or service tracked within Active Directory. The generic term object is used because Active Directory is capable of tracking a variety of items, and many objects can share common attributes.
SitesA Site object in Active Directory represents a geographic location in that hosts networks. Sites contain objects called subnets. Sites can be used to assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.
Forests, trees, and domainsA forest is a collection of Trees; Trees are a collection of one or more Domains.
