Você está na página 1de 13

DNS (Domain name service)--tcp and udp 53

The DNS translates Internet domain and host names to IP addresses. DNS
automatically converts the names we type in our Web browser address bar
to the IP addresses of Web servers hosting those sites.DNS implements a
distributed database to store this name and address information for all public
hosts on the Internet. DNS assumes IP addresses do not change (are
statically assigned rather than dynamically assigned). The DNS database
resides on a hierarchy of special database servers. When clients like Web
browsers issue requests involving Internet host names, a piece of software
called the DNS resolver (usually built into the network operating system) first
contacts a DNS server to determine the server's IP address. If the DNS
server does not contain the needed mapping, it will in turn forward the
request to a dierent DNS server at the next higher level in the hierarchy.
After potentially several forwarding and delegation messages are sent within
the DNS hierarchy, the IP address for the given host eventually arrives at the
resolver, that in turn completes the request over Internet Protocol.DNS
protocol defines an automated service that matches resource names with
the required numeric network address. It includes the format for queries,

responses, and data format

The Hypertext Transfer Protocol (HTTP)

one of the protocols in the TCP/IP suite, was originally developed to publish
and retrieve HTML pages and is now used collaborative information
systems. HTTP is used across the World Wide Web for data transfer and is

one of the most used application protocols. HTTP specifies a request/


response protocol. When a client, typically a web browser, sends a request
message to a server, the HTTP protocol defines the message types the

client uses to request the web page and also the message types the server
uses to respond. The three common

message types are GET, POST, and PUT.GET is a client request for data. A
web browser sends the

GET message to request pages from a web server. As shown in the figure,
once the server receives the GET

request, it responds with a status line, such as HTTP/1.1 200 OK, and a
message of its own, the body of which may

be the requested file, an error message, or some other information.POST


and PUT are used to send messages that upload data to the web server. For
example, when the user enters data into a form embedded in a web page,
POST includes the data in the message sent to the server.This message
format is used for all types of client queries and server responses, error
messages, and the transfer of resource record information between
servers.DNS is a client/server service; however, it diers from the other
client/server services that we are examining. While other services use a client

that is an application (such as web browser, e-mail client), the DNS client
runs as a service itself. The DNS client, sometimes called the DNS resolver,
supports name resolution for our other network applications and other
services that need it. When configuring a network device, we generally
provide one or more DNS Server addresses that the DNS client can use for
name resolution. Usually the Internet service provider provides the addresses
to use for the DNS servers. When a user's application requests to connect to
a remote device by name, the requesting DNS client queries one of these
name servers to resolve the name to a numeric address.

SMTP

Whenever you send a piece of e-mail, your e-mail client interacts with the
SMTP server to handle the sending. The SMTP server on your host may have
conversations with other SMTP servers to deliver the e-mail.

Let's assume that I want to send a piece of e-mail. My e-mail ID is brain, and
I have my account on howstuworks.com. I want to send e-mail to
jsmith@mindspring.com. I am using a stand-alone e-mail client like Outlook
Express.When I set up my account at howstuworks, I told Outlook Express
the name of the mail server -- mail.howstuworks.com. When I compose a
message and press the Send button, here's what happens:

Outlook Express connects to the SMTP server at mail.howstuworks.com


using port 25. Outlook Express has a conversation with the SMTP server,
telling the SMTP server the address of the sender and the address of the
recipient, as well as the body of the message. The SMTP server takes the
"to" address (jsmith@mindspring.com) and breaks it into two parts: the
recipient name (jsmith) and the domain name (mindspring.com). If the "to"
address had been another user at howstuworks.com, the SMTP server
would simply hand the message to the POP3 server for howstuworks.com
(using a little program called the delivery agent). Since the recipient is at
another domain, SMTP needs to communicate with that domain.The SMTP
server has a conversation with a Domain Name Server, or DNS (see How
Web Servers Work for details). It says, "Can you give me the IP address of
the SMTP server for mindspring.com?" The DNS replies with the one or
more IP addresses for the SMTP server(s) that Mindspring operates.The
SMTP server at howstuworks.com connects with the SMTP server at
Mindspring using port 25. It has the same simple text conversation that my
e-mail client had with the SMTP server for HowStuWorks, and gives the
message to the Mindspring server. The Mindspring server recognizes that
the domain name for jsmith is at Mindspring, so it hands the message to
Mindspring's POP3 server, which puts the message in jsmith's mailbox. If,
for some reason, the SMTP server at HowStuWorks cannot connect with
the SMTP server at Mindspring, then the message goes into a queue. The
SMTP server on most machines uses a program called sendmail to do the
actual sending, so this queue is called the sendmail queue. Sendmail will
periodically try to resend the messages in its queue. For example, it might

retry every 15 minutes. After four hours, it will usually send you a piece of
mail that tells you there is some sort of problem. After five days, most
sendmail configurations give up and return the mail to you undelivered.

The SMTP server understands very simple text commands like HELO, MAIL,
RCPT and DATA. The most common commands are:

HELO - introduce yourself

EHLO - introduce yourself and request extended mode

MAIL FROM: - specify the sender

RCPT TO: - specify the recipient

DATA - specify the body of the message (To, From and Subject should be the
first three lines.)

RSET - reset

QUIT - quit the session

HELP - get help on commands

VRFY - verify an address

EXPN - expand an address

VERB - verbose

POP3
When using POP3 (Post Oce Protocol, version 3), all of the messages are
downloaded from the mailserver and saved locally. Your Email is only
accessible from one computer/device and Incoming Mail is no longer
available when using WebMail or any other computer/device (unless
configured otherwise).

Pros

Mail always available on the computer/device for oine consultation.

Cons

Sent Items available locally ONLY (no copy exists at all times on the
mailserver);

Speed of mail download dependant on bandwidth (large attachments may


take some time).

IMAP
IMAP (Internet Message Access Protocol, currently version 4) has features
found in both POP3 and Exchange protocols.When using IMAP, your Inbox is
stored on the mailserver whereas the Sent Items are still stored locally
(unless otherwise specified). When you check your mail, your computer
contacts the mailserver to show you the new Incoming Mail. All of your Inbox
is available from any computer and you can check it from anywhere in the
world by using WebMail.

Pros

Incoming Mail always available on multiple computers and WebMail.

Cons

Sent Items available locally ONLY (no copy exists at all times on the
mailserver)

FTP
The File Transfer Protocol (FTP) is another commonly used Application layer
protocol. FTP was developed to

allow for file transfers between a client and a server. An FTP client is an
application that runs on a computer that

is used to push and pull files from a server running the FTP daemon (FTPd).
To successfully transfer files, FTP

requires two connections between the client and the server: one for
commands and replies, the other for the

actual file transfer. The client establishes the first connection to the server on
TCP port 21. This connection

is used for control trac, consisting of client commands and server replies.
The client establishes the second

connection to the server over TCP port 20. This connection is for the actual
file transfer and is created

every time there is a file transferred. The file transfer can happen in either
direction. The client can download (pull)

a file from the server or, the client can upload (push) a file to the server.

DHCP

The Dynamic Host Configuration Protocol (DHCP) service enables devices


on a network to obtain IP

addresses and other information from a DHCP server.This service automates


the assignment of IP addresses,

subnet masks, gateway and other IP networking parameters. DHCP allows a


host to obtain an IP address

dynamically when it connects to the network. The DHCP server is contacted


and an address requested. The DHCP

server chooses an address from a configured range of addresses called a


pool and assigns ("leases") it to the host

for a set period. On larger local networks, or where the user population
changes frequently, DHCP is preferred.

New users may arrive with laptops and need a connection. Others have new
workstations that need to be connected

Telnet Services and Protocol

Long before desktop computers with sophisticated graphical interfaces


existed, people used text-based

systems which were often just display terminals physically attached to a


central computer. Once networks were

available, people needed a way to remotely access the computer systems in


the same manner that they did with

the directly attached terminals. Telnet was developed to meet that need.
Telnet dates back to the early 1970s and is

among the oldest of the Application layer protocols and services in the TCP/
IP suite. Telnet provides a standard

method of emulating text-based terminal devices over the data network.


Both the protocol itself and the client

software that implements the protocol are commonly referred to as Telnet.


Appropriately enough, a connection

using Telnet is called a Virtual Terminal (VTY) session, or connection. Rather


than using a physical device to

connect to the server, Telnet uses software to create a virtual device that
provides the same features of a

terminal session with access to the server command line interface (CLI). To
support Telnet client connections, the

server runs a service called the Telnet daemon. A virtual terminal connection
is established from an end device

using a Telnet client application. Most operating systems include an


Application layer Telnet client. On a Microsoft

Windows PC, Telnet can be run from the command prompt. Other common
terminal applications that run as

Telnet clients are HyperTerminal, Minicom, and TeraTerm. Once a Telnet


connection is established, users

can perform any authorized function on the server, just as if they were using
a command line session on the server

itself. If authorized, they can start and stop processes, configure the device,
and even shut down the system.

LDAP

Lightweight Directory - Directories are kind of like a database but not really.
A directory is a specialized database that is optimized for lookups. Unlike a
traditional RDBMS, LDAP is not designed to show complex relationships
between relations. Imagine if 99% of your actions on were going to be
simple "selects", and you wanted anyone, anywhere to be able to do these
selects over the Internet. This is where LDAP excels. Examples of directories
are the TVGuide, the phone book, a library card catalog, and DNS.

"Give me the phone number of John Smith."

"Give me all the tv shows that are on tonight on the Sci-Fi channel."

Access Protocol - LDAP is an outgrowth of the x.500 standard. LDAP is an


open standard, unlike many other proprietary directory solutions. Most of the
directory-like solutions that were out on the market are now very similar to
LDAP. Some of these solution providers, Sun and Microsoft specifically, have
designed JNDI and ADSI APIs so that you can connect with any kind of
directory service. This is kind of like ODBC or JDBC is to an RDBMS.

Cool things you can do with LDAP

-Contact Management

-Users and Security

-Image storage

-Document Management

-Store business logic - actual code or SQL statements

-Your ideas?

How does LDAP work?

Client connects to server --> operations --> disconnect from server

These operations include:

1. binding to server

2. searching for an entry

3. comparing entries

4. adding an entry

5. modifying existing entries

6. removing an entry

NTP

Network Time Protocol (NTP) is a protocol that is used to synchronize


computer clock times in a network of computers.NTP uses Coordinated
Universal Time (UTC) to synchronize computer clock times to a millisecond,
and sometimes to a fraction of a millisecond. UTC time is obtained using
several dierent methods, including radio and satellite systems. Specialized
receivers are available for high-level services such as the Global Positioning
System (GPS) and the governments of some nations. However, it is not
practical or cost-eective to equip every computer with one of these
receivers. Instead, computers designated as primary time servers are
outfitted with the receivers and they use protocols such as NTP to
synchronize the clock times of networked computers. Degrees of separation
from the UTC source are defined as strata. A radio clock (which receives true
time from a dedicated transmitter or satellite navigation system) is stratum-0;
a computer that is directly linked to the radio clock is stratum-1; a computer
that receives its time from a stratum-1 computer is stratum-2, and so
on.Accurate time across a network is important for many reasons; even small
fractions of a second can cause problems. For example, distributed
procedures depend on coordinated times to ensure that proper sequences
are followed. Security mechanisms depend on coordinated times across the
network. File system updates carried out by a number of computers also
depend on synchronized clock times. Air trac control systems provide a
graphic illustration of the need for coordinated times, since flight paths
require very precise timing (imagine the situation if air trac controller
computer clock times were not synchronized).The term NTP applies to both
the protocol and the client/server programs that run on computers. The
programs are compiled by the user as an NTP client, NTP server, or both. In
basic terms, the NTP client initiates a time request exchange with the time
server. As a result of this exchange, the client is able to calculate the link
delay and its local oset, and adjust its local clock to match the clock at the
server's computer. As a rule, six exchanges over a period of about five to 10
minutes are required to initially set the clock. Once synchronized, the client
updates the clock about once every 10 minutes, usually requiring only a
single message exchange. In addition to client/server synchronization, NTP
also supports broadcast synchronization of peer computer clocks.
Unfortunately, the NTP protocol can be exploited and used for denial of

service (DoS) attacks because it will reply to a packet with a spoofed source
IP address and because at least one of its built-in commands will send a
long reply to a short request.

SOCKS
SOCKS is a protocol that is intended to act a circuit level proxy for
applications.It is very different from normal proxy because they are
application proxies. For example, when you use a HTTP proxy you are
actually forwarding the HTTP request, and the HTTP proxy server then
performs the request on your behalf. An example of this would be asking
someone to pass you the salt at the dinner table, who then gets the salt
shaker, and passes it to you.The SOCKS protocol is roughly equivalent to
setting up an IP tunnel with a firewall and the protocol requests are then
initiated from the firewall. The client contact the SOCKS proxy server and, by
exchanging messages defined by the SOCKS protocol, negotiates a proxy
connection. When a connection is established, the client communicates with
the SOCKS server using the SOCKS protocol. The external server
communicates with the SOCKS server as if it were the actual client.
How it works
SOCKS is client/server. A users workstation must have a SOCKS client
installed, either in the application (such as putty, Firefox), or deep in the TCP/
IP stack where the client software will redirect packets into a SOCKS tunnel.
The SOCKS client will initiate a connection to a SOCKS server. The SOCKS
protocol allows for authentication and logging of the connection requests.
Here is the confusing bit:
The SOCKS server then acts as the IP Client for the connection request.
This means that the external server is only aware of the SOCKS Server (the
proxy).
SNMP
You've got a good-size network with hundreds of users in several locations,
connected by routers, hubs, bridges, switches, dial-up modems, Web servers,
application serversyou name it. When everything's fine, then everything's
fine. But what happens if a section of the network starts experiencing
dropouts, outages, reduced throughput or other network-based errors? How
do you know that something has gone wrong, discover where the source
problem is and then fix it?The most common mechanism for keeping tabs on
network health is a standard called Simple Network Management Protocol
(SNMP). Any device (which in this case can refer to software as well as
hardware) that can be managed by SNMP contains a monitoring program,
called an agent, that gathers information on that device's network activity.
This information is in the form of messages called protocol data units (PDU)

and is stored in an onboard database called a management information base


(MIB).At the network administrator's console, there's usually some type of
monitoring application, often called a network management station, such as
IBM's Tivoli NetView or Hewlett-Packard Co.'s OpenView. From this point, the
administrator (or an automated or scheduled process) polls all or some of the
network nodes, asking for whatever information has been collected. At the
device being monitored, another piece of software, called the master agent,
looks at what's been stored in the MIB and sends it back up the chain to the
network management station, where it can be collated and processed with
information from other nodes to determine what's happening on the network.
At this point, SNMP can also be used by the network administrator to
reconfigure specific devices.SNMP agents can also be set up to automatically
notify the network management station if certain predefined conditions or
events occur. These alerts are called traps.

SIP
SIP is the Session Initiation Protocol. In IP and traditional telephony, network
engineers have always made a clear distinction between two different phases
of a voice call. The first phase is "call setup," and includes all of the details
needed to get two telephones talking. Once the call has been setup, the
phones enter a "data transfer" phase of the call using an entirely different
family of protocols to actually move the voice packets between the two
phones. In the world of VoIP, SIP is a call setup protocol that operates at the
application layer. You may have also heard of H.323, an ITU protocol with
similar function. SIP is a very flexible protocol that has great depth. It was
designed to be a general-purpose way to set up real-time multimedia
sessions between groups of participants. For example, in addition to simple
telephone calls, SIP can also be used to set up video and audio multicast
meetings, or instant messaging conferences. In this document, we'll focus on
SIP's capabilities for VoIP, and how it sets up calls that then use RTP (the
Real-time Transport Protocol) to actually send the voice data between
phones.SIP also has great breadth as it does more than just handle call
setup. The table below shows the five major functions within SIP from a VoIP
point of view.

MGCP
Media Gateway Control Protocol (MGCP) is a protocol used for controlling
Voice over IP (VoIP) Gateways from external call control elements. MGCP is
the emerging protocol that is receiving wide interest from both the voice and
data industries. MGCP is defined in an informational (non-standard) IETF
document, RFC 3435 , which obsoletes an earlier definition in RFC 2705 . It
superseded the Simple Gateway Control Protocol (SGCP) .
MGCP is a protocol for controlling media gateways from call agents. In a VoIP
system, MGCP can be used with SIP or H.323. SIP or H.323 will provide the
call control functionality and MGCP can be used to manage media
establishment in media gateways.
Characteristics of MGCP:
A master/slave protocol.
Assumes limited intelligence at the edge (endpoints) and intelligence at the
core (call agent).
Used between call agents and media gateways.
Differs from SIP and H.323 which are peer-to-peer protocols.
Interoperates with SIP and H.323.
For example
A call agent accepts SIP or H.323 call setup requests.
The call agent uses MGCP to control the media gateway.
The media gateway establishes media sessions with other H.323 or SIP
endpoints.
MGCP divides call setup/control and media establishment functions.
MGCP does not replace SIP or H.323. SIP and H.323 provide symmetrical
or peer-to-peer call setup/control.

SSH
Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIXbased command interface and protocol for securely getting access to a
remote computer. It is widely used by network administrators to control Web
and other kinds of servers remotely. SSH is actually a suite of three utilities slogin, ssh, and scp - that are secure versions of the earlier UNIX utilities,
rlogin, rsh, and rcp. SSH commands are encrypted and secure in several
ways. Both ends of the client/server connection are authenticated using a
digital certificate, and passwords are protected by being encryptedSSH uses
RSA public key cryptography for both connection and authentication.
Encryption algorithms include Blowfish, DES, and IDEA. IDEA is the default.
SSH2, the latest version, is a proposed set of standards from the Internet
Engineering Task Force (IETF).
RIP
BGP

SSL/TLS
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the
most widely deployed security protocol used today. It is essentially a protocol
that provides a secure channel between two machines operating over the
Internet or an internal network. In todays Internet focused world, the SSL
protocol is typically used when a web browser needs to securely connect to a
web server over the inherently insecure Internet.
Technically, SSL is a transparent protocol which requires little interaction from
the end user when establishing a secure session. In the case of a browser for
instance, users are alerted to the presence of SSL when the browser displays
a padlock, or, in the case of Extended Validation SSL, when the address bar
displays both a padlock and a green bar. This is the key to the success of
SSL it is an incredibly simple experience for end users.
Read: Heartbleed bug - what you need to know, and our response.
Extended Validation (EV) SSL Certificates (such as GlobalSign
ExtendedSSL) display visible trust indicators:

!
Standard SSL Certificates (such as GlobalSign DomainSSL and
OrganizationSSL) display:

!
As opposed to unsecured HTTP URLs which begin with "http://" and use port 80
by default, secure HTTPS URLs begin with "https://" and use port 443 by
default.
HTTP is insecure and is subject to eavesdropping attacks which, if critical
information like credit card details and account logins is transmitted and picked
up, can let attackers gain access to online accounts and sensitive information.
Ensuring data is either sent or posted through the browser using HTTPS is
ensuring that such information is encrypted and secure.
In practice, how is SSL used in todays modern e-commerce enabled / online
workflow and service society?
To secure online credit card transactions.
To secure system logins and any sensitive information exchanged online.
To secure webmail and applications like Outlook Web Access, Exchange
and Office Communications Server.
To secure workflow and virtualisation applications like Citrix Delivery
Platforms or cloud-based computing platforms.
To secure the connection between an email client such as Microsoft
Outlook and an email server such as Microsoft Exchange.
To secure the transfer of files over https and FTP(s) services such as
website owners updating new pages to their websites or transferring large
files.

To secure hosting control panel logins and activity like Parallels, cPanel,
and others.
To secure intranet based traffic such as internal networks, file sharing,
extranets, and database connections.
To secure network logins and other network traffic with SSL VPNs such as
VPN Access Servers or applications like the Citrix Access Gateway.