DNS

====

Domain Name Service is used to change internet domain and computer computer names into IP
addresses and vice versa. DNS works at the application layer and uses TCP and UDP for
transport. TCP is only used if returned data is truncated. See the DNS section in the Networking
Guide for information about DNS. DNS was originally based on HOSTS files that were maintained
by a centralized Network Information Center. Today of is based on a hierarchy of servers with a
distributed hierarchial database throughout the network or internet.

DNS is a hierarchial naming structure with the following levels:

Root designated by a dot (.).

First level - This indicates country or type of organization such as "org", "com", and "net".

Second level - Indicates the organization name and can be purchased for a yearly fee.

Notice that the highest level of the domain is listed last. An example of a domain name that you
may be familiar with is:

comptechdoc.org.

DNS Servers

-On the client side, a DNS resolver is used to send queries to DNS servers. The resolver is
normally part of a library routine or it is built into the application. DNS uses zone files to keep
name and IP address database information for the internet domain or hierarchial set of domains.
Zones are a storage of information in a file for a DNS domain or DNS subdomains (DNS domains
are not the same as Windows domains). DNS does not yet support dynamic configuration but has
been modified for Windows systems to do so. Different aliases may be created by the
administrator for the same host. Three types of name servers as defined by how it relates to the
zone information:

Primary - Locally stored files exist on the name server data base. The master zone file copy is
stored here.

Secondary - Gets data called a zone transfer from another server that is the zone authority.

Caching Only - Caches name server information and does not contain its own files.

A primary and secondary name server should be used on a network. When a zone is defined,
some server must be configured to be a master name server for the zone. There can be different
master name servers for different zones. The master server provides copies of the zone
information to the secondary DNS server. Name servers can be configured to get information
from other name servers when the information is not found in the local database. These types are
forwarders and slaves. Name servers as categorized by function:

Master - The zone authority that contains the master zone files.

Forwarders - A name server that passes name resolution requests to other name servers. This
configuration is done on a per server basis.
Slaves - Slave name servers are configured to use forwarders.

Windows introduces additional terminalogy:

Standard primary - The same as a primary DNS server listed above. This is a master server by
function.

Active Directory Integrated (primary) - DNS entries are stored with Active Directory data rather
than a normal zone file. More than one of these Active Directory primary servers may exist due to
Active directory replication. This term is used to refer to both the Active Directory Integrated
zones and files that support the zone.

Standard secondary - The same as a secondary DNS server listed above. This is a slave server
by function.

Root server - The server that has the DNS data for the root zone. The root zone is the
organization internal network root zone or internet root zone. It is used when a private network is
not directly on the internet (no connection or via proxy server).

If the DNS server is connected to the internet, the DNS Server Wizard will not allow the DNS
server to be configured as a root server.

Queries

Query types are:

Inverse - Getting the name from the IP address. These are used by servers as a security check.

Iterative - Server gives its best answer. This type of inquiry is sent from one server to another.

Recursive - Cannot refer the query to another name server.

Zone Transfers

The DNS zone file serial number is used to trach DNS changes. The notify function is used to
initiate zone transfers. Zone transfer types are:

Full - AXFR Query - Secondary server refresh interval expires and it sends an AXFR qurey.

Incremental - IXFR query - Only new or updated entries are copied.

DNS Zones

Possible zones include:

Forward lookup zone - Name to IP address map.

Reverse lookup zone - IP address to name map.

Standard primary zone (primary zone) - A master copy of a forward or reverse lookup zone.
Active Directory integrated zone - A copy of a standard primary or Active Directory integrated
zone. The IP address and computer name is stored in Active Directory and replicated to all local
domain controllers. DNS information is not replicated to domain controllers outside the domain.

Standard secondary zone (secondary zone)

subnetting

==========

subnet

-A portion of a network that shares a common address component. On TCP/IP networks, subnets
are defined as all devices whose IP addresses have the same prefix. For example, all devices
with IP addresses that start with 100.100.100. would be part of the same subnet. Dividing a
network into subnets is useful for both security and performance reasons. IP networks are divided
using a subnet mask.

subnet mask

-A mask used to determine what subnet an IP address belongs to. An IP address has two
components, the network address and the host address. For example, consider the IP address
150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215)
represent the Class B network address, and the second two numbers (017.009) identify a
particular host on this network.

Subnetting enables the network administrator to further divide the host part of the address into
two or more subnets. In this case, a part of the host address is reserved to identify the particular
subnet. This is easier to see if we show the IP address in binary format. The full address is:

10010110.11010111.00010001.00001001

The Class B network part is:

10010110.11010111 and the host address is

00010001.00001001

If this network is divided into 14 subnets, however, then the first 4 bits of the host address (0001)
are reserved for identifying the subnet.

The subnet mask is the network address plus the bits reserved for identifying the subnetwork.
(By convention, the bits for the network address are all set to 1, though it would also work if the
bits were set exactly as in the network address.) In this case, therefore, the subnet mask would
be 11111111.11111111.11110000.00000000. It's called a mask because it can be used to
identify the subnet to which an IP address belongs by performing a bitwise AND operation on the
mask and the IP address. The result is the subnetwork address: Subnet Mask 255.255.240.000
11111111.11111111.11110000.00000000

IP Address 150.215.017.009 10010110.11010111.00010001.00001001

Subnet Address 150.215.016.000 10010110.11010111.00010000.00000000

The subnet address, therefore, is 150.215.016.000.

switching techniques

vpns

Active directory

Routing

Routing is the act of moving information across an internetwork from a source to a destination.
Along the way, at least one intermediate node typically is encountered. Routing is often
contrasted with bridging, which might seem to accomplish precisely the same thing to the casual
observer. The primary difference between the two is that bridging occurs at Layer 2 (the link
layer) of the OSI reference model, whereas routing occurs at Layer 3 (the network layer). This
distinction provides routing and bridging with different information to use in the process of moving
information from source to destination, so the two functions accomplish their tasks in different
ways.

The topic of routing has been covered in computer science literature for more than two decades,
but routing achieved commercial popularity as late as the mid-1980s. The primary reason for this
time lag is that networks in the 1970s were simple, homogeneous environments. Only relatively
recently has large-scale internetworking become popular.

Routing Components

Routing involves two basic activities: determining optimal routing paths and transporting
information groups (typically called packets) through an internetwork. In the context of the routing
process, the latter of these is referred to as packet switching. Although packet switching is
relatively straightforward, path determination can be very complex.

Path Determination

Routing protocols use metrics to evaluate what path will be the best for a packet to travel. A
metric is a standard of measurement, such as path bandwidth, that is used by routing algorithms
to determine the optimal path to a destination. To aid the process of path determination, routing
algorithms initialize and maintain routing tables, which contain route information. Route
information varies depending on the routing algorithm used.

Routing algorithms fill routing tables with a variety of information. Destination/next hop
associations tell a router that a particular destination can be reached optimally by sending the
packet to a particular router representing the "next hop" on the way to the final destination. When
a router receives an incoming packet, it checks the destination address and attempts to associate
this address with a next hop.

Routing vs Routed Protocol

Routed vs. Routing Protocols

A routing protocol sends and receives routing information packets to and from other routers.

A routed protocol can be routed by a router, which means that it can be forwarded from one
router to another.
A routed protocol contains the data elements required for a packet to be sent outside of its host
netowkr or network segment. In other words, a routed protocol can be routed.

Protocols used to communicate routing information between routers within an autonomous

system are Interior Gateway Protocols (IGP), which are routing protocols, but not routed
protocols.

Examples of routed protocols are IP and IPX, and examples of routing protocfols are RIP and
IGRP.

NetBEUI is non-rotable protocol.

Netbeui

Pronounced net-booey, NetBEUI is short for NetBios Extended User Interface. It is an enhanced
version of the NetBIOS protocol used by network operating systems such as LAN Manager, LAN
Server, Windows for Workgroups, Windows 95 and Windows NT.

Netbeui was originally designed by IBM for their Lan Manager server and later extended by
Microsoft and Novell

NetBios

(net-bi´os) (n.) Short for Network Basic Input Output System, an API that augments the DOS
BIOS by adding special functions for local-area networks (LANs). Almost all Windows-based
LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it,
adding additional network capabilities

Routing protocols

=================

PPTP

Short for Point-to-Point Tunneling Protocol, a new technology for creating Virtual Private
Networks (VPNs) , developed jointly by Microsoft Corporation, U.S. Robotics, and several remote
access vendor companies, known collectively as the PPTP Forum. A VPN is a private network of
computers that uses the public Internet to connect some nodes. Because the Internet is
essentially an open network, the Point-to-Point Tunneling Protocol (PPTP) is used to ensure that
messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to
their corporate network via the Internet.

L2TP

Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs
to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling
protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the
ISP's routers support the protocol.

PPP
Short for Point-to-Point Protocol, a method of connecting a computer to the Internet. PPP is more
stable than the older SLIP protocol and provides error checking features. Working in the data link
layer of the OSI model, PPP sends the computer's TCP/IP packets to a server that puts them
onto the Internet

GRE

IPsec

Short for IP Security, a set of protocols developed by the IETF to support secure exchange of
packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks
(VPNs).

IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the
data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel
mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant
device decrypts each packet.

For IPsec to work, the sending and receiving devices must share a public key. This is
accomplished through a protocol known as Internet Security Association and Key Management
Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and
authenticate the sender using digital certificates.

IPSec stands for Internet Protocol Security and it is used to encrypt TCP/IP data so the
information cannot be captured and understood by outsiders. It is used both on internal networks
and between two private networks over the internet to support virtual private networking (VPN).
Terms:

Transport mode - The data portions of the packet are encrypted.

Tunnel mode - The data and address portions of the message are both encrypted and that packet
is used in the data portion of a new packet of a new IP packet with a new address. It is used
between two routers for VPN.

Security Methods

IPSec can use various security encryption algorithms and key lengths. These are the
characteristics of IPSec connections (security methods):

A specified encryption algorithm.

A negotiated key length.

A negotiated key lifetime.

Supported Authentication Methods

A shared secret such as a key or phrase.

Kerberos
Certificates - The certificate can only be created using a private key and the certificate is verified
using the public key. This way the certificate can be used for authentication.

MPP

-Short for massively parallel processing, a type of computing that uses many separate CPUs
running in parallel to execute a single program. MPP is similar to symmetric processing (SMP),
with the main difference being that in SMP systems all the CPUs share the same memory,
whereas in MPP systems, each CPU has its own memory. MPP systems are therefore more
difficult to program because the application must be divided in such a way that all the executing
segments can communicate with each other. On the other hand, MPP don't suffer from the
bottleneck problems inherent in SMP systems when all the CPUs attempt to access the same
memory at once.

CHAP

-Short for Challenge Handshake Authentication Protocol, a type of authentication in which the
authentication agent (typically a network server) sends the client program a random value that is
used only once and an ID value. Both the sender and peer share a predefined secret. The peer
concatenates the random value (or nonce), the ID and the secret and calculates a one-way hash
using MD5. The hash value is sent to the authenticator, which in turn builds that same string on
its side, calculates the MD5 sum itself and compares the result with the value received from the
peer. If the values match, the peer is authenticated.

By transmitting only the hash, the secret can't be reverse-engineered. The ID value is increased
with each CHAP dialogue to protect against replay attacks.

PAP

---

Short for Password Authentication Protocol, the most basic form of authentication, in which a
user's name and password are transmitted over a network and compared to a table of name-
password pairs. Typically, the passwords stored in the table are encrypted. The Basic
Authentication feature built into the HTTP protocol uses PAP. The main weakness of PAP is that
both the username and password are transmitted "in the clear" -- that is, in an unencrypted form.
Contrast with CHAP.

MSCHAP V2

--------

MSCHAP V2 authentication is the default authentication method used by the Microsoft Windows
2000 operating system. Support of this authentication method on Cisco routers will enable users
of the Microsoft Windows 2000 operating system to establish remote PPP sessions without
needing to first configure an authentication method on the client.
MSCHAP V2 authentication introduces an additional feature not available with MSCHAP V1 or
standard CHAP authentication, the change password feature. This feature allows the client to
change the account password if the RADIUS server reports that the password has expired.

Authentication Protocols Supported In RAS

=========================================

PAP - Password Authentification Protocol is a two way handshake protocol designed for use with
PPP. Authentication Protocol Password Authentication Protocol is a plain text password used on
older SLIP systems. It is not secure.

CHAP - Challenge Handshake Authentication Protocol is a three way handshake protocol which
is considered more secure than PAP. Authentication Protocol.

MS-CHAP (MD5) - Uses a Microsoft version of RSA message digest 5 challenge and reply
protocol. It only works on Microsoft systems and enables data encryption. Selecting this
authentification method causes all data to be encrypted.

RADIUS - Remote Authentication Dial-In User Service used to authenticate users dialing in
remotely to servers in a organization's network. It can be used to track users' time on networks.
User information is sent to a RADIUS server for validation when the user logs on to a network. It
is a new protocol with Windows 2000. The RAS server must be configured as a RADIUS client on
the Remote Access Service properties dialog box security tab. The RAS server may be
configured to use any of several RADIUS servers for user authentication. The "Configure" button
is used to add or remove RADIUS server information. The working sequence between the RAS
server and the RADIUS server is as follows:

A server running Remote Access Service (RAS) receives a connection request from a user on a
remote computer.

The remote computer is requesting RADIUS authentication.

The RAS server forwards the request to a RADIUS server for authentication. (The RAS server
becomes a RADIUS client).

The Internet Authentication Service (IAS) on the RADIUS server responds to the request from the
RAS server. (IAS can be installed and configured in the Control Panel network services dialog
box.

The RAS server takes appropriate action in verifying the user based on the RADIUS server
response.

EAP - Extensible Authentication Protocol is used between a dial-in client and server to determine
what authentication protocol will be used. Used to support smart card and other high tech forms
of authentication through its support of Transport Layer Security (TLS) which is used by these
devices. It is a new protocol with Windows 2000.

Port
----

In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies
what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP
Port Numbers in the Quick Reference section of Webopedia.

Well-Known TCP Port Numbers

In TCP/IP and UDP networks, a port is an endpoint to a logical connection and the way a client
program specifies a specific server program on a computer in a network. Some ports have
numbers that are preassigned to them by the IANA, and these are known as well-known ports
(specified in RFC 1700). Port numbers range from 0 to 65536, but only ports numbers 0 to 1024
are reserved for privileged services and designated as well-known ports. This list of well-known
port numbers specifies the port used by the server process as its contact port.

Port Number Description

1 TCP Port Service Multiplexer (TCPMUX)

5 Remote Job Entry (RJE)

7 ECHO

18 Message Send Protocol (MSP)

20 FTP -- Data

21 FTP -- Control

22 SSH Remote Login Protocol

23 Telnet

25 Simple Mail Transfer Protocol (SMTP)

29 MSG ICP

37 Time

42 Host Name Server (Nameserv)

43 WhoIs

49 Login Host Protocol (Login)

53 Domain Name System (DNS)

69 Trivial File Transfer Protocol (TFTP)

70 Gopher Services

79 Finger

80 HTTP

103 X.400 Standard

108 SNA Gateway Access Server

109 POP2

110 POP3

115 Simple File Transfer Protocol (SFTP)

118 SQL Services

119 Newsgroup (NNTP)

137 NetBIOS Name Service

139 NetBIOS Datagram Service

143 Interim Mail Access Protocol (IMAP)

150 NetBIOS Session Service

156 SQL Server

161 SNMP

179 Border Gateway Protocol (BGP)

190 Gateway Access Control Protocol (GACP)

194 Internet Relay Chat (IRC)

197 Directory Location Service (DLS)

389 Lightweight Directory Access Protocol (LDAP)

396 Novell Netware over IP

443 HTTPS

444 Simple Network Paging Protocol (SNPP)

445 Microsoft-DS

458 Apple QuickTime

546 DHCP Client

547 DHCP Server

563 SNEWS

569 MSN

1080 Socks

OSI layer

=========

1) (pronounced as separate letters) Short for Open System Interconnection, an ISO standard for
worldwide communications that defines a networking framework for implementing protocols in
seven layers. Control is passed from one layer to the next, starting at the application layer in one
station, proceeding to the bottom layer, over the channel to the next station and back up the
hierarchy.

At one time, most vendors agreed to support OSI in one form or another, but OSI was too loosely
defined and proprietary standards were too entrenched. Except for the OSI-compliant X.400 and
X.500 e-mail and directory standards, which are widely used, what was once thought to become
the universal communications standard now serves as the teaching model for all other protocols.

Most of the functionality in the OSI model exists in all communications systems, although two or
three OSI layers may be incorporated into one.

OSI is also referred to as the OSI Reference Model or just the OSI Model.

See a breakdown of the seven OSI layers in the Quick Reference section of Webopedia.

(2) Abbreviation for the Open Source Initiative.

The 7 Layers of the OSI Model

The OSI, or Open System Interconnection, model defines a networking framework for
implementing protocols in seven layers. Control is passed from one layer to the next, starting at
the application layer in one station, proceeding to the bottom layer, over the channel to the next
station and back up the hierarchy.

Application

(Layer 7) This layer supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are considered, and any
constraints on data syntax are identified. Everything at this layer is application-specific. This layer
provides application services for file transfers, e-mail, and other network software services. Telnet
and FTP are applications that exist entirely in the application level. Tiered application
architectures are part of this layer.

Presentation

(Layer 6) This layer provides independence from differences in data representation (e.g.,
encryption) by translating from application to network format, and vice versa. The presentation
layer works to transform data into the form that the application layer can accept. This layer
formats and encrypts data to be sent across a network, providing freedom from compatibility
problems. It is sometimes called the syntax layer.

Session

(Layer 5) This layer establishes, manages and terminates connections between applications. The
session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues
between the applications at each end. It deals with session and connection coordination.

Transport

(Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

Network

(Layer 3) This layer provides switching and routing technologies, creating logical paths, known as
virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of
this layer, as well as addressing, internetworking, error handling, congestion control and packet
sequencing.
Data Link

(Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission
protocol knowledge and management and handles errors in the physical layer, flow control and
frame synchronization. The data link layer is divided into two sublayers: The Media Access
Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sublayer controls how a
computer on the network gains access to the data and permission to transmit it. The LLC layer
controls frame synchronization, flow control and error checking.

Physical

(Layer 1) This layer conveys the bit stream - electrical impulse, light or radio signal -- through the
network at the electrical and mechanical level. It provides the hardware means of sending and
receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet,
RS232, and ATM are protocols with physical layer components.

RAID

====

rad) Short for Redundant Array of Independent (or Inexpensive) Disks, a category of disk drives
that employ two or more drives in combination for fault tolerance and performance. RAID disk
drives are used frequently on servers but aren't generally necessary for personal computers.

There are number of different RAID levels:

Level 0 -- Striped Disk Array without Fault Tolerance: Provides data striping (spreading out blocks
of each file across multiple disk drives) but no redundancy. This improves performance but does
not deliver fault tolerance. If one drive fails then all data in the array is lost.

Level 1 -- Mirroring and Duplexing: Provides disk mirroring. Level 1 provides twice the read
transaction rate of single disks and the same write transaction rate as single disks.

Level 2 -- Error-Correcting Coding: Not a typical implementation and rarely used, Level 2 stripes
data at the bit level rather than the block level.

Level 3 -- Bit-Interleaved Parity: Provides byte-level striping with a dedicated parity disk. Level 3,
which cannot service simultaneous multiple requests, also is rarely used.

Level 4 -- Dedicated Parity Drive: A commonly used implementation of RAID, Level 4 provides
block-level striping (like Level 0) with a parity disk. If a data disk fails, the parity data is used to
create a replacement disk. A disadvantage to Level 4 is that the parity disk can create write
bottlenecks.
Level 5 -- Block Interleaved Distributed Parity: Provides data striping at the byte level and also
stripe error correction information. This results in excellent performance and good fault tolerance.
Level 5 is one of the most popular implementations of RAID.

Level 6 -- Independent Data Disks with Double Parity: Provides block-level striping with parity
data distributed across all disks.

Level 0+1 - A Mirror of Stripes: Not one of the original RAID levels, two RAID 0 stripes are
created, and a RAID 1 mirror is created over them. Used for both replicating and sharing data
among disks.

Level 10 - A Stripe of Mirrors: Not one of the original RAID levels, multiple RAID 1 mirrors are
created, and a RAID 0 stripe is created over these.

Level 7: A trademark of Storage Computer Corporation that adds caching to Levels 3 or 4.

RAID S: EMC Corporation's proprietary striped parity RAID system used in its Symmetrix storage
systems.

TCP Layers

==========

4 Application

(OSI layers5 through 7) e.g. HTTP, FTP, DNS

(routing protocols like BGP and RIP, which for a variety of reasons run over TCP and UDP
respectively, may also be considered part of the Internetwork layer)

3 Transport

(OSI layers4 and 5) e.g. TCP, UDP, RTP, SCTP

(routing protocols like OSPF, which run over IP, may also be considered part of the Internetwork
layer)

2 Internetwork

(OSI layer 3) For TCP/IP this is the Internet Protocol (IP)

(required protocols like ICMP and IGMP run over IP, but may still be considered part of the
Internetwork layer; ARP does not run over IP)

1 Link

(OSI layers 1 and 2) e.g. Ethernet, Wi-Fi, MPLS, etc.

OSI Layers

==========

7 Application e.g. HTTP, SMTP, SNMP, FTP, Telnet, SSH and Scp, NFS, RTSP, Feed, Webcal,
XMPP, Whois

6 Presentation e.g. XDR, ASN.1, SMB, AFP, NCP

5 Session e.g. TLS, SSH, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP, Winsock, BSD sockets

4 Transport e.g. TCP, UDP, RTP, SCTP, SPX, ATP

3 Network e.g. IP, ICMP, IGMP, BGP, OSPF, RIP, IGRP, EIGRP, ARP, RARP, X.25

2 Data Link e.g. Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP

1 Physical e.g. wire, radio, fiber optic, Carrier pigeon