Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

System and network administration network services

3,933 views

Published on

System and network administration network services

Published in: Business
  • Be the first to comment

System and network administration network services

  1. 1. Network services are the foundation of a networked computing environment. Generally network services are installed on one or more servers to provide shared resources to client computers.  DNS  DHCP  FTP  SMTP  SNMP  Proxy  WWW  Active Directory Services
  2. 2. A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the scenes from one application to another, DNS servers return the IP address of the server associated with that name.
  3. 3. Because of the large volume of requests generated in the DNS for the public Internet, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching of records for a period of time after an answer. This entails the local recording and subsequent consultation of the copy instead of initiating a new request upstream. The time for which a resolver caches a DNS response is determined by a value called the time to live (TTL) associated with every record. The TTL is set by the administrator of the DNS server handing out the authoritative response. The period of validity may vary from just seconds to days or even weeks.
  4. 4. DNS was not originally designed with security in mind, and thus has a number of security issues.  One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into believing it has received authentic information when, in reality, it has not.  DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; The Domain Name System Security Extensions (DNSSEC) modifies DNS to add support for cryptographically signed responses. There are various extensions to support securing zone transfer information as well.  Even with encryption, a DNS server could become compromised by a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL. This could have far-reaching impact to potentially millions of Internet users if busy DNS servers cache the bad IP data. This would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years).  Some domain names can spoof other, similar-looking domain names. For example, "paypal.com" and "paypa1.com" are different names, yet users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the numeral 1
  5. 5.  Forward Zone  Reverse Zone  Local Zone/Local Host
  6. 6. (Dynamic Host Configuration Protocol) A function in software that automatically assigns temporary IP addresses to client machines logging into an IP network. Residing in the router or a server, DHCP eliminates the need to manually assign permanent "static" IP addresses to devices. In a home network, the DHCP is typically in the wireless router or wired router.
  7. 7.  dynamic allocation: A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its IP software configured to request an IP address from the DHCP server during network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim (and then reallocate) IP addresses that are not renewed (dynamic re-use of IP addresses).  automatic allocation: The DHCP server permanently assigns a free IP address to a requesting client from the range defined by the administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had.  static allocation: The DHCP server allocates an IP address based on a table with MAC address/IP address pairs, which are manually filled in (perhaps by a network administrator). Only requesting clients with a MAC address listed in this table will be allocated an IP address. This feature (which is not supported by all devices) is variously called Static DHCP Assignment).
  8. 8.  DHCP discovery The client broadcasts messages (UDP) on the physical subnet to discover available DHCP servers  DHCP offer When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client's MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer.  DHCP request A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer and broadcast a DHCP request message. Based on the Transaction ID field in the request, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might have made to the client and return the offered address to the pool of available addresses. The DHCP request message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still not received an IP address.  DHCP acknowledgement When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.  DHCP releasing The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP address. As client devices usually do not know when users may unplug them from the network, the protocol does not mandate the sending of DHCP Release.
  9. 9. File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications, which solves the problem of different end host configurations (i.e., Operating System, file names). FTP is used with user-based password authentication or with anonymous user access.
  10. 10.  A client makes a connection to the server on TCP port 21. This connection, called the control connection, remains open for the duration of the session.  second connection, called the data connection, on port 20 opened as required to transfer file data. The control connection is used to send administrative data (i.e., commands, identification, passwords). Commands are sent by the client over the control connection in ASCII and terminated by a carriage return and line feed.
  11. 11. The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. SMTP was originally designed for only plain text (ASCII text), but MIME and other encoding methods enable executable programs and multimedia files to be attached to and transported with the e- mail message.
  12. 12. A widely used network monitoring and control protocol. Data are passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc.) to the workstation console used to oversee the network. The agents return information contained in a MIB (Management Information Base), which is a data structure that defines what is obtainable from the device and what can be controlled (turned off, on, etc.). Originating in the Unix community, SNMP has become widely used on all major platforms.
  13. 13. proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.
  14. 14. A proxy server has a large variety of potential purposes, including:  To keep machines behind it anonymous (mainly for security).  To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.  To apply access policy to network services or content, e.g. to block undesired sites.  To log / audit usage, i.e. to provide company employee Internet usage reporting.  To bypass security/ parental controls.  To scan transmitted content for malware before delivery.  To scan outbound content, e.g., for data leak protection.  To circumvent regional restrictions.
  15. 15.  Transparent and non-transparent proxy server  Suffix proxy  Reverse proxy server  Open proxy server  Tunneling proxy server  Content filter  Web Proxy
  16. 16. The World Wide Web, abbreviated as WWW and commonly known as the Web, is a system of interlinked hypertext documents accessed via the Internet. With a web browser, one can view web pages that may contain text, images, videos, and other multimedia and navigate between them by using hyperlinks.
  17. 17. A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own or lease for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation.
  18. 18.  Virtual Hosting Collection of several web sites on a single web server.  Virtually identified.
  19. 19.  An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.  An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
  20. 20.  A Microsoft active directory, in simple terms, is like a giant telephone book that organizes within it all of the computers and people that have been entered into it. In our case our active directory is called ADS (for Active Directory Service). Unlike a telephone book however ADS is not sorted alphabetically, but rather like the yellow pages by category, in our case by department. This allows us to mimic the universities administrative structure for Academic Support departments.  Administrators use an active directory to apply policies to objects (computers and users), put people into security groups (to allow and deny access to resources), and to better keep track of things in groups (called Organizational Units). Clients can make use of an active directory to look up names, phone numbers and any number of other attributes allowed by administrators.
  21. 21.  Objects Everything that Active Directory tracks is considered an object. An object is any user, system, computer, resource, or service tracked within Active Directory. The generic term object is used because Active Directory is capable of tracking a variety of items, and many objects can share common attributes.  Sites A Site object in Active Directory represents a geographic location in that hosts networks. Sites contain objects called subnets. Sites can be used to assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.  Forests, trees, and domains A forest is a collection of Trees; Trees are a collection of one or more Domains.

×