System and network administration network services
Network services are the foundation of a
networked computing environment.
Generally network services are installed
on one or more servers to provide shared
resources to client computers.
Active Directory Services
A system for converting host names and domain
names into IP addresses on the Internet or on
local networks that use the TCP/IP protocol. For
example, when a Web site address is given to
the DNS either by typing a URL in a browser or
behind the scenes from one application to
another, DNS servers return the IP address of the
server associated with that name.
Because of the large volume of requests generated in the
DNS for the public Internet, the designers wished to
provide a mechanism to reduce the load on individual
DNS servers. To this end, the DNS resolution process allows
for caching of records for a period of time after an
answer. This entails the local recording and subsequent
consultation of the copy instead of initiating a new
request upstream. The time for which a resolver caches a
DNS response is determined by a value called the time to
live (TTL) associated with every record. The TTL is set by the
administrator of the DNS server handing out the
The period of validity may vary from just seconds to days
or even weeks.
DNS was not originally designed with security in mind, and thus has a number of
One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into
believing it has received authentic information when, in reality, it has not.
DNS responses are traditionally not cryptographically signed, leading to many
attack possibilities; The Domain Name System Security Extensions (DNSSEC)
modifies DNS to add support for cryptographically signed responses. There are
various extensions to support securing zone transfer information as well.
Even with encryption, a DNS server could become compromised by a virus (or
for that matter a disgruntled employee) that would cause IP addresses of that
server to be redirected to a malicious address with a long TTL. This could have
far-reaching impact to potentially millions of Internet users if busy DNS servers
cache the bad IP data. This would require manual purging of all affected DNS
caches as required by the long TTL (up to 68 years).
Some domain names can spoof other, similar-looking domain names. For
example, "paypal.com" and "paypa1.com" are different names, yet users may
be unable to tell the difference when the user's typeface (font) does not clearly
differentiate the letter l and the numeral 1
Local Zone/Local Host
(Dynamic Host Configuration Protocol)
A function in software that automatically
assigns temporary IP addresses to client
machines logging into an IP network.
Residing in the router or a server, DHCP
eliminates the need to manually assign
permanent "static" IP addresses to devices.
In a home network, the DHCP is typically in
the wireless router or wired router.
dynamic allocation: A network administrator assigns a range of IP
addresses to DHCP, and each client computer on the LAN has its IP
software configured to request an IP address from the DHCP server
during network initialization. The request-and-grant process uses a lease
concept with a controllable time period, allowing the DHCP server to
reclaim (and then reallocate) IP addresses that are not renewed
(dynamic re-use of IP addresses).
automatic allocation: The DHCP server permanently assigns a free IP
address to a requesting client from the range defined by the
administrator. This is like dynamic allocation, but the DHCP server keeps
a table of past IP address assignments, so that it can preferentially assign
to a client the same IP address that the client previously had.
static allocation: The DHCP server allocates an IP address based on a
table with MAC address/IP address pairs, which are manually filled in
(perhaps by a network administrator). Only requesting clients with a
MAC address listed in this table will be allocated an IP address. This
feature (which is not supported by all devices) is variously called Static
The client broadcasts messages (UDP) on the physical subnet to discover available DHCP servers
When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and
extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client's
MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP
address of the DHCP server making the offer.
A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer and broadcast a
DHCP request message. Based on the Transaction ID field in the request, servers are informed whose offer the
client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might
have made to the client and return the offered address to the pool of available addresses. The DHCP request
message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still
not received an IP address.
When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters
its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet
includes the lease duration and any other configuration information that the client might have requested. At
this point, the IP configuration process is completed.
The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP
address. As client devices usually do not know when users may unplug them from the network, the protocol
does not mandate the sending of DHCP Release.
File Transfer Protocol (FTP) is a standard network
protocol used to copy a file from one host to
another over a TCP/IP-based network, such as the
Internet. FTP is built on a client-server architecture
and utilizes separate control and data
connections between the client and server
applications, which solves the problem of
different end host configurations (i.e., Operating
System, file names).
FTP is used with user-based password
authentication or with anonymous user access.
A client makes a connection to the server on TCP
port 21. This connection, called the control
connection, remains open for the duration of the
second connection, called the data connection, on
port 20 opened as required to transfer file data.
The control connection is used to send administrative
data (i.e., commands, identification, passwords).
Commands are sent by the client over the control
connection in ASCII and terminated by a carriage return
and line feed.
The standard e-mail protocol on the Internet
and part of the TCP/IP protocol suite.
SMTP defines the message format and the
message transfer agent (MTA), which stores
and forwards the mail. SMTP was originally
designed for only plain text (ASCII text), but
MIME and other encoding methods enable
executable programs and multimedia files to
be attached to and transported with the e-
A widely used network monitoring and control
protocol. Data are passed from SNMP agents,
which are hardware and/or software processes
reporting activity in each network device (hub,
router, bridge, etc.) to the workstation console
used to oversee the network.
The agents return information contained in a MIB
(Management Information Base), which is a data
structure that defines what is obtainable from the
device and what can be controlled (turned off,
on, etc.). Originating in the Unix community, SNMP
has become widely used on all major platforms.
proxy server is a server (a computer system or an application
program) that acts as an intermediary for requests from clients
seeking resources from other servers. A client connects to the
proxy server, requesting some service, such as a file,
connection, web page, or other resource, available from a
different server. The proxy server evaluates the request
according to its filtering rules. For example, it may filter traffic
by IP address or protocol. If the request is validated by the
filter, the proxy provides the resource by connecting to the
relevant server and requesting the service on behalf of the
client. A proxy server may optionally alter the client's request
or the server's response, and sometimes it may serve the
request without contacting the specified server. In this case, it
'caches' responses from the remote server, and returns
subsequent requests for the same content directly.
A proxy server has a large variety of potential purposes,
To keep machines behind it anonymous (mainly for
To speed up access to resources (using caching). Web
proxies are commonly used to cache web pages from a
To apply access policy to network services or content, e.g.
to block undesired sites.
To log / audit usage, i.e. to provide company employee
Internet usage reporting.
To bypass security/ parental controls.
To scan transmitted content for malware before delivery.
To scan outbound content, e.g., for data leak protection.
To circumvent regional restrictions.
Transparent and non-transparent proxy
Reverse proxy server
Open proxy server
Tunneling proxy server
The World Wide Web, abbreviated as WWW
and commonly known as the Web, is a
system of interlinked hypertext documents
accessed via the Internet. With a web
browser, one can view web pages that
may contain text, images, videos, and
other multimedia and navigate between
them by using hyperlinks.
A web hosting service is a type of Internet
hosting service that allows individuals and
organizations to make their own website
accessible via the World Wide Web. Web
hosts are companies that provide space on a
server they own or lease for use by their clients
as well as providing Internet connectivity,
typically in a data center.
Web hosts can also provide data center
space and connectivity to the Internet for
servers they do not own to be located in their
data center, called colocation.
Collection of several web sites on a single
An active directory is a directory structure used
on Microsoft Windows based computers and
servers to store information and data about
networks and domains. It is primarily used for
online information and was originally created
in 1996. It was first used with Windows 2000.
An active directory (sometimes referred to as
an AD) does a variety of functions including
the ability to provide information on objects,
helps organize these objects for easy retrieval
and access, allows access by end users and
administrators and allows the administrator to
set security up for the directory.
A Microsoft active directory, in simple terms, is like a giant
telephone book that organizes within it all of the
computers and people that have been entered into it. In
our case our active directory is called ADS (for Active
Directory Service). Unlike a telephone book however ADS
is not sorted alphabetically, but rather like the yellow
pages by category, in our case by department. This allows
us to mimic the universities administrative structure for
Academic Support departments.
Administrators use an active directory to apply policies to
objects (computers and users), put people into security
groups (to allow and deny access to resources), and to
better keep track of things in groups (called
Organizational Units). Clients can make use of an active
directory to look up names, phone numbers and any
number of other attributes allowed by administrators.
Everything that Active Directory tracks is considered an
object. An object is any user, system, computer, resource,
or service tracked within Active Directory. The generic
term object is used because Active Directory is capable of
tracking a variety of items, and many objects can share
A Site object in Active Directory represents a geographic
location in that hosts networks. Sites contain objects called
subnets. Sites can be used to assign Group Policy Objects,
facilitate the discovery of resources, manage active
directory replication, and manage network link traffic.
Forests, trees, and domains
A forest is a collection of Trees; Trees are a collection of
one or more Domains.