Transcript PPT

Networking Operating Systems (CO32010)
Objectives:
Processes
• To outline the usage of the2.three
main NOS’s: NT/2000,
and
UNIX and Netware.
• To define the usage of objectscheduling
properties in each of the
NOS’s.
• To define how distributed files systems are created in the
1. Operating three main NOS’s (UNIX – NFS, Active Directories –
Systems
NT/2000 and NDS – NetWare)
3. Distributed
processing
7. Encryption
8.1
8.2
8.3
8.4
8.5
Introduction
Microsoft Windows
UNIX
Novell NetWare
NDS
6. Routers
8. NT, UNIX
and NetWare
5. Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
4. Distributed
file systems
bill@napier, 2001
Local audit policy
Success Failure
• User login/logout


• File and object access


• Use of user rights


• User and group management 

• Security policy changes


• Restart/shutdown


• Process tracking


\\freds_pc
\\bills_
pc
Domain
Domain
(my_d)
(my_d)
\\server1
Domain audit policy
• User login/logout
• File and object access
• etc
http://www.soc.napier.ac.uk/~bill/nos.html
Success Failure




bill@napier, 2001
UNIX file attributes
file owner
name
-rwxr-xr-x
1 bill_b
group’s
name
date/time
last modified
staff
28 May 12
filename
1993 gopc
directory
attribute
d rwx rwx rwx
User
USER
Group
GROUP WORLD
World
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
UNIX
•
•
•
•
•
•
•
•
•
•
•
•
•
TCP/IP for its communications.
NFS for mounting files over a network.
ICMP (for ping, traceroute, and so on).
RIP (for routing).
ARP (for determination of MAC addresses).
DNS (for determining domain names).
BOOTP (for IP address allocation).
FTP (for file transfer).
TELNET (for remote login).
NIS (for creating domains).
RPC (for remote processing execution).
SMTP (for e-mail).
SNMP (for network management)
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Application
Application
Presentation
Presentation
Application
Applicationprogram
program
Session
Session
Transport
Transport
Network
Network
NetWare
NetWare
(SPX/IPX)
(SPX/IPX)
UNIX/
UNIX/
Internet
Internet
(TCP/IP)
(TCP/IP)
Transport Driver
Interface (TDI)
Windows
Windows
(NetBEUI)
(NetBEUI)
Data
Datalink
link
Media
MediaAccess
AccessControl
Control
Physical
Physical
Ethernet/
Ethernet/ATM/
ATM/ISDN/
ISDN/etc.
etc.
http://www.soc.napier.ac.uk/~bill/nos.html
Network Device
Interface Specification
(NDIS)
NDIS
Wrapper NDIS NIC
Driver
NIC
bill@napier, 2001
Application
programs
NetWare shell
(NETx)
software
NCP (network
core protocol)
SPX/IPX
ODI (open
data-link interface)
hardware
NetWare client: Windows NT, Windows 3.1,
Unix, OS/2, Mac or DOS
NIC (network
interface card)
server
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Application
Application
program
Presentation
NetWare
shell
Session
NCP redirector/
NETBIOS emulator
Transport
SPX
Network
IPX
Open-device
interface (ODI)
Data link
Physical
Ethernet,
Token Ring,
etc.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Problems with Novell NetWare 3
• It uses SPX/IPX which is incompatible with TCP/IP
traffic.
• It is difficult to synchronize servers with user
information.
• The file structure is local to individual servers.
• Server architecture is flat and cannot be
organized into a hierarchical structure (Bindery
services).
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
NDS
• Hierarchical server structure.
• Network-wide users and groups.
• Global objects. NDS integrates users, groups, printers,
servers, volumes and other physical resources into a
hierarchical tree structure.
• System-wide login with a single password. This allows
users to access resources which are connected to remote
servers.
• NDS processes logins between NetWare 3.1 and
NetWare 4/5 servers, if the login names and passwords
are the same.
• Supports distributed file system.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
NDS (cont.)
• Synchronization services. NDS allows for directory synchronization,
which allows directories to be mirrored on different partitions or
different servers. This provides increased reliability in that if a server
develops a fault then the files on that server can be replicated by
another server.
• Standardized organizational structure for applications, printers,
servers and services. This provides a common structure across
different organizations.
• It integrates most of the administrative tasks in Windows-based
NWADMIN.EXE program.
• It is a truly distributed system where the directory information can
be distributed around the tree.
• Support for NFS server for UNIX resources.
• Multiple login scripts, as opposed to system and user login scripts in
NetWare 3.1.
• Windows NT support.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Organization
Electrical
Mechanical
Root
objects
Production
Administration
Container
objects
BINS/VOL1
Q_LASER
Containe
objects
CD_DISK
SYS/VOL2
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
[ROOT]. This is the top level of the inverted tree and contains all the
objects within the organizational structure.
Organization. This object class defines the organizational name (such
as FRED_AND_CO). It is normally the next level after [ROOT] (or
below the C=Country object).
User. This object defines an individual user. The first user created in a
NetWare 4 system is the ADMIN user, which is typically the only user
with rights to add and delete objects on the whole of the NDS structure.
NCP (NetWare Control Protocol) Server. This appears for all
NetWare 4 servers.
Volume. This identifies the mounted volume for file services. A network file system data links to the Directory tree through Volume
objects.
The most commonly used objects are:
Bindery. These allow compatibility with existing Bindery-based
NetWare 3, NetWare 3 clients and NetWare 4 servers which do not
completely implement NDS. They display any object that isn’t a user,
group, queue, profile or print server, which was created using the bindery services.
Organizational unit. This object represents the OU part of the NDS
tree. These divide the NDS tree into subdivisions, which can represent
different geographical sites, different divisions or workgroups. Different divisions might be PRODUCTION, ACCOUNT, RESEARCH, and
so on. Each Organizational Unit has its own login script.
Organization role. This object represents a defined role within an
organization object. It is thus easy to identify users who have an administrative role within the organization.
Group. This object represents a grouping of users. All users within a
group inherit the same access rights.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Directory map. This object points to a file system directory on a
mounted volume. It is typically used to create a global file system
which has physically separate parts.
Alias. This identifies an object with another name. For example, a
print queue which is called NET_PRINT1 might have an alias name of
HP _LASER_JET_6.
Printer. This can either be connected to the printer port of a PC, or
connected to a NetWare server.
Print queue. This object represents the queue of print jobs.
Profile. This object defines a special scripting file. This can be a
global login script, a location login script or a special login script.
Print server. This object allows print jobs to be queued, waiting to be
serviced by the associated printer.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
• [ROOT]. This is the top level of the tree. The top of the NDS tree is the
[ROOT] object.
• C=Country. This object can be used, or not, to represent different countries,
typically where an organization is distributed over two or more countries. If it
is used then it must be placed below the [ROOT] object. NDS normally does
not use the Country object and uses the Organization Unit to define the
geographically located sites, such as SALES_UK.[ROOT], SALES_USA.[ROOT],
and so on.
• L=Locality. This object defines locations within other objects, and identifies
network portions. The Country and Locality objects are included in the X.500
specification, but they are not normally used, because many NetWare 4
utilities do not recognize it. When used, it must be placed below the [Root]
object, Country object, Organization object, or Organizational Unit object.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Leaf Objects (CN - Common Name)
Apart from the container objects (C, O, OU, and so
on) there are leaf objects. These are assigned a CN
(for Common Name). They include:
CN=AFP Server
CN=Bindery
CN=Bindery Queue CN=Computer
CN=Directory Map CN=Group
CN=Organizational Role
CN=Print Queue
CN=Print Server
CN=Printer
CN=Profile
CN=Server
CN=User
CN=Volume
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
[ROOT]
O=Organization
(such as: O=FRED_ANDCO)
OU=Organizational Unit
(such as: OU=TEST)
OU=Organizational Unit
(such as: OU=SALES)
User1
Groups
User2
Print Queues
Printer
Printer Server
http://www.soc.napier.ac.uk/~bill/nos.html
Volum es
bill@napier, 2001
• LP=Licensed Product. This object is automatically created when a license
certificate is installed. When used, it must be placed below the [Root] object,
Country object, Organization object, or Organizational Unit object.
• O=Organization. This object represents the name of the organization, a
company division or a department. Each NDS Directory tree has at least one
Organization object, and it must be placed below the [Root] object (unless the
tree uses the Country or Locality object).
• OU=Organization Unit. This object normally represents the name of the
organizational unit within the organization, such as Production, Accounts, and
so on. At this level, User objects can be added and a system level login script
is created. It is normally placed below the Organizational object.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Secondary server
Primary server
NIC
MSL
adapter
Duplexed
traffic
MSL
adapter
NIC
Network connections
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Remote access to network
PPP/SLIP
Remote access
connection
Remote
access server
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
PPTP
PPTP
Virtual flow
PPTP encapsulates the
required protocol
(TCP/IP, IPX, AppleTalk,
NETBEUI)
Remote
access server
Virtual Private Network
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IPCP
PPP
IPXCP
ACP
IPCP
IPXCP
Network
layer
ACP
NCP
NCP
Authentication and LCP
Authentication and LCP
Asynchronous/synchronous
media
Asynchronous/synchronous
media
PPP trailer
IP
Data
link
layer
PPP header
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Flag
(01111110)
1 byte
Address
(11111111)
1 byte
Control
(00000011)
Protocol
Data
FCS
1 byte
2 bytes
variable
2 or 4
bytes
Network protocols:
0021h –
IP
0029h –
Appletalk
002bh –
Novell IPX
Flag
(01111110)
1 byte
Network Control Protocols:
8021h –
IP Control Protocol
8029h –
Appletalk Control Protocol
802bh –
Novell IPX Control Protocol
Link Control Protocols:
C021h – Link Control Protocol
C023h – PAP
C025h – Link Quality Report
C223h – CHAP
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
2 or 4
bytes
2 bytes
Flag
(01111110)
Address
(11111111)
Control
(00000011)
1 byte
1 byte
1 byte
Code
Protocol
(C021h - LCP )
FCS
Flag
(01111110)
1 byte
Identifier
Length
1
Configure-Request
2
Configure-Ack
3
Configure-Nak
4
Configure-Reject
5
Terminate-Request
6
Terminate-Ack
7
Code-Reject
8
Protocol-Reject
9
Echo-Request
10 Echo-Reply
http://www.soc.napier.ac.uk/~bill/nos.html
Data
bill@napier, 2001
Network
connection
Client
Server
LCP AND NCP packets
• Link establishment phase
• Link quality phase
• Network-layer protocol phase
• Link termination phase
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
Network
Hostname; remotenode
Password; pass 1
“Remotenode pass 1”
Accept/reject
http://www.soc.napier.ac.uk/~bill/nos.html
Password sent
with clear text
bill@napier, 2001
Client
Server
Hostname; remotenode
Password; pass 1
Challenge
Response
Accept/reject
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
RCR sta
Tut
Closed
str
Closing
Open
Close
Opened
sca
RCN,TO +
scn
Req-sent
RCA
RCR+
TO+
RCR-
RCN,TO + scr
Ack-Rcvd
RCA
scn
Ack-Sent
sca
RCR+
RCR-
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001
LCP configuration
packets
Link Dead
Phase
Up
Link
Establishment
Phase
Opened
Authentication
Phase
Fail
Fail
Success/
none
Down
Link
Terminatation
Phase
Closing
NetworkLayer Protocol
Phase
NCP packets
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2001