Transcript Lecture 9 - cda college

Application
Services
COM211 Communications and Networks
CDA College
Theodoros Christophides
Email: [email protected]
www.cdacollege.ac.cy/site/info-com-technology-ll/
Application Services
Domain Name Service
 Proxy Service
 Mail Service
 Web Service
 SSH

DNS – Domain Name System




A DNS server maintains the name to IP address mapping of
the domain for which it is the name server.
The DNS server for a domain is registered with the domain
registrar and the entry is maintained by the Internet RootServers (13) or Country Level Root-Servers.
Whenever a server is queried, if doesn’t have the answer,
the root servers are contacted.
The root servers refer to the DNS server for that domain (in
case the domain is a top level domain) or the Country Root
Server (in case the domain is country level domain).
Internet Naming Hierarchy
The silent dot at the
end of all addresses
.com
.net
.org
.tcd
.in
.ac
.iitk
www
www
.co
Proxy

A proxy is a host which relays web access
requests from clients
Used when clients do not access the web directly
 Used for security, logging, accounting and
performance

browser
proxy
web
Connections
ISP
networ
k
ISP
networ
k
Backbone
networks
Bandwidth-limited
links
ISP
network


Customer Networks
Customers connect to
an ISP
ISPs connect to
backbone
Internet Connections




Cost of connections is based on bandwidth
Cost of connection is a major part of network cost
Organisations only obtain as much bandwidth as they
can afford
Many organisations in Asia-Pacific only have 64kb/s –
2Mb/s connections (as compared to their counterpart
in US and Europe who have bandwidths of 2.4 Gbps –
10 Gbps)
What is Web Caching?
Storing copies of recently accessed web
pages
 Pages are delivered from the cache when
requested again
 Browser caches
 Proxy caches

Why Cache?
Shorter response time
 Reduced bandwidth requirement
 Reduced load on servers
 Access control and logging

Popular Proxy Caches
Apache proxy
 MS proxy server
 WinProxy
 Squid

 Squid
is popular because it is powerful,
configurable and free

Many others
Web Server





HTTP (Hyper Text Transfer Protocol) is used to transfer
web pages from a Web Server to Web Client (Browser)
Web Pages are arranged in a directory structure in the
Web Server
HTTP supports CGI (Common Gateway interface)
HTTP supports Virtual Hosting (Hosting multiple sites on
the same server)
Popular Web Servers



Apache
Windows IIS
IBM Websphere
Web Server
Email
Internet
Mail
Server
Mail Client
Mail
Server
Mail Client
Mail Architecture
Mail Architecture




Simple Mail Transfer Protocol (SMTP) is used to
transfer mail between Mail Servers over Internet
Post Office Protocol (PoP) and Interactive Mail
Access Protocol (IMAP) is used between Client
and Mail Server to retrieve mails
The mail server of a domain is identified by the
MX record of that domain
Popular Mail Servers
 Sendmail/Postfix
 Microsoft Exchange Server
 IBM Lotus
Email
SSH – Secure Shell

SSH is a secure remote virtual terminal application

Provides encrypted communication between untrusted hosts over an
insecure network





Intended to replace insecure programs such as rlogin, rsh, etc.
Includes capability to securely transfer file



Assumes eavesdroppers can hear all communications between hosts
Provides different methods of authentication
Encrypts data exchanged between hosts
SCP
Includes ability to forward X11 connections and TCP ports securely
Very popular and widely used

Not invulnerable!
Authentication in SSH1

Three means of authenticating supported by SSH

Simple rhosts




Host based



Use RSA to verify host keys
Use ~/.rhosts file for user authentication
Host and user based



User/system names in ~/.rhosts, ~/.shosts
Vulnerable to IP/DNS spoofing
Requires specific compilation for this mode of operation
RSA host key verification
RSA user key verification
If authentication fails, client is prompted for password

All communication is encrypted
SSH1 Key Exchange Protocol

Server has public/private key pair
 Client knows server’s public key
 Must be sent securely in advance

Server sends public key and random server key
to client
 Client

in advance
verifies public key
Client sends random session key encrypted with
host and server key
 Rest
of session is encrypted with session key
SSH2 Key Exchange Protocol

Diffie-Hellman public key exchange algorithm is used




Digital signature verifies identity of server to client
At the end of the key exchange, a secret key is shared



Public key exchange algorithm – very cool
Two users can exchange a secret key over and insecure link
without sharing any prior secrets (!)
Used for encrypting the rest of the session
Supports MD5 checksums for data integrity
Supports a variety of encryption mechanisms

IDEA (default), Blowfish, DES, Triple DES, …
SSH in Practice

Host public/private key is generated when SSH is installed


ssh-keygen command is used to generate users public/private keys






Can be used to securely access insecure application eg. SMTP
Can be used to circumvent firewalls
Available as open source software


Requires user enter a pass phrase
Public key copied to ~/.ssh/authorized_keys on remote systems
Ssh-agent and ssh-add eliminate the need for repeated typing of pass
phrase
Password authentication is vulnerable to guessing attacks
X11 and port forwarding enable encrypted pipe through the Internet



Public key must be in ~/.ssh/known_hosts on remote systems
See OpenSSH
Tricky to get working properly
Standard with many software distributions
Questions?