Scribd
Upload
28 views79 pages

CH 3

4 year pdf

Uploaded by

nafyjabesa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views79 pages

CH 3

4 year pdf

Uploaded by

nafyjabesa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 79

Chapter 3

User Administration Concepts


and
Mechanisms

1
The Registry

2
Definition
• The registry is a database file or presentation that is
used by all windows operating systems that
followed Win95.
• The registry is used by the Windows OS to store
hardware and software configuration information,
user preferences and setup information.
• The correct registry is essential for correct windows
performance and functioning, this is why the
registry is usually attacked by viruses and other
malicious software.

3
Registry vs. File System
• The registry is analogous to a file system.
File system:
▪ Folders
▪ Files
Registry:
▪ Keys
▪ Keys have inside them either other keys or name/value
pairs which correspond to object name and content.

4
Registry Structure

5
Registry Structure
• Registry has five top level branches or Hives:
▪ HKEY_CLASSES_ROOT
✓ COM server info, file associations, shortcuts
▪ HKEY_CURRENT-USER
✓ Logged in user name, desktop, start menu
▪ HKEY_LOCAL_MACHINE
✓ Hardware, software, preferences for all users
▪ HKEY_USERS
✓ Individual preferences for each user, represented by Security ID
(SID)
▪ HKEY_CURRENT_CONFIG
✓ Links to part of HKEY_LOCAL_MACHINE for current hardware
▪ HKEY_DYN_DATA
✓ Links to part of HKEY_LOCAL_MACHINE for PlugAndPlay

6
Registry Value Types
• REG_BINARY
▪ Raw binary data
• REG_DWORD
▪ 32 bit integers – often representing bools
• REG_SZ
▪ string
• REG_EXPAND_SZ
▪ Expandable string
• REG_MULTI_SZ
▪ Container for null seperated strings

7
COM Registry Entry

8
Exporting and Importing
• In RegEdit select a key
• File Export
• Provide filespec info in resulting save dialog

9
Registry Content
• The registry holds critical information about the
system, the users of the system, and installed
applications:
• Operating System version number, build number, and
registered user.
• Informaiton for every properly installed application,
• Information about the computer’s processor type and
system memory.
• User-specific information (home directory, app.
preferences)
• Security informaiton such as user account names.
• Installed services
• Mapping from file names to programs/executables.
• Mapping network addressees to host machine names.

10
Registry Programming interface
• The registry programming interface holds a list of
functions that can be divided into:
▪ Key management (browse, add, remove keys) and includes:
✓ RegOpenKeyEx : opens a key and gives you a handle to it.
✓ RegEnumKeyEX : provides an enumerator over a key content.
✓ CreateKeyEX : creates a new key.
✓ RegDeleteKey : deletes a key.

▪ Value management (add, remove, edit values of keys):


✓ RegEnumValue : Enumerates the values for the specified open
registry key.
✓ RegSetValueEx : Sets the data for the default or unnamed value of a
specified registry key.
✓ RegQueryValueEX : Retrieves the type and data for the specified
value name associated with an open registry key.

• NOTE: these are the basic and most used functions, you
can find the whole interface functions on
http://msdn.microsoft.com.
11
RegOpenKeyEx
• LONG RegOpenKeyEx( HKEY hKey, LPCTSTR lpSubKey,
DWORD ulOptions, REGSAM samDesired, PHKEY phkResult).

▪ hKey: handle to an open registry key. This handle is returned by the


RegCreateKeyEx or RegOpenKeyEx function, or it can be one of the
predefined keys.
▪ lpSubKey: registry sub key to be opened. Key names are not case
sensitive. If this parameter is NULL or a pointer to an empty string,
the function will open a new handle to the key identified by the hKey
parameter.
▪ ulOptions: parameter is reserved and must be zero.
▪ samDesired: mask that specifies desired access rights to the key.
Fails if the security descriptor of the key does not permit requested
access.
▪ phkResult: pointer to variable that receives a handle to the opened
key. If key is not one of the predefined registry keys, call the
RegCloseKey function after you have finished using the handle.

12
RegEnumKeyEx
• LONG RegEnumKeyEx(HKEY hKey, DWORD dwIndex, LPTSTR lpName,
LPDWORD lpcName, LPDWORD lpReserved, LPTSTR lpClass, LPDWORD lpcClass,
PFILETIME lpftLastWriteTime );

▪ HKEY hKey :A handle to an open registry key.


▪ DWORD dwIndex: The index of the subkey to retrieve. This parameter should be zero
for the first call to the RegEnumKeyEx function and then incremented for subsequent
calls.
Note :Because subkeys are not ordered, any new subkey will have an arbitrary index.
This means that the function may return subkeys in any order.
▪ LPTSTR lpName: A pointer to a buffer that receives the name of the subkey, including
the terminating null character. The function copies only the name of the subkey, not the
full key hierarchy, to the buffer.
▪ LPDWORD lpcName: A pointer to a variable that specifies the size of the buffer specified
by the lpName parameter, in TCHARs. This size should include the terminating null
character. When the function returns, the variable pointed to by lpcName contains the
number of characters stored in the buffer. The count returned does not include the
terminating null character
▪ LPDWORD lpReserved : This parameter is reserved and must be NULL.
▪ LPTSTR lpClass: A pointer to a buffer that receives the null-terminated class string of the
enumerated subkey.
NOTE: This parameter can be NULL.
▪ LPDWORD lpcClass: A pointer to a variable that specifies the size of the buffer specified
by the lpClass parameter, in TCHARs. The size should include the terminating null
character. When the function returns, lpcClass contains the number of characters stored
in the buffer. The count returned does not include the terminating null character. This
parameter can be NULL only if lpClass is NULL.
▪ PFILETIME lpftLastWriteTim :A pointer to a variable that receives the time at which the
enumerated subkey was last written. This parameter can be NULL
13
RegCreateKeyEX
• LONG RegCreateKeyEx( HKEY hKey, LPCTSTR lpSubKey, DWORD Reserved,
LPTSTR lpClass, DWORD dwOptions, REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD
lpdwDisposition);

▪ hkey: a handle to a registry key.


▪ lpSubKey: The name of a subkey that this function opens or creates. The subkey
specified must be a subkey of the key identified by the hKey parameter; it can be up
to 32 levels deep in the registry tree.
Note: this cannot be Null.
▪ Reserved : This parameter is reserved and must be zero.
▪ lpClass : The class (object type) of this key. This parameter may be ignored and can
be NULL. This parameter is used for both local and remote registry keys.
▪ dwOptions: this basically indicates wheather this entry is volatile or is stored on file
and persists even after the machine is restarted.
▪ samDesired :A mask that specifies the access rights for the key.
▪ lpSecurityAttributes: A pointer to a SECURITY_ATTRIBUTES structure that determines
whether the returned handle can be inherited by child processes. If
lpSecurityAttributes is NULL, the handle cannot be inherited.
▪ phkResult : A pointer to a variable that receives a handle to the opened or created
key. If the key is not one of the predefined registry keys, call the RegCloseKey
function after you have finished using the handle.
▪ lpdwDisposition: indicats weather this key is already been created or not.
14
RegDeleteKey
• LONG RegDeleteKey(HKEY hKey, LPCTSTR
lpSubKey);

▪ Hkey: a handle to an open key in the registry.


▪ lpSubKey : The name of the key to be deleted. It must be
a subkey of the key that hKey identifies, but it cannot
have subkeys.
NOTE: This parameter cannot be NULL.
NOTE: Key names are not case sensitive

15
RegEnumValue
• LONG RegEnumValue( HKEY hKey, DWORD dwIndex,
LPTSTR lpValueName, LPDWORD lpcValueName,
LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData,
LPDWORD lpcbData);

▪ hKey: a handle to an open registry key.


▪ dwIndex: the index of the value to be retreived.
▪ lpValueName: a buffer that will hold the name of the value.
▪ lpcValueName: A pointer to a variable that specifies the size of the
buffer pointed to by the lpValueName parameter, in TCHARs.
▪ lpReserved: this parameter is reserved and must be zero.
▪ lpType: the buffer that will hold the type of the value.
▪ lpData: the buffer that will hold the actual value.
▪ lpcbData: A pointer to a variable that specifies the size of the buffer
pointed to by the lpData parameter, in bytes.

16
RegSetValueEx
• LONG RegSetValueEx( HKEY hKey, LPCTSTR lpValueName,
DWORD Reserved, DWORD dwType, const BYTE* lpData,
DWORD cbData);

▪ hKey: a registry key handle.


▪ lpValueName: The name of the value to be set. If a value with this
name is not already present in the key, the function adds it to the
key.
▪ Reserved: This parameter is reserved and must be zero.
▪ dwType: The type of data pointed to by the lpData parameter.
▪ lpData: The data to be stored.
▪ cbData: The size of the information pointed to by the lpData
parameter, in bytes. If the data is of type REG_SZ,
REG_EXPAND_SZ, or REG_MULTI_SZ, cbData must include the size
of the terminating null character or characters.

17
RegQueryValueEx
• LONG RegQueryValueEx( HKEY hKey, LPCTSTR
lpValueName, LPDWORD lpReserved, LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData );

▪ hKey: a handle of a registry key.


▪ lpValueName: The name of the registry value.
▪ lpReserved: This parameter is reserved and must be NULL.
▪ lpType: A pointer to a variable that receives a code indicating
the type of data stored in the specified value.
▪ lpData: A pointer to a buffer that receives the value's data.
This parameter can be NULL if the data is not required.
▪ lpcbData: A pointer to a variable that specifies the size of the
buffer pointed to by the lpData parameter, in bytes. When the
function returns, this variable contains the size of the data
copied to lpData.

18
Complete Registry interface
Below is a list of all the registry
functions:

– RegCloseKey – RegReplaceKey
– RegOpenKey – RegEnumKeyEx
– RegConnectRegistry – RegRestoreKey
– RegOpenKeyEx – RegEnumValue
– RegCreateKey – RegSaveKey
– RegQueryInfoKey – RegFlushKey
– RegCreateKeyEx – RegSetKeySecurity
– RegQueryMultipleValues – RegGetKeySecurity
– RegDeleteKey – RegSetValue
– RegQueryValue – RegLoadKey
– RegDeleteValue – RegSetValueEx
– RegQueryValueEx – RegNotifyChangeKeyValue
– RegEnumKey – RegUnLoadKey

19
Network Address Translation
(NAT)

20
Private Network
• Private IP network is an IP network that is not directly
connected to the Internet

• IP addresses in a private network can be assigned


arbitrarily.
▪ Not registered and not guaranteed to be globally unique

• Generally, private networks use addresses from the


following experimental address ranges (non-routable
addresses):
▪ 10.0.0.0 – 10.255.255.255
▪ 172.16.0.0 – 172.31.255.255
▪ 192.168.0.0 – 192.168.255.255

21
Private Addresses

H1 H2 H3 H4

10.0.1.2 10.0.1.3 10.0.1.2 10.0.1.3

10.0.1.1 10.0.1.1
Private network 1 Private network 1
Internet
R1 128.195.4.119 128.143.71.21 R2

213.168.112.3

H5

22
Network Address Translation
(NAT)
• NAT is a router function where IP addresses (and
possibly port numbers) of IP datagrams are replaced at
the boundary of a private network

• NAT is a method that enables hosts on private


networks to communicate with hosts on the Internet

• NAT is run on routers that connect private networks to


the public Internet, to replace the IP address-port pair
of an IP packet with another IP address-port pair.

23
Basic operation of NAT

• NAT device has address translation table

24
Pooling of IP addresses
• Scenario: Corporate network has many hosts but
only a small number of public IP addresses
• NAT solution:
▪ Corporate network is managed with a private address
space
▪ NAT device, located at the boundary between the
corporate network and the public Internet, manages a
pool of public IP addresses
▪ When a host from the corporate network sends an IP
datagram to a host in the public Internet, the NAT device
picks a public IP address from the address pool, and
binds this address to the private address of the host
25
Pooling of IP addresses
Private Internet
network

Source = 10.0.1.2 Source = 128.143.71.21


Destination = 213.168.112.3 Destination = 213.168.112.3

private address: 10.0.1.2 NAT


public address: 213.168.112.3
public address: device
H1 H5

Private Public
Address Address
10.0.1.2

Pool of addresses: 128.143.71.0-128.143.71.30

26
Supporting migration between network service
providers
• Scenario: In CIDR, the IP addresses in a corporate network are
obtained from the service provider. Changing the service provider
requires changing all IP addresses in the network.
• NAT solution:
▪ Assign private addresses to the hosts of the corporate network
▪ NAT device has static address translation entries which bind the
private address of a host to the public address.
▪ Migration to a new network service provider merely requires an
update of the NAT device. The migration is not noticeable to the
hosts on the network.
Note:
▪ The difference to the use of NAT with IP address pooling is that the
mapping of public and private IP addresses is static.

27
Supporting migration between network service
providers

28
IP masquerading
• Also called: Network address and port translation
(NAPT), port address translation (PAT).
• Scenario: Single public IP address is mapped to
multiple hosts in a private network.
• NAT solution:
▪ Assign private addresses to the hosts of the corporate
network
▪ NAT device modifies the port numbers for outgoing
traffic

29
IP masquerading

Source = 10.0.1.2 Source = 128.143.71.21


Source port = 2001 Source port = 2100

private address: 10.0.1.2


NAT 128.143.71.21
H1 Private network Internet
device
private address: 10.0.1.3

H2 Source = 10.0.1.3 Source = 128.143.71.21


Source port = 3020 Destination = 4444

Private Public
Address Address
10.0.1.2/2001 128.143.71.21/2100
10.0.1.3/3020 128.143.71.21/4444

30
Load balancing of servers
• Scenario: Balance the load on a set of identical
servers, which are accessible from a single IP
address

• NAT solution:
▪ Here, the servers are assigned private addresses
▪ NAT device acts as a proxy for requests to the server
from the public network
▪ The NAT device changes the destination IP address of
arriving packets to one of the private addresses for a
server
▪ A sensible strategy for balancing the load of the servers is
to assign the addresses of the servers in a round-robin
fashion.

31
Load balancing of servers

32
Concerns about NAT
• Performance:
▪ Modifying the IP header by changing the IP address
requires that NAT boxes recalculate the IP header
checksum
▪ Modifying port number requires that NAT boxes
recalculate TCP checksum
• Fragmentation
▪ Care must be taken that a datagram that is fragmented
before it reaches the NAT device, is not assigned a
different IP address or different port numbers for each of
the fragments.

33
Concerns about NAT
• End-to-end connectivity:
▪ NAT destroys universal end-to-end reachability of hosts
on the Internet.
▪ A host in the public Internet often cannot initiate
communication to a host in a private network.
▪ The problem is worse, when two hosts that are in a
private network need to communicate with each other.

34
Concerns about NAT
• IP address in application data:
▪ Applications that carry IP addresses in the payload of the
application data generally do not work across a private-
public network boundary.
▪ Some NAT devices inspect the payload of widely used
application layer protocols and, if an IP address is
detected in the application-layer header or the
application payload, translate the address according to
the address translation table.

35
NAT and FTP
FTP client FTP server
public address: public address:
128.143.72.21 128.195.4.120

H1 H2
PORT 128.143.72.21/1027

200 PORT command successful

RETR myfile

150 Opening data connection

establish data connection

• Normal FTP operation

36
NAT and FTP
Private network Internet

FTP client NAT FTP server


private address: 10.0.1.3 device
public address: 128.143.72.21

H1 H2
PORT 10.0.1.3/1027 PORT 128.143.72.21/1027

200 PORT command successful 200 PORT command successful

RETR myfile RETR myfile

150 Opening data connection 150 Opening data connection

establish data connection establish data connection

• NAT device with FTP support

37
NAT and FTP
Private network Internet

FTP client NAT FTP server


private address: 10.0.1.3 device public address:
public address: 128.143.72.21 128.195.4.120

H1 H2
PASV PASV

Entering Passive Mode Entering Passive Mode


128.195.4.120/10001 128.195.4.120/10001

Establish data connection Establish data connection

• FTP in passive mode and NAT.

38
Configuring NAT in Linux
• Linux uses the Netfilter/iptable package to add
filtering rules to the IP module
To application From application

filter nat
INPUT OUTPUT

Yes filter
OUTPUT
Destination No filter
is local? FORWARD

nat nat
PREROUTING POSTROUTING
(DNAT) (SNAT)

Incoming Outgoing
datagram datagram
39
Configuring NAT with iptable
• First example:
iptables –t nat –A POSTROUTING –s 10.0.1.2
–j SNAT --to-source 128.143.71.21
• Pooling of IP addresses:
iptables –t nat –A POSTROUTING –s 10.0.1.0/24
–j SNAT --to-source 128.128.71.0–128.143.71.30
• ISP migration:
iptables –t nat –R POSTROUTING –s 10.0.1.0/24
–j SNAT --to-source 128.195.4.0–128.195.4.254
• IP masquerading:
iptables –t nat –A POSTROUTING –s 10.0.1.0/24
–o eth1 –j MASQUERADE
• Load balancing:
iptables -t nat -A PREROUTING -i eth1 -j DNAT --to-
destination 10.0.1.2-10.0.1.4

40
Dynamic Host Configuration
Protocol (DHCP)

41
Dynamic Assignment of IP addresses
• Dynamic assignment of IP addresses is desirable
for several reasons:
▪ IP addresses are assigned on-demand
▪ Avoid manual IP configuration
▪ Support mobility of laptops

42
Solutions for dynamic assignment of IP addresses

• Reverse Address Resolution Protocol (RARP)


– Works similar to ARP
– Broadcast a request for the IP address associated
with a given MAC address
– RARP server responds with an IP address
– Only assigns IP address (not the default router and
subnetmask)
ARP Ethernet MAC
IP address
address
(32 bit)
(48 bit)
RARP

43
BOOTP
• BOOTstrap Protocol (BOOTP)
✓ From 1985
✓ Host can configure its IP parameters at boot time.
✓ 3 services.
– IP address assignment.
– Detection of the IP address for a serving machine.
– The name of a file to be loaded and executed by the client machine (boot
file name)

▪ Not only assign IP address, but also default router, network mask,
etc.
▪ Sent as UDP messages (UDP Port 67 (server) and 68 (host))
▪ Use limited broadcast address (255.255.255.255):
✓ These addresses are never forwarded

44
Introduction
• DHCP is s a network service that enables host
computers to be automatically assigned settings
from a server.
▪ Computers configured to be DHCP clients have no
control over the settings they receive from the DHCP
server.
▪ The configuration is transparent to the computer's user.
• The most common settings provided by a DHCP
server to DHCP clients include:
▪ IP address and Subnet Mask
▪ IP address of the default-gateway to use
▪ IP addresses of the DNS servers to use

45
Introduction…
• However, a DHCP server can also supply
configuration properties such as:
▪ Host Name: Eg. www, mail, …
▪ Domain Name: Eg. wu.edu.et, aau.edu.et
▪ Time Server: ntp
▪ Print Server
• Advantages of using DHCP includes:
▪ Changes to the network need only be changed at the
DHCP server.
▪ It is also easier to integrate new computers into the
network.
▪ Conflicts in IP address allocation are also reduced.

46
How DHCP works?
• Manual allocation (MAC address)
▪ Using DHCP to identify the unique hardware address of each
network card connected to the network.
▪ Continually supplying a constant configuration each time the
DHCP client makes a request to the DHCP server using that
network device.
▪ This ensures that a particular address is assigned
automatically to that network card, based on it's MAC
address.
• Dynamic allocation (address pool)
▪ The DHCP server will assign an IP address from a pool of
addresses (sometimes also called a range or scope) for a
period of time or lease.
▪ This way, the clients will be receiving their configuration
properties dynamically and on a "first come, first served“ basis
47
How DHCP works….
▪ When a DHCP client is no longer on the network for a
specified period, the configuration is expired and
released back to the address pool for use by other DHCP
Clients.
• Automatic allocation
▪ The DHCP automatically assigns an IP address
permanently to a device, selecting it from a pool of
available addresses.
▪ DHCP is used to assign a temporary address to a client,
but a DHCP server can allow an infinite lease time.

48
DHCP Server Configuration
• DHCP Server configuration on ‘ubuntu’ follows the
following steps:
▪ Installation of the dhcp service (dhcpd)
sudo apt-get install isc-dhcp-server
Note: Edit the /etc/dhcp/dhcp.conf file to change the default confituration.
▪ Configuration
✓ Most commonly, what you want to do is assign an IP address randomly.
This can be done with settings as follows:
# minimal sample /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.150 192.168.1.200;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "mydomain.example";
}

49
Configuration….
▪ This will result in the DHCP server giving clients an IP
address from the range 192.168.1.150-192.168.1.200.
▪ It will lease an IP address for 600 seconds if the client
doesn't ask for a specific time frame.
▪ Otherwise the maximum (allowed) lease will be 7200
seconds.
▪ The server will also "advise" the client to use
192.168.1.254 as the default-gateway
▪ 192.168.1.1 and 192.168.1.2 as its DNS servers.
• After changing the config file you have to restart
the dhcpd:
▪ sudo /etc/init.d/isc-dhcp-server restart

50
Name Server and Configuration
• The Domain Name System (DNS) is a distributed
database.
▪ This allows local control of the segments of the overall
database, yet the data in each segment is available across
the entire network through a client-server scheme.
• DNS's distributed database is indexed by domain
names.
▪ Each domain name is essentially just a path in a large
inverted tree, called the domain name space.
• DNS's tree can branch any number of ways at each
intersection point, or node.
51
Name Server …
• The depth of the tree is limited
to 127 levels.
▪ Each node in the tree has a text
label (without dots) that can be up
to 63 characters long.
▪ A null (zero-length) label is
reserved for the root.
▪ Domain names are always read
from the node toward the root,
with dots separating the names in
the path.
▪ When the root node's label
appears by itself, it is written as a
single dot (.) for convenience.

52
Name Server …
▪ DNS requires that sibling nodes have
different labels.
▪ Restriction guarantees that a domain
name uniquely identifies a single node
in the tree.

53
Name Server…
• The domain name of a
domain is the same as the
domain name of the node
at the very top of the
domain.
• So for example, the top of
the purdue.edu domain is
a node named
purdue.edu

54
Name Server…
• Any domain name in the
subtree is considered a
part of the domain.
• Because a domain name
can be in many subtrees,
it can also be in many
domains.
• For example, the domain
name pa.ca.us is part of
the ca.us domain and also
part of the us domain

55
Internet Domain Name Space
• The original top-level domains divided the Internet domain name space
organizationally into seven domains:
▪ com
✓ Commercial organizations, such as Hewlett-Packard (hp.com), Sun Microsystems (sun.com),
and IBM (ibm.com).
▪ edu
✓ Educational organizations, such as Wollega University (wu.edu) and Purdue University
(purdue.edu).
▪ gov
✓ Government organizations, such as INSA (insa.gov) and the Ministry of Foreign Affairs
(mfa.gov).
▪ mil
✓ Military organizations, such as the U.S. Army (army.mil ) and Navy (navy.mil ).
▪ net
✓ Organizations providing network infrastructure, such as EthioTelecom (ethiotelecom.net)
and UUNET (uu.net).
▪ org
✓ Formerly, noncommercial organizations, such as the Electronic Frontier Foundation (eff.org ).
Like net, however, restrictions on org were removed in 1996.
▪ int
✓ International organizations, such as NATO (nato.int).

56
Delegation
• Decentralize administration in DNS is achieved
through delegation.
▪ An organization administering a domain can divide it
into subdomains.
▪ Each of those subdomains can be delegated to other
organizations.
▪ An organization becomes responsible for maintaining all
the data in that subdomain.
▪ It can freely change the data, and even divide up its
subdomain into more subdomains and delegate those.

57
Delegation…
▪Not all organizations delegate
away their whole domain.
▪A domain may have several
delegated subdomains and also
contain hosts that don't belong in
the subdomains.
▪For example, the Wollega
University has a campus at Gimbi
and Nekemte. So it might have a
gimbi.wu.edu.et subdomain and a
nekemte.wu.edu.et subdomain.

58
Name Servers and Zones
• The programs that store information about the
domain name space are called name servers.
• Name servers generally have complete information
about some part of the domain name space (a
zone), which they load from a file or from another
name server.
▪ The other name server is called Forwarder.
• The name server is then said to have authority for
that zone. Name servers can be authoritative for
multiple zones, too.

59
Zones…
• All top-level domains, and
many domains at the
second level and lower,
such as berkeley.edu and
hp.com, are broken into
smaller, more manageable
units by delegation.
• These units are called
zones.

60
Zone Data Files
• Most entries in zone data files are called DNS
resource records.
• DNS lookups are case-insensitive, so you can enter
names in your zone data files in uppercase,
lowercase, or mixed case.
▪ Commonly all lowercase is used.

61
Types of DNS Resource Records
• SOA record
▪ Indicates authority for this zone (Start Of Authority)
• NS record
▪ Lists a name server for this zone
• A record
▪ Name-to-address mapping
• PTR records
▪ Address-to-name mapping
• CNAME records
▪ Canonical name (for aliases)
• MX records
▪ Records for Mail Exchange server

62
Example
✓ ; ; NS Record;
wu.edu.et. IN NS ns1.wu.edu.et
wu.edu.et. IN NS ns2.wu.edu.et
✓ ;; Mail Exchange
wu.edu.et. IN MX mail.wu.edu.et
✓ ;;A Records
intranet.wu.edu.et. IN A 10.5.100.9
medsims.wu.edu.et. IN A 10.5.100.56
✓ ; ; PTR Addresses
9.100.5.102.in-addr.arpa. IN PTR intranet.wu.edu.et.
56.100.5.10.in-addr.arpa. IN PTR medsims.wu.edu.et
✓ ; ; Aliases
medicine.wu.edu.et. IN CNAME medsims.wu.edu.et.

63
Resolver
• Resolvers are the clients that access name servers.
Programs running on a host that need information
from the domain name space use the resolver.
• The resolver handles the following tasks:
▪ Querying a name server
▪ Interpreting responses (which may be resource records
or an error)
▪ Returning the information to the programs that
requested it

64
Name Space Resolution
• Name servers are adept at retrieving data from the
domain name space.
• They have to be, given the limited intelligence of
most resolvers.
• Not only can they give you data from zones for
which they're authoritative, they can also search
through the domain name space to find data for
which they're not authoritative.
• This process is called name resolution or simply
resolution.

65
Resolution…
• Because the namespace is structured as an inverted
tree, a name server needs only one piece of
information to find its way to any point in the tree:
▪ The domain names and addresses of the root name
servers
▪ A name server can issue a query to a root name server for
any domain name in the domain name space, and the
root name server starts the name server on its way.

66
Resolution Process

67
Adding More Name Servers
• Primary and Slave Name Servers
▪ In large networks it is a good idea to define name servers
and give them authority.
✓ Primary Name Server is Authoritative
✓ Secondary Name Server is active when Primary NS fails
• Caching Only Name Servers
▪ The name implies that the only function this server
performs is looking up data and caching it.
▪ They are not authoritative for any zones (except
0.0.127.in-addr.arpa).

68
BIND
• BIND (Berkeley Internet Name Domain) is the
default name server for Linux OS.
• Installation and Configuration:
▪ Update your server and Install BIND on it. Execute the
following commands one by one.
$sudo apt-get update
$sudo apt-get install bind9 bind9utils bind9-doc
▪ Before proceeding you can optionally set bind9 to IPv4
mode.
$sudo nano /etc/default/bind9
▪ Add "-4" to the OPTIONS variable. Then save and exit. It
should look like the following:
OPTIONS="-4 -u bind"

69
Proxy Servers
Part of an overall Firewall strategy
Sits between the local network and the external network
◦ Originally used primarily as a caching strategy to minimize outgoing

URL requests and increase perceived browser performance


◦ Primary mission is now to insure anonymity of internal users
Still used for caching of frequently requested files
Also used for content filtering

Acts as a go-between, submitting your requests to the external


network
◦ Requests are translated from your IP address to the Proxy’s IP address

◦ E-mail addresses of internal users are removed from request

headersn actual break in the flow of communications 70


Performance Aspects
Caching
By keeping local copies of frequently accessed file the proxy can
serve those files back to a requesting browser without going to
the external site each time, this dramatically improves the
performance seen by the end user
Only makes sense to implement this at the ISP rather than the
small business level because of the number of pages available
Because of dynamic content many pages are invalidated in the
cache right away
Load balancing
A proxy can be used in a reverse direction to balance the load
amongst a set of identical servers (servers inside the firewall and
users outside)
Used especially with web dynamic content (.asp, .php,.cfm,.jsp)
71
Transparent /Opaque
Transparent – both parties (local/remote) are unaware that the
connection is being proxied
Zorp - application layer proxy is transparent

Opaque – the local party must configure client software to use the
proxy
client software must be proxy-aware software
Netscape proxy server is opaque

With all of the things modern firewalls can do in the area of


redirection you could configure the firewall to redirect all http
requests to a proxy
no user configuration required (transparent)

72
Circuit Level Proxies
Since some protocols require a real connection between
the client and server, a regular proxy can’t be used
◦ Windows Media Player, Internet Relay Chat (IRC), or Telnet
Circuit-level proxy servers were devised to simplify matters.
◦ Instead of operating at the Application layer, they work as a "shim" between
the Application layer and the Transport layer, monitoring TCP handshaking
between packets from trusted clients or servers to untrusted hosts, and vice
versa. The proxy server is still an intermediary between the two parties, but
this time it establishes a virtual circuit between them.
By using SOCKS (RFC 1928) this can be done
◦ SOCKS defines a cross-platform standard for accessing circuit-level proxies
◦ SOCKS Version 5 also supports both username/password (RFC 1929) and API-
based (RFC 1961) authentication. It also supports both public and
private key encryption.
◦ SOCKS 5 is capable of solving this problem by establishing TCP
connections and then using these to relay UDP data.
73
SOCKS basedProxying
RFC 1928
Not a true application layer proxy
SOCKS protocol provides a framework for developing secure
communications by easily integrating other security technologies
SOCKS includes two components
◦ SOCKS server
implemented at the application layer
◦ SOCKS client
implemented between the application and transport layers
The basic purpose of the protocol is to enable hosts on one side of a
SOCKS server to gain access to hosts on the other side of a SOCKS
Server, without requiring direct IP- reachability.
Copies packet payloads through the proxy

74
Socks Architecture

75
Socks Functionality

76
Advantages
Terminates the TCP connection before relaying to target
host (in and out)
Hide internal clients from external network
Blocking of dangerous URLs
Filter dangerous content
Check consistency of retrieved content
Eliminate need for transport layer routing between networks
Single point of access, control and logging
77
Disadvantages
Single point of failure
if the proxy dies , no one can get to the external network
Client software must usually be designed to use a proxy
Proxies must exist for each service
Doesn’t protect the OS
proxies run at the application level
Usually optimized for performance rather than security

78
End

79

You might also like