 Application Layer Services

Application Layer
The application layer in the OSI model is the closest layer to the end user which means that
the application layer and end user can interact directly with the software application. The
application layer programs are based on client and servers.

The Application layer includes the following functions:

o Identifying communication partners: The application layer identifies the
availability of communication partners for an application with data to transmit.
o Determining resource availability: The application layer determines whether
sufficient network resources are available for the requested communication.
o Synchronizing communication: All the communications occur between the
applications requires cooperation which is managed by an application layer.

 Common Network Application Services

o Network Virtual terminal: An application layer allows a user to log on to a remote
host. To do so, the application creates a software emulation of a terminal at the
remote host. The user's computer talks to the software terminal, which in turn, talks
to the host. The remote host thinks that it is communicating with one of its own
terminals, so it allows the user to log on.
o File Transfer, Access, and Management (FTAM): An application allows a user to
access files in a remote computer, to retrieve files from a computer and to manage
files in a remote computer. FTAM defines a hierarchical virtual file in terms of file
structure, file attributes and the kind of operations performed on the files and their
attributes.
o Addressing: To obtain communication between client and server, there is a need
for addressing. When a client made a request to the server, the request contains the
server address and its own address. The server response to the client request, the
request contains the destination address, i.e., client address. To achieve this kind of
addressing, DNS is used.
o Mail Services: An application layer provides Email forwarding and storage.
o Directory Services: An application contains a distributed database that provides
access for global information about various objects and services.
Authentication: It authenticates the sender or receiver's message or both.

 Domain Name System

An application layer protocol defines how the application processes running on different
systems, pass the messages to each other.
o DNS stands for Domain Name System.
o DNS is a directory service that provides a mapping between the name of a host on
the network and its numerical address.
o DNS is required for the functioning of the internet.
o Each node in a tree has a domain name, and a full domain name is a sequence of
symbols specified by dots.
o DNS is a service that translates the domain name into IP addresses. This allows the
users of networks to utilize user-friendly names when looking for other hosts
instead of remembering the IP addresses.
o For example, suppose the FTP site at EduSoft had an IP address of 132.147.165.50,
most people would reach this site by specifying ftp.EduSoft.com. Therefore, the
domain name is more reliable than IP address.
DNS is a TCP/IP protocol used on different platforms. The domain name space is divided
into three different sections: generic domains, country domains, and inverse domain.

Generic Domains
o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS database.
o It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

mil Military groups

museum Museum & other nonprofit organizations

name Personal names

net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain
The format of country domain is same as a generic domain, but it uses two-character
country abbreviations (e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain
The inverse domain is used for mapping an address to a name. When the server has
received a request from the client, and the server contains the files of only authorized
clients. To determine whether the client is on the authorized list or not, it sends a query to
the DNS server and ask for mapping an address to the name.

Working of DNS
o DNS is a client/server network communication protocol. DNS clients send requests
to the. server while DNS servers send responses to the client.
o Client requests contain a name which is converted into an IP address known as a
forward DNS lookups while requests containing an IP address which is converted
into a name known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available
on the internet.
o If a client like a web browser sends a request containing a hostname, then a piece of
software such as DNS resolver sends a request to the DNS server to obtain the IP
address of a hostname. If DNS server does not contain the IP address associated
with a hostname, then it forwards the request to another DNS server. If IP address
has arrived at the resolver, which in turn completes the request over the internet
protocol.

 Domain Name Translation

Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain
names to IP addresses so browsers can load Internet resources. Each device connected to
the Internet has a unique IP address which other machines use to find the device.

 DNS server
A DNS server is a computer server that contains a database of public IP addresses and
their associated hostnames, and in most cases serves to resolve, or translate, those
names to IP addresses as requested. DNS servers run special software and communicate
with each other using special protocols.

The Purpose of DNS Servers

 It's easier to remember a domain or hostname like lifewire.com than it is to remember
the site's IP address numbers 151.101.2.114. So when you access a website, like
Lifewire, all you have to type is the URL https://www.lifewire.com.

However, computers and network devices don't work well with domain names when
trying to locate each other on the internet. It's far more efficient and precise to use an IP
address, which is the numerical representation of what server in the network (internet)
the website resides on.

How DNS Servers Resolve a DNS Query

When you type a website address into your browsers address bar and press Enter, a DNS
server goes to work to find the address that you want to visit. It does this by sending a
DNS query to several servers, each of which translates a different part of the domain
name you entered. The different servers queried are:

 A DNS Resolver: Receives the request to resolve the domain name with the IP
address. This server does the grunt work in figuring out where the site you want
to go actually resides on the internet.
 A Root Server: The root server receives the first request, and returns a result to
let the DNS resolver know what the address of the Top Level Domain (TLD)
server that stores the information about the site. A top level domain is the
equivalent of the .com or .net portion of the domain name you entered into the
address bar.
 A TLD Server: The DNS resolver then queries this server, which will return the
Authoritative Name Server where the site is actually returned.
 An Authoritative Name Server: Finally, the DNS resolver queries this server to
learn the actual IP address of the website you're trying to deliver.

Once the IP address is returned, the website you wanted to visit is then displayed in your
web browser.

It sounds like a lot of back and forth, and it is, but it all happens very quickly with little
delay in returning the site you want to visit.

The process described above happens the first time you visit a site. If you visit the same site
again, before the cache on your web browser is cleared, there's no need to go through all
these steps. Instead, the web browser will pull the information from the cache to serve
the website to your browser ever faster.
Primary and Secondary DNS Servers

In most cases, a primary and a secondary DNS server are configured on your router or
computer when you connect to your internet service provider . There are two DNS
servers in case one of them happens to fail, in which case the second is used to resolve
hostnames you enter.

Several publicly accessible DNS servers are available for you to use. If you want to change the
DNS servers your network connects to, see our Free & Public DNS Servers List for an up-
to-date listing, and How Do I Change DNS Servers? .

Why You Might Change Your DNS Server Settings

 Some DNS servers can provide faster access times than others. This is often a function of
how close you are to those servers. If your ISP's DNS servers are closer to you than
Google's, for example, you may find domain names are resolved quicker using the default
servers from your ISP than with an external server.

If you experience connection problems where it seems no websites will load, it's possible
there's an error with the DNS server. If the DNS server isn't able to find the correct IP
address that's associated with the hostname you enter, the website can't be located and
loaded.

A computer or device, including smartphones and tablets, connected to your router can use a
different set of DNS servers to resolve internet addresses. These will supersede those
configured on your router and will be used instead.

How to Obtain Internet Server Information

The nslookup command is used to query your DNS server on Windows PCs.

Start by opening the Command Prompt tool and then typing the following:

nslookup lifewire.com

This command should return something like this:

Name: lifewire.com
Addresses: 151.101.2.114
151.101.66.114
151.101.130.114
151.101.194.114
In the example above, the nslookup command tells you the IP address, or several IP
addresses in this case, that the lifewire.com address translates to.
DNS Root Servers
There are 13 important DNS root servers on the internet that store a complete database
of domain names and their associated public IP addresses. These top-tier DNS servers
are named A through M for the first 13 letters of the alphabet. Ten of these servers are in
the US, one in London, one in Stockholm, and one in Japan.
The Internet Assigned Numbers Authority (IANA) keeps this list of DNS root servers if
you're interested.

Malware Attacks That Change DNS Server Settings

Malware attacks against DNS servers are not at all uncommon. Always run an antivirus
program because malware can attack your computer in a way that changes the DNS
server settings.

For example, if your computer uses Google's DNS servers (8.8.8.8 and 8.8.4.4) and you
open your bank's website, you naturally expect that when you enter its familiar URL,
you'll be sent to the bank's website.
Protecting Yourself From DNS Attacks

There are two things you should do to avoid becoming a victim of a DNS settings attack.
The first is to install antivirus software so that malicious programs are caught before
they can do any damage.
The second is to pay close attention to the appearance of important websites you visit
regularly. If you visit one and the site looks off in some way—maybe the images are all
different or the site's colors have changed, or menus don't look right, or you find
misspellings (hackers can be dreadful spellers)—or you get an "invalid certificate"
message in your browser, it might be a sign that you're on a faked website.

How DNS Redirection Can Be Positively Used

This ability to redirect traffic can be used for positive purposes. For
example, OpenDNS can redirect traffic to adult websites, gambling websites, social media
websites, or other sites network administrators or organizations don't want their users
visiting. Instead, they may be sent to a page with a "Blocked" message.

 HTTP

o HTTP stands for HyperText Transfer Protocol.

o It is a protocol used to access the data on the World Wide Web (www).
o The HTTP protocol can be used to transfer the data in the form of plain text,
hypertext, audio, video, and so on.
o This protocol is known as HyperText Transfer Protocol because of its efficiency that
allows us to use in a hypertext environment where there are rapid jumps from one
document to another document.
o HTTP is similar to the FTP as it also transfers the files from one host to another host.
But, HTTP is simpler than FTP as HTTP uses only one connection, i.e., no control
connection to transfer the files.
o HTTP is used to carry the data in the form of MIME-like format.
o HTTP is similar to SMTP as the data is transferred between client and server. The
HTTP differs from the SMTP in the way the messages are sent from the client to the
server and from server to the client. SMTP messages are stored and forwarded
while HTTP messages are delivered immediately.

Features of HTTP:

o Connectionless protocol: HTTP is a connectionless protocol. HTTP client initiates a

request and waits for a response from the server. When the server receives the
request, the server processes the request and sends back the response to the HTTP
client after which the client disconnects the connection. The connection between
client and server exist only during the current request and response time only.
o Media independent: HTTP protocol is a media independent as data can be sent as
long as both the client and server know how to handle the data content. It is
required for both the client and server to specify the content type in MIME-type
header.
o Stateless: HTTP is a stateless protocol as both the client and server know each
other only during the current request. Due to this nature of the protocol, both the
 client and server do not retain the information between various requests of the web
pages.

HTTP Transactions

The above figure shows the HTTP transaction between client and server. The client
initiates a transaction by sending a request message to the server. The server replies to the
request message by sending a response message.

Messages

HTTP messages are of two types: request and response. Both the message types follow the
same message format.

Request Message: The request message is sent by the client that consists of a request line,
headers, and sometimes a body.

Response Message: The response message is sent by the server to the client that consists
of a status line, headers, and sometimes a body.
Uniform Resource Locator (URL)

o A client that wants to access the document in an internet needs an address and to
facilitate the access of documents, the HTTP uses the concept of Uniform Resource
Locator (URL).
o The Uniform Resource Locator (URL) is a standard way of specifying any kind of
information on the internet.
o The URL defines four parts: method, host computer, port, and path.

o Method: The method is the protocol used to retrieve the document from a server.
For example, HTTP.
o Host: The host is the computer where the information is stored, and the computer is
given an alias name. Web pages are mainly stored in the computers and the
computers are given an alias name that begins with the characters "www". This field
is not mandatory.
o Port: The URL can also contain the port number of the server, but it's an optional
field. If the port number is included, then it must come between the host and path
and it should be separated from the host by a colon.
o Path: Path is the pathname of the file where the information is stored. The path
itself contain slashes that separate the directories from the subdirectories and files.

Web Clients and server

Based on Client Server

Basic Client relies on the services of Server authorizes the client's

functionality server, and generates requests for requests and facilitates them with
various services. the requested services.

Configuration The configuration of client systems The configuration of the server is

is simple. Their tasks are limited to more complex and sophisticated.
generating requests. It has a basic Server has advanced hardware
hardware configuration. configuration.
 Efficiency The efficiency of client is limited. The performance of server is high,
and they are highly efficient.

Tasks The common tasks for client are The complex tasks like fulfilling
simple and mostly include client requests, storing and
requesting services. processing large datasets, data
analysis are common for server.

Switch off The client systems can be switch off Switching off servers may be
without any fear. disastrous for client systems that
continuously request the services.

Login Support There can be single user logins. Server support multiple user login
and request processing
simultaneously.

Examples Examples of clients are Examples of servers are web

smartphones, desktops, laptops, servers, file servers, database
etc. servers, etc.

 FTP

o FTP stands for File transfer protocol.

o FTP is a standard internet protocol provided by TCP/IP used for transmitting the
files from one host to another.
o It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.

Objectives of FTP

o It provides the sharing of files.

o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.

Why FTP?

Although transferring files from one system to another is very simple and straightforward,
but sometimes it can cause problems. For example, two systems may have different file
conventions. Two systems may have different ways to represent text and data. Two
systems may have different directory structures. FTP protocol overcomes these problems
by establishing two connections between hosts. One connection is used for data transfer,
and another connection is used for the control connection.

Mechanism of FTP
The above figure shows the basic model of the FTP. The FTP client has three components:
the user interface, control process, and data transfer process. The server has two
components: the server control process and the server data transfer process.

There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command or
line of response at a time. The control connection is made between the control
processes. The control connection remains connected during the entire interactive
FTP session.
o Data Connection: The Data Connection uses very complex rules as data types may
vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes when
the file is transferred.

FTP Clients

o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files
between you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser. This
GUI based FTP client makes the file transfer very easy and also does not require to
remember the FTP commands.

Advantages of FTP:

o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest
way to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get
the entire file.
 o Security: To access the FTP server, we need to login with the username and
password. Therefore, we can say that FTP is more secure.
o Back & forth movement: FTP allows us to transfer the files back and forth.
Suppose you are a manager of the company, you send some information to all the
employees, and they all send information back on the same server.

Disadvantages of FTP:

o The standard requirement of the industry is that all the FTP transmissions should
be encrypted. However, not all the FTP providers are equal and not all the providers
offer encryption. So, we will have to look out for the FTP providers that provides
encryption.
o FTP serves two operations, i.e., to send and receive large files on a network.
However, the size limit of the file is 2GB that can be sent. It also doesn't allow you to
run simultaneous transfers to multiple receivers.
o Passwords and file contents are sent in clear text that allows unwanted
eavesdropping. So, it is quite possible that attackers can carry out the brute force
attack by trying to guess the FTP password.
o It is not compatible with every system.

 Network Virtual Terminal (NVT)

o The network virtual terminal is an interface that defines how data and
commands are sent across the network.
o In today's world, systems are heterogeneous. For example, the operating
system accepts a special combination of characters such as end-of-file token
running a DOS operating system ctrl+z while the token running a UNIX
operating system is ctrl+d.
o TELNET solves this issue by defining a universal interface known as network
virtual interface.
o The TELNET client translates the characters that come from the local
terminal into NVT form and then delivers them to the network. The Telnet
server then translates the data from NVT form into a form which can be
understandable by a remote computer.

 Telnet

o The main task of the internet is to provide services to users. For example, users
want to run different application programs at the remote site and transfers a result
 to the local site. This requires a client-server program such as FTP, SMTP. But this
would not allow us to create a specific program for each demand.
o The better solution is to provide a general client-server program that lets the user
access any application program on a remote computer. Therefore, a program that
allows a user to log on to a remote computer. A popular client-server program
Telnet is used to meet such demands. Telnet is an abbreviation for Terminal
Network.
o Telnet provides a connection to the remote computer in such a way that a local
terminal appears to be at the remote side.

There are two types of login:

Local Login

o When a user logs into a local computer, then it is known as local login.
o When the workstation running terminal emulator, the keystrokes
entered by the user are accepted by the terminal driver. The terminal
driver then passes these characters to the operating system which in
turn, invokes the desired application program.
o However, the operating system has special meaning to special
characters. For example, in UNIX some combination of characters have
special meanings such as control character with "z" means suspend.
Such situations do not create any problem as the terminal driver knows
the meaning of such characters. But, it can cause the problems in
remote login.

Remote login
 o When the user wants to access an application program on a remote
computer, then the user must perform remote login.

How remote login occurs

At the local site

The user sends the keystrokes to the terminal driver, the characters are then sent to
the TELNET client. The TELNET client which in turn, transforms the characters to a
universal character set known as network virtual terminal characters and delivers
them to the local TCP/IP stack

At the remote site

The commands in NVT forms are transmitted to the TCP/IP at the remote machine.
Here, the characters are delivered to the operating system and then pass to the
TELNET server. The TELNET server transforms the characters which can be
understandable by a remote computer. However, the characters cannot be directly
passed to the operating system as a remote operating system does not receive the
characters from the TELNET server. Therefore it requires some piece of software
that can accept the characters from the TELNET server. The operating system then
passes these characters to the appropriate application program.

 SSH Meaning| SSH Protocol Definition

SSH stands for Secure Shell or Secure Socket Shell. It is a cryptographic network protocol
that allows two computers to communicate and share the data over an insecure network
such as the internet. It is used to login to a remote server to execute commands and data
transfer from one machine to another machine.

The SSH protocol was developed by SSH communication security Ltd to safely
communicate with the remote machine.

Secure communication provides a strong password authentication and encrypted

communication with a public key over an insecure channel. It is used to replace
unprotected remote login protocols such as Telnet, rlogin, rsh, etc., and insecure file
transfer protocol FTP
Its security features are widely used by network administrators for managing systems and
applications remotely.

Nested Structure in C in Hindi

Keep Watching
The SSH protocol protects the network from various attacks such as DNS spoofing
, IP source routing, and IP spoofing.

A simple example can be understood, such as suppose you want to transfer a package to
one of your friends. Without SSH protocol, it can be opened and read by anyone. But if you
will send it using SSH protocol, it will be encrypted and secured with the public keys, and
only the receiver can open it.

Before SSH:

After SSH:

Usages of SSH protocol

The popular usages of SSH protocol are given below:

o It provides secure access to users and automated processes.

o It is an easy and secure way to transfer files from one system to another over an
insecure network.
o It also issues remote commands to the users.
o It helps the users to manage the network infrastructure and other critical system
components.
o It is used to log in to shell on a remote system (Host), which replaces Telnet and
rlogin and is used to execute a single command on the host, which replaces rsh.
o It combines with rsync utility to backup, copy, and mirror files with complete
security and efficiency.
o It can be used for forwarding a port.
o By using SSH, we can set up the automatic login to a remote server such as OpenSSH.
o We can securely browse the web through the encrypted proxy connection with the
SSH client, supporting the SOCKS protocol.
 How does SSH Works?

The SSH protocol works in a client-server model, which means it connects a secure shell
client application (End where the session is displayed) with the SSH server (End where
session executes).

As discussed above, it was initially developed to replace insecure login protocols such as
Telnet, rlogin, and hence it performs the same function.

The basic use of SSH is to connect a remote system for a terminal session and to do this,
following command is used:

1. ssh [email protected]
The above command enables the client to connect to the server,
named server.test.com, using the ID UserName.
If we are connecting for the first time, it will prompt the remote host's public key
fingerprint and ask to connect. The below message will be prompt:
1. The authenticity of host 'sample.ssh.com' cannot be established.
2. DSA key fingerprint is 01:23:45:67:89:ab:cd:ef:ff:fe:dc:ba:98:76:54:32:10.
3. Are you sure you want to continue connecting (yes/no)?

To continue the session, we need to click yes, else no. If we click yes, then the host key will
be stored in the known_hosts file of the local system. The key is contained within the
hidden file by default, which is /.ssh/known_hosts in the home directory. Once the host
key is stored in this hidden file, there is no need for further approval as the host key will
automatically authenticate the connection.

History of SSH Protocol

There are 3 versions of SSH, which are given below:

o Version 1.x: The first version of SSH was launched in the year 1995 and designed
by Tatu Ylönen, who was the researcher at the Helsinki University of Technology,
Finland. It was known as SSH-1. In this version, there were several issues, and hence
it got depreciated.
o Version 2.x: The second version is known as SSH-2, the current version of the SSH
protocol. In 2006, it was opted as a Standards Track specification by the Internet
Engineering Task Force (IETF). This version is not compatible with the SSH-1
protocol. It has better security features compared to SSH-1.
 o Version 1.99: Version 1.99 is specified as the proto version of 2.1. It is not the
actual version but a way to identify the backward compatibility.

The architecture of SSH Protocol

The SSH architecture is made-up of three well-separated layers. These layers are:

1. Transport Layer
2. User-authentication layer
3. Connection Layer

The SSH protocol architecture is an open architecture; hence it provides great flexibility
and enables SSH use for many other purposes instead of only a secure shell. In the
architecture, the transport layer is similar to the transport layer security (TLS). The User-
authentication layer can be used with the custom authentication methods, and the
connection layer allows multiplexing different secondary sessions into a single SSH
connection.

Transport Layer

The transport layer is the top layer of the TCP/IP protocol suite. For SSH-2, this layer is
responsible for handling initial key exchange, server authentication, set up encryption,
compression, and integrity verification. It works as an interface for sending and receiving
plaintext packets with sizes up to 32, 768bytes.

User authentication Layer

As its name suggests, the user authentication layer is responsible for handling client
authentication and provides various authentication methods. The authentication is done at
the client-side; hence when a prompt occurs for a password, it usually for an SSH client
rather than a server, and the server responds to these authentications.

This layer includes various methods of authentication; these methods are:

o Password: Password authentication is a straightforward way of authentication. It

includes the feature to change the password for easy access. But it is not used by all
the applications.
o Public-key: The public-key is a public key-based authentication method, which
supports DSA, ECDSA, or RSA keypairs.
o Keyboard-interactive: It is one of the versatile authentication methods. In this, the
server sends a prompt to enter information & the client sends it back with keyed-in
responses by the user. It is used to provide a one-time password or OTP
authentication.
o GSSAPI: In this method, the authentication is performed by external methods such
as Kerberos 5 or NTLM, which provide the single sign-on capability to SSH sessions.

Connection Layer

The connection layer defines various channels through which SSH services are provided. It
defines the concept of channels, channel requests, and global requests. One SSH connection
can host different channels simultaneously and can also transfer data in both directions
simultaneously. Channel requests are used in the connection layer to relay out-of-band
channel-specific data, for example, the altered size of a terminal window or the exit code of
a server-side process. The standard channel types of connection layer are:

o shell: It is used for terminal shells, SFTP, and exec requests.

o direct-tcpip: It is used for the client-to-server forwarded connections.
o forwarded-tcpip: It is used for the server-to-client forwarded connections.

What can be transferred with SSH protocol?

The SSH protocol can transfer the following:

o Data
o Text
o Commands
o Files

The files are transferred using the SFTP(Secure file transfer protocol), the encrypted
version of FTP that provides security to prevent any threat.

Difference between SSH and Telnet

o Telnet was the first internet application protocol used to create and maintain a
terminal session on a remote host.
o Both SSH and Telnet have the same functionality. Still, the main difference is that
SSH protocol is secured with public-key cryptography that authenticates endpoint
while setting up a terminal session. On the other hand, no authentication is provided
in Telnet for the user's authentication, making it less secure.
o SSH sends the encrypted data, while Telnet sends data in plain text.
o Due to high security, SSH is the preferred protocol for public networks, while due to
less security, Telnet is suitable for private networks.
o SSH runs on port no 22 by default, but it can be changed, while Telnet uses port
number 23, specifically designed for the Local area network.

SSH Encryption Techniques

To make a secure transmission, SSH uses three different encryption techniques at various
points during a transmission. These techniques are:

1. Symmetrical Encryption
2. Asymmetrical Encryption
3. Hashing

Symmetrical Encryption

Only one key can be used in symmetric encryption techniques to encrypt & decrypt
messages sent and received from the destination. This technique is also known as shared
key encryption because both devices use the same key to encrypt the data they send and
decrypt the received data.
This technique encrypts the entire SSH connection to prevent man-in-middle attacks. In
this technique, one issue arises at the time of initial key exchange. As per this problem, if a
third party is present during the key exchange, they could know the key and read the entire
message.

The Key exchange algorithm is used to prevent this problem. With this algorithm, the
secret keys can be securely exchanged without an interception.

Asymmetrical encryption is required to implement the key exchange algorithm.

Asymmetrical Encryption

In asymmetrical encryption, two different keys are used for encryption and decryption,
private and public keys. The private key is private to the user only and cannot be shared
with any other user, whereas the public key is shared publicly. The public key is saved on
the SSH server, whereas the private key is saved locally on the SSH client; these two keys
form a key pair. The message encrypted with the public key can only decrypt with the
corresponding private key.

It is a much secure technique as if a third party gets the public key, and they cannot decrypt
the message because they don't know the private key.

The asymmetrical encryption does not encrypt the complete SSH session. Instead, it is
mainly used for the key exchange algorithm of symmetric encryption. In this, before
establishing a connection, both systems (client and server) generate public-private key
pairs temporarily and then share their private keys to generate the shared secret key.

After establishing a secure symmetric connection, the server uses the public key to
transmit it to the client for authentication. The client can only decrypt the data if it has the
private key, and hence the SSH session establishes.

Hashing

In SSH, one-way hashing is used as the encryption technique, which is another form of
cryptography. The hashing technique is different from the above two methods, as it is not
meant by decryption. It generates the signature or summary of information. SSH
uses HMAC(Hash-based Message authentication) to ensure that messages are reached in
complete and unmodified form.

In this technique, each transmitted message must have a MAC, which uses three
components: symmetric key, packet sequence number, and message content. These
three components form the hash function that generates a string that doesn't have any
meaning, and this string is sent to the host. The host also has the same information, so they
also generate a hash function, and if the generated hash matches with the received hash, it
means the message is not tempered.

 Security issues with telnet

User ID and password are transmitted without any encryption. This leads to security risk in
Telnet protocol as eavesdropping and snooping are easier to implement by intruders or
hackers.
➨It is not possible to run GUI based tools over Telnet connection as it is character based
communication tool. It is not possible to transmit cursor movements and other GUI
information.
➨It is very inefficient protocol.
➨Each keystrokes require several context switches before it reaches the other end.
➨It is expensive due to slow typing speeds.

 SMTP

o SMTP stands for Simple Mail Transfer Protocol.

o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and
it also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the
errors such as incorrect email address. For example, if the recipient address is
wrong, then receiving server reply with an error message of some kind.

Components of SMTP

o First, we will break the SMTP client and SMTP server into two components such as
user agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the
message, creates the envelope and then puts the message in the envelope. The mail
transfer agent (MTA) transfers this mail across the internet.
 o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be added,
acting either as a client or server to relay the email.

o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a
relay MTA that can be used to receive an email.

Working of SMTP

1. Composition of Mail: A user sends an e-mail by composing an electronic mail

message using a Mail User Agent (MUA). Mail User Agent is a program which is used
to send and receive mail. The message contains two parts: body and header. The
body is the main part of the message while the header includes information such as
the sender and recipient address. The header also includes descriptive information
such as the subject of the message. In this case, the message body is like a letter and
header is like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient
and domain name. For example, [email protected], where "vivek" is the username of
the recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA). To
relay the email, the MTA will find the target domain. It checks the MX record from
Domain Name System to obtain the target domain. The MX record contains the
domain name and IP address of the recipient's domain. Once the record is located,
MTA connects to the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which
stores the e-mail where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using
MUA (Mail User Agent). MUA can be accessed by using login and password.
  POP Protocol

The POP protocol stands for Post Office Protocol. As we know that SMTP is used as a
message transfer agent. When the message is sent, then SMPT is used to deliver the
message from the client to the server and then to the recipient server. But the message is
sent from the recipient server to the actual server with the help of the Message Access
Agent. The Message Access Agent contains two types of protocols, i.e., POP3 and IMAP.

How is mail transmitted?

Suppose sender wants to send the mail to receiver. First mail is transmitted to the sender's
mail server. Then, the mail is transmitted from the sender's mail server to the receiver's
mail server over the internet. On receiving the mail at the receiver's mail server, the mail is
then sent to the user. The whole process is done with the help of Email protocols. The
transmission of mail from the sender to the sender's mail server and then to the receiver's
mail server is done with the help of the SMTP protocol. At the receiver's mail server, the
POP or IMAP protocol takes the data and transmits to the actual user.

Since SMTP is a push protocol so it pushes the message from the client to the server. As we
can observe in the above figure that SMTP pushes the message from the client to the
recipient's mail server. The third stage of email communication requires a pull protocol,
and POP is a pull protocol. When the mail is transmitted from the recipient mail server to
the client which means that the client is pulling the mail from the server.

What is POP3?

The POP3 is a simple protocol and having very limited functionalities. In the case of the
POP3 protocol, the POP3 client is installed on the recipient system while the POP3 server is
installed on the recipient's mail server.

History of POP3 protocol

The first version of post office protocol was first introduced in 1984 as RFC 918 by
the internet engineering task force. The developers developed a simple and effective email
protocol known as the POP3 protocol, which is used for retrieving the emails from the
server. This provides the facility for accessing the mails offline rather than accessing the
mailbox offline.

In 1985, the post office protocol version 2 was introduced in RFC 937, but it was replaced
with the post office protocol version 3 in 1988 with the publication of RFC 1081. Then,
POP3 was revised for the next 10 years before it was published. Once it was refined
completely, it got published on 1996.
Although the POP3 protocol has undergone various enhancements, the developers
maintained a basic principle that it follows a three-stage process at the time of mail
retrieval between the client and the server. They tried to make this protocol very simple,
and this simplicity makes this protocol very popular today.

Let's understand the working of the POP3 protocol.

To establish the connection between the POP3 server and the POP3 client, the POP3 server
asks for the user name to the POP3 client. If the username is found in the POP3 server, then
it sends the ok message. It then asks for the password from the POP3 client; then the POP3
client sends the password to the POP3 server. If the password is matched, then the POP3
server sends the OK message, and the connection gets established. After the establishment
of a connection, the client can see the list of mails on the POP3 mail server. In the list of
mails, the user will get the email numbers and sizes from the server. Out of this list, the
user can start the retrieval of mail.

Once the client retrieves all the emails from the server, all the emails from the server are
deleted. Therefore, we can say that the emails are restricted to a particular machine, so it
would not be possible to access the same mails on another machine. This situation can be
overcome by configuring the email settings to leave a copy of mail on the mail server.

Advantages of POP3 protocol

The following are the advantages of a POP3 protocol:

o It allows the users to read the email offline. It requires an internet connection only
at the time of downloading emails from the server. Once the mails are downloaded
from the server, then all the downloaded mails reside on our PC or hard disk of our
computer, which can be accessed without the internet. Therefore, we can say that
the POP3 protocol does not require permanent internet connectivity.
o It provides easy and fast access to the emails as they are already stored on our PC.
o There is no limit on the size of the email which we receive or send.
o It requires less server storage space as all the mails are stored on the local machine.
o There is maximum size on the mailbox, but it is limited by the size of the hard disk.
o It is a simple protocol so it is one of the most popular protocols used today.
o It is easy to configure and use.
Disadvantages of POP3 protocol

The following are the advantages of a POP3 protocol:

o If the emails are downloaded from the server, then all the mails are deleted from the
server by default. So, mails cannot be accessed from other machines unless they are
configured to leave a copy of the mail on the server.
o Transferring the mail folder from the local machine to another machine can be
difficult.
o Since all the attachments are stored on your local machine, there is a high risk of a
virus attack if the virus scanner does not scan them. The virus attack can harm the
computer.
o The email folder which is downloaded from the mail server can also become
corrupted.
o The mails are stored on the local machine, so anyone who sits on your machine can
access the email folder.

 IMAP Protocol

IMAP stands for Internet Message Access Protocol. It is an application layer protocol
which is used to receive the emails from the mail server. It is the most commonly used
protocols like POP3 for retrieving the emails.

It also follows the client/server model. On one side, we have an IMAP client, which is a
process running on a computer. On the other side, we have an IMAP server, which is also a
process running on another computer. Both computers are connected through a network.

The IMAP protocol resides on the TCP/IP transport layer which means that it implicitly
uses the reliability of the protocol. Once the TCP connection is established between the
IMAP client and IMAP server, the IMAP server listens to the port 143 by default, but this
port number can also be changed.

By default, there are two ports used by IMAP:

o Port 143: It is a non-encrypted IMAP port.

o Port 993: This port is used when IMAP client wants to connect through IMAP
securely.

Why should we use IMAP instead of POP3 protocol?

POP3 is becoming the most popular protocol for accessing the TCP/IP mailboxes. It
implements the offline mail access model, which means that the mails are retrieved from
the mail server on the local machine, and then deleted from the mail server. Nowadays,
millions of users use the POP3 protocol to access the incoming mails. Due to the offline mail
access model, it cannot be used as much. The online model we would prefer in the ideal
world. In the online model, we need to be connected to the internet always.

The biggest problem with the offline access using POP3 is that the mails are permanently
removed from the server, so multiple computers cannot access the mails. The solution to
this problem is to store the mails at the remote server rather than on the local server. The
POP3 also faces another issue, i.e., data security and safety.

The solution to this problem is to use the disconnected access model, which provides the
benefits of both online and offline access. In the disconnected access model, the user can
retrieve the mail for local use as in the POP3 protocol, and the user does not need to be
connected to the internet continuously. However, the changes made to the mailboxes are
synchronized between the client and the server.

The mail remains on the server so different applications in the future can access it. When
developers recognized these benefits, they made some attempts to implement the
disconnected access model. This is implemented by using the POP3 commands that provide
the option to leave the mails on the server.

This works, but only to a limited extent, for example, keeping track of which messages are
new or old become an issue when both are retrieved and left on the server. So, the POP3
lacks some features which are required for the proper disconnected access model.

In the mid-1980s, the development began at Stanford University on a new protocol that
would provide a more capable way of accessing the user mailboxes. The result was the
development of the interactive mail access protocol, which was later renamed as Internet
Message Access Protocol.

IMAP History and Standards

The first version of IMAP was formally documented as an internet standard was IMAP
version 2, and in RFC 1064, and was published in July 1988. It was updated in RFC 1176,
August 1990, retaining the same version. So they created a new document of version 3
known as IMAP3. In RFC 1203, which was published in February 1991. However, IMAP3
was never accepted by the market place, so people kept using IMAP2. The extension to the
protocol was later created called IMAPbis, which added support for Multipurpose Internet
Mail Extensions (MIME) to IMAP. This was a very important development due to the
usefulness of MIME. Despite this, IMAPbis was never published as an RFC. This may be due
to the problems associated with the IMAP3. In December 1994, IMAP version 4, i.e., IMAP4
was published in two RFCs, i.e., RFC 1730 describing the main protocol and RFC 1731
describing the authentication mechanism for IMAP 4. IMAP 4 is the current version of
IMAP, which is widely used today. It continues to be refined, and its latest version is
actually known as IMAP4rev1 and is defined in RFC 2060. It is most recently updated in
RFC 3501.

IMAP Features

IMAP was designed for a specific purpose that provides a more flexible way of how the user
accesses the mailbox. It can operate in any of the three modes, i.e., online, offline, and
disconnected mode. Out of these, offline and disconnected modes are of interest to most
users of the protocol.
The following are the features of an IMAP protocol:

o Access and retrieve mail from remote server: The user can access the mail from the
remote server while retaining the mails in the remote server.
o Set message flags: The message flag is set so that the user can keep track of which
message he has already seen.
o Manage multiple mailboxes: The user can manage multiple mailboxes and transfer
messages from one mailbox to another. The user can organize them into various
categories for those who are working on various projects.
o Determine information prior to downloading: It decides whether to retrieve or not
before downloading the mail from the mail server.
o Downloads a portion of a message: It allows you to download the portion of a
message, such as one body part from the mime-multi part. This can be useful when
there are large multimedia files in a short-text element of a message.
o Organize mails on the server: In case of POP3, the user is not allowed to manage the
mails on the server. On the other hand, the users can organize the mails on the
server according to their requirements like they can create, delete or rename the
mailbox on the server.
o Search: Users can search for the contents of the emails.
o Check email-header: Users can also check the email-header prior to downloading.
o Create hierarchy: Users can also create the folders to organize the mails in a
hierarchy.

IMAP General Operation

1. The IMAP is a client-server protocol like POP3 and most other TCP/IP application
protocols. The IMAP4 protocol functions only when the IMAP4 must reside on the
server where the user mailboxes are located. In c the POP3 does not necessarily
require the same physical server that provides the SMTP services. Therefore, in the
case of the IMAP protocol, the mailbox must be accessible to both SMTP for
incoming mails and IMAP for retrieval and modifications.
2. The IMAP uses the Transmission Control Protocol (TCP) for communication to
ensure the delivery of data and also received in the order.
3. The IMAP4 listens on a well-known port, i.e., port number 143, for an incoming
connection request from the IMAP4 client.

Let's understand the IMAP protocol through a simple example.

The IMAP protocol synchronizes all the devices with the main server. Let's suppose we
have three devices desktop, mobile, and laptop as shown in the above figure. If all these
devices are accessing the same mailbox, then it will be synchronized with all the devices.
Here, synchronization means that when mail is opened by one device, then it will be
marked as opened in all the other devices, if we delete the mail, then the mail will also be
deleted from all the other devices. So, we have synchronization between all the devices. In
IMAP, we can see all the folders like spam, inbox, sent, etc. We can also create our own
folder known as a custom folder that will be visible in all the other devices.