CHAPTER ONE PART TWO

Network Naming
 Network Naming
 Network name is numbers or strings that devices use to reference a particular
computer network.
 These strings or numbers are separate from the names of individual devices and the
addresses they use to identify each other. Network names take several forms.
Names
No Types of Names Examples
1 Uniform Resource Locator http://www.cs.princeton.edu/~jrex/foo.html
2 E-mail [email protected]
3 Hostname www.cs.princeton.edu
4 Internet Protocol 128.112.7.156
2
 Network Naming Roles
They are used:

 To share resources,

 To uniquely identify entities,

 To refer to location and more.

All entities in a data communications network must be uniquely identified to

allow data to be directed to the intended recipient.

This process is known as "addressing" and the identifier allocated to a node is

known as its address.

Each node is usually allocated at least one address. 3
 Network Naming Roles----
Most users are able only to remember a few numbers but are able to memorise
entire lists of words.
 This could be one of the reasons people are normally identified by name rather
than social security number.
It is therefore easier to allocate a name (label) corresponding to the addresses
used by the network.
Example: An email address is a name, as is a free-phone number.
 To use a name, it is first necessary to find the corresponding numeric
address, this is usually performed by a name-server, which is a network
4
resource which has a list of all names and the corresponding addresses.
 Network Naming----
More precisely, a name is a symbol, such as human-readable text string,
which identifies a resource such as a process, device, or service.
 An address is a data structure, understood by the network, used to specify the
destination of a connection/message/packet.
A name server provides a service which resolves a name into an address.
A network provides the connections between two types of node.
 If a node allows users to login or run processes on it, the node is called an
End System (ES), sometimes also known as a host.
 A node which does not have any users, but only routes packets from other
5
nodes, is known as an Intermediate System (IS).
 Network Naming----
Some nodes provide both functions and may be called by either name,
depending upon which function they perform.
The neighbouring nodes in a network are connected by links.
 A route is an address of a neighbour node, this is the link to be used to
transmit a specific message towards its intended destination.
 Using a succession of routes between intermediate systems the network finds
a path from the source end system to the destination end system.
The selection of an appropriate series of routes between intermediate
systems is known as routing
6
 Network Naming----
 The major distinction between names and addresses is whether they are
intended to be human-readable or machine-readable.
The term port is an identifier number that specifies an individual process or
user program running on the destination computer.
 Most names are allocated in hierarchical format (e.g.Medium
Access Control (MAC) hardware addresses,
Internet Domain Name Service (DNS) names, telephone numbers).
 A typical hierarchical address is the universal name.
Such names consist of a sequence of fields that jointly identify the entity.
7
 Network Naming----
 The fields may help to determine where an entity is located, but this is
not necessarily so; for example, the MAC hardware address used in
Ethernet has the form <manufacturer><serial number>.
This says nothing about the location of the host computer on
network.

8
 Windows Network Concepts
1. Workgroups
 In reference to computers, a workgroup is simply one computer accessing or
sharing resources with another computer on the same network, also known as
peer-to-peer networking.
 Workgroups are great for home offices and small businesses because they are
easy to implement and cost less than a domain setup.
 In computer networking a workgroup is a collection of computers on a LAN
that share common resources and responsibilities.
 Computers running Windows OSs in the same work group may share files,
9
printers, or Internet connection.
 Windows Network Concepts-----
Workgroup contrasts with domain, in which computers rely on centralized
authentication.
 A Windows workgroup is a group of standalone computers in a peer-to-peer
network.
 Each computer in the workgroup uses its own local accounts database to
authenticate resource access.
 The computers in a workgroup also do not have a common authentication process.
The default-networking environment for a clean windows load is workgroup.
 In general, a given Windows workgroup environment can contain many
computers but work best with 15 or fewer computers. 10
 Windows Network Concepts------
As the number of computers increases, a workgroup eventually become very
difficult to administer and should be re-organized into multiple networks or set
up as a client-server network.
 The computers in a workgroup are considered peers because they are all equal
and share resources among each other without requiring a server.
 Since the workgroup doesn’t share a common security and resource database,
users and resources must be defined on each computer.
 Joining a workgroup requires all participants to use a matching name, all
Windows computers (Windows 7, 8 and 10) are automatically assigned to a
default group named WORKGROUP (MSHOME in WindowsXP). 11
 Windows Network Concepts-----
 To access shared resources on other PCs within its group, a user must know the
name of the workgroup that computer belongs to plus the username and
password of an account on the remote computer.
One of the most common mistakes when setting up a peer-to-peer network is
misspelling the workgroup name on one of the computers.
 For example, suppose you decide that all the computers should belong to a
workgroup named MYGROUP.
If you accidentally spell the workgroup name MYGRUOP for one of the computers,
that computer will be isolated in its own workgroup.
 If you can’t locate a computer on your network, the workgroup name is one of
12
 Common characteristics of workgroup accounts in Windows 10

 No computers in the workgroup has control over any other computer; rather,
they are peer computers
 Each computer in the workgroup has multiple accounts associated with it.
Each workgroup account can only log into the workgroup computer it
belongs to
 Workgroup accounts are not password-protected
 Computers in a workgroup must all be on the same LAN or subnet
 The number of computers in a workgroup is far smaller than in a domain.
This breaks down to an average of 20 computers for a workgroup 13
 Windows Workgroups vs Homegroups

Microsoft introduced the Homegroup concepts in windows 7.

 Homegroups are designed to simplify the management of workgroups for
administrators, particularly homeowners.
 Instead of requiring an administrator to manually set up shared user accounts
on every PC, HomeGroup security settings can be managed through one
shared login.
 Joining a Homegroup does not remove a PC from its Windows
WORKGROUP, the two sharing methods co-exist.
 Computers running versions of Windows operating systems older than
14
 Other Computer Workgroup technologies
The open source software package samba (which uses SMB technologies)
allows Apple macOS, Linux and other Unix based system to join existing
windows workgroups.
 Apple originally developed AppleTalk to support workgroups on
Macintosh computers but phased out this technology in the late 2000s in
favour of newer standards like SMB.
Samba is a free software that provides file and print services for various
Microsoft Windows clients and can integrate with a Microsoft Windows
Server domain, either as a Domain Controller (DC) or as a domain
15
 2. Domain Controller

Windows domains support client-server based networks.

 A specially configured computer called Domain Controller running a Windows
Server operating system serves as a central server for all clients.
 Windows domains can handle more computers than workgroups due to the ability
to maintain centralized resource sharing and access control.
 A client PC can belong to either to a workgroup or to a Windows domain, but not
both.
 Assigning a computer to the domain automatically removes it from the
workgroup.
A domain controller (DC) is a server computer that responds to security
16
 2. Domain Controller-----
 It is a network server that is responsible for allowing end devices to access
shared domain resources.
 It authenticates users, stores user account information and enforces security
policy for a domain.
 It is most commonly implemented in Microsoft Windows environments, where
it is the centrepiece of the Windows Active Directory service.
 However, non-Windows domain controllers can be established via identity
management software such as Samba.
 Domain controllers are typically deployed as a cluster (group) to ensure high-
availability and maximize reliability. 17
 2. Domain Controller-----

 In a Windows environment, one domain controller serves as the Primary

Domain Controller (PDC) and all other servers promoted to domain controller
status in the domain server as a Backup Domain Controller (BDC).
 In Unix-based environments, one machine serves as the master domain
controller and others serve as replica domain controllers, periodically
replicating database information from the main domain controller and storing
it in a read-only format.
 On Microsoft Servers, a domain controller (DC) is a server computer that
responds to security authentication requests (logging in, etc.) within a windows
domain. 18
 2. Domain Controller-----

A Windows domain is a form of a computer network in which all user

accounts, computers, printers and other security principals, are registered with
a central database located on one or more clusters of central computers known
as domain controllers.
 A domain is a concept introduced in Windows NT whereby a user may be
granted access to a number of computer resources with the use of a single
username and password combination.
You must setup at least one Domain Controller in every Windows domain.
 The following figure on the next slide shows the Domain Controller in windows
domain. 19
Fig Domain Controller
20
 2. Domain Controller-----

Windows Server can be one of three kinds:

 Active Directory “domain controllers” (ones that provide identity and
authentication),
 Active Directory “member servers” (ones that provide complementary services
such as file repositories and schema) and
 Windows Workgroup “stand-alone servers”.
The term “Active Directory Server” is sometimes used by Microsoft as
synonymous to “Domain Controller” but the term is discouraged.

21
 Common Characteristics of Domain Controller
 Domain accounts need an account to log into a computer joined to the
domain
 Domain controllers manage computers on the domain
There can be potentially thousands of computers joined to a domain
 Computers on a domain can be on different local networks
 Domain accounts can log into any of the other computers on the domain by
using their domain login credentials
 Only limited changes can be made by the domain account user — the bigger,
important changes need to be made by the administrator 22
 Domain Name Server (DNS)
 A DNS is a computer server that contains a database of many IP addresses
and their associated domain names.
It serves to translate a requested domain name into an IP address, so that
the computer knows which IP address to connect to for the requested
contents.
The Internet is a network of connected computers, and they
communicate with each other through IP addresses.
 DNS plays an important role to help us conveniently use the Internet and it
is one of the most essential foundations of the Internet today. 23
 Domain Name Server (DNS)----
It is much easier for us to remember a domain name, webnic.cc, rather than
a string of numbers, 104.20.73.209 (IP address) to WebNIC’s website.
Both the domain name and the DNS are extremely important and they
work together to make this possible.
 The domain is a piece of string that helps to identify a particular
resources(eg. website) while the DNS is a server that translates the
domain to the corresponding IP address to provide the required webpage.
A great example is to see a DNS as a phone book, which matches the
name of subscribers to a telephone number. 24
 Domain Name Server (DNS)----
 You can search for the name you want and find the corresponding phone
number.
 It is also a similar concept to your smartphone’s contact list, which will
match a contact name to a phone number.
Remembering domain names is definitely easier for us than to remember
a string of numbers.
 DNS helps us to do this by match domain names to IP addresses, and
simplifies our web surfing experience significantly

25
 DNS structure------
 The domain name is usually contained in a URL. A domain name is made of
multiple parts, called levels.
 The domain hierarchy is read from right to left with each section denoting
a subdivision.
The multiple parts of the domain name includes the protocols, subdomain
(third-level domains), second-level domain, and top-level-domain
 For example, the last word in a domain name represents a top-level domain.
These top-level domains are controlled by the IANA in what's called the
Root Zone Database.
26
 DNS structure
1. Protocol
 The protocol identifier or URL prefix is what you usually see on the first part of
your URL.
 The term itself identifies the protocol used to locate a resource on the internet
( or online).
 There are various protocol identifiers, such as FTP, mailto, file, and news but
what we commonly see is HTTP or HTTPS.
HTTP (Hypertext Transfer Protocol) represents a data transfer protocol that
directs how a web server and a browser communicate
27
 DNS structure-----
 The protocol comes before the subdomain, such as having a secure (https://)
versus a non-secure (http://) website.
2. Third-level domains or subdomains
 It is also called subdomains, third-level domains are the part of a URL before
the second-level domain.
 They indicate the type of server that the domain connects to when accessing
website data.
 The most common third-level domain is www., which means World Wide Web.
Third-level domains used to be a requirement for domain names, but they are
now optional. 28
 DNS structure-----
3. Second-Level domains
 Second-Level Domains are the main part of a domain name, also
known as the domain title.
 The SLD is usually a combination of words that describes a business
or website.
 Example: The website www.indeed.com
The word “indeed” would be the second-level domains.
 When choosing a Second-Level Domain, you can use any combination
29
 DNS structure
4. Top-Level Domains (TLDs)
 A TLD also called an extension or domain ending, refers to the suffix and the
last part of a web address to the right of the last dot after the primary domain
name.
 For example, if the domain is www.indeed.com, the TDL is “.com.”
 The Internet Assigned Numbers Authority (IANA), now a division of ICANN
(Internet Corporation for Assigned Names and Numbers), manages the allocation
of TLDs
There are more than 1,000 top-level domains, and here are some of the most
common: 30
 DNS structure------
 COM — commercial websites, though open to everyone

 NET — network websites, though open to everyone

 ORG — non-profit organization websites, though open to everyone
 EDU — restricted to schools and educational organizations
 MIL — restricted to the U.S. military
 GOV — restricted to the U.S. government
 US, UK, RU and other two-letter country codes — each is assigned to a domain
name authority in the respective country
In a domain name, each word and dot combination you add before a top-level
domain indicates a level in the domain structure.
31
 DNS Server Type
There are several server types involved in completing a DNS resolution.
 The following list describes the four name servers in the order a query passes
through them.
1. Recursive Server.
 The recursive server takes DNS queries from an application, such as a web
browser.
 It's the first resource the user accesses and either provides the answer to the
query if it has it cached or accesses the next-level server if it doesn't.
 This server may go through several iterations of querying before returning an
32
answer to the client
 DNS Server Type------
2. Root Name Server
 This server is the first place the recursive server sends a query if it doesn't have the
answer cached.
 The root name server is an index of all the servers that will have the information
being queried.
 These servers are overseen by the Internet Corporation for Assigned Names and
Numbers, specifically a branch of ICANN called the
Internet Assigned Numbers Authority.
3. TLD Server
 The root server directs the query based on the top-level domain -- the .com, .edu
33
 DNS Server Type------
4. Authoritative Name Server
 The authoritative name server is the final checkpoint for the DNS query.
 These servers know everything about a given domain and deal with the
subdomain part of the domain name.
 These servers contain DNS resource records with specific information
about a domain, such as the a record.
 They return the necessary record to the recursive server to send back to
the client and cache it closer to the client for future lookups.
34
 How Does a DNS Work?
 A DNS starts working immediately after a user enters a domain name in the
address bar of a browser.
 It will search through the Internet to find the IP address that is associated with the
entered domain name.
 After successfully identifying the IP address, it then guides the user’s browser to
connect to it, which will then serve the requested website contents.
 The process happens very quickly with little delay and the user will be on his
requested website almost immediately.
However, in the background, a DNS has executed many processes.
 The first step that a DNS does is to send a DNS query to several other DNS
35
 How Does a DNS Work?------
A DNS is not just a single server responding to over billions of domain name
requests, but instead it is distributed globally across a network of DNS, which
stores the IP address directory in a distributed manner.
 With this in mind, all the DNS servers work together to attend to the billions of
domain names requests worldwide.
The reason behind this is to cut down the time for users to get a response for
their requests.
 If a user is looking for a specific site and there is only one DNS server to process
it, then it will take significantly longer to search through the millions of records
in the directory. 36
 How Does a DNS Work?-------
What if at the same time there are also millions, if not billions of users who are
also doing the same?
That is going to take a long time, and the users’ browsing experience will
definitely be affected negatively.
 Therefore, DNS is set up to work collaboratively across several servers to
provide the best browsing experience to users.
 When a website address is entered by a user in an Internet browser, a DNS
query is initiated and a DNS server sends the query to several other DNS
servers, each tasked with translating a different part of the domain name the
user entered. 37
 Basic Process of a DNS
The basic process of a DNS resolution follows these steps:
1. The user enters a web address or domain name in the address bar of the browser.
2. The browser sends a message, called a recursive DNS query, to the network to find
out which IP or network address the domain corresponds to.
3. The query goes to a recursive DNS server, which is also called a recursive resolver,
and is usually managed by the internet service provider (ISP).
If the recursive resolver has the address, it will return the address to the user, and the
webpage will load.
4. If the recursive DNS server does not have an answer, it will query a series of other
servers in the following order: DNS root name servers, top-level domain (TLD)
name servers and authoritative name servers. 38
 Basic Process of a DNS-------
5. The three server types work together and continue redirecting until they
retrieve a DNS record that contains the queried IP address.
 It sends this information to the recursive DNS server, and the webpage the
user is looking for loads.
 DNS root name servers and TLD servers primarily redirect queries and
rarely provide the resolution themselves.
6. The recursive server stores, or caches, the A record for the domain name,
which contains the IP address.
 The next time it receives a request for that domain name, it can respond
39
directly to the user instead of querying other servers.
 Basic Process of a DNS-------
7. If the query reaches the authoritative server and it cannot find the
information, it returns an error message.
 The entire process querying the various servers takes a fraction of a
second and is usually imperceptible to the user.

40
 The Importance of a DNS
 To convert domain names into respective IP addresses and locate the web address

(website) hosted on a specific web host.

 To divert traffic that comes on your domain name to a web server at a specific web

host.
 To make a website or an online business visible on the internet.

 To help your customers, locate your business.

 To safeguard data from being accessed by unwanted people as these DNS servers

are monitored on a daily basis and consist of latest security patches.

 For breaking domain names into subdomains. 41
 Windows Active Directory

 Directory Service - is a software application that stores and organizes

information about a computer network's users and network resources, and
that allows network administrators to manage users' access to the resources.
 Active Directory (AD) is a directory service developed by Microsoft for
Windows domain networks.
 It is included in most Windows Server operating systems as a set of processes
and services.
It stores information about objects on the network and makes this information
easy for administrators and users to find and use.
42
 Windows Active Directory-------

With a single network logon, administrators can manage directory data and
organization throughout their network, and authorized network users can
access resources anywhere on the network.
 Active Directory (AD) initially, used only for centralized domain
management.
However, it eventually became an umbrella title for a broad range of
directory-based identity-related services.
 A server running the Active Directory Domain Service (AD DS) role is called
a domain controller.
43
 Benefits of Active Directory

1. Centralizes Resources
 Allows to authenticates and authorizes all users and computers in a Windows
domain type network,
2. Security Administration
 Helps the administrator in assigning and enforcing security policies for all
computers, and installing or updating software.
3. Active Directory simplifies resource location
 Active directory simplifies resource location by allowing files and print resources to
be published on the network.
Publishing an object allows users to securely access network resources by searching
the active directory database for the desired resources. 44
 Benefits of Active Directory

4. Active directory provides a single point of Access to resources

 Active Directory provides a single point of management for network resources.
 Active Directory uses a single sign-on to allow access to network resources
located on any server within the domain
 The user is identified and authenticated by Active Directory once.
After this process is complete, the user signs on once to access the network
resources that are authorized for, according to his or her assigned roles and
privileges within Active Directory.
5. Easily Scalable:
 It supports millions of objects in a single domain 45
 Benefits of Active Directory-------

6. Replication of information
7. Provides integration with DNS
8. Provides flexible querying
9. Establishes a framework to deploy other related services:
Certificate Services,
AD Federation Services,
Lightweight Directory Services, and Rights Management Services.

46
 Active Directory Domain Services

 Here are the services that AD DS provides as a the core functionality required by a
centralized user management system:
1. Domain Services (DS)
AD DS is the foundation stone of every Windows domain network.
 It stores information about members of the domain, including devices and users,
verifies their credentials and defines their access rights and manages
communications between the users and the domain controller.
The server running this service is called a domain controller.
 A domain controller is contacted when a user logs into a device, accesses another
device across the network, or runs a line-of-business Metro-style app side loaded
47
into a device.
 Active Directory Domain Services------

Other Active Directory services (excluding LDS, which is discussed below) as

well as most of Microsoft server technologies rely on or use Domain Services;
examples include:
 Group Policy,
 Encrypting File System,
 BitLocker,
 Domain Name Services,
 Remote Desktop Services,
 Exchange Server and SharePoint Server.
48
 Active Directory Domain Services-------

2. Lightweight Directory Services (LDS)

 It is a Lightweight Directory Access Protocol (LDAP) directory service that
provides data storage and retrieval support for directory-enabled
applications, without the dependencies that are required for the AD DS.
 AD LDS provides a data store and services for accessing the data store.
 It uses standard application programming interface API) for accessing the
application data.
 AD LDS operates independently of Active Directory and independently of Active
Directory Domains or forests.
It operates either as a standalone data store or it operates with replications. 49
 Active Directory Domain Services-------

 Its independence enables local control and autonomy of directory services for
specific applications.
It also facilitates independent, flexible schema, and naming contexts
 Unlike AD DS, however, multiple AD LDS instances can run on the same
server.
3. Certificate Services (CS)
 AD Certificate Services (AD CS) establishes an on-premises public key
infrastructure.
 It can create, validate and revoke public key certificates for internal uses of
an organization. 50
 Active Directory Domain Services-------

 These certificates can be used to encrypt files, emails, and network traffic
(when used by virtual private networks or IPSec protocol).
 AD CS requires an AD DS infrastructure.
4. Federation Services (FS)
 AD Federation Services (AD FS) is a single sign-on service.
 With an AD FS infrastructure in place, users may use several web-based
services (e.g. Internet forum, blog, online shopping, webmail) or network
resources using only one set of credentials stored at a central location, as
opposed to having to be granted a dedicated set of credentials for each service.
51
 Active Directory Domain Services-------

AD FS‘s purpose is an extension of that of AD DS:

 The latter (AD Ds) enables users to authenticate with and use the devices that
are part of the same network, using one set of credentials.
 The former (AD FS) enables them to use the same set of credentials in a
different network.
 As the name suggests, AD FS works based on the concept of federated identity.
AD FS requires an AD DS infrastructure, although its federation partner may
not.

52
 Active Directory Domain Services-------

5. Rights Management Services (RMS)

AD Rights Management Services (AD RMS) is a server software for
information rights management shipped with Windows Server.
 It uses encryption and a form of selective functionality denial for limiting
access to documents such as corporate e-mails, Microsoft Word documents,
and web pages, and the operations authorized users can perform on them

53
 LDAP
 The Lightweight Directory Access Protocol (LDAP) is an open, vendor-
neutral, industry standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP)
network.
 Directory services play an important role in developing intranet and Internet
applications by allowing the sharing of information about users, systems,
networks, services, and applications throughout the network.
As examples, directory services may provide any organized set of records,
often with a hierarchical structure, such as a corporate email directory.
Similarly, a telephone directory is a list of subscribers with an address54and a
 LDAP-------
LDAP (Lightweight Directory Access Protocol) is one of the core protocols that
was developed for directory services (the process of securely managing users and
their access rights to IT resources), and most directory services still use LDAP
today.
 In a nutshell, LDAP specifies a method of directory storage and facilitates the
authentication and authorization of users to servers, files, networking
equipment, and applications, among other IT resources.
Companies store usernames, passwords, email addresses, printer connections,
and other static data within directories.
 LDAP is an open, vendor-neutral application protocol for accessing and
55
 LDAP-------
 LDAP is a protocol, so it doesn't specify how directory programs work.
Instead, it's a form of language that allows users to find the information they
need very quickly.
LDAP has two main goals:
 To store data in the LDAP directory and
 Authenticate users to access the directory.
It also provides the communication language that applications require to send
and receive information from directory services.
A directory service provides access to where information on organizations,
individuals, and other data is located within a network. 56
 LDAP-------
 The most common LDAP use case is providing a central location for accessing
and managing directory services.
LDAP enables organizations to store, manage, and secure information about
the organization, its users, and assets–like usernames and passwords.
This helps simplify storage access by providing a hierarchical structure of
information, and it can be critical for corporations as they grow and acquire
more user data and assets. 
The main goal of LDAP is to communicate with, store, and extract objects (i.e.
domains, users, groups, etc.) from AD into a usable format for its own
directory, located on the LDAP server.  57
 LDAP-------
In short, LDAP specifies a method of directory storage that allows for adding,
deleting, and modifying records, and it enables the search of those records to
facilitate both authentication and authorization of users to resources. 
LDAP’s three main functions are:
 Update:
This includes adding, deleting, or modifying directory information.
 Query:
This includes searching and comparing directory information.
 Authenticate:
The main authentication functions include binding and unbinding; a third function,
abandon, can be used to stop a server from completing an operation. 
58
 LDAP vs Active Directory
Lightweight Directory Access Protocol Active Directory
1 LDAP is a lightweight version of Directory Active Directory (AD) service, a large
Access Protocol (DAP) and provides a central directory service database that contains
location for accessing and managing directory information spanning every user account
services running on the (TCP/IP). in a network
2 LDAP specializes in finding a directory object AD provides the authentication and
with little information, so it doesn’t need to management of users and groups, and it is
extract all of its attributes from AD, or what ultimately authenticates a user or
whichever directory service it is pulling from computer. The database contains a higher
volume of attributes than what is pulled
into LDAP
59