SLIDE 1
1 / 22
DNS
DNS ❖ About DNS ❖ Common DNS records ❖ Other DNS records Networking SSH Network users 2 / 22
Lecture 08: Networking services: theres no place like 127.0.0.1 - - PowerPoint PPT Presentation
Lecture 08: Networking services: theres no place like 127.0.0.1 - - PowerPoint PPT Presentation
Lecture 08: Networking services: theres no place like 127.0.0.1 Hands-on Unix system administration DeCal 2012-10-15 1 / 22 DNS About DNS Common DNS records Other DNS records Networking DNS SSH Network users 2 / 22 About
SLIDE 2
SLIDE 3
About DNS
DNS ❖ About DNS ❖ Common DNS records ❖ Other DNS records Networking SSH Network users 3 / 22
- Domain Name Service
- Internet’s /etc/hosts file
- client software (e.g., web browser)
automatically asks DNS server for records
✦
requests passed between servers
- see also host, dig
SLIDE 4
Common DNS records
DNS ❖ About DNS ❖ Common DNS records ❖ Other DNS records Networking SSH Network users 4 / 22
- A: IPv4 address
- AAAA: IPv6 address
- CNAME an alias for another record
(Canonical Name)
- MX: mail server(s) for a domain (Mail
Exchanger)
- PTR: reverse A record (Pointer)
SLIDE 5
Other DNS records
DNS ❖ About DNS ❖ Common DNS records ❖ Other DNS records Networking SSH Network users 5 / 22
- SRV: service
- TXT: text
SLIDE 6
Networking
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 6 / 22
SLIDE 7
Too many TLAs
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 7 / 22
- OSI reference model, we focus on
application layer
- transport protocols: TCP, UDP
- ports numbered between 1 and 65535
(unsigned 16 bit integer)
- ports below 1024 (e.g., 22/tcp – SSH,
80/tcp – HTTP), require root access
- n Unix
SLIDE 8
TCP
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 8 / 22
- Transmission Control Protocol
- reliable, more overhead, stateful
- most network services use TCP
(HTTP, SMTP, SSH, etc.)
✦
some may use both TCP and UDP
SLIDE 9
UDP
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 9 / 22
- User Datagram Protocol
- unreliable, simple (“fast”), stateless
- ften used by DNS, DHCP, TFTP,
VoIP, streaming media, etc.
✦
DNS uses TCP, however, for larger responses
SLIDE 10
NATs
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 10 / 22
- Network Area Translation
- accomplished by home/office router
✦
rewrite packets for many computers to use one public IP address (Source NAT, IP Masquerading)
✦
private IP addresses: 192.168.0.0–192.168.255.255, 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255
SLIDE 11
Port forwarding
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 11 / 22
- also called Destination NAT (DNAT)
- forward a public IP addressed port to
an internal IP addressed port
- required to access services behind a
Source NAT
SLIDE 12
HTTP
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 12 / 22
- Hyper-Text Transfer Protocol
- simple, text-based protocol
✦
basic web server can be implemented in a 25-line bash script with netcat
- popular servers: Apache, IIS, lighttpd,
nginx
SLIDE 13
NFS
DNS Networking ❖ Too many TLAs ❖ TCP ❖ UDP ❖ NATs ❖ Port forwarding ❖ HTTP ❖ NFS SSH Network users 13 / 22
- Network File System
- mounts can be defined in
/etc/fstab
- usually need to be root to mount
SLIDE 14
SSH
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 14 / 22
SLIDE 15
About SSH
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 15 / 22
- Secure SHell
- different authentication mechanisms:
PAM, public key, GSSAPI (Kerberos)
- remote encrypted terminal/console on
remote machine
- ther features: port forwarding, X
forwarding, file transfer, can be combined with other protocols
SLIDE 16
SSH public-private keys
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 16 / 22
- alternative to password-based
authentication
✦
uses public/private key cryptography
- SSH agent caches key in memory
- SSH forwarding forwards key
challenges
SLIDE 17
Public-private keys
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 17 / 22
- public key: everyone can see lock
- private key: one person has key
- encrypt with public key, decrypt with
private key
- sign with private key, verify with public
key
- ciphers: RSA, DSA
SLIDE 18
Symmetric keys
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 18 / 22
- ne shared key
- advantage: speed, security
- disadvantage: often impractical to
verify, especially against man-in-the-middle attacks
- ciphers: AES, 3DES, blowfish, arcfour
SLIDE 19
PAM
DNS Networking SSH ❖ About SSH ❖ SSH public-private keys ❖ Public- private keys ❖ Symmetric keys ❖ PAM Network users 19 / 22
- Pluggable Authentication
Modules
- API for authentication commonly used
- n Unix
- pam_unix: /etc/shadow password
hashes
SLIDE 20
Network users
DNS Networking SSH Network users ❖ LDAP ❖ Kerberos 20 / 22
SLIDE 21
LDAP
DNS Networking SSH Network users ❖ LDAP ❖ Kerberos 21 / 22
- Lightweight Directory Access
Protocol
- distributed directory information
service, like phone book
- arranged as records with attributes
- ften used to populate user accounts
across a network
- CalNet is an LDAP directory
SLIDE 22
Kerberos
DNS Networking SSH Network users ❖ LDAP ❖ Kerberos 22 / 22
- trusted third party provides mutual
authentication between machines and users
- arranged as principals which can be
fetched as tickets to authenticate
- CalNet is also a Kerberos realm