DNS

An application layer protocol defines how the application processes running on different
systems; pass the messages to each other.

o DNS stands for Domain Name System.

o DNS is a directory service that provides a mapping between the name of a host on
the network and its numerical address.
o DNS is required for the functioning of the internet.
o Each node in a tree has a domain name, and a full domain name is a sequence of
symbols specified by dots.
o DNS is a service that translates the domain name into IP addresses. This allows
the users of networks to utilize user-friendly names when looking for other hosts
instead of remembering the IP addresses.
o For example, suppose the FTP site at EduSoft had an IP address of
132.147.165.50, most people would reach this site by specifying ftp.EduSoft.com.
Therefore, the domain name is more reliable than IP address.

DNS is a TCP/IP protocol used on different platforms. The domain name space is divided
into three different sections: generic domains, country domains, and inverse domain.

Generic Domains
 o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS
database.
o It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

mil Military groups

museum Museum & other nonprofit organizations

name Personal names

net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain

The format of country domain is same as a generic domain, but it uses two-character
country abbreviations (e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain

The inverse domain is used for mapping an address to a name. When the server has
received a request from the client, and the server contains the files of only authorized
clients. To determine whether the client is on the authorized list or not, it sends a query to
the DNS server and ask for mapping an address to the name.

Working of DNS

o DNS is a client/server network communication protocol. DNS clients send

requests to the. server while DNS servers send responses to the client.
o Client requests contain a name which is converted into an IP address known as a
forward DNS lookups while requests containing an IP address which is converted
into a name known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available
on the internet.
 o If a client like a web browser sends a request containing a hostname, then a piece
of software such as DNS resolver sends a request to the DNS server to obtain the
IP address of a hostname. If DNS server does not contain the IP address
associated with a hostname, then it forwards the request to another DNS server. If
IP address has arrived at the resolver, which in turn completes the request over the
internet protocol.

FTP

o FTP stands for File transfer protocol.

o FTP is a standard internet protocol provided by TCP/IP used for transmitting the
files from one host to another.
o It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.

Objectives of FTP

o It provides the sharing of files.

o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.

Why FTP?

Although transferring files from one system to another is very simple and
straightforward, but sometimes it can cause problems. For example, two systems may
have different file conventions. Two systems may have different ways to represent text
and data. Two systems may have different directory structures. FTP protocol overcomes
these problems by establishing two connections between hosts. One connection is used
for data transfer, and another connection is used for the control connection.
Mechanism of FTP

The above figure shows the basic model of the FTP. The FTP client has three
components: the user interface, control process, and data transfer process. The server has
two components: the server control process and the server data transfer process.

There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command
or line of response at a time. The control connection is made between the control
 processes. The control connection remains connected during the entire interactive
FTP session.
o Data Connection: The Data Connection uses very complex rules as data types
may vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes
when the file is transferred.

FTP Clients

o FTP client is a program that implements a file transfer protocol which allows you
to transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files
between you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser.
This GUI based FTP client makes the file transfer very easy and also does not
require to remember the FTP commands.

Telnet

o The main task of the internet is to provide services to users. For example, users
want to run different application programs at the remote site and transfer a result
to the local site. This requires a client-server program such as FTP, SMTP. But
this would not allow us to create a specific program for each demand.
o The better solution is to provide a general client-server program that lets the user
access any application program on a remote computer. Therefore, a program that
allows a user to log on to a remote computer. A popular client-server program
Telnet is used to meet such demands. Telnet is an abbreviation for Terminal
Network.
o Telnet provides a connection to the remote computer in such a way that a local
terminal appears to be at the remote side.
There are two types of login:

Local Login

o When a user logs into a local computer, then it is known as local login.

o When the workstation running terminal emulator, the keystrokes entered

by the user are accepted by the terminal driver. The terminal driver then
passes these characters to the operating system which in turn, invokes the
desired application program.

o However, the operating system has special meaning to special characters.

For example, in UNIX some combination of characters has special
meanings such as control character with "z" means suspend. Such
situations do not create any problem as the terminal driver knows the
meaning of such characters. But, it can cause the problems in remote
login.
Remote login

o When the user wants to access an application program on a remote

computer, then the user must perform remote login.

How remote login occurs

At the local site

The user sends the keystrokes to the terminal driver, the characters are then sent
to the TELNET client. The TELNET client which in turn, transforms the
characters to a universal character set known as network virtual terminal
characters and delivers them to the local TCP/IP stack

At the remote site

The commands in NVT forms are transmitted to the TCP/IP at the remote
machine. Here, the characters are delivered to the operating system and then pass
to the TELNET server. The TELNET server transforms the characters which can
be understandable by a remote computer. However, the characters cannot be
directly passed to the operating system as a remote operating system does not
receive the characters from the TELNET server. Therefore it requires some piece
of software that can accept the characters from the TELNET server. The operating
system then passes these characters to the appropriate application program.
SMTP

o SMTP stands for Simple Mail Transfer Protocol.

o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers,
and it also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between
servers. The servers have a way of identifying themselves and announcing what
kind of communication they are trying to perform. They also have a way of
handling the errors such as incorrect email address. For example, if the recipient
address is wrong, then receiving server reply with an error message of some kind.

Components of SMTP

o First, we will break the SMTP client and SMTP server into two components such
as user agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares
the message, creates the envelope and then puts the message in the envelope. The
mail transfer agent (MTA) transfers this mail across the internet.
o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be
added, acting either as a client or server to relay the email.

o The relaying system without TCP/IP protocol can also be used to send the emails
to users, and this is achieved by the use of the mail gateway. The mail gateway is
a relay MTA that can be used to receive an email.
Working of SMTP

1. Composition of Mail: A user sends an e-mail by composing an electronic mail

message using a Mail User Agent (MUA). Mail User Agent is a program which is
used to send and receive mail. The message contains two parts: body and header.
The body is the main part of the message while the header includes information
such as the sender and recipient address. The header also includes descriptive
information such as the subject of the message. In this case, the message body is
like a letter and header is like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient
and domain name. For example, vivek@gmail.com, where "vivek" is the
username of the recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA).
 To relay the email, the MTA will find the target domain. It checks the MX record
from Domain Name System to obtain the target domain. The MX record contains
the domain name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which
stores the e-mail where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by
using MUA (Mail User Agent). MUA can be accessed by using login and
password.

SNMP

o SNMP stands for Simple Network Management Protocol.

o SNMP is a framework used for managing devices on the internet.
o It provides a set of operations for monitoring and managing the internet.

SNMP Concept

o SNMP has two components Manager and agent.

o The manager is a host that controls and monitors a set of agents such as routers.
o It is an application layer protocol in which a few manager stations can handle a
set of agents.
 o The protocol designed at the application level can monitor the devices made by
different manufacturers and installed on different physical networks.
o It is used in a heterogeneous network made of different LANs and WANs
connected by routers or gateways.

Managers & Agents

o A manager is a host that runs the SNMP client program while the agent is a router
that runs the SNMP server program.
o Management of the internet is achieved through simple interaction between a
manager and agent.
o The agent is used to keep the information in a database while the manager is used
to access the values in the database. For example, a router can store the
appropriate variables such as a number of packets received and forwarded while
the manager can compare these variables to determine whether the router is
congested or not.
o Agents can also contribute to the management process. A server program on the
agent checks the environment, if something goes wrong, the agent sends a
warning message to the manager.

Management with SNMP has three basic ideas:

o A manager checks the agent by requesting the information that reflects the
behavior of the agent.
o A manager also forces the agent to perform a certain function by resetting values
in the agent database.
o An agent also contributes to the management process by warning the manager
regarding an unusual condition.
Management Components

o Management is not achieved only through the SNMP protocol but also the use of
other protocols that can cooperate with the SNMP protocol. Management is
achieved through the use of the other two protocols: SMI (Structure of
management information) and MIB(management information base).
o Management is a combination of SMI, MIB, and SNMP. All these three protocols
such as abstract syntax notation 1 (ASN.1) and basic encoding rules (BER).

SMI

The SMI (Structure of management information) is a component used in network

management. Its main function is to define the type of data that can be stored in an object
and to show how to encode the data for the transmission over a network.

MIB
o The MIB (Management information base) is a second component for the network
management.
o Each agent has its own MIB, which is a collection of all the objects that the
manager can manage. MIB is categorized into eight groups: system, interface,
address translation, ip, icmp, tcp, udp, and egp. These groups are under the mib
object.
SNMP

SNMP defines five types of messages: GetRequest, GetNextRequest, SetRequest,

GetResponse, and Trap.
GetRequest: The GetRequest message is sent from a manager (client) to the agent
(server) to retrieve the value of a variable.

GetNextRequest: The GetNextRequest message is sent from the manager to agent to

retrieve the value of a variable. This type of message is used to retrieve the values of the
entries in a table. If the manager does not know the indexes of the entries, then it will not
be able to retrieve the values. In such situations, GetNextRequest message is used to
define an object.

GetResponse: The GetResponse message is sent from an agent to the manager in

response to the GetRequest and GetNextRequest message. This message contains the
value of a variable requested by the manager.

SetRequest: The SetRequest message is sent from a manager to the agent to set a value
in a variable.

Trap: The Trap message is sent from an agent to the manager to report an event. For
example, if the agent is rebooted, then it informs the manager as well as sends the time of
rebooting.

World Wide Web

World Wide Web, which is also known as a Web, is a collection of
websites or web pages stored in web servers and connected to local
computers through the internet. These websites contain text pages,
digital images, audios, videos, etc.

The building blocks of the Web are web pages which are formatted in
HTML and connected by links called "hypertext" or hyperlinks and
accessed by HTTP. A web page is given an online address called a
Uniform Resource Locator (URL). A particular collection of web pages
that belong to a specific URL is called a website,
e.g., www.facebook.com, www.google.com, etc. So, the World Wide
Web is like a huge electronic book whose pages are stored on multiple
servers across the world.The World Wide Web was invented by a
British scientist, Tim Berners-Lee in 1989. He was working at CERN at
that time.
How the World Wide Web Works?
Now, we have understood that WWW is a collection of websites
connected to the internet so that people can search and share
information. Now, let us understand how it works!

The Web works as per the internet's basic client-server format as

shown in the following image. The servers store and transfer web
pages or information to user's computers on the network when
requested by the users. A web server is a software program which
serves the web pages requested by web users using a browser. The
computer of a user who requests documents from a server is known as
a client. Browser, which is installed on the user' computer, allows users
to view the retrieved documents.
 ADVERTISEMENT

Hypertext Markup Language (HTML):

HTML is a standard markup language which is used for creating web

pages. It describes the structure of web pages through HTML elements
or tags. These tags are used to organize the pieces of content such as
'heading,' 'paragraph,' 'table,' 'Image,' and more. In simple words,
HTML is used to display text, images, and other resources through a
Web browser.

Web Browser:
A web browser, which is commonly known as a browser, is a program
that displays text, data, pictures, videos, animation, and more. It
provides a software interface that allows you to click hyperlinked
resources on the World Wide Web.

HTTP

o HTTP stands for HyperText Transfer Protocol.

o It is a protocol used to access the data on the World Wide Web (www).
o The HTTP protocol can be used to transfer the data in the form of plain text,
hypertext, audio, video, and so on.
o This protocol is known as HyperText Transfer Protocol because of its efficiency
that allows us to use in a hypertext environment where there are rapid jumps
from one document to another document.
o HTTP is similar to the FTP as it also transfers the files from one host to another
host. But, HTTP is simpler than FTP as HTTP uses only one connection, i.e., no
control connection to transfer the files.
o HTTP is used to carry the data in the form of MIME-like format.
o HTTP is similar to SMTP as the data is transferred between client and server. The
HTTP differs from the SMTP in the way the messages are sent from the client
to the server and from server to the client. SMTP messages are stored and
forwarded while HTTP messages are delivered immediately.

HTTP Transactions
The above figure shows the HTTP transaction between client and server. The client
initiates a transaction by sending a request message to the server. The server replies to
the request message by sending a response message.

Messages

HTTP messages are of two types: request and response. Both the message types follow
the same message format.

Request Message: The request message is sent by the client that consists of a request
line, headers, and sometimes a body.
Response Message: The response message is sent by the server to the client that
consists of a status line, headers, and sometimes a body.

Uniform Resource Locator (URL)

oA client that wants to access the document in an internet needs an address and to
facilitate the access of documents, the HTTP uses the concept of Uniform
Resource Locator (URL).
o The Uniform Resource Locator (URL) is a standard way of specifying any kind of
information on the internet.
o The URL defines four parts: method, host computer, port, and path.
 o Method: The method is the protocol used to retrieve the document from a server.
For example, HTTP.
o Host: The host is the computer where the information is stored, and the computer
is given an alias name. Web pages are mainly stored in the computers and the
computers are given an alias name that begins with the characters "www". This
field is not mandatory.
o Port: The URL can also contain the port number of the server, but it's an optional
field. If the port number is included, then it must come between the host and
path and it should be separated from the host by a colon.
o Path: Path is the pathname of the file where the information is stored. The path
itself contains slashes that separate the directories from the subdirectories and
files.

Cryptography
Cryptography, a word with Greek origins, means "secret writing." However, we use the
term to refer to the science and art of transforming messages to make them secure and
immune to attacks. Figure 30.1 shows the components involved in cryptography.

Plaintext and Ciphertext

The original message, before being transformed, is called plaintext. After the message
is transformed, it is called ciphertext. An encryption algorithm transforms the plaintext
into ciphertext; a decryption algorithm transforms the ciphertext back into plaintext.
The sender uses an encryption algorithm, and the receiver uses a decryption algorithm.
Cipher
We refer to encryption and decryption algorithms as ciphers. The term cipher is also used
to refer to different categories of algorithms in cryptography. This is not to say that every
sender-receiver pair needs their very own unique cipher for a secure communication.
On the contrary, one cipher can serve millions of communicating pairs.
Key
A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on. To
encrypt a message, we need an encryption algorithm, an encryption key, and the
plaintext.
These create the ciphertext. To decrypt a message, we need a decryption algorithm, a
decryption key, and the ciphertext. These reveal the original plaintext.
Two Categories
We can divide all the cryptography algorithms (ciphers) into two groups: symmetric key
(also called secret-key) cryptography algorithms and asymmetric (also called
public-key) cryptography algorithms. Figure 30.2 shows the taxonomy.

Symmetric·Key Cryptography
In symmetric-key cryptography, the same key is used by both parties. The sender uses
this key and an encryption algorithm to encrypt data; the receiver uses the same key and
the corresponding decryption algorithm to decrypt the data (see Figure 30.3).
Asymmetric-Key Cryptography
In asymmetric or public-key cryptography, there are two keys: a private key and a public
key. The private key is kept by the receiver. The public key is announced to the public.
In Figure 30.4, imagine Alice wants to send a message to Bob. Alice uses the public key
to encrypt the message. When the message is received by Bob, the private key is used to
decrypt the message.

In public-key encryption/decryption, the public key that is used for encryption is

different from the private key that is used for decryption. The public key is available to
the public;' the private key is available only to an individual.
Firewall in Computer Network
A firewall is a network security device, either hardware or software-based, which
monitors all incoming and outgoing traffic and based on a defined set of security rules it
accepts, rejects or drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
A firewall establishes a barrier between secured internal networks and outside untrusted
network, such as the Internet.

Generation of Firewall
Firewalls can be categorized based on its generation.
 First Generation- Packet Filtering Firewall: Packet filtering firewall is used to
control network access by monitoring outgoing and incoming packet and allowing
them to pass or stop based on source and destination IP address, protocols and
ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers).
Packet firewalls treat each packet in isolation. They have no ability to tell whether a
packet is part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers.

 Incoming packets from network 192.168.21.0 are blocked.

 Incoming packets destined for internal TELNET server (port 23) are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.
  Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs
Stateful Packet Inspection) are able to determine the connection state of packet,
unlike Packet filtering firewall, which makes it more efficient. It keeps track of the
state of networks connection travelling across it, such as TCP streams. So the
filtering decisions would not only be based on defined rules, but also on packet’s
history in the state table.

 Third Generation- Application Layer Firewall: Application layer firewalls are

hosts that run proxy servers. A proxy firewall prevents the direct connection
between either side of the firewall, each packet has to pass through the proxy. It can
allow or block the traffic based on predefined rules.
Note: Application layer firewalls can also be used as Network Address
Translator(NAT).
 Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks and
application-layer attacks. NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network
from these modern threats.

IP security (IPSec)




IP Sec (Internet Protocol Security) is an Internet Engineering Task

Force (IETF) standard suite of protocols between two
communication points across the IP network that provide data
authentication, integrity, and confidentiality. It also defines the
encrypted, decrypted, and authenticated packets. The protocols
needed for secure key exchange and key management are
defined in it.

Uses of IP Security
IPsec can be used to do the following things:
 To encrypt application layer data.
 To provide security for routers sending routing data across
the public internet.
 To provide authentication without encryption, like to
authenticate that the data originates from a known sender.
 To protect network data by setting up circuits using IPsec
tunneling in which all data being sent between the two
endpoints is encrypted, as with a Virtual Private
Network(VPN) connection.
Components of IP Security
It has the following components:
1. Encapsulating Security Payload (ESP)
2. Authentication Header (AH)
3. Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data
integrity, encryption, authentication, and anti-replay. It also
provides authentication for payload.
2. Authentication Header (AH): It also provides data integrity,
authentication, and anti-replay and it does not provide
encryption. The anti-replay protection protects against the
unauthorized transmission of packets. It does not protect data
confidentiality.

IP Header

3. Internet Key Exchange (IKE): It is a network security

protocol designed to dynamically exchange encryption keys and
find a way over Security Association (SA) between 2 devices. The
Security Association (SA) establishes shared security attributes
between 2 network entities to support secure communication.
The Key Management Protocol (ISAKMP) and Internet Security
Association provide a framework for authentication and key
exchange.

Features of IPSec
1. Authentication: IPSec provides authentication of IP
packets using digital signatures or shared secrets. This helps
ensure that the packets are not tampered with or forged.
2. Confidentiality: IPSec provides confidentiality by
encrypting IP packets, preventing eavesdropping on the
network traffic.
3. Integrity: IPSec provides integrity by ensuring that IP
packets have not been modified or corrupted during
transmission.
4. Key management: IPSec provides key management
services, including key exchange and key revocation, to
ensure that cryptographic keys are securely managed.
5. Tunneling: IPSec supports tunneling, allowing IP packets to
be encapsulated within another protocol, such as GRE (Generic
Routing Encapsulation) or L2TP (Layer 2 Tunneling Protocol).
.
Advantages of IPSec
1. Strong security: IPSec provides strong cryptographic
security services that help protect sensitive data and ensure
network privacy and integrity.
2. Wide compatibility: IPSec is an open standard protocol
that is widely supported by vendors and can be used in
heterogeneous environments.
3. Flexibility: IPSec can be configured to provide security for
a wide range of network topologies, including point-to-point,
site-to-site, and remote access connections.
4. Scalability: IPSec can be used to secure large-scale
networks and can be scaled up or down as needed.
5. Improved network performance: IPSec can help improve
network performance by reducing network congestion and
improving network efficiency.
Disadvantages of IPSec
1. Configuration complexity: IPSec can be complex to
configure and requires specialized knowledge and skills.
2. Compatibility issues: IPSec can have compatibility issues
with some network devices and applications, which can lead to
interoperability problems.
3. Performance impact: IPSec can impact network
performance due to the overhead of encryption and decryption
of IP packets.
4. Key management: IPSec requires effective key
management to ensure the security of the cryptographic keys
used for encryption and authentication.
5. Limited protection: IPSec only provides protection for IP
traffic, and other protocols such as ICMP, DNS, and routing
protocols may still be vulnerable to attacks.