Networking.docx

Full Transcript

Understanding TCP/IP
As we mentioned in the introduction, computers use a protocol as a common language for communication. A protocol is a set of rules that govern communications, much like a language in human terms. Of the myriad protocols out there, the key ones to understand are the protocols in the TCP/IP suite, which is a collection of different protocols that work366together to deliver connectivity. Consequently, they’re the only ones listed on the A+ exam objectives. In the following sections, we’ll start with a look at its overall structure and then move into key protocols within the suite.
TCP/IP Structure
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the most popular network protocol in use today, thanks mostly to the rise of the Internet. While the protocol suite is named after two of its hardest-working protocols, Transmission Control Protocol (TCP) and Internet Protocol (IP), TCP/IP actually contains dozens of protocols working together to help computers communicate with one another.
TCP/IP is robust and flexible. For example, if you want to ensure that the packets are delivered from one computer to another, TCP/IP can do that. If speed is more important than guaranteed delivery, then TCP/IP can ensure that too. The protocol can work on disparate operating systems, such as UNIX, Linux, macOS, Windows, iOS, and Android. It can also support a variety of programs, applications, and required network functions. Much of its flexibility comes from its modular nature.
You’re familiar with the seven-layer OSI model that we discussed in Chapter 6, “Networking Fundamentals.” Every protocol that’s created needs to accomplish the tasks (or at least the key tasks) outlined in that model. The structure of TCP/IP is based on a similar model created by the United States Department of Defense—that is, the Department of Defense (DoD) model. The DoD model (sometimes referred to as the TCP/IP model) has four layers that map to the seven OSI layers, as shown in Figure 7.1.

Figure 7.1 The DoD and OSI models
The overall functionality between these two models is virtually identical; the layers just have different names. For example, the Process/Application layer of the DoD model is367designed to combine the functionality of the top three layers of the OSI model. Therefore, any protocol designed against the Process/Application layer would need to be able to perform all the functions associated with the Application, Presentation, and Session layers in the OSI model.
TCP/IP’s modular nature and common protocols are shown in Figure 7.2.

Figure 7.2 TCP/IP protocol suite
The majority of TCP/IP protocols are located at the Process/Application layer. These include some protocols with which you may already be familiar, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and others.
At the Host-to-Host layer, there are only two protocols: TCP and User Datagram Protocol (UDP). Most applications will use one or the other to transmit data, although some can use both but will do so for different tasks.
The most important protocol at the Internet layer is IP. This is the backbone of TCP/IP. Other protocols at this layer work in conjunction with IP, such as Internet Control Message Protocol (ICMP) and Address Resolution Protocol (ARP).
You’ll notice that the Network Access layer doesn’t have any protocols, as such. This layer describes the type of network access method that you are using, such as Ethernet, Wi-Fi, or others.
Process/Application Layer Protocols
As we mentioned in the previous section, most of the protocols within the TCP/IP suite are at the Process/Application layer. This is the layer of differentiation and flexibility. For368example, if you want to browse the Internet, the HTTP protocol is designed for that. FTP is optimized for file downloads, and Simple Mail Transfer Protocol (SMTP) is used for sending email.
Before we get into the protocols themselves, let’s take a quick look into a few key points on the TCP/IP suite’s flexibility. There are literally dozens of protocols at the Process/Application layer, and they have been created over time as networking needs arose. Take HTTP, for example. The first official version was developed in 1991, nearly 20 years after TCP/IP was first implemented. Before this protocol was created, there weren’t any effective client-server request-response protocols at this layer. HTTP let the client (web browser) ask the web server for a page, and the web server would return it. Going one step further, there was a need for secure transactions over HTTP—hence, the creation of HTTPS in 1994. As new applications are developed or new networking needs are discovered, developers can build an application or protocol that fits into this layer to provide the needed functionality. They just need to make sure that the protocol delivers what it needs to and can communicate with the layers below it. The following sections describe some of the more common Process/Application protocols—and the ones listed in the A+ exam objectives.
AFP
The Apple Filing Protocol (AFP) was developed in the 1980s for use with the AppleTalk network protocol. AppleTalk was a proprietary networking protocol developed by Apple for use on Macintosh computers, but it’s fallen out of use today. AFP is a file transfer protocol similar to FTP and Server Message Block (SMB), which are discussed later in this section. It was the default file transfer protocol on Mac OS until Apple changed to SMB2 in 2013. Converting to the industry-standard SMB protocol helped enhance interoperability between Macs and PCs.
 Mac users can choose which file transfer protocol to use within macOS. For example, both AFP and SMB can be used, and SMB used only with Windows users. The setting is changed under the Apple menu ➢ System Preferences ➢ Sharing. Choose file sharing, then Options.
CIFS
Common Internet File System (CIFS) is a Microsoft-developed enhancement of the SMB protocol, which was also developed by Microsoft. The intent behind CIFS is that it can be used to share files and printers between computers, regardless of the operating system that they run. It’s been the default file and print sharing protocol on Windows-based computers since Windows 2000.
DHCP
Dynamic Host Configuration Protocol (DHCP) dynamically assigns IP addresses and other IP configuration information to network clients. Configuring your network clients to receive their IP addresses from a DHCP server reduces network administration headaches.369We’ll cover the mechanics of how DHCP works later in this chapter when we talk about IP addressing.
DNS
You probably use Domain Name System (DNS) every day whether you realize it or not. Its purpose is to resolve hostnames to IP addresses. For example, let’s say that you open your web browser and type in a Uniform Resource Locator (URL) such as http://www.wiley .com. Your computer needs to know the IP address of the server that hosts that website in order for you to connect to it. Through a DNS server, your computer resolves the URL to an IP address so communication can happen. DNS as a service is discussed in more detail later in this chapter.
 You will find some debate about what DNS stands for. The official name, according to the Internet Engineering Task Force (IETF) is Domain Name System. However, CompTIA lists Domain Name Service and Domain Name Server as full names for the acronym. Regardless, the important thing to remember is what DNS does, which is resolves hostnames to IP addresses.
FTP
The File Transfer Protocol (FTP) is optimized to do what it says it does—transfer files. This includes both uploading and downloading files from one host to another. FTP is both a protocol and an application. Specifically, FTP lets you copy files, list and manipulate directories, and view file contents. You can’t use it to execute applications remotely.
Whenever a user attempts to access an FTP site, they will be asked to log in. If it’s a public site, you can often just use the login name anonymous and then provide your email address as the password. Of course, there’s no rule saying that you have to give your real email address if you don’t want to. If the FTP site is secured, you will need a legitimate login name and password to access it. If you are using a browser such as Chrome, Firefox, Internet Explorer, or Edge to connect via FTP, the correct syntax in the address window is ftp://username:[email protected].
The big downside to FTP is that it’s unsecure. It transmits usernames and passwords in plain text. If a potential hacker is monitoring network traffic, this information will come through quite clearly. Be aware of this when using FTP, and make sure the FTP password is something not used to log into any other services.
 In Windows XP and later, you can type a URL such as the one in the FTP example into the Run box to connect as well.
HTTP
The most commonly used Process/Application layer protocol is HTTP. It manages the communication between a web server and client, and lets you connect to and view all the content that you enjoy on the Internet. All the information transmitted by HTTP is plain text, which means370that it’s not secure. Therefore, it’s not a good choice for transmitting sensitive or personal information, such as usernames and passwords, or for transmitting banking information.
HTTPS
To encrypt traffic between a web server and client securely, Hypertext Transfer Protocol Secure (HTTPS) can be used. HTTPS connections are secured using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
From the client side, the most common issue that you will encounter when HTTPS is in use on a website is that users may not know the proper context. To access most websites, you use http:// in the address bar. To get to a site using HTTPS, you need to use https:// instead.
From the client (web browser) side, users will know that the site is secure because the browser will display a small padlock icon next to the address name.

How Secure Is It?
You have probably heard before that you should not enter personal information (such as a credit card number) into an unsecure website. But what does that really mean?
First, know what to look for. If you are entering information into a website form and the address of the site begins with just http://, you’re just asking for someone to steal the information! The HTTP protocol transmits data in plain text, meaning that there is no encryption at all between your computer and the server. On the other hand, HTTPS encrypts the data transmissions as they cross the wire.
To use HTTPS, the website needs to obtain an SSL certificate from a reputable certificate authority, which verifies the identity of the website. So the good news is that if you are accessing a site with https:// in the header, you know that the site is what it says it is (and not a fake site or Trojan horse) and that transmissions between your computer and that site are encrypted. Once the data is on the website’s server, though, HTTPS is no longer relevant and other protection methods are needed to keep your data secure.
 Occasionally, you might visit a website that uses HTTPS and get a pop-up error message saying that the certificate has expired or could not be validated. This is most likely a case of the certificate legitimately expiring, but it could be that it’s a Trojan horse website. Proceed with caution!
IMAP
Internet Message Access Protocol (IMAP) is a secure protocol designed to download email. Its current version is version 4, or IMAP4. It’s the client-side email management protocol of371choice, having replaced the unsecure POP3. Most current email clients, such as Microsoft Outlook and Gmail, are configured to be able to use either IMAP4 or POP3.
IMAP4 has some definite advantages over POP3. First, IMAP4 works in connected and disconnected modes. With POP3, the client makes a connection to the email server, downloads the email, and then terminates the connection. IMAP4 allows the client to remain connected to the email server after the download, meaning that as soon as another email enters the inbox, IMAP4 notifies the email client, which can then download it. Second, it also lets you store the email on the server, as opposed to POP3, which requires you to download it. Third, IMAP4 allows multiple clients to be simultaneously connected to the same inbox. This can be useful for smartphone users who have both Outlook on their workstation and their smartphone email client operational at the same time or for cases where multiple users monitor the same mailbox, such as on a customer service account. IMAP4 allows each connected user or client to see changes made to messages on the server in real time.
LDAP
The Lightweight Directory Access Protocol (LDAP) is a directory services protocol based on the X.500 standard. LDAP is designed to access information stored in an information directory typically known as an LDAP directory or LDAP database.
On your network, you probably have a lot of information, such as employee phone books and email addresses, client contact lists, and infrastructure and configuration data for the network and network applications. This information might not get updated frequently, but you might need to access it from anywhere on the network, or you might have a network application that needs access to this data. LDAP provides you with the access, regardless of the client platform from which you’re working. You can also use access control lists (ACLs) to set up who can read and change entries in the database using LDAP. A common analogy is that LDAP provides access to and the structure behind your network’s phone book.
NetBIOS/NetBT
Network Basic Input/Output System (NetBIOS) is an application programming interface (API) that allows computers to communicate with each other over the network. It works at Layer 5 of the OSI model. Consequently, it needs to work with another network protocol to handle the functions of Layer 4 and below. NetBIOS running over TCP/IP is called NetBT, or NBT. Specifically, NetBIOS provides three services:

Naming service, for name registration and resolution
Datagram distribution service, for connectionless communication
Session management service, for connection-oriented communication

For many years, Microsoft network clients were configured with a NetBIOS name, which was their network name. To communicate with another computer on the network, the NetBIOS name would need to be resolved (matched) to an IP address. This was done with a WINS (Windows Internet Name Service) server or LMHOSTS file, and could not be performed across any routed connection (which includes the Internet).
372
If you’re familiar with hostnames, they were somewhat analogous and could be one in the same or totally different. (If you’re not familiar with hostnames and DNS, we cover it later in this chapter.) The big differences are that hostnames are resolved with a DNS server (or HOSTS file) and can work across the Internet. WINS was far inferior to DNS for name resolution, so Microsoft ended up adopting DNS like the rest of the industry.
POP3
For a long time, Post Office Protocol 3 (POP3) had been the preferred protocol for downloading email. It’s being replaced by IMAP4 because IMAP4 includes security and more features than POP3.
RDP
Developed by Microsoft, the Remote Desktop Protocol (RDP) allows users to connect to remote computers and run programs on them. When you use RDP, you see the desktop of the computer you’ve signed into on your screen. It’s like you’re really there, even though you’re not.
When you use RDP, the computer at which you are seated is the client and the computer you’re logging into is the server. RDP client software is available for Windows, Linux, macOS, iOS, and Android. Microsoft’s RDP client software is called Remote Desktop Connection. The server uses its own video driver to create video output and sends the output to the client using RDP. Conversely, all keyboard and mouse input from the client is encrypted and sent to the server for processing. RDP also supports sound, drive, port, and network printer redirection. In a nutshell, this means that if you could see, hear, or do it sitting at the remote computer, you could see, hear, or do it at the RDP client too.
Services using this protocol can be great for telecommuters. It’s also very handy for technical support folks, who can log into and assume control over a remote computer. It’s a lot easier to troubleshoot and fix problems when you can see what’s going on and “drive.”
SLP
The Service Location Protocol (SLP) is a non-proprietary protocol designed to help locate resources on a network. Without protocols such as SLP (and SMB), users wanting to access networked resources need to enter the hostname or IP address of the machine that provides the resource. SLP makes the resources visible and therefore easy to connect to.
SLP was developed by the Internet Engineering Task Force (IETF), so it’s considered an industry standard. The advantage is that it can be used with non-Microsoft operating systems, such as macOS and Linux.
SMB
Server Message Block (SMB) is a protocol originally developed by IBM but then enhanced by Microsoft, IBM, Intel, and others. It’s used to provide shared access to files, printers, and other network resources and is primarily implemented by Microsoft systems. In a way, it can function a bit like FTP only with a few more options, such as the ability to connect to printers, and more management commands. It’s also known for its ability to make373network resources easily visible through various Windows network apps (such as Network in File Explorer).
SMTP
We’ve already looked at a few protocols that are for downloading or receiving email. Simple Mail Transfer Protocol (SMTP) is the protocol most commonly used to send email messages. Because it’s designed to send only, it’s referred to as a push protocol. SMTP is the protocol used to send email from mail server to mail server as well as from a mail server to an email client. An email client locates its email server by querying the DNS server for a mail exchange (MX) record. After the server is located, SMTP is used to push the message to the email server, which will then process the message for delivery.
SNMP
Simple Network Management Protocol (SNMP) gathers and manages network performance information.
On your network, you might have several connectivity devices, such as routers and switches. A management device called an SNMP server can be set up to collect data from these devices (called agents) and ensure that your network is operating properly. Although SNMP is mostly used to monitor connectivity devices, many other network devices are SNMP-compatible as well. The most current version is SNMPv3.
SSH
Secure Shell (SSH) can be used to set up a secure Telnet session for remote logins or for remotely executing programs and transferring files. Because it’s secure, it was originally designed to be a replacement for the unsecure telnet command. A common client interface using SSH is called OpenSSH (www.openssh.com).
Telnet
It seems as though Telnet has been around since the beginning of time as a terminal emulation protocol. Someone using Telnet can log into another machine and “see” the remote computer in a window on their screen. Although this vision is text only, the user can manage files on that remote machine just as if they were logged in locally.
The problem with telnet and other unsecure remote management interfaces (such as rcp [remote copy] and ftp) is that the data they transmit, including passwords, is sent in plain text. Anyone eavesdropping on the line can intercept the packets and thus obtain usernames and passwords. SSH overcomes this by encrypting the traffic, including usernames and passwords.