Network Security & Management Unit 4 PDF
Document Details
Uploaded by ImpeccableLearning
Tags
Summary
These notes provide an overview of network administration protocols and services, focusing on directory services, including DNS, DHCP, and VPN protocols. The document details different directory service types and their functionalities.
Full Transcript
NETWORK SECURITY & MANAGEMENT UNIT-4 NETWORK ADMINISTRATION PROTOCOLS AND SERVICES 4.1 DIRECTORY SERVICE Directory Service is defined as a network service that identifies all resources on a network and makes them accessible to users and appl...
NETWORK SECURITY & MANAGEMENT UNIT-4 NETWORK ADMINISTRATION PROTOCOLS AND SERVICES 4.1 DIRECTORY SERVICE Directory Service is defined as a network service that identifies all resources on a network and makes them accessible to users and applications. (Resources include email address, domain name, computer and peripheral devices such as printer). In most networks, you optimize the function of different services by hosting them on different computers. Doing so makes sense. Putting all services on one computer may be a bit complex. Moreover, you can achieve optimal performance, more reliability and higher security by segregating network services in various ways. Most networks have quite a few services that need to be provided, and often these services run on different servers. Even a relatively simple network now offers the following services: File storage and sharing and Printer sharing E-mail services Web hosting, both for the Internet and an intranet Database server services Specific application servers Internet connectivity Fax services Domain Name System (DNS) service, Windows Internet Naming Service Dynamic Host Configuration Protocol (DHCP) services Centralized virus-detection services Backup and restore services Directory services were invented to remove complexities from the network. Basically, directory services work just like a phone book. Instead of using a name to look up an address and phone number in a phone book, you query the directory service for a service name (such as the name of a network folder or a printer), and the directory service tells you where the service is located. You can also request directory services by property. For instance, if you request the directory service for all items that are “printers,” it can return a complete list, no matter where the printers are located in the organization. Even better, directory services enable you to browse all the resources on a network easily. We don’t need to make separate user lists on each server. Directory services eliminate this kind of complexity. By sharing itself with all other servers. To provide the above redundancy directory services usually run on multiple servers in an organization, with each server having an entire copy of the directory service database. To avoid loss of data, it requires making a backup directory server. NETWORK SECURITY & MANAGEMENT There are five types of well-known directory services: 1) Novell Directory Services (NDS) 2) Microsoft’s Windows NT Domains 3) Microsoft’s Active Directory 4) X.500 Directory Access Protocol 5) Lightweight Directory Access Protocol 4.2 DIFFERENT DIRECTORIES ACCESS PROTOCOLS 4.2.1 Novell Directory Service (NDS) Novell eDirectory has been available since 1993, introduced as NDS as part of NetWare 4.x. This product was a real boon and was rapidly implemented in Novell networks, particularly in larger organizations that had many NetWare servers and needed its capabilities. eDirectory is a reliable, robust directory service that has continued to evolve(developed gradually) since its introduction. eDirectory uses a Master/Slave approach to directory servers and also allows partitioning of the tree. In addition to running on Novell network operating systems, eDirectory is also available for Windows, Solaris, AIX(Advanced Interactive eXecutive) and Linux systems. The product’s compatibility with such a variety of systems makes it a good choice for managing all these platforms under a single directory structure. The NDS tree is managed from a client computer logged into the network with administrative privileges. You can either use a graphical tool designed to manage the tree called NWAdmin or a text-based tool called NET ADMIN. Both allow full management of the tree, although the graphical product is much easier to use. The NDS tree contains a number of different object types. The standard directory service types are countries, organizations and organizational units. The system also has objects to represent NetWare security groups, NetWare servers and NetWare server volumes. 4.2.2 Windows NT Domains The Windows NT (New Technology) domain model breaks an organization into chunks called domains, all of which are part of an organization. The domains are usually organized geographically, which helps minimize domain-to-domain communication requirements across WAN links, although you’re free to organize domains as you wish. Each domain is controlled by a primary domain controller (PDC), which might have one or more backup domain controllers (BDCs) to kick in if the PDC fails. All changes within the domain are made to the PDC, which then replicates those changes to any BDCs. BDCs are read-only, except for valid updates received from the PDC. In case of a PDC failure, BDCs automatically continue authenticating users. To make administrative changes to a domain that suffers PDC failure, any of the BDCs can be promoted to PDC. Once the PDC is ready to come back online, the promoted BDC can be demoted back to BDC status. NETWORK SECURITY & MANAGEMENT Windows NT domains can be organized into one of four domain models: 1) Single domain: In this model, only one domain contains all network resources. 2) Master domain: The master model usually puts users in the top-level domain and then places network resources, such as shared folders or printers, in lower-level domains (called resource domains). In this model, the resource domains trust the master domain. 3) Multiple master domain: This is a slight variation on the master domain model, in which users might exist in multiple master domains, all of which trust one another, and in which resources are located in resource domains, all of which trust all the master domains. 4) Complete trust: This variation of the single-domain model spreads users and resources across all domains, which all trust each other. You can choose an appropriate domain model depending on the physical layout of the network, the number of users to be served and other factors. (If you’re planning a domain model, you should review the white papers on Microsoft’s website for details on planning large domains, because the process can be complex.) Explicit trust relationships must be maintained between domains using the master or multiple master domain models and must be managed on each domain separately. Maintaining these relationships is one of the biggest difficulties in the Windows NT domain structure approach, at least for larger organizations. If you have 100 domains, you must manage the 99 possible trust relationships for each domain, for a total of 9,900 trust relationships. For smaller numbers of domains (for example, less than 10 domains), management of the trust relationship is less of a problem, although it can still cause difficulties. 4.2.3 X.500 Directory The X.500 standard was developed jointly by the International Telecommunications Union (ITU) and the International Standards Organization (ISO). Its purpose was to provide an international standard for directory systems. The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries that are distributed across one or more servers, called Directory System Agents (DSA). The X.500 protocol architecture consists of a Client-Server communicating via the Open Systems Interconnection (OSI) networking model. The Client is called the Directory Service Agent (DUA) and the Server is called the Directory System Agent (DSA). X.500 is a directory service used in the same way as a conventional name service, but it is primarily used to satisfy descriptive queries and is designed to discover the names and attributes of other users or system resources. Users may have a variety of requirements for searching and browsing in a directory of network users, organizations and system resources to obtain information about the entities that the directory contains. The uses for such a service are likely to be quite diverse. They range from inquiries that are directly analogous to the use of telephone directories, such as a simple “white pages” access to obtain a user's electronic mail address or a “yellow pages” query aimed, for example, at obtaining the names and telephone numbers of garages NETWORK SECURITY & MANAGEMENT specializing in the repair of a particular make of car, to the use of the directory to access personal details such as job roles, dietary habits or even photographic images of the individuals. The above figure shows the model for X.500. In the X.500 directory architecture, the client queries and receives responses from one or more servers in the servers Directory Service with the Directory Access Protocol (DAP) controlling the communication between the client and the server. The Directory client, called the Directory User Agent (DUA), supports users in searching or browsing through one or more directory databases and in retrieving the requested directory information. The DUA can be implemented in all kinds of user interfaces through dedicated DUA clients, Web-server gateways, e-mail applications or middleware. DUAs are currently available for virtually all types of workstations. Directory information is stored in a Directory System Agent (DSA), a hierarchical database designed to provide fast and efficient search and retrieval. The Directory System Protocol (DSP) controls the interaction between two or more DSAs. This is done in a way that allows users to access information in the Directory without knowing its exact location. The Directory Access Protocol (DAP) is used for controlling communication between a DUA and DSA. NETWORK SECURITY & MANAGEMENT 4.2.4 LDAP LDAP stands for Lightweight Directory Access Protocol. LDAP was developed to solve the problem associated with x.500. LDAP contains 90% of the functionality of the X.500, by this it is a sub-set of X.500. LDAP runs over TCP/IP and uses a client/server model. The LDAP standard describes not only the layout and fields within an LDAP directory but also the methods to be used when a person logs in to a server that uses LDAP or queries or updates the LDAP directory information on an LDAP server. An LDAP tree starts with a root, which then contains entries. Each entry can have one or more attributes. Each of these attributes has both a type and values associated with it. One example is the CommonName entry (CN), which contains at least two attributes: FirstName and Surname. All attributes in LDAP use the text string data type. Entries are broken up into a tree and managed geographically and then within each organization. One nice feature of LDAP is an organization can build a global directory structure using a feature called referral, where LDAP directory queries that are managed by a different LDAP server are transparently routed to that server. Because each LDAP server knows its parent LDAP server and its child servers, any user anywhere in the network can access the entire LDAP tree. In fact, the user won't even know he or she is running on different servers in different locales. The following are 4 basic models that describe LDAP: 1) Information Model: It defines the structure of the data stored in the directory. 2) Naming Model: It describes how to reference and organize the data. 3) Functional Model: It describes how to work with the data. 4) Security Model: It defines how to keep the data in the directory secure. 4.3 ACTIVE DIRECTORY Active Directory was developed by Microsoft. Active Directory is essentially a database of network resources (known as objects) and information about each of these objects. Active Directory is fully compatible with LDAP and also with the Domain Name System (DNS) used on the Internet. Active Directory uses a peer approach to domain controllers; all domain controllers are full participants at all times. This arrangement is called a Multimaster because there are many “master” domain controllers but no backup controllers. Active Directory is built on a structure that allows “trees of trees,” which is called a forest. Each tree has its domain and its domain controllers. Within a domain, separate organizational units are allowed to make administration easier and more logical. Trees are then aggregated into a larger forest structure. According to Microsoft, Active Directory can handle millions of objects through this approach. NETWORK SECURITY & MANAGEMENT Active Directory does not require the management of trust relationships, except when connected to Windows NT 4. x servers that are not using Active Directory. Otherwise, all domains within a tree have automatic trust relationships. Active Directory uses two types of domain controller: 1) Primary Domain Controller 2) Backup Domain Controller Active Directory uses LDAP protocol to access objects. Each domain controller in a domain is capable of accepting requests for changes to the domain database and replicating that information with the other DCs in the domain. The first domain that is created is referred to as the "root domain" and is at the top of the directory tree. After combining this kind of tree becomes one general tree called a domain forest. All subsequent domains will live under the root domain and are referred to as child domains. The child domain names must be unique as shown in the below figure There are three Directory Components : 1) Object: Objects in the database can include printers, users, servers, clients, shares, services, etc. and are the most basic component of the directory. There are two basic types of objects in an active directory: a) Container Object: It is simply an object that stores other objects. These objects essentially function as the branches of the tree.\ b) Leaf Object: It stands alone and can’t store other objects. 2) Attributes: An attribute describes an object. For example, passwords and names are attributes of user objects. Different objects will have a different set of attributes that define them, however, different objects may also share attributes. For example, a printer and Windows Vista computer may both have an IP address as an attribute. 3) Schema: A schema defines the list of attributes that describe a given type of object. For example, let's say that all printer objects are defined by name, PDL type and speed attributes. This list of attributes comprises the schema for the object class "printers". The schema is customizable, meaning that the attributes that define an object class can be modified. 4.4 VPN AND ITS PROTOCOLS 4.4.1 Introduction A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. In other words, A VPN is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. NETWORK SECURITY & MANAGEMENT 4.4.2 Working of VPN A VPN works by routing a device's internet connection through a private service rather than the user's regular internet service provider (ISP). The VPN acts as an intermediary between the user getting online and connecting to the internet by hiding their IP address. Using a VPN creates a private, encrypted tunnel through which a user’s device can access the internet while hiding their personal information, location, and other data. All network traffic is sent through a secure connection via the VPN. This means that any data transmitted to the internet is redirected to the VPN rather than from the user’s computer. When the user connects to the web using their VPN, their computer submits information to websites through the encrypted connection created by the VPN. The VPN then forwards that request and sends a response from the requested website back to the connection. 4.4.3 Working of VPN in practice Streaming services like Amazon Prime Video, Hulu, and Netflix offer different content to users located in different countries. Using a VPN enables a streaming customer to access the content intended for people living in different countries regardless of their actual location. It can also enable a user to access a streaming subscription they have in their home country while traveling. For example, a user on holiday in another country could use a VPN to set their location to the U.S. and stream their favorite sports team’s live game. 4.4.4 VPN Protocols VPN protocols work in various ways, but they usually perform two basic functions: authentication and encryption. Authentication ensures your device is communicating with a trusted VPN server and encryption makes the communication itself unreadable to outsiders. Different encryption standards and authentication methods result in differing levels of speed and security for VPN users. VPN protocols also have differing rules on how to handle potential errors, which affects stability and reliability. 1) Point-to-Point Tunneling Protocol (PPTP) PPTP is one of the oldest protocols still active on the internet. Created by Microsoft, it uses the Transmission Control Protocol (TCP) control channel and Generic Routing Encapsulation (GRE) tunneling protocol. It relies on the Point-to-Point Protocol (PPP), which is a Layer 2 communications protocol directly between two routers, to implement security functionalities. This protocol has only the capability to encrypt data with 128- bit so it ensures low security. PPTP is fast and simple to deploy but only really applicable to people using older Windows operating systems. It also has several well-known security issues, so any VPN that only uses PPTP should be avoided. NETWORK SECURITY & MANAGEMENT 2) Layer Two Tunneling Protocol (L2TP) Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point- to-point datagram delivery, such as IP or Asynchronous Transfer Mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F. Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE (Microsoft Point-to-Point Encryption) to encrypt PPP datagrams. L2TP relies on Internet Protocol security (IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec. Both L2TP and IPsec must be supported by both the VPN client and the VPN server. L2TP is installed with the TCP/IP protocol. L2TP is available across famous operating systems, including Android, Windows, macOS and iOS. 3) Secure Socket Tunneling Protocol (SSTP) SSTP is a VPN tunnel created by Microsoft and is a much more secure option. It transports PPP traffic through the secure sockets layer/transport layer security (SSL/TLS) channel, which provides encryption, key negotiation, and traffic integrity checking. As such, only the two parties that transmit the data are able to decode it. Using this over the TCP port 443 ensures that SSTP can travel through most firewalls and proxy servers. SSTP is well-suited for Windows devices. While it supports other platforms—macOS, Linux or mobile devices—may be more limited compared to other VPN protocols. 4) Internet Key Exchange Version 2 (IKEv2) IKEv2 handles request and response actions to ensure traffic is secure and authenticated, usually using IPsec. It establishes the security attributes of the device and server, then authenticates them, and agrees which encryption methods to use. It supports 256-bit encryption and allows the use of popular ciphers such as Advanced Encryption Standard (AES), Camellia and ChaCha20. IKEv2 is mostly used to secure mobile devices, in which it is particularly effective. The protocol is extensively supported on a wide range of platforms, including MacOS, Windows, Linux, iOS and Android. 5) OpenVPN OpenVPN is an open-source and highly configurable protocol that is known for its security and versatility. There are two types of OpenVPN protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) for communication. OpenVPN is widely used due to its ability to provide a balance between speed and security. It uses end-to-end AES 256-bit encryption, intrusion detection and prevention systems to safeguard your data and SSL/TLS encryption. A kill switch feature prevents Domain Name Server (DNS) NETWORK SECURITY & MANAGEMENT attacks and leakage, in case the VPN loses connection. It is available on MacOS, Microsoft Windows, MacOS, Android, Linux and iOS. 6) Wireguard Launched in 2015, WireGuard is a communication protocol that was developed by Jason A. Donenfeld. Unlike older protocols, it is designed to be lightweight and efficient which makes it one of the fastest protocols. WireGuard emphasizes simplicity in its design and implementation. Not only is it easier to set up and maintain, but it also supports multiple types of primitives and encryption. WireGuard has gathered attention for its potential to become a next-generation VPN protocol that offers both speed and security. The protocol is available on multiple operating systems such as Windows, Linux, macOS, Android and iOS. 4.5 DHCP ARCHITECTURE, RARP AND BOOTP 4.5.1 DHCP Introduction DHCP (Dynamic Host Configuration Protocol) is a network administration protocol that is responsible for the task of assigning an IP address to your system and network device. DHCP works on the Application layer of the TCP/IP Protocol. The DHCP network model is based on the client-server architecture, where the connection is established when the client device sends a request message to the server device to provide the system with an IP address. DHCP Architecture The DHCP architecture is made up of DHCP clients, DHCP servers and DHCP relay agents. The client interacts with servers using DHCP messages in a DHCP conversation to obtain and renew IP address leases. Here is a brief description of the DHCP components: 1) DHCP Server: It automatically provides network information (IP address, subnet mask, gateway address) on lease. Once the duration has expired, that network information can be assigned to another machine. It also maintains the data storage which stores the available IP addresses. 2) DHCP Client: A DHCP client is any IP device connected on the network that has been configured to act as a host requesting configuration parameters such as an IP address from a DHCP server. 3) DHCP Relay Agent: DHCP relay agents pass DHCP messages between servers and clients where the DHCP server does not reside on the same IP subnet as its clients. Other components include the IP address pool, subnet, lease and DHCP communications protocol. The following diagram shows the changing port numbers and the source and destination addresses used during the DHCP transaction. UDP port 68 is reserved for DHCP clients and UDP port 67 is reserved for DHCP servers. NETWORK SECURITY & MANAGEMENT Step 1: DHCP DISCOVER Sent by the client looking for the IP address. The source IP is 0.0.0.0 because the client doesn’t have an IP address. The destination is 255.255.255.255, which is the broadcast address, as the client doesn’t know where the DHCP server is located, so it broadcasts to all devices on the network. Step 2: DHCP OFFER Sent by the DHCP server offering an IP address to the client. The source address is the DHCP server address. The DHCP server doesn’t know the client address yet, so it broadcasts the offer to all devices on the network. Step 3: DHCP REQUEST Sent by the client to the DHCP server to say “I will take that IP address, thanks.” The client IP address is still 0.0.0.0 and it is again broadcast to all so that any other servers on the network that may have offered an IP address will know to stop communicating with the client for now. NETWORK SECURITY & MANAGEMENT Step 4: DHCP ACKNOWLEDGEMENT Sent by the DHCP server to the client. It confirms the IP address and other details such as subnet mask, default gateway and lease time with the client. The source address is the DHCP server and the destination is still the broadcast address. DHCP Client, Server and Relay Agent Model The DHCP relay agent is located between a DHCP client and a DHCP server and forwards DHCP messages between servers and clients as follows: NETWORK SECURITY & MANAGEMENT 1) The DHCP client sends a discover packet to find a DHCP server in the network from which to obtain configuration parameters for the subscriber (or DHCP client), including an IP address. 2) The DHCP relay agent receives the discovered packet and forwards copies to each of the two DHCP servers. The DHCP relay agent then creates an entry in its internal client table to keep track of the client’s state. 3) In response to receiving the discover packet, each DHCP server sends an offer packet to the client. The DHCP relay agent receives the offer packets and forwards them to the DHCP client. 4) On receipt of the offer packets, the DHCP client selects the DHCP server from which to obtain configuration information. Typically, the client selects the server that offers the longest lease time on the IP address. 5) The DHCP client sends a request packet that specifies the DHCP server from which to obtain configuration information. 6) The DHCP relay agent receives the request packet and forwards copies to each of the two DHCP servers. 7) The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client’s configuration parameters. 8) The DHCP relay agent receives the ACK packet and forwards it to the client. 9) The DHCP client receives the ACK packet and stores the configuration information. 10) If configured to do so, the DHCP relay agent installs a host route and Address Resolution Protocol (ARP) entry for this client. 11) After establishing the initial lease on the IP address, the DHCP client and the DHCP server use unicast transmission to negotiate lease renewal or release. The DHCP relay agent “snoops” on all of the packets unicast between the client and the server that pass through the router (or switch) to determine when the lease for this client has expired or been released. This process is referred to as lease shadowing or passive snooping. 4.5.2 RARP The Reverse Address Resolution Protocol (RARP) is a networking protocol that is used to map a physical (MAC) address to an Internet Protocol (IP) address. It is the reverse of the more commonly used Address Resolution Protocol (ARP), which maps an IP address to a MAC address. NETWORK SECURITY & MANAGEMENT RARP was developed in the early days of computer networking as a way to provide IP addresses to diskless workstations or other devices that could not store their own IP addresses. RARP is specified in RFC 903 and operates at the data link layer of the OSI model. With RARP, the device would broadcast its MAC address and request an IP address and a RARP server on the network would respond with the corresponding IP address. While RARP was widely used in the past, it has largely been replaced by newer protocols such as DHCP (Dynamic Host Configuration Protocol), which provides more flexibility and functionality in assigning IP addresses dynamically. However, RARP is still used in some specialized applications, such as booting embedded systems and configuring network devices with pre-assigned IP addresses. 4.5.3 BOOTP Bootstrap Protocol (BOOTP) is a basic protocol that automatically provides each participant in a network connection with a unique IP address for identification and authentication as soon as it connects to the network. This helps the server to speed up data transfers and connection requests. BOOTP uses a unique IP address algorithm to provide each system on the network with a completely different IP address in a fraction of a second. This shortens the connection time between the server and the client. It starts the process of downloading and updating the source code even with very little information. BOOTP uses a combination of TFTP (Trivial File Transfer Protocol) and UDP (User Datagram Protocol) to request and receive requests from various network-connected participants and to handle their responses. In a BOOTP connection, the server and client just need an IP address and a gateway address to establish a successful connection. Typically, in a BOOTP network, the server and client share the same LAN, and the routers used in the network must support BOOTP bridging. NETWORK SECURITY & MANAGEMENT A great example of a network with a TCP / IP configuration is the Bootstrap Protocol network. Whenever a computer on the network asks for a specific request to the server, BOOTP uses its unique IP address to quickly resolve them. 4.6 INTRODUCTION TO DNS AND ITS OBJECTIVES 4.6.1 Introduction to DNS The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, such as gmail.com or youtube.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6). How Does DNS Work? In a usual DNS query, the URL typed in by the user has to go through four servers for the IP address to be provided. The four servers work with each other to get the correct IP address to the client, and they include: 1) DNS Recursor: The DNS recursor, which is also referred to as a DNS resolver, receives the query from the DNS client. Then it communicates with other DNS servers to find the right IP address. After the resolver retrieves the request from the client, the resolver acts like a client itself. As it does this, it makes queries that get sent to the other three DNS servers: root nameservers, top-level domain (TLD) nameservers, and authoritative nameservers. 2) Root Name Servers: The root nameserver is designated for the internet's DNS root zone. Its job is to answer requests sent to it for records in the root zone. It answers requests by sending back a list of the authoritative nameservers that go with the correct TLD. 3) TLD Name Servers: A TLD (Top Level Domain) nameserver keeps the IP address of the second-level domain contained within the TLD name. It then releases the website’s IP address and sends the query to the domain’s nameserver. 4) Authoritative Name Servers: An authoritative nameserver is what gives you the real answer to your DNS query. There are two types of authoritative nameservers: a master server or primary nameserver and a slave server or secondary nameserver. The master server keeps the original copies of the zone records, while the slave server is an exact copy of the master server. It shares the DNS server load and acts as a backup if the master server fails. NETWORK SECURITY & MANAGEMENT What is a Top Level Domain? Top level domains (TLDs) are more commonly known as domain extensions. A top-level domain is everything that follows the last dot in a domain name. For instance,.com is the TLD in the domain name “domainwheel.com“. The second-level domain is the actual website name, and the third-level domain (more often referred to as a subdomain) is reserved for specific sections of your website. Note that all websites have a top-level domain and a second-level domain, but most websites don’t have any third-level domains. Example: URL: https://www.example.com In this URL: 1) Top-Level Domain (TLD): ".com" is the top-level domain. It represents the commercial domain category and is one of the most commonly used TLDs on the internet. 2) Second-Level Domain (SLD): "example" is the second-level domain. It typically represents the name of the organization, business, or entity that owns the domain. In this case, "example" is used as a placeholder or demonstration domain. 3) Subdomain: "www" is the subdomain. It is an optional prefix added to the domain name to create specific web addresses or to organize content within a domain. In this example, "www" is commonly used to denote the World Wide Web portion of the website. Together, these components form a complete URL that specifies the protocol (https://), subdomain (www), second-level domain (example), and top-level domain (.com). Top-Level Domain Types There are five official types of TLDs: 1) Generic Top-level Domains (gTLD): Domains that can be used by anyone, without restrictions. 2) Country Code Top-level Domains (ccTLD): Domains that signal that your website operates in a certain country. Many of these domains require you to prove that you live and/or do business in the appropriate country. 3) Sponsored Top-level Domains (sTLD): These domains are overseen by specific authority companies/organizations and typically have specific requirements for registration. 4) Infrastructure Top-Level Domain (ARPA): This domain extension is used by the Internet Engineering Taskforce. 5) Test Top-Level Domains (tTLD): These TLDs are intended for documentation and website testing. The first two types are the most common on the internet. NETWORK SECURITY & MANAGEMENT Generic top-level domains are some of the oldest types of extensions, and there are eight of them: Original top-level The original meaning of the domain ending domain.com Open domain for commercial web offers.org Open TLD for non-profit organizations.net Open address for Internet service providers Strictly limited extension for internationally operating.int companies, organizations and programs.edu Domain intended for trade schools and universities.gov Domain for government institutions TLD is available only to departments, services, and agencies.mil of the U.S. Department of Defense Some of the most popular ccTLDs are: Country-specific top-level domain Domain ending meaning.ch Switzerland.cn China.de Germany.eg Egypt.es Spain.fr France.it Italy.in India 4.6.2 Objectives of DNS The Domain Name System (DNS) serves several key objectives in computer networking and the internet: 1) Mapping Domain Names to IP Addresses: The primary function of DNS is to translate human-readable domain names (like "example.com") into machine-readable IP addresses (like "192.0.2.1"). This mapping allows users to access websites, send emails, and perform other network activities using familiar domain names rather than numerical IP addresses. NETWORK SECURITY & MANAGEMENT 2) Hierarchical Structure: DNS organizes domain names in a hierarchical structure, which helps in efficient and scalable management of the naming system. This hierarchy includes top-level domains (TLDs), such as.com,.org,.net, and country-code TLDs like.uk,.fr, etc. 3) Distribution of Authority: DNS implements a distributed database system, where different parts of the domain namespace are managed by various organizations and servers. This decentralization ensures reliability, scalability, and fault tolerance of the DNS system. 4) Load Distribution and Load Balancing: DNS can be used to distribute incoming network traffic across multiple servers, thereby optimizing resource usage and improving performance. This is achieved through techniques like round-robin DNS and geographic load balancing. 5) Alias and Redirection: DNS supports aliasing and redirection, allowing multiple domain names to point to the same IP address or to different IP addresses based on various criteria such as geographic location or server availability. 6) Caching: DNS servers cache DNS records to reduce the time and resources required to resolve domain names. Cached records can be reused for subsequent requests, improving the overall efficiency of DNS resolution and reducing network latency. 7) Security: DNS plays a crucial role in security by supporting mechanisms like DNSSEC (Domain Name System Security Extensions), which provides data integrity and authentication of DNS data to prevent DNS spoofing and other malicious activities. 8) Scalability and Growth: DNS is designed to accommodate the growth of the internet and the increasing number of domain names and network devices. Its distributed architecture and hierarchical structure make it highly scalable and adaptable to changes in network topology and size.