6.06.1 Summarize services provided by networked hosts Part 1

Introduction 

You've already learned about some network services like DHCP and DNS. Now, we'll dive into more services that are crucial for managing and securing network resources. Understanding these services has practical applications, like setting up shared file systems in an office, securing remote access for employees, or monitoring network health to quickly solve problems. Mastering these concepts enables you to keep networks running smoothly and help others navigate technical issues with ease. 

File and Print Servers 

One of the main functions of a network is to allow users to share disk space and printers. This is done using a client/server setup. Here’s how it works: 

  • Server: The machine that hosts the shared disk (fileshare) or printer. 

  • Client: The computers that access these shared resources over the network. 

File and print sharing can be set up on a local network using specific software for different operating systems, such as File and Print Services for Windows Networks. You can also use TCP/IP protocols like File Transfer Protocol (FTP) for sharing files. 

Server Message Block (SMB) 

Server Message Block (SMB) is the main protocol used for file and printer sharing on Windows networks. It usually works over TCP port 445

Key points about SMB: 

  • Current Version: SMB3 is the latest version, while older versions like SMB1 have serious security issues and are disabled by default in current Windows versions. 

  • Support for Linux: UNIX or Linux machines use Samba software to support SMB, allowing Windows clients to access Linux file or print servers. 

  • CIFS: SMB is sometimes called Common Internet File System (CIFS), but technically, CIFS only refers to a specific type of SMB version 1

Network Basic Input/Output System (NetBIOS) 

Early Windows networks used NetBIOS to let computers communicate using names and establish sessions for other protocols like SMB. When TCP/IP became the standard, NetBIOS was adapted to work over TCP and UDP, called NetBIOS over TCP/IP (NetBT)

Obsolete Technology: Modern networks now use IP, TCP/UDP, and DNS for these functions. NetBT is considered outdated and should be disabled to reduce security risks. It's only needed for file sharing on networks with Windows versions earlier than Windows 2000

Ports Used: 

  • UDP/137 for name services. 

  • TCP/139 for session services. 

File Transfer Protocol (FTP) 

File Transfer Protocol (FTP) allows clients to upload and download files from a network server. It’s often used for uploading files to websites.

  • Security Risks: Regular FTP is unencrypted, meaning passwords are sent in plaintext, making it insecure. 

  • Encrypted Alternatives: Secure methods like FTP-Secure (FTPS) and FTP over Secure Shell (SFTP) are now commonly used to protect data during transfer. 

Ports: 

  • TCP/21 to establish a connection. 

  • TCP/20 for data transfer in "active" mode or a server-assigned port in "passive" mode. 

Web Servers 

A web server provides access to websites and web applications using HTTP or its secure version, HTTPS. Today, web servers support a vast range of services beyond just displaying static pages; they can host complex applications, process data, and deliver multimedia content. 

HyperText Transfer Protocol (HTTP) 

HTTP allows clients, usually web browsers, to request resources from a server. Here’s how it works: 

  • The client connects to the web server using TCP port 80 (default for HTTP). 

  • The client sends a GET request to fetch a resource. 

  • The server responds by delivering the requested data if it is available or returns an error code if not. 

HTTPS uses encryption to secure data exchange between the client and the server, typically using TCP port 443

HyperText Markup Language (HTML) and Web Applications 

Web servers commonly deliver HTML files, which are text documents with tags describing how they should be displayed. Web browsers interpret these tags to show text, images, and other multimedia content. 

Key Features of HTTP: 

  • Hyperlinks: Allow users to jump between documents. 

  • Forms: Allow users to submit data from the client to the server using the POST method. 

  • Web Applications: Extend server functionality with scripting and programmable features for more dynamic content and user interaction. 

Uniform Resource Locators (URLs) 

A URL is an address that identifies the location of a resource on the Internet. It includes all the details needed to access that resource. 

Example URL: 

https://store.comptia.org/bundles/aplus.html 

  • Protocol: https 

  • FQDN: store.comptia.org 

  • File Path: /bundles/aplus.html 

Web Server Deployment 

Organizations usually lease web server space from an Internet Service Provider (ISP). However, larger organizations with their own datacenters might host websites internally. 

Example Elements of a URL: 

  1. Protocol: The method of access (e.g., HTTP, HTTPS). 

  2. Host Location: Usually represented by a Fully Qualified Domain Name (FQDN) (e.g., www.example.com). This part is not case-sensitive. An IP address can also be used; IPv6 addresses must be enclosed in square brackets. 

  3. File Path: Specifies the directory and file location of the resource. This part may or may not be case-sensitive, depending on server settings. 

Web servers can also be used within private networks: 

  • Intranet: Allows access only to local users within an organization. 

  • Extranet: Extends access to authorized remote users, typically through secure connections. 

Mail Servers 

Electronic mail (email) allows a user to create a message and send it to another person, either on the same network (intranet) or anywhere on the Internet. Two main types of servers and protocols handle email: 

  1. Mail Transfer Protocols: Used to send and relay messages between email servers. 

  2. Mailbox Access Protocols: Used by clients to retrieve and manage their emails from the server. 

Email Address Structure 

  • Internet Email Address: Follows the mailto URL format, consisting of: 

Simple Mail Transfer Protocol (SMTP) 

SMTP is the protocol that defines how emails are delivered from one domain to another. Here’s how it works: 

  • The SMTP server of the sender uses the domain name in the recipient's email address to find the IP address of the recipient's SMTP server.

  • The DNS system registers these SMTP servers using Mail Exchange (MX) and host (A/AAAA) records. 

Common SMTP Ports and Security 

  • Port TCP/25: 

    • Used for message relay between SMTP servers, also known as Message Transfer Agents (MTAs)

    • Typically unsecure, making it vulnerable to misuse. 

  • Port TCP/587: 

    • Used by email clients, or Message Submission Agents (MSAs), to submit messages to an SMTP server for delivery. 

    • Servers supporting port 587 usually implement encryption and authentication for enhanced security. 

Mailbox Servers 

When an SMTP server receives an email, it delivers the message to a mailbox server. The mailbox server stores the message until the user retrieves it. The mailbox server can be a separate machine or a separate process on the same computer. To access the messages, users use mailbox access protocols

Post Office Protocol 3 (POP3) 

POP (often referred to as POP3 because the current version is version 3) is one of the earliest mailbox access protocols. It allows users to download messages from the server to their local computer. 

Client Applications: Examples include Microsoft Outlook® and Mozilla Thunderbird®. 

  • Ports: 

    • TCP/110: Default port for POP3 connections. 

    • TCP/995: Secure port for encrypted connections (POP3S). 

How It Works: The client connects to the POP server, authenticates using a username and password, and then downloads the contents of the mailbox. 

Message Handling: Typically, messages are deleted from the server after being downloaded to the local PC. Some clients, however, offer the option to leave the messages on the server. 

Internet Message Access Protocol (IMAP) 

IMAP is another mailbox access protocol that addresses some limitations of POP. Unlike POP, IMAP allows users to manage their mailbox directly on the server, which is useful when accessing the same mailbox from multiple devices.

Mailbox Management: IMAP lets users: 

  • Keep messages on the server. 

  • Organize messages into folders. 

  • Control when messages are deleted.

Multiple Connections: IMAP supports multiple clients connecting to the same mailbox simultaneously.

  • Ports: 

    • TCP/143: Default port for IMAP connections (unsecure). 

    • TCP/993: Default port for IMAP-Secure (IMAPS) with encryption using TLS

Directory and Authentication Servers 

To keep a network secure, clients must be authenticated and authorized before connecting to resources like fileshares and mail servers. This is typically managed using a directory server that holds a central database of user accounts. Once authenticated, users can access multiple resources through single sign-on (SSO)

Lightweight Directory Access Protocol (LDAP) 

  • LDAP is a TCP/IP protocol used to query and update directories based on the X.500 standard. 

  • A directory is like a database where objects (similar to records) contain information (attributes) about them. 

  • Examples of directories include: 

    • Windows Active Directory

    • OpenLDAP (open-source). 

  • Ports: 

    • TCP/389 and UDP/389 are the default ports for LDAP.

Authentication, Authorization, and Accounting (AAA) 

AAA is a system that centralizes authentication services across different network access devices, improving security and simplifying access management. 

Components: 

  • Supplicant: The device requesting access (e.g., a user’s PC or laptop). 

  • Network Access Server (NAS) or Network Access Point (NAP): Appliances like switches, access points, and VPN gateways that control network access. Also called "AAA clients" or "authenticators." 

  • AAA Server: The centralized server that authenticates users within the local network. 

How It Works: 

  • The NAS or NAP forwards the user's authentication credentials to the AAA server

  • The AAA server then processes the authentication, ensuring that network devices don’t need to store sensitive information locally. 

  • Common Protocol: Remote Authentication Dial-In User Service (RADIUS) is often used to implement AAA, allowing for secure forwarding of user credentials to the AAA server. 

Remote Terminal Access Servers 

Remote terminal servers allow a host to accept connections to its command shell or graphical desktop from a network. This concept comes from early computing days, where terminals (TTY devices) were used for input and output between a user and a computer. A terminal emulator is software that mimics this terminal function and can connect to different types of command shells. Remote terminal emulators extend this functionality over the network, enabling access to a shell on a different host. 

Secure Shell (SSH) 

  • SSH is the main protocol for secure remote access to UNIX and Linux servers, as well as many network appliances (like switches, routers, and firewalls).

  • Capabilities: 

    • Provides encrypted terminal emulation

    • Supports Secure File Transfer Protocol (SFTP) and other network configurations.

  • Platforms: Available for UNIX, Linux, Windows, and macOS. 

  • Popular Tool: OpenSSH (openssh.com) is the most widely used SSH server. 

  • Default Port: TCP/22.

Telnet 

  • Telnet is a protocol and a terminal emulation software used to transmit shell commands and outputs between a client and a remote host. 

  • Default Port: TCP/23. 

  • Security: 

    • Allows password protection but does not encrypt passwords or communications, making it vulnerable to packet sniffing and replay attacks. 

    • Historically used to configure switches and routers, but should no longer be used due to its lack of security. 

Remote Desktop Protocol (RDP) 

  • RDP is a Microsoft protocol for remote graphical user interface (GUI) connections to a Windows machine.

  • Capabilities: 

    • Sends screen and audio data from the remote host to the client. 

    • Transfers mouse and keyboard input from the client to the remote host.

  • Default Port: TCP/3389

  • Security: Administrators can set permissions and encryption on RDP connections. 

    • Cross-Platform: RDP clients are available for Linux, macOS, iOS, and Android, allowing remote access to Windows desktops from non-Windows devices. 

    • Open-Source Alternatives: Tools like xrdp (xrdp.org) provide RDP server functionality on non-Windows systems. 

Network Monitoring Servers 

SSH and RDP allow administrators to remotely log on and manage network devices like hosts, switches, routers, and firewalls. To ensure the network runs smoothly, it's important to collect information from these systems regularly. Remote monitoring helps identify actual or potential problems faster. 

Simple Network Management Protocol (SNMP) 

  • Ports: 

    • UDP/161: Used for SNMP device queries. 

    • UDP/162: Used for communicating traps to the management system. 

  • SNMP is a framework for managing and monitoring network devices. It consists of two components:

    • Agent: A process running on network devices (like switches, routers, and servers). It maintains a database called a Management Information Base (MIB), which contains statistics about the device's activity (e.g., the number of frames per second handled by a switch). 

    • Management System: Monitors all agents by polling their MIBs at regular intervals. It displays this information for review and highlights any alert-triggering events (traps).

  • Trap Operations: Agents can be set to trigger a trap (an alert) when certain thresholds (e.g., port failure) are met. 

Syslog 

  • Syslog is a protocol and software suite that facilitates centralized log collection, making it easier to review logs and respond to alerts. 

  • Log Collection: Syslog collects event messages from various devices (routers, switches, UNIX/Linux servers) and stores them in a single location. 

  • Syslog Message Structure: 

    • PRI Code: Represents the facility (type of device) and severity level of the log message. 

    • Header: Contains a timestamp and host name

    • Message Part: Shows the source process and its content. The format of the content varies depending on the application. 

  • Port:

    • Syslog collectors usually listen on UDP/514.

By using SNMP and syslog, network administrators can efficiently monitor network health, troubleshoot issues, and maintain security. 

Summary 

Understanding these core networking concepts—File and Print Servers, Web Servers, Mail Servers, Directory and Authentication Servers, Remote Access tools like SSH and RDP, and monitoring protocols such as SNMP and Syslog—will greatly benefit you in the future. These are essential skills for managing modern networks, ensuring smooth communication, security, and effective troubleshooting. By mastering these services, you'll be well-prepared for advanced IT roles, helping you excel in environments that rely on robust and secure network infrastructure. Keep building on this knowledge, as it forms the foundation for a successful career in IT!