it250_unit7 inux
TRANSCRIPT
-
7/28/2019 IT250_Unit7 inux
1/19
Unit 7
Network Services
1Copyright 2010, ITT ESI
-
7/28/2019 IT250_Unit7 inux
2/19
Most modern networks rely on two basicelements to get information to its destination
IP Addresses
Numeric address to an individual computer
Example: 127.0.0.1
Host Names
A human readable name of a machine Computers need a DNS Server to translate a Host Name
into an IP Address for this to be useful
Copyright 2010, ITT ESI 2
-
7/28/2019 IT250_Unit7 inux
3/19
IPv4 Current standard in the US
Uses 4 octets for the address
Example:
192.168.20.1
Problems: No Built-in security
Limited number of addresses Around 4 Billion addresses
Currently IPv4 uses NAT to fake extra addresses
Copyright 2010, ITT ESI 3
-
7/28/2019 IT250_Unit7 inux
4/19
IPv6 Next major version of IP
Built-in security
A very large amount of addresses
IPv4 uses 32 bits for addresses IPv6 uses 128 bits for addresses
Written in hexadecimal form with 8 sets of 4 digits
Example: 2001:cdba:af34:bbac:3979:3b12:3257:9652
Copyright 2010, ITT ESI 4
-
7/28/2019 IT250_Unit7 inux
5/19
IPv4 vs IPv6 Number of addresses
IPv4
4,294,967,296 (4 billion)
IPv6
340,282,366,920,938,463,463,374,607,431,768,211,456 (340 trillion, trillion, trillion)
To use up every single IPv6 addresses we would needto stack ten billion computers on top of each otherover the entire world including the sea.
Copyright 2010, ITT ESI 5
-
7/28/2019 IT250_Unit7 inux
6/19
We are worried about 3 things in our network
Availability
Speed
Security
Copyright 2010, ITT ESI 6
-
7/28/2019 IT250_Unit7 inux
7/19
Network Speed and Availability can beaffected by many factors
Quality of Equipment
Service Provider Distance between two points
Failures of Devices
Software Hardware
Configurations
Copyright 2010, ITT ESI 7
-
7/28/2019 IT250_Unit7 inux
8/19
Ping Used to test if a network resource is available
Sends a small ICMP packet to the destination They respond back with an acknowledgment
No reply could mean many things:
Resource is down Network Connection Issues
Destination computer is set up to ignore ICMP packets
Copyright 2010, ITT ESI 8
-
7/28/2019 IT250_Unit7 inux
9/19
Traceroute Determines how many hops it takes to get to a
destination
Finds information about the hops
Latency Name
IP Address
Useful for determining the location of a problem
Traceroute uses increasingtime-to-livesettings inthe IP packets to get this information
Copyright 2010, ITT ESI 9
-
7/28/2019 IT250_Unit7 inux
10/19
Linux has some extra tools used forgathering network information
Host
Dig Jwhois
Copyright 2010, ITT ESI 10
-
7/28/2019 IT250_Unit7 inux
11/19
Host can be used for DNS lookups Given a hostname, it will fetch the IP Address
Given an IP Address, it will fetch the hostname
Dig queries the DNS Server for domaininformation Aliases of the target machine
Which DNS servers hold information about it
How many names the target has
Copyright 2010, ITT ESI 11
-
7/28/2019 IT250_Unit7 inux
12/19
This command looks up information aboutthe owner of a website Uses the online whois database servers
Retrieves all available information
Owner
Last Updated the whois database
Server names
Physical addresses of the machines
Useful when tracking where information iscoming from (spam)
Copyright 2010, ITT ESI 12
-
7/28/2019 IT250_Unit7 inux
13/19
There are many reasons to have externalconnections to a machine
File Sharing
Gain Access to non-network devices
Use specialized software
Utilize the power of another machine to complete atask your current machine cannot
Copyright 2010, ITT ESI 13
-
7/28/2019 IT250_Unit7 inux
14/19
There are many linux programs that will allowyou to connect to machines remotely
ssh
ftp sftp
rsh
scp
Copyright 2010, ITT ESI 14
-
7/28/2019 IT250_Unit7 inux
15/19
ssh is a open source Secure Shell program
This Provides a background framework for otherapplications to connect securely
Provided at no cost
The cost and security makes them popular
Copyright 2010, ITT ESI 15
-
7/28/2019 IT250_Unit7 inux
16/19
File Transfer Protocol Build to be an easy to use file transport tool
Built with very little security in mind
Username/Password transmitted in plain text
Easy to hijack a session
In general, normal ftp should only be used forpublicly available uploads/downloads
Files that are available to the public anyways
Options like sftp can offer better security
Copyright 2010, ITT ESI 16
-
7/28/2019 IT250_Unit7 inux
17/19
Secure File Transfer Protocol
Works much like ftp, except it uses a SSHconnection
All interactions are encrypted end-to-end
Copyright 2010, ITT ESI 17
-
7/28/2019 IT250_Unit7 inux
18/19
Remote Shell Allows you to run programs on a remote machine
through your terminal window
You can only connect to machines that trust you Each machine needs to be added to trusted list
manually
Eliminates the possibility of hackers easily taking overa machine
Copyright 2010, ITT ESI 18
-
7/28/2019 IT250_Unit7 inux
19/19
Secure cp
Creates a ssh connection
Allows you to copy a file over an encrypted
connection More secure that ftp
One command can copy the file
Example: To copy the local .bashrc file to the server:
scp ~/.bashrc IT250User@DestinationMachine
Copyright 2010, ITT ESI 19