Lectures 2001: Applications 24.4.2001 in English / Inte ännu på svenska Kalvot tekstinä / Text on the slides Applications: Introduction Applications: Internet layer model vs. OSI layer model Remote login: General Remote login: Telnet Remote login: SSH File Transfer and Access: General File Transfer and Access: FTP File Transfer and Access: FTP (ftp) File Transfer and Access: FTP (ncftp) File Transfer and Access: NFS E-Mail: General E-Mail: Protocols - SMTP E-Mail: Protocols - POP E-Mail: Protocols - IMAP E-Mail: Protocols - MIME SSL (Secure Socket Layer) Firewalls: General Firewalls: Techniques Kalvot kuvina / Slides as pictures Introduction Applications: Introduction Applications: Internet layer model vs. OSI layer model Remote login: General Remote login: Telnet Remote login: SSH File Transfer and Access: General File Transfer and Access: FTP File Transfer and Access: FTP (ftp) File Transfer and Access: FTP (ncftp) File Transfer and Access: NFS E-Mail: General E-Mail: Protocols - SMTP (1) E-Mail: Protocols - SMTP (2) E-Mail: Protocols - POP E-Mail: Protocols - IMAP E-Mail: Protocols - MIME SSL (Secure Socket Layer) Firewalls: General Firewalls: Techniques 1. Applications: Introduction Comer: Chapters 25, 26, 27 Applications are The Idea of the Internet. Because of the applications, Internet exists. 2. Applications: Internet layer model vs. OSI layer model Internet layer model's application layer covers OSI layer model's application, presentation and session layers. 3. Remote login: General Tnsparency Standard interface Negotiable options most use TCP Non-secure applications have stepped aside, secure applications are used now The use of secure applications after non-secure Authentication What rlogin used to be, certificates and SSO (Single Sign On) are now 4. Remote login: Telnet Standard Telnet is not secure An excellent tool, also as part of applications & scripts Telnet works in cases where NAT makes VPN (Virtual Private Network) connections a pain to implement Telnet exists in virtually all hosts, even out-of-the-box Many older applications use telnet as their connection method even now 5. Remote login: SSH SSH (Secure Shell) created by Tatu Ylönen First time use Encryption algorithms Can be chosen Session key is symmetric Session key transferred by asymmetric encryption Tunneling Forwarding X11 Different clients SSH Communications's SSH client F-Secure Secure Shell OpenSSH (free) Tera Term SSH (free) 6. File Transfer and Access: General File servers FTP (File Transfer Protocol) File servers provide storage for variety of applications Shared files NFS (Network File System) Consolidated data sharing OS sharing? Emulators Kernel implementation Applications 7. File Transfer and Access: FTP Standard, old protocol, uses TCP Web uses FTP Interactive Format specification Authentication File servers (anonymous FTP) vs. transfering files from OS accounts Control and data transferred separately ncftp, tftp (UDP, Sorcerer's Apprentice Bug) help, mget, lcd 8. File Transfer and Access: FTP (ftp) beta: ~ >ftp ftp.funet.fi Connected to ftp.funet.fi. 220-Hello UNKNOWN at beta.hut.fi, ... Name (ftp.funet.fi:zarr): ftp 331 Guest login ok, give your E-mail address for password. Password: zarr@ (typing does not show) 230-Guest `zarr@beta.hut.fi' login ok. ... Remote system type is UNIX. Using binary mode to transfer files. ftp> cd pub/unix/security 250 CWD command successful. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for . ... ftp> ls -lat 200 PORT command successful. 150 Opening ASCII mode data connection for -lat. ... ftp> quit 221-Goodbye, and thank you for using the FUNET archive. 221 You transferred 4 KBytes during this session. 9. File Transfer and Access: FTP (ncftp) beta: ~ >ncftp ftp.funet.fi Resolving ftp.funet.fi... Connecting to 193.166.3.2... Welcome to the FUNET archive, Please login as `anonymous' with your E-mail address as the password to access the archive. ... Logging in... Guest `zarr@beta.hut.fi' login ok. ncftp /pub > cd pub ncftp /pub > cd FreeBSD ncftp /pub/FreeBSD > more README ncftp /pub/FreeBSD > ls -lat *README* .... ncftp /pub/FreeBSD > quit 10. File Transfer and Access: NFS Developed by Sun Microsystems RPC (Remote Procedure Call) XDR (eXternal Data Representation) Security? Problems Delays Timeouts Quota (residue files) 11. E-Mail: General Most widely used application E-Mail is NOT connection oriented, do NOT build time critical applications over it MTA & Client Sendmail procmail formail fetchmail Outlook Exchange Pine mutt vm (emacs) elm mail over HTTP(S) PGP qmail postfix Netscape Domino Spooling mail boxes mailing lists user and domain control 12. E-Mail: Protocols - SMTP SMTP (Simple Mail Transfer Procol) beta: ~ >telnet taku.hut.fi smtp Trying 130.233.228.87... Connected to taku.hut.fi. Escape character is '^]'. 220 taku.hut.fi ESMTP Sendmail 8.9.3/8.9.3; Tue, 24 Apr 2001 08:55:02 +0300 (EET DST) helo taku.hut.fi 250 taku.hut.fi Hello zarr@beta.hut.fi [130.233.224.51], pleased to meet you mail from: zarr@cc.hut.fi 250 zarr@cc.hut.fi... Sender ok rcpt to: zarr@iki.fi 250 zarr@iki.fi... Recipient ok data 354 Enter mail, end with "." on a line by itself Reply-To: zarr@iki.fi X-Note: This has been send by hand! blah blah blah blah blah blah . 250 IAA01632 Message accepted for delivery quit 221 taku.hut.fi closing connection 13. E-Mail: Protocols - POP POP3 (Post Office Protocol) beta: ~ >telnet mail.foobar.com pop3 Trying xxx.yyy.zzz.vvv... Connected to mail.foobar.com Escape character is '^]'. +OK InterMail POP3 server ready. USER foo +OK please send PASS command PASS password -ERR invalid user name or password. quit +OK foo InterMail POP3 server signing off. 14. E-Mail: Protocols - IMAP IMAP (Interactive Message Access Protocol) beta: ~ >telnet mail.foobar.com imap Trying vvv.xxx.yyy.zzz... Connected to mail.foobar.com. Escape character is '^]'. * OK IMAP4 server (InterMail vM.4.01.02.33 201-229-119-116) ready Tue, 24 Apr 2001 09:29:29 +0300 (EET DST) a001 AUTHENTICATE KERBEROS_V4 a001 NO Unsupported authentication mechanism a001 LOGIN foo password a001 NO Account is not allowed to use IMAP a001 LOGOUT * BYE IMAP4 server terminating connection a001 OK LOGOUT completed 15. E-Mail: Protocols - MIME MIME (Multipurpose Internet Mail Extensions) Encodes data into ASCII ISO-8859-1 includes our character set MIME-Version: 1.0 Content-Type: plain/text; charset="iso-8859-1" Multipart/Mixed; Boundary=Next Content-Transfer-Encoding: 8bit Problems? Embedded 16. (Secure Socket Layer) Created by Netscape Under application layer Certificates and Certificate Authorities Support for many encryption algorithms Diffie-Hellman, Fortezza key exchange Provides messages signing, encryption, authentication SSL & proxy 17. Firewalls: General Firewalls filter network traffic Firewalls have holes or doors Firewalls are placed at the entrance points of network How does a firewall the different characteristics of information? Confidentiality, Access control (Luottamuksellisuus) Availability (Saatavuus) Integrity (Eheys) Authentication & Authorization (Todennus ja valtuutus) Non-repudiation (Kiistämättömyys) Logs and monitoring 18. Firewalls: Techniques Packet filtering Kernel based packet filtering FreeBSD, OpenBSD, Linux 2. Proxys & bastion host Connection control and data, TCP and UDP Firewall products are a combination of different characteristics Basic rule: Deny all traffic that has not been allowed DNS (Domain Name Service) NAT (Network Address Translation) Benefitial Problems

Tämän sivun sisällöstä vastaavat verkkojen assarit ja Sanna Liimatainen, sähköposti: verkot@tml.hut.fi Last modified: Wed Apr 25 10:55:07 EEST 2001