Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CS5008: Internet Computing

advertisement 
CS5008: Internet Computing
Lecture 14: Application Layer and Text-based Applications
A. O’Riordan, 2009, revised 2014
Some slides based on Fitzgerald and Dennis, 2010
Upper layers
• Recall that the OSI model has different upper
layers to the Internet model
• OSI's session management is contained in
the transport-layer protocols (TCP), or
otherwise considered part of application layer
• The presentation layer is concerned with the
formatting of information
OSI
vs.
Internet
– considered part of application layer in Internet
model
– functions: encoding, encryption, compression
– e.g. video, for example, is typically transmitted
in format such as MPEG
2
Internet Application Layer
• Internet applications include:
Application Layer
– text-based applications:
 file transfer (FTP)
Transport Layer
 remote login/shell (TELNET, SSH)
– Web (HTTP, TLS/SSL)
– email (SMTP, POP, IMAP)
– multimedia streaming
– videoconferencing, VoIP
– others, e.g. support protocols, routing protocols (DHCP, DNS, RIP, BGP, …)
3
Application architectures
Determined by how functions of application programs are spread among
clients and servers
• Host-based architecture: server performs almost all functions
• Client-based architecture: client performs most functions
• Client-server architectures
– functions shared/split between client and server
– multi-tier, e.g. 3-tier architecture – separate into presentation logic,
application logic and data access/data storage
• New application architectures such as cloud
4
File Transfer
• Enables sending and receiving of (text or binary) files over the Internet
• Requires an application program on the client computer and a server
program on a server
• Well known protocol is FTP (File Transfer Protocol)
– note: FTP was one of first ARPANET applications; RFC 959 1985
• FTP has official URI scheme ftp, i.e. ftp://ftp.domain.tld/path
• FTP uses TCP
• Other file transfer protocols on Internet
– e.g. Trivial File Transfer Protocol (uses UDP; simpler than FTP); HTTP;
Bittorrent (peer-to-peer)
5
How FTP Works
• Client initiates connnection
– user commands such as GET are translated into FTP commands such as RETR
– separate control and data connections
– two most common transfer modes are ASCII mode and binary mode
• Protocol Interpreter (PI) implements the FTP protocol itself (port 21),
while Data Transfer Process (DTP) performs data transfer using separate
TCP session (port 20)
– control connection open for the duration of the session
– server responds on the control connection with three digit status codes
– data connection for transfer
• FTP sites can requires an account name and password
6
TELNET
•
TELNET (Teletype network) allows bidirectional interactive text-oriented
communications facility
– remote login enabling full control of the host
– bidirectional communication with command line interface
– anything can be done from command prompt can be done remotely
•
TELNET was first ARPANET application protocol – RFC 15 1969
– TCP/IP version defined in RFC 854 1983
Teletype
Terminal
______
________
_________
|
|
______
______
|
|
|
|
| USER |
|
|
|
|
|SERVING |
|
|-----| HOST |----|
|---//---|
|---| HOST
|
|_________|
| A
|
|
|
|
|
| B
|
|______|
|______|
|______|
|________|
University
Stanford
of Utah
Research
Institute
diagram from RFC 15 (ed. Carr)
7
TELNET operation
• Requires an application program on the client computer and a TELNET
server program on a server
– client program emulates a “dumb” terminal – virtual terminal
– typically uses TCP port 23
– control and data send in-band (interspersed)
• Can require account name and password
• Insecure: by default, does not encrypt any data sent over the connection;
SSH now preferred for this reason
• Other (insecure) remote execution protocols – largely now obsolete
– rlogin – Unix-only remote login via TCP port 513
– rsh – execute shell commands as another user and on another computer
8
SSH
• SSH is a client-server protocol for secure remote access
– used primarily on Unix/Linux based systems as replacement for older insecure
protocols such as telnet, rsh, rlogin
• SSH enables encryption and uses public-key cryptography for
authentication
– uses a pair of computer generated keys – one public and one private
– a copy of the client's public key must be uploaded to the server; when the
client connects to the server it proves that it has the secret, or private
counterpart to the public key on that server, and access is granted
• Transmission can also be compressed
9
Aside: Background to SSH
• Created by Tatu Ylönen in 1995, a student of Helsinki University of
Technology
– Founded SSH Communications Security to market and develop SSH
• Revised version of the protocol SSH-2 was designed in 1996
– Standards Track RFC 4251 in 2006
• Popular open source implementation is OpenSSH
10
SSH Architecture (Client-Server)
• SSH Server: A program that allows incoming SSH connections to a
machine, handling authentication, authorization
• Clients: A program that connects to SSH servers and makes requests for
service
• Session: An ongoing connection between a client and a server
•
SSH-2 protocol has an layered internal architecture
– transport layer – send plaintext; encryption, compression and integrity
verification
– user authentication layer – using passwords and public keys
– connection layer – using channel requests
11
Secure file transfer – SFTP
• Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell SSH
protocol
• SFTP encrypts both the username/password and the data being
transferred
• Uses the same port as the Secure Shell server eliminating the need to
open another port on the firewall
12
Other uses of SSH
• Port Forwarding – tunnelling
• Secure copy, SCP, copies to a remote host
– like rcp (historical)
• Executing a single command on a remote host (replacing rsh)
• Securely mounting a directory on a remote server as a filesystem – SSHFS
13
Security features
• Password authentication
• Public key authentication
• Host key fingerprints
– used by a server to prove its identity to a client and by a client to verify a
"known" host; prevent man-in-the-middle attacks
• Data encryption
• Data integrity
– Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC)
algorithms to greatly improve upon the original Secure Shell's (SSH1) simple
32-bit CRC data integrity checking method
14
Instant Messaging (IM)
• A client-server program that allows real-time messages to be exchanged
– client needs IM client software; server needs IM server software
• Open protocols such as talk, IRC (Internet Relay Chat), XMPP
– proprietary systems include AIM, Windows Live Messenger, Google Talk,
iMessage, Skype, Yahoo! Messenger
• Some systems allow voice and video packets to be sent like a telephone
• Two step process:
1. telling IM server that you are online
2. chatting
15
Related documents
Telnet/ssh
Telnet/ssh
Internet Architecture Contents
Internet Architecture Contents
Configuring SSH
Configuring SSH
Oct03 Science - Collegiate Quizbowl Packet Archive
Oct03 Science - Collegiate Quizbowl Packet Archive
Slide 1
Slide 1
Directions to SSH 1324
Directions to SSH 1324
E-business Website Development Lab
E-business Website Development Lab
adding OneID to existing SSH servers
adding OneID to existing SSH servers
IP Addresses - Dijaski.net
IP Addresses - Dijaski.net
Download
advertisement