An application used to transfer files from
one host to another and to store the files
on the requesting host.
one host to another and to store the files
on the requesting host.
File Transfer Protocol (FTP)
is the protocol that defines how a file can be transferredfrom one host to another. For a file to be transferred from one host to
another, the FTP on the initiating host creates the request for a file, and FTP on
the FTP server processes the requests for a file. A programmer who would like to
learn all of the idiosyncrasies of FTP should read RFC 959.Two hosts are involved in an FTP session. One host requests a file, and the
other host has a copy of the file and transfers a copy to the requesting host. Files
can be transferred in either a text or binary format.
The host that is requesting the service is called a client, and the host that provides
the service is called a server. These two hosts establish a client/server relationship,
which is simply one host making requests of another.The requesting host uses an application to request the file. The application
may be a word processor, an
FTP command-line utility
, or an
FTP command
interpreter
. The FTP command-line utility enables a host to connect to an
FTP
server
without using a fancy interface by having the user simply enter FTP commands
at the command line. FTP connects to the FTP server, and the user is requested to log in.The user must supply a username and a password. In the screen capture below, a connection was made to an FTP server at ftp.microsoft.com . In this
FTP session, the user logged in with the account name ftp and no password
Most FTP sites will allow an anonymous user to log in with no password.
When prompted for a username, you can type anonymous . However, because
anonymous is so difficult to spell, you might want to log in by typing
ftpas your anonymous username. Although no password is required, using your e-mail
address as a password is considered “good FTP etiquette” when using the anonymous
account.How FTP Works
The first packet that is sent from the requesting host to the FTP server is a
TCP/IP packet requesting to set up a connection. In this example, the packet was
sent to TCP port 21 on the FTP server. The requesting host chose a non-wellknown
port to listen for the reply. In this case, the requesting host chose 1177 as
the return port and will be listening for a response sent to that port number. In
the next screen capture, the first TCP/IP packet is shown as the requesting host
makes a request from the source port of 1177 to the destination port of 21.
The FTP application was listening at port 21. Upon receiving the request, the
application sent back an
FTP/TCP/IP
packet to set up the connection and ask
that the client send back the username to log in. In this return packet, the FTP
server is the source, and the FTP client is the destination. The FTP server sends
this reply to port 1177, where the FTP client said it would be listening. In the FTP
header that the FTP server built, the FTP server is passing FTP information to the
FTP client. Notice in the screen capture that the source port labeled src:is set to port
1177. Harry, the requesting host, has decided that the FTP server should send
data back to this port. The following screen capture shows the next packet in the sequence, where the FTP server replies to the FTP client.
This dialog continues as the FTP server responds to the FTP client’s requests.
The client will be able to see a list of files that are available and request either one
or more server files be transferred.The command-line FTP client application requires that the user know the FTP
commands and how to use them. Another way that the user can connect to an
FTP server—without knowing how to use the commands—is to use an FTP command
interpreter. Several of these interpreter applications are available on the
Internet; some are shareware, and some can be downloaded and used for a trial
period. An example of one that can be downloaded for a 30-day trial before you
buy it is
CuteFTP
. CuteFTP has an easy-to-learn and easy-to-use interface. This
client application interprets the user’s clicks, translates them to FTP commands,
and passes those commands to the FTP server. Another example of an FTP command
interpreter available on the Internet is FTP Voyager.
For FTP to work, the server must be running an FTP server application, and the client must be using an FTP client application.
Hypertext Transfer Protocol (HTTP)
it is a set of rules for exchanging files on the Internet. This is the protocol that your Web browser uses when surfing the Internet.
Unlike FTP, HTTP is designed so that very little user intervention is required. HTTP
transfers preformatted files that are displayed in their browser instead of just saved
to disk. The HTTP application runs on a Web server and listens for requests, and
then responds by sending files back to the requestor. A Web server is a server that has
the HTTP service application running on it. HTTP listens at a TCP port, usually portit is a set of rules for exchanging files on the Internet. This is the protocol that your Web browser uses when surfing the Internet.
Unlike FTP, HTTP is designed so that very little user intervention is required. HTTP
transfers preformatted files that are displayed in their browser instead of just saved
to disk. The HTTP application runs on a Web server and listens for requests, and
then responds by sending files back to the requestor. A Web server is a server that has
80 for requests, and then transfers the requested file back to the requestor. The requesting host displays the file in a Web browser application. The client makes the HTTP request by issuing a command to their Web browser. The command is initiated by typing a Uniform Resource Locator (URL) , (such as www.ep6network.blogspot.com) in the address line of the Web browser or by clicking a hyperlink on a page that is being displayed by the Web browser. The Web browser formats the client’s request into an HTTP/TCP/IP request packet with a destination port of 80.At the Web server, the HTTP application is listening at port 80 for any requests.
After the packet is received, the appropriate file is retrieved and packaged for delivery
to the client. The packets leave the Web server, and upon arrival at the client,
the Web browser decodes the Hypertext Markup Language (HTML) file and displays
it onscreen with the proper formatting.So, let’s look at what is really happening when you connect to a Web site:
1.You open your Web browser and type in the URL
www.ep6network.blogspot.com.
2.Your Web browser creates the TCP/IP packet and sends it to a Web server
somewhere on the Internet. In other words, little ol’ you makes a request
of a big Web server to set up a connection.
3.The Web server hears your request at port 80 and sends back a packet to
you that says, “Okay, I’ll set up a connection with you.”
4.Now that you have a connection with the Web server, you request that the
Web server send you its default page.
5.The Web server receives your response and gets the file that you
requested. The file is put into one or more packets, depending on how
big the file is, and it is sent to you.
6.Your Web browser receives the packets and sends back an acknowledgment
that they were received. If the Web server does not get an acknowledgment
from you, the packet is re-sent.
7.Your Web browser displays the information that you requested on your
screen as the packets are received.
Ports and Firewalls
Every packet that travels on the network contains several pieces of information
that is used to ensure that it arrives at its destination. Part of the information in
the header provides the destination hardware (MAC) address, another part provides
the destination IP address, and another part provides the destination port.
As a packet is gaining admission to a network and before a packet reaches its destination,
a firewall can be used to protect the destination host from a malicious
packet. A firewall will disallow packets with a destination address and port that
are not permitted.
Requesting a Service in the TCP/IP Stack
Imagine the TCP/IP stack as an extremely tall office building with two towers.
The two towers share the same lobby and each tower has 65,536 floors. Because
they are part of the same building, these two towers have the same physical or
street address. The street address in this analogy is the hardware (MAC) address.
Suppose you want to make a request of a company located in this building. To
do so, you need to know the address of the building and the floor on which the
company does business. Using the street address helps you to arrive at the correct
building. Once in the lobby, you make your way to the elevators so that you can
travel up to the company’s floor. As you arrive at the bank of elevators, you need
to know which set of elevators to use. One tower is the TCP tower and the other
is the UDP tower. For this example, you need to access TCP port 80 to find the
company that you’ve come here to do business with. You get on the TCP elevator
and go to the 80th floor. As the elevator door opens, a concierge meets you to
handle your service requests. You make your service request, and the concierge
begins to process your request.
As discussed earlier in this chapter, TCP port 80 is the port where an HTTP service
listens for requests. As the elevator door opens at the 80th floor, it is an HTTP
service that waits to process your request. If you access the 21st floor, an FTP service
will be waiting to process your request. When programmers write a service,
they determine which port they want the service to be listening at. When a client
sends a packet to the server that is hosting the service, the client must make a
request of the correct port. If the service is listening at port 80, and a client makes
a request at port 81, the request will not be processed because there is no service
listening at port 81.Imagine our towers and all of the empty floors. A server does not run 65,536
services, and definitely not in both the TCP and UDP buildings. With all these
empty floors, we don’t want visitors to get off the elevators at floors that are not
occupied, or not running a service. If there are bad guys out there trying to infiltrate
our building, they would probably try to enter through a floor where no service
and no security measures have been set up. On the floors where we have a
service running, the service has a level of built-in security, but on the floors with
no service running, an intruder could access the floor.
The Firewall is Protecting the LAN
On a Local Area Network (LAN), every host is like the TCP/IP building that was just
described. To protect the LAN from intruders, most administrators implement a
firewall
. A firewall is a combination of hardware and software that is installed at the
edge of the LAN. The firewall works like a military checkpoint on the edge of a city.
An administrator puts a firewall at every entrance to the LAN. Every packet that tries
to make its way onto the LAN must pass through the checkpoint and be inspected.
Most firewalls are set up to stop all traffic initially, and the administrator configures
rules to allow certain traffic onto the LAN. The administrator may also configure the
firewall to deny certain traffic from leaving the LAN.
Picture an island with a city full of TCP/IP buildings, and the only way to get on
or off the island is to cross a bridge. This connection to the island—the bridge—is
where a checkpoint belongs. If there are other ways to access the island, a checkpoint
must be at each path. On a network, a firewall must be placed at every
entrance or exit to the Internet. At the checkpoints, each packet is examined, and
based on the rules established by the administrator, the packet is either allowed or
denied access.
These rules are set up based on IP addresses, DNS names, protocols, and ports.
The administrator creates rules based on the services that the administrator wants
to make available to other networks. For example, without an FTP server on the
LAN, the administrator will deny any inbound packet that is trying to connect to
port 21. If the LAN has an FTP server, and the administrator would like someone
outside of the LAN to have access to the FTP server, the administrator can create
a rule that allows a packet addressed to the server and port 21 to enter the LAN.
Without a firewall, your TCP/IP buildings are not secure. All packets are allowed
to enter the island and access the destination host. When a packet is allowed access
to the LAN, the packet can arrive at the destination host and travel up to the 21st
floor. Even though no service is running on the 21st floor, the elevator door will
open, and the packet will have access to the host.
Every network must be secured by a firewall. An administrator can also put
a firewall right in front of a server or running on the server so that the server will
be double protected. With several firewall products available, administrators
need to evaluate and implement the best solution for their networks. This evaluation
includes taking a good look at the how sensitive or critical the data is and
how much money is in the budget for the firewall solution.
Some Web sites on the Internet will test your machine’s vulnerability to TCP/IP
attacks. From your favorite search engine, search for “firewall vulnerability test,” and
you should find a couple of free, online vulnerability testing sites.
attacks. From your favorite search engine, search for “firewall vulnerability test,” and
you should find a couple of free, online vulnerability testing sites.
0 responce(s):
Post a Comment