Communication Systems Network Applications - Online Services



Similar documents
FTP protocol (File Transfer Protocol)

File Transfer Protocol (FTP) Chuan-Ming Liu Computer Science and Information Engineering National Taipei University of Technology Fall 2007, TAIWAN

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

Week Date Teaching Attended 2 Jan 2013 Lab 1: Linux Services/Toolkit Dev t

Administrasi dan Manajemen Jaringan 2. File Transfer Protocol (FTP)

2.5 TECHNICAL NOTE FTP

File Transfer Protocol - FTP

Table of Contents Introduction Supporting Arguments of Sysaxftp File Transfer Commands File System Commands PGP Commands Other Using Commands

Communication Systems Internetworking (Bridges & Co)

$ftp = Net::FTP->new("some.host.name", Debug => 0) or die "Cannot connect to some.host.name: $@";

List of FTP commands for the Microsoft command-line FTP client

Windows Based FTP Server with Encryption and. other Advanced Features.

ERserver. iseries FTP

Лабораторная работа 1 Исследование протокола FTP

File Transfer: FTP and TFTP

File Transfer Protocol (FTP)

TOE2-IP FTP Server Demo Reference Design Manual Rev1.0 9-Jan-15

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

File Transfer Protocol

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:

We mean.network File System

You re probably already familiar with using a File Transfer Protocol (FTP)

Avid Technology, Inc. inews NRCS. inews FTP Server Protocol Specification. Version January 2006

Multi-threaded FTP Client

FTP e TFTP. File transfer protocols PSA1

File Transfer Protocol (FTP) & SSH

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

UNIX: Introduction to TELNET and FTP on UNIX

Network Attached Storage. Jinfeng Yang Oct/19/2015

FTP Manager. User Guide. July Welcome to AT&T Website Solutions SM

If you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:

My FreeScan Vulnerabilities Report

Prestige 310. Cable/xDSL Modem Sharing Router. User's Guide Supplement

Tera Term Telnet. Introduction

IBM Sterling Connect:Enterprise for z/os

ICS 351: Today's plan

Remote login (Telnet):

An Open Source Wide-Area Distributed File System. Jeffrey Eric Altman jaltman *at* secure-endpoints *dot* com

EMC VNX Series. Using FTP, TFTP, and SFTP on VNX. Release 7.0 P/N REV A01

15 AFS File Sharing. Client/Server Computing. Distributed File Systems

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Application-layer Protocols

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

FILE TRANSFER PROTOCOL INTRODUCTION TO FTP, THE INTERNET'S STANDARD FILE TRANSFER PROTOCOL

File Transfer Protocol

WS_FTP Server. User s Guide. Software Version 3.1. Ipswitch, Inc.

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Remote Logging. Tanveer Brohi(14cs28)

1 Introduction: Network Applications

SIM300 FTP IMPLEMENATION. (Step by Step Approach)

Guideline for setting up a functional VPN

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

TFTP TRIVIAL FILE TRANSFER PROTOCOL OVERVIEW OF TFTP, A VERY SIMPLE FILE TRANSFER PROTOCOL FOR SIMPLE AND CONSTRAINED DEVICES

Appendix. Web Command Error Codes. Web Command Error Codes

This sequence diagram was generated with EventStudio System Designer (

REMOTE FILE TRANSFER PROTOCOL BY USING MULTITHREDING

EXTENDED FILE SYSTEM FOR FMD AND NANO-10 PLC

Configuring FTP Availability Monitoring With Sentry-go Quick & Plus! monitors

FTP Server Configuration

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Socket Programming in the Data Communications Laboratory

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

CCNA 2 Chapter 5. Managing Cisco IOS Software

Cross-platform TCP/IP Socket Programming in REXX

Introduction to UNIX and SFTP

LifeSize Video Communications Systems Administrator Guide

Chapter 17. Transport-Level Security

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

Chapter 2 Application Layer. Lecture 5 FTP, Mail. Computer Networking: A Top Down Approach

Configuring the WT-4 for ftp (Ad-hoc Mode)

emedny FTP Batch Dial-Up Number emedny SUN UNIX Server ftp

Distributed File Systems. Chapter 10

Secure Network Filesystem (Secure NFS) By Travis Zigler

File Transfer Protocol (FTP) User Guide Express Logic, Inc.

EXTENDED FILE SYSTEM FOR F-SERIES PLC

FTP Plug-in User Guide

File transfer clients manual File Delivery Services

File Transfer Examples. Running commands on other computers and transferring files between computers

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Remote Management. Vyatta System. REFERENCE GUIDE SSH Telnet Web GUI Access SNMP VYATTA, INC.

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Applications and Services. DNS (Domain Name System)

TCP/UDP # General Name Short Description

WEB CONFIGURATION. Configuring and monitoring your VIP-101T from web browser. PLANET VIP-101T Web Configuration Guide

The Basics of FTP. Basic Order of Operations: Commands: FTP (File Transfer Protocol) allows a user to transfer files to/from a remote network site.

Network Working Group Request for Comments: 840 April Official Protocols

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

The Einstein Depot server

Transcription:

Scope Communication Systems Network Applications - Online Services Prof. Dr.-Ing. Lars Wolf TU Braunschweig Institut für Betriebssysteme und Rechnerverbund Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Email: wolf@ibr.cs.tu-bs.de L5 L4 L3 L2 L1 Complementary Courses: Multimedia Systems, Distributed Systems, Mobile Communications, Security, Web, Mobile+UbiComp, QoS Applications Application Layer (Anwendung) Transport Layer (Transport) Network Layer (Vermittlung) Data Link Layer (Sicherung) Physical Layer (Bitübertragung) & Addressing Transitions P2P Email Files Telnet : TCP, UDP : IP Web LAN, MAN High-Speed LAN, WAN IP-Tel: Signal. H.323 SIP Moblie IP Mobile Communications MM COM - QoS specific Media Data Flow RT(C)P Transport Network Other Lectures of ET/IT & Computer Science Introduction Security 18-l5_online_e.fm 1 5.Februar.03 18-l5_online_e.fm 2 5.Februar.03 Overview 1. Remote Login: Telnet 1. Remote Login: Telnet 2. Data Transfer - File Transfer Protocol (ftp) 2.1 Example of an ftp Session (User s Perspective) 2.2 Example for ftp Commands (System s Perspective) 2.3 Additional Information 3. Network File Systems: nfs and afs/dfs 3.1 Network File System (nfs) 3.2 Andrew File System (AFS or DFS) reads from terminal User s terminal Telnet- sends to server TCP/IP Functionality: remote login Network Virtual Terminal full screen, i.e. scrolling but no graphics capability simple terminal protocol permits negotiations of options (e.g. data transfer: binary or ASCII) Telnet- Operating System Operating System Port 23 receives Port 23 from client sends to pseudo terminal 18-l5_online_e.fm 3 5.Februar.03 18-l5_online_e.fm 4 5.Februar.03

Remote Login: Telnet (2) 2. Data Transfer - File Transfer Protocol (ftp) Implementation based on TCP connection between client and server uses Port 23 RFC 854: Telnet protocol specification J. Postel, J.K. Reynolds. May-01-1983 and supplements Telnet: example $ telnet login01.kom.e-technik.tu-darmstadt.de Trying 130.83.245.97... Connected to login01.kom.e-technik.tu-darmstadt.de. Escape character is '^]'. Technische Universitaet Darmstadt Multimedia Kommunikation - KOM login: <userid> Password:... [<userid>] ~ $ But Telnet is insecure: clear text password Hence, nowadays mainly switched off and replaced by ssh... telnet: Unable to connect to remote host: Connection refused File Transfer allows for file transfer send (put, mput) receive (get, mget) file transfer in binary textual mode (ascii) file manipulation delete (del) rename directory operations print working directory (pwd), list directory s contents (ls, dir) create /remove directories (mkdir, rmdir) change directory (cd) user identification or anonymous ftp of an account/name (user) identification (password) additional possibilites (help, etc.) 18-l5_online_e.fm 5 5.Februar.03 18-l5_online_e.fm 6 5.Februar.03 File Transfer - File Transfer Protocol (2) Data Transfer - File Transfer Protocol (ftp) (3) ftp P >1024 (P >1024) TCP Data channel Control channel ftp (Port 20) Port 21 TCP Functionality uses TCP for data communication ftp client runs as a programm within the user s address space Some Remarks no integration into local file system i.e. no transparency does not use a spooler ftp P >1024 (P >1024) TCP Data channel Control channel ftp (Port 20) Port 21 TCP Commands transmitted as a 4-character sequence plus options e.g. PASS xyz Response sequence consisting of 3 numbers first number indicates error status 1,2,3: no error 4,5: error 18-l5_online_e.fm 7 5.Februar.03 18-l5_online_e.fm 8 5.Februar.03

Data Transfer - File Transfer Protocol (ftp) (4) 2.1 Example of an ftp Session (User s Perspective) System Control process Data Transfer data connection control connection Operating System P>1024 (P>1024) TCP/IP i.e. data connection control connection Data channel System Data transfer Operating System (P20) P21 Control channel Control process TCP control connection exists while the systems interact therefore can also execute other functions during data transfer because of 2 connections TCP data channel for data transfer and data of directory listings (multiline response) reconnects and disconnects for each data transfer connection set-up is done in reverse direction $ftp open ftp.kom.tu-darmstadt.de Connected to conga.kom.e-technik.tu-darmstadt.de. 220 conga.kom.e-technik.tu-darmstadt.de FTP server (Version wu-2.4.2-academ[beta-12](1) Wed Mar 5 12:37:21 EST 1997) ready. Name (ftp:janedoe): Name (ftp:janedoe): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: Password: **my-passwort e-mail-adr not-displayed** 230-******************************************* 230-Welcome to KOM's FTP-! 230 Guest login ok, access restrictions apply. 18-l5_online_e.fm 9 5.Februar.03 18-l5_online_e.fm 10 5.Februar.03 Example of an ftp Session (User s Perspective) (2) Example of an ftp Session (User s Perspective) (3) ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. pub priv incoming 226 Transfer complete. 21 bytes received in 0.017 seconds (1.2 Kbytes/s) pwd 257 "/" is current directory. get (remote-file) (remote-file) pub/index.html (local-file) (local-file) i.tmp 200 PORT command successful. 150 Opening ASCII mode data connection for pub/ index.html (1339 bytes). 226 Transfer complete. local: i.tmp remote: pub/index.html 1375 bytes received in 1.6 seconds (0.86 Kbytes/s) close 221 Goodbye. quit $ 18-l5_online_e.fm 11 5.Februar.03 18-l5_online_e.fm 12 5.Februar.03

2.2 Example for ftp Commands (System s Perspective) Example for ftp Commands (System s Perspective) (2) Here: telnet has been used to emulate ftp $ telnet conga 21 Trying 130.83.139.247... Connected to conga.kom.e-technik.tu-darmstadt.de. Escape character is '^]'. 220 conga.kom.e-technik.tu-darmstadt.de FTP server (Version wu-2.4.2-academ[beta-12](1) Wed Mar 5 12:37:21 EST 1997) ready. USER ftp-guru 331 Password required for ftp-guru. PASS 4to1a-kom 230 User ftp-guru logged in. PWD 257 "/home/ftp-guru" is current directory. HELP 214-The following commands are recognized (* =>'s unimplemented). USER PORT STOR MSAM* RNTO NLST MKD CDUP PASS PASV APPE MRSQ* ABOR SITE XMKD XCUP ACCT* TYPE MLFL* MRCP* DELE SYST RMD STOU SMNT* STRU MAIL* ALLO CWD STAT XRMD SIZE REIN* MODE MSND* REST XCWD HELP PWD MDTM QUIT RETR MSOM* RNFR LIST NOOP XPWD 214 Direct comments to ftpadmin@kom.tu-darmstadt.de... and so on QUIT 221 Goodbye. Connection closed by foreign host. 18-l5_online_e.fm 13 5.Februar.03 18-l5_online_e.fm 14 5.Februar.03 2.3 Additional Information Simple File Transfer: Trivial File Transfer Protocol (TFTP) History First specification 1971 from M.I.T. RFC 114 Variations 1971-1985 more than 10 additonal changes and enhancements Present version by J. Postel (and J.Reynolds) as of Oct. 1985 RFC 959 Further details by experiments as telnet session (see above) with sniffer e.g. make use of http://www.ethereal.com/ and record a simple ftp session Based on the UDP transport protocol simpler less complex to implement, and less code Pure file transfer service e.g. no possibility to view file system on remote system e.g. no possibility of authentication Application e.g. bootstrapping over the network 18-l5_online_e.fm 15 5.Februar.03 18-l5_online_e.fm 16 5.Februar.03

3. Network File Systems: nfs and afs/dfs 3.1 Network File System (nfs) File Transfer Protokoll explicit data request explicit commands Integration into the file system implicit data transfer benefit: transparency locally and remotely stored data treated the same/similarly all programs use the data by means of read/write accesses Network file system (nfs) for remote access to files in the network i.e. access to parts of files (as opposed to ftp) transparent access to files in remote file systems History 1984 announcement 1985 first product presented by SUN 1986 porting for system V - release 2 1986 3.0: improved yellow pages (localization of files) and PC- 1987 3.2: file locking 1989 4.0: encoding 1989 licensed by 260 suppliers 18-l5_online_e.fm 17 5.Februar.03 18-l5_online_e.fm 18 5.Februar.03 nfs Architecture Characteristics Application process Local file access local file Kernel TCP / UDP IP RPCrequest UDP Port 2049 TCP / UDP IP Local file access local file in general client-server model communication originally only UDP TCP enables nfs over WANs no presentation services, only byte stream read and write nodes import/export directories integrated into the operating system/file system widespread because suitable for heterogeneous networks inexpensive open system (public specification) availability simple to port to new platforms public reference implementation by now standard on almost all UNIX systems component of e.g. UNIX-V-Release-4 since 1989 and e.g. PC- for PCs 18-l5_online_e.fm 19 5.Februar.03 18-l5_online_e.fm 20 5.Februar.03

Implementing nfs: Mount Protocol Implementing nfs: Mount Protocol (2) 8. Mountd system call Kernel Mount process 1. 2. Created Created port 3. mapper Mountd 4. Get port number daemon Register at start 5. Reply port number 6. Mount request 7. Reply file handle Kernel protocol for file access only (read and write) providing remote file access by MOUNT protocol MOUNT connects remote file system with local directory whole remote file tree is mounted into local directory followed by remote file access just as if accessing local data MOUNT and are separate protocols MOUNT or mountd supply information for or nfsd (e.g. system name and paths) Mountd and nfsd daemons with regard to Unix automatically started when the server is booted nfsd activates the server code in the operating system Mount process at nfs server a file handle (unique file system control block) is generated to nfs client the file handle is returned nfs client uses file handles when accessing the remote (sub-)directory tree 18-l5_online_e.fm 21 5.Februar.03 18-l5_online_e.fm 22 5.Februar.03 Implementing nfs: Mount Protocol (3) Specific nfs Problems Example: mount -t nfs your:/usr /nfs/your/usr i.e. address /nfs/your/usr/hello.c actually is /usr/hello.c My / nfs your usr mount Your / usr hello.c Security general problem link to network always represents a potential security problem Ethernet packets can be easily tapped (intercepted) solution with version 4.0: supports encryption only privileged ports (<1024) permit data access similar mechanism for MOUNT comparison of internet address client name with /etc/hosts Data consistency problem: several remote clients have simultaneous write access lock manager allows for files to be locked service parallel to (lockd) with version 3.2 NOT part of the operating system (e.g. not in SUN-OS) no deadlock recognition 18-l5_online_e.fm 23 5.Februar.03 18-l5_online_e.fm 24 5.Februar.03

3.2 Andrew File System (AFS or DFS) Authentication in afs through Kerberos Overview functionality similar to mutual authentication requested when contact is established user TOKENS authenticate communication mutually tokens generated at login stored in the AFS cache manager security token always has to be submitted when a service is requested access protection of the AFS file tree through Access Control Lists (ACL s) multi-layered administration privileges Further development AFS 4.0 is called the DISTRIBUTED FILE SYSTEM (DFS) file system component in the Distributed Computing Environment (DCE) of the Open Software Foundation (OSF) not to be confused with the Microsoft DFS system Mutual authentication mutual identity proof (user, AFS authentication server) user: has to know the password server: has to decrypt and has to respond to a message which the login process has encrypted with the user password File access: user: AFS cache manager on user workstation checks user identity by using the token server: AFS file server checks identity by decrypting the token and by responding with the requested service In general communication partners know "Shared Secret" shared secret in form of an encryption key in AFS SIMPLE and COMPLEX MUTUAL AUTHENTICATION depends on the no. of used keys and depends on the no. of participating partners 18-l5_online_e.fm 25 5.Februar.03 18-l5_online_e.fm 26 5.Februar.03 Simple Mutual Authentication Complex Mutual Authentication In general usually the first step of authentication during login Challenge-response process 1. Login program on AFS client workstation sends CHALLENGE MESSAGE with encryption key encoded by login (computed from user password -afs-password) to authentication server (using AFS database server) 2. Authentication server decrypts message with the user password listed in the database 3. Authentication server generates response, which also contains original message 4. Authentication server sends this response encoded with the same key back to the login process 5. Login process decrypts and verifies the response with the original message 1 (step): simple mutual authentication 2: TICKET GRANTER (auth. server comp.) supplies TOKEN to the login process Token contains server ticket Tc confirmation for successful user identity verification Tc is encrypted with server encryption key Ks (shared secret of the AFS server and the auth. server of one cell) thus client cannot decrypt Tc session key Kc,s random number issued by the ticket granter shared secret between client and AFS servers Kc,s is part of the tickets (encrypted with the server key) and also unencrypted in the token flag for which servers the ticket is valid ticket validity period complete ticket encrypted with encryption key; the key is known to the login process and to the auth. server AFS cache manager does not know the user password does not know the encryption key derived from it is used for storing the encrypted ticket and session keys 18-l5_online_e.fm 27 5.Februar.03 18-l5_online_e.fm 28 5.Februar.03

File Access in AFS Access Protection in AFS 1. On behalf of the user, the AFS cache manager sends the encrypted ticket and the requested service (encrypted with the session key) to AFS 2. The AFS server deciphers the ticket to learn the session key (session key is the shared secret) 3. AFS server sends response encrypted with the session key Reliability Concept client can recognize session key only if it was able to decipher the token deciphering only possible if the user knows the correct password at login AFS server can learn session key only by deciphering the ticket ticket granter only generates valid ticket if the identity of the user has been proven. The ticket is encrypted with the server encryption key only ticket granter and AFS server know the server encryption key critical: AFS database server (auth. database, auth. server, ticket granter) Access Protection through Access Control Lists (ACLS s) one ACL per directory defines file access rights lookup (to display ACL and files) insert (to generate directory entries) delete (to remove directory entries) administer (to change the ACL of a directory) read (to reads the file, if the UNIX-Bit r has been set for the owner, analog execution if x has been set) write (like to read, if w has been set for owner) lock (to set and to remove advisory locks) 20 entries per ACL user and group name with access rights one-character abbreviations for access rights users themselves can define (up to 20) groups (users or systems) place their own or foreign groups into an ACL 18-l5_online_e.fm 29 5.Februar.03 18-l5_online_e.fm 30 5.Februar.03

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information