Sunday, March 18, 2012

Information Technology

The global rise of the internet was fuelled by two things which happened about the same time. The first was the birth of the internet service provider (ISP), who, by purchasing a T1 line, routers, and modems, could offer Internet Dial-Up Services to anyone with a computer, a modem, and phone line for a small monthly outlay.
The second was the invention of the HyperText Markup Language (HTML), the basic language used to buld the World Wide Web (WWW) which made internet navigation an easy to understand point-and-click exercise.
Prior to this, navigation using the standard UNIX TCP/IP tools, such as "Telnet" or "FTP", relied on the use of a command line. Packages to read email were pretty basic. LISTSERV lists and USENET were the forum for communication between people with collective interests, and "anonymous" FTP servers hosted shared programs and textfiles.

TCP/IP protocol architecture is divided into four basic layers. Each is dependant on the layer underneath.
As data is sent from a computer it is moved down through layers of the stack, each layer adding its own control information called a "header" to the data it receives in a process called "encapsulation"

4. Application Layer = Programs and services that use the network
3. Transport Layer = End to end data delivery services
2. Internet Layer = Handles routing of data and defines program types
1. Network Access Layer = Interface to physical networks

Layer 1 = Network Access Layer
This layer defines the physical transmission of signals along the network, working at the hardware level so that the network device knows how the binary information can be sent and received. It is capable of encapsulating data into packets or frames, the form that can be transmitted across the network, and, when used on an Ethernet LAN, provides the mapping from the IP address to the hardware address of the Ethernet card. Using a low-level protocol called Address Resolution Protocol (ARP), the IP layer maps the MAC address, a unique address consisting of six hexadecimal characters, to an IP address.
A computer uses ARP to find computers on a network by keeping a table of MAC and IP address mappings, enabling it to communicate with the remote computer by embedding the correct MAC address into the low-level IP packets.

Layer 2 = Internet Layer
This layer sits above the Network Access Layer and provides the basic packet delivery service used by the layers above it by encapsulating the information into packets called "datagrams".
If the IP Destination Address is non-local, the IP layer needs to pass the datagram to a "router" or "gateway" to the non-local address.

Layer 3 = Transport Layer
The Host to Host Transport Layer in TCP/IP is responsible for passing data between the Applications layer and the Internet Layer. It consists of two main protocols, Transport Control Protocol (TCP) and User Datagram Protocol (UDP).
Synchronize Sequence Numbers (SYN)
An originating host wishing to connect to a target host will start by sending a TCP segment with the SYN bit set, and which contains the TCP sequence number the originating host wishes to use.
The target responds by sending a segment with the SYN and Acknowledge (ACK) bit set which also contains the TCP sequence number the target wishes to use.
The SYN/ACK sequence can be used for an attack on an internet host.

Layer 4 = Applications Layer
The final layer where programs actually do something with the data received.

For a fuller list of port assignments, see C:\WINDOWS\SERVICES.

SERVICE                                    PORT NUMBER                                 DESCRIPTION

ECHO                                              7                                                      echo of input

NETSTAT                                       15                                                     network statistic service

FTP                                                 21                                                     file transfer protocol

TELNET                                         23                                                      network terminal protocol

SMTP                                             25                                                     simple mail transfer protocol

HTTP                                             80                                                      HyperText Transfer Protocol



COMMANDS FOR REMOTE ACCESS

Apart from RPC (Remote Procedure Call), there is another class of programs designed to facilitate remote access called the "r" commands because they all start with "r" to designate remote access versions of common system commands.
These commands are designed to allow users working on one host to access another host for which they also have a valid userid for, but because of the way that access is granted or denied, the use of "r" commands in a LAN seriously compromises security.


COMMAND                            DESCRIPTION

rlogin                                         Remote login to hosts

rcp                                             Remote copy files from host to host

rsh                                             Remote shell passes commands to host for execution

rdist                                          Remote distribution of files to other hosts

rwho                                          Remote "who" -  get info on logged-in users

rusers                                       Find information about who is logged-in across network

rwall                                         Write messages to all remote users

rhosts                                       Contains trust information for the remote host

If an intruder gets through the system and creates an .rhosts file at the top of the directory tree containing "+ +", it will allow any host access as root, without asking for a password.



DANIEL S. ABRAHAMIAN
INFORMATION TECHNOLOGY
FEELMYFLAME
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)