ACN Unit - 5 Notes
ACN Unit - 5 Notes
ACN Unit - 5 Notes
5.3 Electronic Mail: Architecture Web-Based Mail, Email Security, SMTP, POP, IMAP and
MIME, SNMP.
Application Layer
The application layer in the OSI model is the closest layer to the end user which means that the ap-
plication layer and end user can interact directly with the software application. The application layer
programs are based on client and servers.
Application Layer provides a facility by which users can forward several emails and it also
provides a storage facility.
This layer allows users to access, retrieve and manage files in a remote computer.
It allows users to log on as a remote host.
This layer provides access to global information about various services.
This layer provides services which include: e-mail, transferring files, distributing results to
the user, directory services, network resources and so on.
It provides protocols that allow software to send and receive information and present mean-
ingful data to users.
It handles issues such as network transparency, resource allocation and so on.
This layer serves as a window for users and application processes to access network ser-
vices.
Application Layer is basically not a function, but it performs application layer functions.
The application layer is actually an abstraction layer that specifies the shared protocols and
interface methods used by hosts in a communication network.
Application Layer helps us to identify communication partners, and synchronizing commu-
nication.
This layer allows users to interact with other software applications.
In this layer, data is in visual form, which makes users truly understand data rather than
remembering or visualize the data in the binary format (0’s or 1’s).
This application layer basically interacts with Operating System (OS) and thus further pre-
serves the data in a suitable manner.
This layer also receives and preserves data from it’s previous layer, which is Presentation
Layer (which carries in itself the syntax and semantics of the information transmitted).
The protocols which are used in this application layer depend upon what information users
wish to send or receive.
This application layer, in general, performs host initialization followed by remote login to
hosts.
The World Wide Web (WWW), also known as the Web, is an interconnected network of web
pages and documents accessible through the Internet.
Tim Berners- Lee created it in 1989 as a way for researchers to share information through linked
documents.
Working of WWW:
1. A web browser is a software application that allows users to access and view web pages on
the Internet.
2. It acts as an interface between the user and the World Wide Web by displaying web pages
Web browsers communicate with web servers using the HTTP or HTTPS protocol, which allows
users to access websites hosted on remote servers.
3. A web server is a computer program that serves web pages to clients, such as web browsers,
upon request. It is responsible for hosting websites, processing HTTP requests, and delivering
web content to users online.
4. Hyperlinks one of the key features of the Web is hyperlinks, which allow you to navigate be-
tween web pages by clicking on links.
5. Uniform Resource Locators (URLs) Web pages are identified by URLs, which are unique
addresses that point to the location of the web page on the Internet.
Web Documents
1. STATIC DOCUMENTS-
• The contents of static documents are fixed. These contents are created and stored in a server.
• If required the client can get a copy of static documents.
• The contents of static documents are determined when it is created.
2. DYNAMIC DOCUMENT-
Client sends a request through its browser to the server using HTTP protocol which specifies the way
the browser and web server communicates. Then server receives request using HTTP protocol and
checks its search for the requested web page. If found it returns it back to the web browser and close
the HTTP connection. Now the browser receives the web page, it interprets it and display the con-
tents of web page in web browser's window.
In the request message, each HTTP header is followed by a carriage returns line feed (CRLF). After
the last of the HTTP headers, an additional CRLF is used and then begins the message body.
1) Status Line :
In the response message, the status line is the first line. The status line contains three items:
a) HTTP Version Number: It is used to show the HTTP specification to which the server has tried
to make the message comply.
b) Status Code: It is a three-digit number that indicates the result of the request. The first digit de-
fines the class of the response. The last two digits do not have any categorization role. There are five
values for the first digit, which are as follows:
Code and Description: 1xx: Information It shows that the request was received and continuing the
process. 2xx: Success It shows that the action was received successfully, understood, and accepted.
3xx: Redirection It shows that further action must be taken to complete the request. 4xx: Client Error
It shows that the request contains incorrect syntax, or it cannot be fulfilled. 5xx: Server Error It
shows that the server failed to fulfil a valid request.
c) Reason Phrase: It is also known as the status text. It is a human-readable text that summarizes the
meaning of the status code.
2) Header Lines : The HTTP Headers for the response of the server contain the information that a
client can use to find out more about the response, and about the server that sent it. This information
is used to assist the client with displaying the response to a user, with storing the response for the use
of future, and with making further requests to the server now or in the future. The name of the Re-
sponse-header field can be extended reliably only in combination with a change in the version of the
protocol.
4) Entire Body: The body of the message is used for most responses. The exceptions are where a
server is using certain status codes and where the server is responding to a client request, which asks
for the headers but not the response body.
FTP:
FTP or File Transfer Protocol is said to be one of the earliest and also the most common forms
of transferring files on the internet. Located in the application layer of the OSI model, FTP is a
basic system that helps in transferring files between a client and a server. It is what makes the
FTP unique that the system provides a reliable and efficient means of transferring files from
one system to another even if they have different file structures and operating systems.
A suitable diagram for each below commands of FTP to show its use
i) get
ii) mget
iii) put
iv) mput
Header:
The header consists of a series of lines. Each header field consists of a single line of ASCII text spec-
ifying field name, colon and value. The main header fields related to message transport are:
1. To: It specifies the DNS address of the primary recipient(s).
2. Cc: It refers to carbon copy. It specifies address of secondary recipient(s).
3. BCC: It refers to blind carbon copy. It is very similar to Cc. The only difference between Cc and
Bcc is that it allows user to send copy to the third party without primary and secondary recipient
knowing about this.
4. From: It specifies name of person who wrote message.
5. Sender: It specifies e-mail address of person who has sent message.
6. Received: It refers to identity of sender’s, data and also time message was received. It also con-
tains the information which is used to find bugs in routing system.
7. Return-Path: It is added by the message transfer agent. This part is used to specify how to get
back to the sender.
• First Scenario
When the sender and the receiver of an e-mail are on the same mail server, we need only two user agents.
• Second Scenario
When the sender and the receiver of an e-mail are on different mail servers, we need two UAs and a pair
of MTAs (client and server).
• Third Scenario
When the sender is connected to the mail server via a LAN or a WAN, we need two UAs and two pairs of
MTAs (client and server).
• Fourth Scenario
When both sender and receiver are connected to the mail server via a LAN or a WAN, we need two UAs,
two pairs of MTAs (client and server), and a pair of MAAs (client and server). This is the most common
situation today.
Email security Over non-secure channel
Email security describes different techniques for keeping sensitive information in email
communication and accounts secure against unauthorized access, loss or compromise
Email is often used to spread malware, spam and phishing attacks. Attackers use deceptive
messages to entice recipients to part with sensitive information, open attachments or click on
hyperlinks that install malware on the victim‟s device.
Email encryption involves encrypting, or disguising, the content of email messages to pro-
tect potentially sensitive information from being read by anyone other than intended recipi-
ents. Email encryption often includes authentication.
Email allows attackers to use it as a way to cause problems in attempt to profit. Whether
through spam campaigns, malware and phishing attacks, sophisticated targeted attacks, or
business email compromise (BEC), attackers try to take advantage of the lack of security of
email to carry out their actions.
Since most organizations rely on email to do business, attackers exploit email in an attempt to
steal sensitive information.
Because email is an open format, it can be viewed by anyone who can intercept it. It can be
easily read and the contents of an email by intercepting it.
Email Security Policies can be established by viewing the contents of emails flowing through
their email servers. It‟s important to understand what is in the entire email in order to act ap-
propriately. After these baseline policies are put into effect, an organization can enact various
security policies on those emails.
These email security policies can be as simple as removing all executable content from
emails to more in-depth actions, like sending suspicious content to a sandboxing tool for de-
tailed analysis.
If security incidents are detected by these policies, the organization needs to have actionable
intelligence about the scope of the attack.
Enforce email encryption policies to prevent sensitive email information from falling into the
wrong hands.
An email gateway scans and processes all incoming and outgoing email and makes sure that
threats are not allowed in. Because attacks are increasingly sophisticated, standard security
measures, such as blocking known bad file attachments, are no longer effective.
❑ SMTP Commands:
1. HELO: Used by client to identify itself.
2. MAIL FROM: Identify sender.
3. RCPT TO: Identify intended recipient.
4. DATA: Send actual message.
5. QUIT: Terminate the message.
6. RSET: Reset the connection
7. VRFY: Verify the add of recipient
8. HELP: Mail
Example: Scenario: Alice sends message to Bob
1. Alice uses user agents (UA) to compose message and send to bob@technical.org.
2. Alice UA sends message to her mail server, message placed in message queue.
3. Client side of SMTP opens TCP connection with Bob’s mail server.
4. SMTP client sends Alice message over TCP connection.
5. Bob’s mail server places the message in Bob’s mailbox.
6. Bob invokes his user agent to read message.
POP3(Post Office Protocol version 3)
Uses port 110 (unencrypted) or port 995 (encrypted/SSL). Emails are typically downloaded from the
server to the client device. The emails are then stored locally on the device, and the server copy is
usually deleted. Generally faster to connect because it involves downloading emails to the client de-
vice. Connection time is minimal since it retrieves emails and disconnects from the server. Usually
does not support multiple mailboxes. Emails are typically downloaded to a single device, and man-
aging emails on multiple devices can be challenging.
1. DNS ensures the internet is not only user-friendly but also works smoothly, loading whatever con-
tent we ask for quickly and efficiently.
2. It allows the user to access remote system by entering human readable device hostnames instead
of IP address. It translates domain name into IP addresses so browser can load internet resources.
3. It translates human readable domain names into the numerical identifiers associated with network-
ing equipment, enabling devices to be located and connected worldwide. Analogous to a network
“phone book,” DNS is how a browser can translate a domain name (e.g., “facebook.com”) to the ac-
tual IP address of the server, which stores the information requested by the browser.
The process of resolving the given host name into IP address using DNS
You can find the hostname of any computer with a public IP address by passing the address to any
Domain Name System (DNS) server. However, since the computers on a small business network
have private IP addresses, you can only discover their hostnames if the network has a local DNS
server. To discover the hostname of a computer with a private IP address and no local DNS server,
you need to use a Windows utility to query the host itself.
Querying DNS
1. Click the Windows Start button, then "All Programs" and "Accessories." Right-click on "Com-
mand Prompt" and choose "Run as Administrator."
2. Type "nslookup %ipaddress%" in the black box that appears on the screen, substituting %ipad-
dress% with the IP address for which you want to find the hostname.
3. Find the line labeled "Name" underneath the line with the IP address you entered and record the
value next to "Name" as the hostname of the computer.
5.5 DHCP-Static and Dynamic Allocation, DHCP Operation.
DHCP with its operation & static dynamic allocation.
The Domain Name System, more popular as DNS, and the Dynamic Host Configuration Protocol,
also known as DHCP, represent two crucial TCP/IP areas of a Windows NT Server network. The
DNS is responsible for converting hostnames into IP addresses, while the DHCP is engaged in
assigning unique dynamic IP addresses and the corresponding subnet masks and default gateways to
TCP/IP running computers within a particular server network. Thanks to the dynamic addressing
executed by the DHCP, a computer can have a different IP address every time it connects to the
network it belongs to, without the intervention of a UNIX administrator. Through this DHCP
functionality every new computer added to a network is automatically assigned a unique IP address.
DHCP servers greatly simplify the configuration of networks and are built in the majority of the wireless
access points and wired Ethernet routers. In a network, a DHCP server manages a pool of IP addresses, as
well as default gateway details, DNS details and other information for the clients’ network configuration.
When a new computer is introduced into a DHCP server-enabled network, it will send a query to the
DHCP server requesting all the necessary information. When the query reaches the DHCP server, it will
grant the new computer a new IP address and a lease - a time frame for which the computer can use this
IP address, as well as other configuration details. The whole process takes place immediately after the
new computer boots, and to be successful, it has to be completed before initiating IP based communica-
tion with other hosts in the network.
STATIC ALLOCATION
The static allocation method is very popular in modern ISP networks, which do not use dial-up methods.
With the static allocation, the DHCP sever keeps a database with all clients' LAN MAC addresses and
gives them an IP address only if their MAC address is in the database. This way, the clients can be sure
that they will be getting the same IP address every time.
DYNAMIC ALLOCATION
When the DHCP server is configured to use dynamic allocation, this means that it uses a lease policy.
This way, when an assigned IP address from the available pool is no longer used, it will be
transferred back to the pool, making it available for someone else to use. The advantage of this
method is that the IP addresses are used to their maximum - as soon as they are no longer used by the
client, they are instantly made available to others. The disadvantage of this method is that a client
will always have a random IP address
1. The DHCP server issues a passive open command on UDP port number 67 and waits for a
client.
2. A booted client issues an active open command on port number 68. The message is
encapsulated in a UDP user datagram, using the destination port number 67 and the source port
number 68.
3. The server responds with either a broadcast or a unicast message using UDP source port
number 67 and destination port number 68.
TELNET Working:
• TELNET is a client-server application that allows a user to log on to a remote machine, giving
the user access to the remote system.
• The user sends the keystrokes to the terminal driver, where the local operating system accepts
the characters but does not interpret them.
• A terminal driver correctly interprets the keystrokes on the local terminal or terminal emulator.
The characters are sent to the TELNET client, which transforms the characters to a universal
character set called network virtual terminal (NVT) characters and delivers them to the local
TCP/IP protocol stack.
• The commands or text, in NVT form, travel through the Internet and arrive at the TCP/IP stack
at the remote machine.
• Here the characters are delivered to the operating system and passed to the TELNET server,
which changes the characters to the corresponding characters understandable by the remote
computer.
• However, the characters cannot be passed directly to the operating system because the remote
operating system is not designed to receive characters from a TELNET server: It is designed to
receive characters from a terminal driver.
• A piece of software called a pseudo terminal driver is added which pretends that the characters
are coming from a terminal. The operating system then passes the characters to the appropriate
application program
SSH(Secure Shell)
Frame format of SSH
SSH Format
1. Length: It indicates the size of the packet, not including the length field or the variable
length random padding fields that follows it.
Working of SSH
SSH (Secure Shell) is the most popular remote login application program. SSH uses client-server
architecture in its implementation. An SSH server can be deployed and allow several SSH clients
to connect to it. The architecture of SSH is shown in following Fig. and the SSH process is as
follows: 1) The SSH client on the left provides authentication to the SSH server on the right. In
the initial connection, the client receives a host key of the server, therefore, in all subsequent
connections, the client will know it is connecting to the same SSH server. This places less em-
phasis on the IP address of the SSH server, which can be easily spoofed, and more emphasis on
the host key of the server, which cannot be spoofed very easily. 2) The SSH server determines if
the client is authorized to connect to the SSH service by verifying the username/password or
public key that the client has presented for authentication. This process is completely encrypted.
3) If the SSH server authenticates the client and the client is authorized, the SSH session begins
between the two entities. All communication is completely encrypted.
OR
Figure below shows a scenario in which an electronic store can benefit from the use of cookies.
The Server sends the Webpage, but it also includes a cookie with the ID 12343.
Using this a file is created such that the information clicked by the user is sent and stored in the
file, which are used by the server.