Содержание
- 2. Agenda ● DNS ● Firewall ● NAT ● SSH ● FTP, SFTP, ● rsync ● VPN
- 3. Domain Name System (DNS) When DNS did not exist, one had to download a host file
- 4. Domain Name System (DNS) ● is the way that Internet domain names are located and translated
- 5. Domain Name System (DNS) It is a database that maintains the names of resources and links
- 6. DNS Architecture ● is defined by a hierarchical distributed database and a set of protocols ●
- 7. DNS Hierarchy Levels ● Root Domain – highest level of the tree it is often stated
- 8. DNS Zones An authoritative name server is a name server that only gives answers to DNS
- 9. DNS Zone Files ● is a text file that describes a DNS zone ● contains mappings
- 10. DNS Resource Records ● more than 30 currently used ● described by a lot of RFCs
- 11. DNS Zone File Example
- 12. DNS Root Zone ● is a global list of top-level domains: - original top-level domains (.com,
- 13. DNS Root Zone Name Servers ● are name servers for the root zone of DNS of
- 14. DNS Root Zone Name Servers ● directly answer requests for records in the root zone and
- 15. DNS configs > cat /etc/resolv.conf # Generated by NetworkManager search portaone.com nameserver 8.8.8.8 nameserver 10.1.1.100 Up
- 16. DNS Utiles – nslookup
- 17. DNS Utiles – nslookup
- 18. DNS Utiles – nslookup
- 19. DNS Utiles – nslookup
- 20. DNS Utiles – dig
- 21. DNS Utiles – dig
- 22. DNS Utiles – dig
- 23. DNS Most Common Issues ● monitoring ● NTP ● SSL domains ● ???
- 24. Firewall ● network security system ● typically establishes a barrier between a trusted, secure internal network
- 25. *NIX Firewalls ● IPFilter: included with (Open)Solaris, FreeBSD and NetBSD, available for many other Unix-like operating
- 26. Iptables Tables :) ● set of predefined chains, which contain rules which are traversed in order
- 27. Iptables Chains filter: INPUT, OUTPUT and FORWARD nat table includes PREROUTING, POSTROUTING, and OUTPUT chains. By
- 28. Iptables Flowchart
- 29. Iptables Rules ● consist of a predicate of potential matches and the corresponding action (I.e. target)
- 30. Iptables Targets ● can be either: – one of the special built-in targets (ACCEPT, DROP, QUEUE
- 31. Iptables Targets The 3 most commonly used targets are ACCEPT, DROP, and jump to a user-defined
- 32. Iptables Usage
- 33. Iptables Usage
- 34. Iptables Usage
- 35. Iptables Usage
- 36. Iptables Usage
- 37. Iptables Usage – to add the rule: > sudo iptables -A INPUT -s 1.2.3.4 -j DROP
- 38. Iptables Use Cases ● DB protector ● SIP protector ● custom rules ● NAT/forwarding ???
- 39. Network Address Translation (NAT) ● is the process where a network device, usually a firewall, assigns
- 40. Network Address Translation (NAT) ● is a router feature and it is often a part of
- 41. Basic NAT ● provides a one-to-one translation of IP addresses ● is often also called a
- 42. One-to-many NAT ● maps multiple private hosts to one publicly exposed IP address ● translated on
- 43. Simple traversal of UDP over NATs (STUN, RFC 3489) ● is used when an application behind
- 44. Full-cone NAT ● also known as one-to-one NAT ● once an internal address (iAddr:iPort) is mapped
- 45. (Address)-restricted-cone NAT ● once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any
- 46. Port-restricted cone NAT ● is like an address restricted cone NAT, but the restriction includes port
- 47. Symmetric NAT ● each request from the same internal IP address and port to a specific
- 48. Simple traversal of UDP over NATs (STUN, RFC 5389) However, ● those procedures have since been
- 49. Session Traversal Utilities for NAT (STUN, RFC 5389) ● does work with: - full cone NAT
- 50. NAT & PortaSwitch ● Audio issues ● STUN servers ● IP Forwarding ● custom configurations ●
- 51. File-Transfer Protocol (FTP) ● is a standard network protocol used for the transfer of files between
- 52. FTP Workflow ● requires multiple network ports to work properly. When an FTP client application initiates
- 53. FTP Modes ● active mode – is the original method used by the FTP protocol for
- 54. Secure Shell (SSH) ● is a cryptographic network protocol for operating network services securely over an
- 55. Secure Shell (SSH) ● uses public-key cryptography to authenticate the remote computer and allow it to
- 56. Secure Shell (SSH) Keys ● the public key is placed on all servers that must allow
- 57. SSH password-based authentication ● relies on using a login password pair ● is still encrypted by
- 58. SSH is typically used for: ● logging to a shell on a remote host (replacing Telnet
- 59. User-specific SSH configuration: ● is stored in the user's home directory within the ~/.ssh/ directory: –
- 60. System-wide SSH configuration information: ● is stored in the /etc/ssh/ directory: – moduli — contains Diffie-Hellman
- 61. Useful SSH commands: ● to copy files between servers using csp utility and a key: >
- 62. Useful SSH commands: ● typical issue when copying files via scp: ● DON’T!!! change file permissions
- 63. SSH tunnels: ● access to Internet resources for servers connected to private networks only ● for
- 64. SSH File Transfer Protocol (SFTP) ● is an extension of the Secure Shell protocol (SSH) version
- 65. Rsync (Remote Synchronization) ● is a utility for efficiently transferring and synchronizing files across computer systems
- 66. Rsync Features ● support for copying links, devices, owners, groups, and permissions ● exclude and exclude-from
- 67. Rsync Workflow An rsync process does its job by communicating with another rsync process, a sender
- 68. Virtual Private Network (VPN) ● is a technology that creates safe and encrypted connections over less
- 69. Virtual Private Network (VPN) ● is characterized by: – protocols used to tunnel the traffic –
- 70. VPN Protocols ● IP security (IPsec) ● Secure Sockets Layer (SSL) & Transport Layer Security (TLS)
- 71. VPN Types ● Remote-access VPN – uses a public telecommunication infrastructure like the Internet to provide
- 73. Скачать презентацию