CYBR 4323 (Privitera) - Chapter 26: Standard Client-Server Protocols

Ace your homework & exams now with Quizwiz!

Creating and Storing Cookies

1. When a server receives a request from a client, it stores information about the client in a file or a string. - may include the domain name of the client, the contents of the cookie, a timestamp, and other information depending on the implementation 2. The server includes the cookie in the response that it sends to the client 3. When the client receives the response, the browser stores the cookie in the cookie directory, which is sorted by the server domain name.

❑ Port

16-bit integer predefined for the client-server application. if a different port is used, the number can be explicitly given

File Type

ASCII file, EBCDIC file, or image file.

Message Formats

Each message is made of four sections. first section in the request message is called the request line; first section in the response message is called the status line other three sections have the same names in the request and response messages.

Domain Name

Each node in the tree has a domain name sequence of labels separated by dots (.). always read from the node up to the root last label is the label of the root (null). full domain name always ends in a null label the last character is a dot because the null string is nothing If a label is terminated by a null string, it is called a fully qualified domain name (FQDN). If a label is not terminated by a null string, it is called a partially qualified domain name (PQDN)

Label

Each node in the tree has a label a string with a maximum of 63 characters root label is a null string DNS requires that children of a node have different labels guarantees the uniqueness

Web Documents

The documents in the WWW can be grouped into three broad categories: static, dynamic, and active.

User Agent

The first component of an electronic mail system provides service to the user to make the process of sending and receiving a message easier software package (program) that composes, reads, replies to, and forwards messages handles local mailboxes on the user computers two types of user agents: command-driven and GUI-based

Message Transfer Agent: SMTP

The formal protocol that defines the MTA client and server in the Internet is called Simple Mail Transfer Protocol (SMTP). used two times, between the sender and the sender's mail server and between the two mail servers defines how commands and responses must be sent back and forth

hypertext,

The linking of web pages introduced many years before the advent of the Internet use a machine that automatically retrieved another document stored in the system when a link to it appeared in the document.

Uniform Resource Locator (URL)

To define a web page, we need three identifiers: host, port, and path we need to tell the browser what clientserver application we want to use, = protocol. four identifiers to define the web page - first is the type of vehicle to be used to fetch the web page - last three make up the combination that defines the destination object (web page).

Domain Name Space

To have a hierarchical name space names are defined in an inverted-tree structure with the root at the top tree can have only 128 levels:

Architecture

WWW today is a distributed client-server service a client using a browser can access a service using a server. the service provided is distributed over many locations called sites. - Each site holds one or more web pages. Each web page, however, can contain some links to other web pages Each web page is a file with a name and address

Communication over Data Connection

We want to transfer files through the data connection client must define the type of file to be transferred, the structure of the data, and the transmission mode prepare for transmission through the control connection heterogeneity problem is resolved by defining three attributes of communication: file type, data structure, and transmission mode

proxy server

a computer that keeps copies of responses to recent requests

Active Documents

a program or a script to be run at the client site. When a browser requests an active document, the server sends a copy of the document or a script The document is then run at the client (browser) site. One way to create an active document is to use Java applets, a program written in Java on the server - bytecode (binary) format Another way is to use JavaScripts but download and run the script at the client site

Message Transfer

a single message between a sender and one or more recipients can be exchanged. eight steps - 897

Multipurpose Internet Mail Extensions (MIME)

a supplementary protocol that allows non-ASCII data to be sent through e-mail. transforms non-ASCII data at the sender site to NVT ASCII data delivers it to the client MTA to be sent through the Internet. message at the receiving site is transformed back to the original data

❑ Protocol

abbreviation for the client-server program that we need in order to access the web pg most of the time the protocol is HTTP other protocols such as FTP (File Transfer Protocol).

ELECTRONIC MAIL

allows users to exchange messages e-mail is considered a one-way transaction it is neither feasible nor logical for Bob to run a server program and wait until someone sends an e-mail to him. using some intermediate computers (servers). users run only client programs when they want and the intermediate servers apply the client/server paradigm

SSH Authentication Protocol (SSH-AUTH)

authenticate the client for the server. defines a number of authentication tools similar to the ones used in SSL Authentication starts with the client, which sends a request message to the server - request includes the user name, server name, the method of authentication, and the required data server responds with either a success message, which confirms that the client is authenticated, or a failed message

Using Cookies

browser looks in the cookie directory to see if it can find a cookie sent by that server If found, the cookie is included in the request. contents of the cookie are never read by the browser or disclosed to the user It is a cookie made by the server and eaten by the server.

SSH for File Transfer

built on top of SSH for file transfer is the Secure File Transfer Program (sftp). - uses one of the channels provided by the SSH to transfer files Secure Copy (scp)

interpreter

can be HTML, Java, or JavaScript, depending on the type of document

Connection Establishment

client has made a TCP connection to the wellknown port 25, involves the following three steps: 1. The server sends code 220 (service ready) to tell the client that it is ready to receive mail. If the server is not ready, it sends code 421 (service not available). 2. The client sends the HELO message to identify itself, using its domain name address. This step is necessary to inform the server of the domain name of the client. 3. The server responds with code 250 (request command completed) or some other code depending on the situation.

Codes

codes in the 100 range are only informational codes in the 200 range indicate a successful request. codes in the 300 range redirect the client to another URL, in the 400 range indicate an error at the client site codes in the 500 range indicate an error at the server site.

Response Message

consists of a status line, header lines, a blank line, and sometimes a body first line in a response message is called the status line - three fields - first defines the version of HTTP protocol - status code field: defines the status of the request - status phrase explains the status code in text form. After the status line, we can have zero or more response header lines. - Each header line has a header name, a colon, a space, and a header value

Dynamic Documents

created by a web server whenever a browser requests the document web server runs an application program or a script that creates the dynamic document server returns the result of the program or script as a response to the browser contents of a dynamic document may vary from one request to another Time and date are kinds of information that are dynamic

URL field

defines the address and name of the corresponding web page.

Content-Transfer-Encoding

defines the method used to encode the messages into 0s and 1s for transport five types - 7-bit - 8-bit - Binary - Base64 -- redundant encoding scheme; that is, every six bits become one ASCII character and are sent as eight bits - Quoted-printable

Content-Type

defines the type of data used in the body of the message content type and the content subtype are separated by a slash header may contain other parameters Table 26.8.

MIME-Version

defines the version of MIME used current version is 1.1

Content-Description

defines whether the body is image, audio, or video

Secure Shell (SSH)

secure application program remote logging and file transfer two versions of SSH: SSH-1 and SSH-2, -totally incompatible application-layer protocol

Security for FTP

security was not a big issue requires a password, - sent in plaintext (unencrypted), - can be intercepted and used by an attacker data transfer connection also transfers data in plaintext, which is insecure. one can add a Secure Socket Layer between the FTP application layer and the TCP layer = SSL-FTP.

Post Office Protocol, version 3 (POP3)

simple but limited in functionality client POP3 software is installed on the recipient computer server POP3 software is installed on the mail server. The client opens a connection to the server on TCP port 110 sends its user name and password user can then list and retrieve the mail messages POP3 has two modes: the delete mode and the keep mode - delete: mail is deleted from the mailbox after each retrieval -- used when the user is working at her permanent computer - keep: the mail remains in the mailbox after retrieval -- used when the user accesses her mail away from her primary computer

Web-Based Mail

some websites today provide this service to anyone who accesses the site. Three common sites are Hotmail, Yahoo, and Google mail

Transmission Mode

stream mode, block mode, or compressed mode stream mode - default mode - data are delivered from FTP to TCP as a continuous stream of bytes block mode - data can be delivered from FTP to TCP in blocks - each block is preceded by a 3-byte header - first byte is called the block descriptor - next two bytes define the size of the block in bytes

client protocol

such as HTTP or FTP

Connection Termination

the client terminates the connection. 1. The client sends the QUIT command. 2. The server responds with code 221 or some other appropriate code.

Message Access Agent: POP and IMAP

SMTP is not involved in the third stage because SMTP is a push protocol the third stage needs a pull protocol - uses a message access agent two message access protocols are available: Post Office Protocol, version 3 (POP3) and Internet Mail Access Protocol, version 4 (IMAP4)

Commands and Responses

SMTP uses commands and responses to transfer messages between an MTA client and an MTA server command is from an MTA client to an MTA server Each command or reply is terminated by a twocharacter (carriage return and line feed) end-of-line token

composite web page

has one or more links to other web pages

FTP response

has two parts: a three-digit number followed by text numeric part defines the code - rst digit defines the status of the command - second digit defines the area in which the status applies - third digit provides additional information text part defines needed parameters or further explanations

TELNET

have a specific client/server program for a set of common scenarios, but to have some generic client/server programs that allow a user on the client site to log into the computer at the server site and use the services available there TErminaL NETwork requires a logging name and password, it is vulnerable to hacking because it sends all data including the password in plaintext Network administrators often use TELNET for diagnostic and debugging purposes

Two Connections

have different lifetimes control connection: connected during the entire interactive FTP session data connection: opened and then closed for each file transfer activity - ens each time commands that involve transferring files are used - closes when the file is transferred While the control connection is open, the data connection can be opened and closed multiple times two well-known TCP ports - port 21 for control - port 20 for data

❑ Host

host identifier can be the IP address of the server IP addresses can be defined in dotted decimal notation name is normally the domain name that uniquely defines the host

Cache Update

how long a response should remain in the proxy server before being deleted and replaced. Solutions 1. store the list of sites whose information remains the same for a while 2. add some headers to show the last modification time of the information. - proxy server can then use the information in this header to guess how long the information would be valid

❑ Path.

identifies the location and the name of the file in the underlying operating system format normally depends on the operating system. a path is a set of directory names followed by the file name, all separated by a slash To combine these four pieces together, the uniform resource locator (URL) has been designed

Nonpersistent versus Persistent Connections

if some of the objects are located on the same server, we have two choices: 1. nonpersistent connection - to retrieve each object using a new TCP connection or 2.persistent connection - to make a TCP connection and retrieve them all

Web Client (Browser)

interpret and display a web page, all of them use nearly the same architecture three parts: a controller, client protocols, and interpreters include Internet Explorer, Netscape Navigator, and Firefox.

Format of the SSH Packets

length field defines the length of the packet but does not include the padding cyclic redundancy check (CRC) field is used for error detection type field designates the type of the packet used in different SSH protocols. data field is the data transferred by the packet in different protocols

Addresses

mail handling system must use an addressing system with unique addresses. the address consists of two parts: a local part and a domain name, separated by an @ sign local part defines the name of a special file, called the user mailbox domain name - organization usually selects one or more hosts to receive and send e-mail = mail servers or exchangers - domain name assigned to each mail exchanger either comes from the DNS database or is a logical name

Internet Mail Access Protocol, version 4 (IMAP4)

more features; more powerful and more complex. ❑ A user can check the e-mail header prior to downloading. ❑ A user can search the contents of the e-mail for a specific string of characters prior to downloading. ❑ A user can partially download e-mail. This is especially useful if bandwidth is limited and the e-mail contains multimedia with high bandwidth requirements. ❑ A user can create, delete, or rename mailboxes on the mail server. ❑ A user can create a hierarchy of mailboxes in a folder for e-mail storage.

SSH Connection Protocol (SSH-CONN)

multiplexing. takes the secure channel established by the two previous protocols and lets the client create multiple logical channels over it Each channel can be used for a different purpose, such as remote logging, file transfer, and so on.

Name Space

must be unique because the addresses are unique. maps each address to a unique name flat or hierarchical

flat name space

name is assigned to an address a sequence of characters without structure cannot be used in a large system such as the Internet because it must be centrally controlled to avoid ambiguity and duplication

simple web page

no links to other web pages

Proxy Server Location

normally located at the client site we can have a hierarchy of proxy servers, 1. A client computer can also be used as a proxy server, in a small capacity, that stores responses to requests often invoked by the client. 2. In a company, a proxy server may be installed on the computer LAN to reduce the load going out of and coming into the LAN. 3. An ISP with many customers can install a proxy server to reduce the load going out of and coming into the ISP network.

File Transfer

occurs over the data connection under the control of the commands sent over the control connection means one of three things: retrieving a file (server to client), storing a file (client to server), and directory listing (server to client)

Nonpersistent Connections

one TCP connection is made for each request/response 1. The client opens a TCP connection and sends a request. 2. The server sends the response and closes the connection. 3. The client reads the data until it encounters an end-of-file marker; it then closes the connection if a file contains links to N different pictures, server), the connection must be opened and closed N + 1 times high overhead

User Interface

operating system defines an interface with user-friendly commands.

controller

receives input from the keyboard or the mouse and uses the client programs to access the document uses one of the interpreters to display the document on the screen

method field

- Most of the time, the client uses the GET method to send a request --body of the message is empty. - HEAD method is used when the client needs only some information about the web page from the server -- and test the validity of a URL. -- has only the header section - PUT method is the inverse of the GET method -- allows the client to post a new web page on the server - POST: used to send some information to the server to be added to the web page or to modify the web page - TRACE -- used for debugging -- client asks the server to echo back the request to check whether the server is getting the requests - DELETE -- allows the client to delete a web page on the server if the client has permission to do so - CONNECT -- originally made as a reserve method; - OPTIONS -- allows the client to ask about the properties of a web page

Local versus Remote Logging

==LOCAL== When a user logs into a local system, it is called local logging - keystrokes are accepted by the terminal driver. - terminal driver passes the characters to the operating system - operating system interprets the combination of characters and invokes the desired application program or utility ==REMOTE== when a user wants to access an application program or utility located on a remote machine user sends the keystrokes to the terminal driver where the local operating system accepts the characters but does not interpret them characters are sent to the TELNET client TELNET transforms the characters into a universal character set called Network Virtual Terminal (NVT) characters delivers them to the local TCP/IP stack commands or text travel through the Internet and arrive at the TCP/IP stack at the remote machine characters are delivered to the operating system and passed to the TELNET server - changes the characters to the corresponding characters understandable by the remote computer pseudoterminal driver pretends that the characters are coming from a terminal operating system then passes the characters to the appropriate application program

Conditional Request

A client can add a condition in its request server will send the requested web page if the condition is met or inform the client otherwise One of the most common conditions = time and date the web page is modified - If-Modified-Since

Commands

Commands are sent from the client to the server format of a command - Keyword: argument(s)

Mailing List or Group List

Electronic mail allows one name, an alias, to represent several different e-mail addresses = mailing list system checks the recipient's name against the alias database - separate messages, one for each entry in the list, must be prepared and handed to the MTA

two important points

First, Bob cannot bypass the mail server and use the MTA server directly Second, note that Bob needs another pair of client-server programs: message access programs. The electronic mail system needs two UAs, two pairs of MTAs (client and server), and a pair of MAAs (client and server).

HTTP Security

HTTP per se does not provide security can be run over the Secure Socket Layer (SSL) HTTP is referred to as HTTPS - provides confidentiality, client and server authentication, and data integrity

Web Caching: Proxy Servers

HTTP supports proxy servers HTTP client sends a request to the proxy server proxy server checks its cache - If the response is not stored in the cache, the proxy server sends the request to the corresponding server Incoming responses are sent to the proxy server and stored for future requests from other clients reduces the load on the original server, decreases traffic, and improves latency. client must be configured to access the proxy instead of the target server acts as both server and client.

Persistent Connections

HTTP version 1.1 default. server leaves the connection open for more requests after sending a response The server can close the connection at the request of a client or if a time-out has been reached. sender usually sends the length of the data with each response some occasions when the sender does not know the length of the data - server informs the client that the length is not known - closes the connection Benefits: Time and resources are saved using persistent connections Only one set of buffers and variables needs to be set for the connection at each site ound trip time for connection establishment and connection termination is saved.

GUI-based user agents

Modern contain graphical user interface (GUI) components that allow the user to interact with the software by using both the keyboard and the mouse graphical components such as icons, menu bars, and windows that make the services easy to access Eudora and Outlook

SSH for Remote Logging

PuTTy, a client SSH program that can be used for remote logging Tectia,

Responses

Responses are sent from the server to the client threedigit code that may be followed by additional textual information

Options

TELNET lets the client and server negotiate options Options are extra features available to a user with a more sophisticated terminal Users with simpler terminals can use default features

Web Server

The web page is stored at the server Each time a request arrives, the corresponding document is sent to the client servers normally store requested files in a cache in memory; memory is faster to access than a disk A server can also become more efficient through multithreading or multiprocessing can answer more than one request at a time include Apache and Microsoft Internet Information Server

DOMAIN NAME SYSTEM (DNS)

distribute the information among many computers in the world. host that needs mapping can contact the closest computer holding the needed information

POP3 Deficiencies

does not allow the user to organize her mail on the serve user cannot have different folders on the server does not allow the user to partially check the contents of the mail before downloading

E-Mail Security

does not provide any security provisions e-mail exchanges can be secured using two application-layer securities Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME),

Command driven user agents

early days of electronic mail still present as the underlying user agents normally accepts a onecharacter command from the keyboard to perform its task

Data Structure

file structure, record structure, or page structure file structure format - used by default - used by default - continuous stream of bytes record structure - file is divided into records - used only with text files page structure - file is divided into pages - each page having a page number and a page header. - pages can be stored and accessed randomly or sequentially.

Request Message

first line = request line three fields = method, URL, and version After the request line, we can have zero or more request header lines - sends additional information from the client to the server - a header name, a colon, a space, and a header value - value field defines the values associated with each header name body can be present in a request message - contains the comment to be sent or the file to be published on the website when the method is PUT or POST.

hierarchical name space

first part can define the nature of the organization second part can define the name of an organization third part can define departments in the organization authority to assign and control the name spaces can be decentralized central authority can assign the part of the name that defines the nature of the organization and the name of the organization

World Wide Web

first proposed by Tim Berners-Lee in 1989 at CERN to allow several researchers at different locations throughout Europe to access each others' researches commercial Web started in the early 1990s. a repository of information in which the documents, called web pages, are distributed all over the world and related documents are linked together Distribution allows the growth of the Web Linking allows one web page to refer to another web page stored in another server somewhere else in the world purpose of the Web has gone beyond the simple retrieving of linked documents.

SSH Transport-Layer Protocol (SSH-TRANS)

first uses a protocol that creates a secured channel on top of the TCP. - independent protocol referred to as SSH-TRANS. client and server first use the TCP protocol to establish an insecure connection - exchange several security parameters list the services provided by this protocol 1. Privacy or confidentiality of the message exchanged 2. Data integrity, which means that it is guaranteed that the messages exchanged between the client and server are not changed by an intruder 3. Server authentication, which means that the client is now sure that the server is the one that it claims to be 4. Compression of the messages, which improves the efficiency of the system and makes attack more difficult

MIME Headers

five headers MIME-Version: 1.1 Content-Type: type/subtype Content-Transfer-Encoding: encoding type Content-ID: message ID Content-Description: textual explanation of nontextual contents

Static Documents

fixed-content documents created and stored in a server client can get a copy of the document only the contents in the server can be changed, but the user cannot change them When a client accesses the document, a copy of the document is sent user can then use a browser to see the document. HyperText Markup Language (HTML), Extensible Markup Language (XML), Extensible Style Language (XSL), and Extensible Hypertext Markup Language (XHTML). We

version field

gives the version of the protocol most current version of HTTP is 1.1.

File Transfer Protocol (FTP)

the standard protocol provided by TCP/IP for copying a file from one host to another some problems - different file name conventions - different ways to represent data. - different directory structures basic model: 1. client > the user interface > the client control process > the client data transfer process 2. server > server control process > server data transfer process control connection is made between the control processes data connection is made between the data transfer processes Separation of commands and data transfer makes FTP more efficient - control connection: transfer only a line of command or a line of response at a time -data connection: needs more complex rules due to the variety of data types transferred

Sending Mail

the user creates mail that looks very similar to postal mail. has an envelope and a message envelope usually contains the sender address, the receiver address, and other information message contains the header and the body header of the message defines the sender, the receiver, the subject of the message, and some other information body of the message contains the actual information to be read by the recipien

Mail Transfer Phases

three phases: connection establishment, mail transfer, and connection termination

Network Virtual Terminal (NVT)

to access any remote computer in the world, we must first know 1. what type of computer we will be connected to 2. install the specific terminal emulator universal interface called the Network Virtual Terminal (NVT) character set client TELNET translates characters (data or commands) that come from the local terminal into NVT form server TELNET translates data and commands from NVT form into the form acceptable by the remote computer NVT uses two sets of characters, one for data and one for control - 8-bit bytes - NVT ASCII To send control characters NVT uses an 8-bit character set in which the highest order bit is set to 1.

Content-ID

uniquely identifies the whole message in a multiple message environment

Port Forwarding

use the secured channels available in SSH to access an application program creates a tunnel through which the messages belonging to other protocols can travel SSH tunneling FTP client can use the SSH client on the local site to make a secure connection with the SSH server on the remote site

HyperText Transfer Protocol (HTTP)

used to define how the client-server programs can be written to retrieve web pages from the Web HTTP client sends a request; an HTTP server returns a response. The server uses the port number 80; the client uses a temporary port number. HTTP uses the services of TCP not need to worry about errors in messages exchanged or loss of any message

Architecture

user agent (UA), a message transfer agent (MTA), and a message access agent (MAA). When Alice needs to send a message to Bob, she runs a UA program to prepare the message and send it to her mail server The message, however, needs to be sent through the Internet from Alice's site to Bob's site using an MTA. the server needs to run all the time because it does not know when a client will ask for a connection client, can be triggered by the system when there is a message in the queue to be sent. Bob later uses an MAA client to retrieve the message from an MAA server running

Receiving Mail

user agent is triggered by the user (or a timer). If a user has mail, the UA informs the user with a notice. list is displayed in which each line contains a summary of the information - the sender mail address, the subject, and the time the mail was sent or received user can select any of the messages and display its contents on the screen.

Control Connection

uses the NVT ASCII character set as used by TELNET Communication is achieved through commands and responses. - we send one command (or response) at a time - Each line is terminated with a two-character (carriage return and line feed) end-of-line token commands are sent from the client to the server and responses are sent from the server to the client. - ASCII uppercase Every FTP command generates at least one response

Data Connection

uses the well-known port 20 at the server site. ==connection creation== 1. The client, not the server, issues a passive open using an ephemeral port. This must be done by the client because it is the client that issues the commands for transferring files. 2. Using the PORT command the client sends this port number to the server. 3. The server receives the port number and issues an active open using the wellknown port 20 and the received ephemeral port number.


Related study sets

CYBR2.TestOut 12.6.4(SY0-601) (59)

View Set

Connections Between Texts in Fiction

View Set