Basic knowledge of intranet penetration

Internet 2023-05-05 15:19:58 views: null

1. Overview of Intranet

Intranet also refers to a local area network, which refers to a computer group formed by interconnecting multiple computers in a certain area. Generally within a radius of several kilometers, the local area network can realize file management, application software sharing, printer sharing, process arrangement in the working group, e-mail and fax communication services and other functions.

The intranet is closed, and it can consist of two computers in an office, or thousands of computers in a company. Such as banks, schools, factories, etc.

Keywords: Workgroup, Domain, Domain Controller (DC), Parent Domain, Child Domain, Domain Tree, Domain Forest, Active Directory (AD), DMZ, Intra-Domain Authority

1.1 Working Group

Working group: In a large unit, there may be hundreds of computers connected to each other to form a local area network, and they will all be listed in the "My Network Places". If these computers are not grouped, one can imagine how confusing it is. A computer is difficult. In order to solve this problem, there is the concept of "working group". Different computers are generally classified into different working groups according to their functions and departments. All included in the "administrative department". If you want to access a resource that you don't want to buy, you can find the workgroup name of that department in the "Network", and double-click to see all the computers in that department. Compared with the case of no grouping, it is much more orderly, especially for large local area networks.

1.1.1 Join/Create a working group

Join/create a workgroup

Right-click "Computer" on the desktop, select Properties from the pop-up menu, click Change Settings, Change, enter the name in the computer name column, and enter the name of the workgroup you want to join in the workgroup column.

If the workgroup name you entered does not exist in the network, it is equivalent to creating a new workgroup, of course only your computer is in the group for the time being. After you click the OK button, the window prompts that you need to restart. After restarting, you can see the members of the workgroup you have joined after entering the network.

 1.1.2 Leaving the working group

        Just change the workgroup name. However, people on the Internet can still access your shared resources. You are also free to join any other workgroup on the same network. A "workgroup" is like a "community" that can enter and exit freely, so that computers in the same group can access each other.

        Therefore, the working group does not have a real centralized management function. All computers in the working group are equal, and can also be divided into servers and clients.

1.2 domain

Domain (Domain) is a collection of computers with a security boundary (the security boundary is in two domains, and users in one domain cannot access the resources in the other domain). The domain can be simply understood as an upgraded "workgroup". Compared with the working group, it has a strict security management control mechanism. If you want to access the resources in the domain, you must have a legal identity to log in to the domain, and what permissions do you have for the resources in the domain? It also depends on who you are as a user on the domain.

Domain controller (DC for short) is a computer similar to a management server in a domain, which is equivalent to the guard of a unit. Mutual visits are first checked by him.

Domain classifications include: single domain, parent domain, subdomain, domain tree, domain forest, DNS domain name server

1.2.1 Single domain 

In a typical small company with a fixed geographic location, setting up a domain will suffice.

Generally, at least two domain servers should be established in a domain, one as a DC and the other as a backup DC. If there is no second backup DC, once the DC is down, other users in the domain cannot log in to the domain, because the database of the active directory is stored in the DC. And if there is a backup domain controller (BDC), at least the domain can still be used normally, and the paralyzed DC can be restored during the period.

1.2.2 Parent domain

For management and other needs, it is necessary to divide multiple domains in the network. The first domain is called the parent domain, and the domains in each part are called the subdomains of this domain.

For example, if a large company has different branches in different geographical locations, it needs a structure such as parent domain and subdomain.

If branches in different geographic locations are placed in the same domain, it will take a long time for information exchange (including synchronization, replication, etc.) between them, and occupy a large amount of bandwidth. (In the same domain, there are many items of information exchange, and they are not compressed; between domains, there are fewer items of information exchange, and they are compressed)

Another advantage is that subsidiaries can manage their own resources through their own domains.

In other cases, it is in the consideration of security policy, because each rain has its own unique security policy. For example, if a company's financial department wants to use a specific security policy, Nami can make the financial department a subdomain for separate management.

1.2.3 Domain tree

A domain tree refers to a collection of several domains formed by establishing trust relationships. A domain manager can only manage the inside of the domain, and cannot access or manage other domains. A trust relationship needs to be established for mutual access between two domains.

The trust relationship is a bridge connecting domains. The parent domain and subdomains in the domain tree can not only manage each other as needed, but also distribute device resources such as files and printers across networks, so that different domains can realize network Resource sharing and management, as well as mutual communication and data transmission.

In a domain tree, the parent domain can contain many subdomains, and the subdomain refers to each segment of the domain name relative to the parent domain. Subdomains can only use the parent domain as the suffix of the domain name, that is to say, in a domain tree, domain names are continuous.

 1.2.4 Domain Forest

A domain forest refers to a set of several domain trees formed by establishing trust relationships. The resources in the entire forest can be managed and used through the trust relationship established between the domain trees, thus maintaining the characteristics of the original domain itself.

1.3 DNS domain name server

A DNS domain name server is a server that converts domain names and corresponding IP addresses.

In the introduction of the domain tree, you can see that the domain name in the domain tree is very similar to the name of the DNS domain. In fact, the name of the domain is the name of the DNS domain, because the computers in the domain use DNS to locate domain controllers and servers and other computers, web servers, etc.

Under normal circumstances, when we infiltrate the intranet, we locate the domain controller by looking for the DNS server, because usually the DNS server and the domain controller will be on the same machine.

1.4 Active Directory

Active Directory is the component that provides directory services in a domain environment.

What is a directory? A directory is the storage of information about network objects such as users, groups, computers, shared resources, printers, and contacts. Directory service is a service that helps users quickly and accurately find the information they need from the directory.

If the intranet of an enterprise is regarded as a dictionary, then the resources in the intranet are the content of the dictionary, and the active directory is equivalent to the index of the dictionary. That is, the active directory stores shortcuts of all resources in the network, and users locate resources by looking for shortcuts.

1.4.1 Logical structure

In Active Directory, administrators can completely ignore the specific geographic location of managed objects, and place these objects in different containers in a certain way. Since this method of organizing objects does not consider the specific geographical location of the managed objects, this organizational framework is called "logical structure".

The logical structure of the active directory includes the organizational unit (OU), domain (domain), domain tree (tree), and domain forest (forest) mentioned above. All domains in the domain tree share an active directory, and the data in this active directory is stored in various domains, and each domain only stores the data in this domain.

1.4.2 Main Functions of Active Directory

  • Accounts are managed centrally, and all accounts are stored on the server, which is convenient for reordering/resetting passwords of accounts.
  • Centralized software management, unified push software, unified secure network printer, etc. Distributing software using a software release strategy allows users to freely choose to install the software.
  • The environment is managed centrally, and AD can be used to unify client desktop, IE, TCP/IP and other settings.
  • Enhance security, deploy anti-virus software and anti-virus tasks in a unified manner, centrally manage users' computer rights, and formulate user password policies in a unified manner, etc., can monitor the network, and manage data in a unified manner.
  • More reliable, less downtime. For example, use AD to control user access rights, and use cluster load balancing and other technologies to set up disaster recovery for file servers, which is more reliable and less downtime.
  • Active directory is the basic platform of Microsoft's unified management, and other services such as isa, exchange, and sms all rely on this basic platform.

The difference between AD and DC·

  • If the network scale is large, we will consider putting many objects in the network: computers, users, user groups, printers, shared files, etc. Use to find, manage and use these objects. This hierarchical database is the active directory database, referred to as the AD library
  • So what computer should we put this database on? The regulation is like this, we call the computer where the Active Directory database is stored DC. So when we implement a domain environment, we actually install AD. When AD is installed on a computer in the intranet, it becomes a DC.

Guess you like

Origin blog.csdn.net/y995zq/article/details/129684938
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com