DNS protocol
DNS service role: to resolve domain names
FQDN: Fully Qualified Domain Name
DNS test
View nslookup dns addresses continue to enter the domain name, you can see ip address of the domain name, quit quit
Domain name resolution process
distributed
Root DNS is not responsible for the specific domain name resolution, just know that a corresponding IP domain name resolution
Build your own DNS server
1. Network within your own domain name resolved
2. Reduce the flow of Internet domain name resolution
3. domain environment
windows can add and delete functions, installation-related functions
DNS cache
DNS pointer query
DHCP Dynamic Host Configuration
Static IP address
Dynamic IP address
A DHCP client requests an IP address
The DHCP server must be a static address
File transfer protocol FTP (File Transfer Protocol)
Active mode (PORT): FTP client tells the FTP server listening on what port, the port to establish a connection, source port 20 FTP server and FTP client
Passive mode (PASV): the service side to open a new port, passively waiting for a client initiates a connection
FTP connection
Control connection: 21 is the standard port for transmitting the FTP command information
Data Connection: 20 is the standard port for uploading, downloading data
FTP Transfer Mode
Text Mode: ASCII mode, the text data transmitted sequence
Binary Mode: Binary mode, binary transmission
FTP server, if there is a firewall, the firewall needs to open ports 20 and 21, using active mode, the data connection
Various commands and response code
The concept of HTTP and anonymous FTP
TELNET remote terminal protocol
Use the default port TCP23
Remote Desktop RDP
Hypertext Transfer Protocol (HTTP)
www (world wide web)
http Web
Use proxy server to access Web sites
1. conserve bandwidth within the network to access the Internet
2. You can bypass the firewall via a web proxy
3. To avoid being tracked
ccproxy agent software
E-mail SMTP (send) POP3, IMAP (income)
cyber security
What aspects of security, including:
Data storage security
Application Security
Operating System Security
cyber security
Physical Security
Communicating threats on a computer network:
- Interception: eavesdropping on communications from other people's content network
- Interrupt: others intentionally disrupt communications on the network
- Tampering: deliberately tampering with packets transmitted over the network
- Forgery: forgery information transmitted over the Internet
Attack intercepted information attack called passive attack, but refused to change the user information and the use of resources called active attacks
cain software can capture the same in the user's network user name and password
Encryption Technology
Symmetric encryption: the same decryption key
Advantages: high efficiency
Cons: the key is not suitable for the high cost of Internet transmission, key maintenance (excessive transfer object, then the sender to remember a lot of the key)
Encryption Algorithm
Encryption Key
Asymmetric encryption: different decryption keys, key pair, public and private keys
Public key encryption, a private key to decrypt
Private key encryption, public key to decrypt
DES Encryption: is a block cipher
Before encryption, the entire first plaintext block for each head 64, and for each 64-bit binary data is encrypted, generating a set of 64-bit ciphertext data, the last ciphertext data of each group connected in series, you can come across ciphertext. Secret key used for the 64-bit (actually 56-bit length, 8 bits for parity)
DES algorithm disclosed, depending on the length of the key
3.5 56-bit key or 21 minutes required to break
Need to break the 128-bit key power in 1018 5.4 *
Asymmetric encryption applications:
Digital Signature: non-repudiation, after the signature can be checked whether the contents are changed
Achieved: A has public and private keys, one-way hash file of the process of generating a 128-bit digest, the digest encrypted using A's private key to obtain a signature of A, the public key of the source files of three parts, a signature, the A gave a content B, after B has received the same one-way hash digest is calculated, then the a's public key to decrypt the signature has been a summary, comparison is performed.
Certificate
ca certificate authority to accept other people apply for a certificate
applicant to obtain a public and private key, can be digitally signed
b want to accept a digital signature file, you need to trust a certificate authority, b receives a file, you can in the hair by a public key to encrypt a file with a public key with a private key to the signature file with the public key can be sent to the private key encrypted file
if a certificate is revoked, b is in the inspection certificate authority after the announcement may know of a certificate is revoked
https using symmetric and asymmetric encryption
beginning of the server to the client a public key, the client generates a symmetric encryption key, and then use the service to end this public key is encrypted and sent to the server, the server using the private key decryption, after two to communicate through this symmetric encryption key
Certificate chain validation certificate
Digital signature certificate, an application-layer security
in layers between ssl