Menu
Is free
check in
the main  /  Problems / Network service and network standards. Programs for work on the Internet

Network service and network standards. Programs for work on the Internet

The set of server and client parts of the OS providing access to a specific type of computer resource through the network is called network service.In the example above, the client and server part of the OS, which jointly provide access via the network to the computer file system form the file service.

It is said that the network service provides network users some set services.These services are also called network service(from the English-speaking term "Service"). Although the specified terms are sometimes used as synonyms, it should be borne in mind that in some cases the difference in the values \u200b\u200bof these terms is fundamental. Further in the text under the "service" we will understand the network component that implements some set of services, and under the "service" - a description of the set of services provided by this service. Thus, the service is the interface between the consumer services and the service provider (service).

Each service is associated with a specific type of network resources and / or a certain way to access these resources. For example, the print service provides network users access to shared network printers and provides a print service, and the postal service provides access to the network information resource - emails. The method of access to resources is different, for example, a remote access service - it provides computer network users access to all its resources through switched telephone channels. To obtain remote access to a specific resource, such as a printer, the remote access service interacts with the print service. The most important for users of the network OS is the file service and the print service.

Among the network services, you can select those that are not focused on a simple user, but on the administrator. Such services are used to organize the network. For example, the Bindery service of the Novell NetWare 3.x operating system allows the administrator to database on network users of the computer on which this OS is running. A more progressive approach with the creation of a centralized reference service or, otherwise, the directory service, which is pre-assigned to maintain a database not only about all users of the network, but also about all its software and hardware components. NOVEll NDS is often given as NDS directory service. Other examples of network services providing the service administrator are a network monitoring service that allows you to capture and analyze network traffic, the security service, in the function of which can be included, in particular, the execution of a logical entry procedure with a password check, backup and archiving service.

From how much a rich service set, the operating system offers end users, applications and network administrators depends on its position in the total number of network OS.

Network services are by their nature are client-server systems. Since, when implementing any network service, the source of requests (client) and the queries' executor (server) are naturally arise, then any network service contains two asymmetric parts in its composition - client and server. The network service can be represented in the operating system or both (client and server) parts, or only one of them.

It is usually said that the server provides its resources to the client, and the client uses them. It should be noted that when providing a network service of some service, resources are used not only by the server, but also the client. The client can spend a significant part of its resources (disk space, processor time, etc.) on maintaining the operation of the network service. The fundamental difference between the client and the server is that the client always performs the initiator of the operation of the network service, and the server is always in passive queries' expectation mode. For example, the mail server performs a post-mail to the user's computer only when a request from the mail client is received.

Usually, the interaction between client and server parts is standardized, so that one type of server can be designed to work with various types of clients, implemented in various ways and even by different manufacturers. The only condition for this - clients and the server must support the overall standard interconnection protocol.

The data level task is to provide network level services. The main service is to transmit data from the network layer of the transmitting machine to the network level of the receiving machine. A similar entity is running on the transmitting machine, or a process that transmits bits from a network layer to the data level for transferring them to the destination. The operation of the data transmission is to transfer these bits to the receiving machine so that they can be transmitted to the network level of the receiving machine, as shown in Fig. 3.2, a. In fact, the data is transmitted along the path shown in Fig. 3.2, B, however it is easier to imagine two levels of data transmission, binding to each other using the data transmission protocol. For this reason, throughout this chapter will be used the model shown in Fig. 3.2, a.

The data level may provide various services. Their set can be different in different systems. The following options are usually possible.

1. Service without confirmation, without connecting the connection.

2. Service confirmation, without installation connection.

3. Confirmation confirmation service.

Consider these options in turn.

The service without confirmation and without the installation of the connection lies in the fact that the transmitting machine sends independent frames of the receiving machine, and the receiving machine does not send confirmations about the reception of frames. No connections are installed in advance and do not burst after the transfer of frames. If any frame is lost due to noise in the line, then at the data transfer level does not attempt to restore it. This service class is acceptable at a very low level of errors. In this case, questions related to the recovery of data lost during data transmission can be left upper levels. It also applies in real-time communication lines, such as voice transmission, in which it is better to get distorted data than to get them with a large delay. Service without confirmation and without connecting the connection is used in the data level in most local networks.

The next step towards improving reliability is a confirmation service, without connecting the connection. When using it, the compound is also not installed, but the receipt of each frame is confirmed. Thus, the sender knows whether the frame came to the destination destination. If no confirmation time arrives during the set interval, the frame is sent again. Such a service is useful in the case of using channels with a high probability of errors, for example, in wireless systems.

It should be noted that the provision of confirmations is more likely to optimize than the requirement. Network level can always send a package and expect to confirm its delivery. If the confirmation period is not received by the sender, the message can be sent again. The problem when using this strategy is that frames usually have a rigid limitation of the maximum length associated with hardware requirements. Network level packets such restrictions do not have. Thus, if the average message is divided into 10 frames and 20% of them is lost on the road, then the transfer of the message to this method can take a lot of time.

If you confirm the receipt of individual frames and, in case of an error, send them again, the transmission of the entire message will take much less time. In such reliable channels, such as fiber optic cable, overhead of confirmation on the data level, only reduce the bandwidth of the channel, however, such expenses will pay such expenses and reduce the transmission time of long messages.

The most difficult service that can provide the level of data transfer is a connection-oriented service with confirmation. When using this method, the source and receiver before passing each other, the connection is established. Each selected frame is numbered, and the channel level ensures that each sent frame is really accepted on the other side of the communication channel. In addition, it is guaranteed that each frame was accepted only once and that all frames were obtained in the right order. In the service without establishing a connection, on the contrary, it is possible that when the confirmation loss, the same frame will be sent several times and, therefore, received several times. The service-oriented service provides network level processes equivalent to a reliable bit stream.

When using a service-oriented data transfer consists of three different phases. The first phase establishes a connection, while both parties initialize variables and counters required for tracking which frames have already been accepted, and which are not yet. In the second phase, data frames are transmitted. Finally, in the third phase, the connection is broken and all variables, buffers and other resources used during the connection are released.

Consider a typical example: a global network consisting of routers connected from the node to the node selected telephone lines. When the frame arrives at the router, the equipment checks it for errors (using the method that we will study a little later) and transmits the frame of the data level software (which can be implemented in the network card chip). The data level program checks whether it is the frame that was expected, and if so, it transmits a packet stored in the payload field of the frame, routing program. The routing program selects the desired output line and transmits a packet back to the data level program that transmits it further over the network. The passage of the message through two routers is shown in Fig. 3.3.

Routing programs often require proper performance, that is, they need a reliable connection with ordered packages on all lines connecting routers. Such programs usually do not like if you have to worry about lost packages too often. Make unreliable lines reliable or at least quite good - the task of transferring the data shown in the figure by a dotted rectangle. Note that although the figure shows several copies of the data transfer program, in fact, all communication lines are served by one copy of the program with various tables and data structures for each line.

More on the topic Services provided by the network level:

  1. Now our population has decreased to such a level that we are increasingly harder to protect the Western coast, which we have so far have been provided, while in the closest future you will need much more efficient protection.

The main provisions of the International Standard ISO / IEC 17799.

Part 19: Access control. Continued.

Access control to the computing network

Access both internal and external network services should be monitored. This will help ensure that users who have access to the network and network services do not violate the security of these services. For this, the following means are used:

    relevant interfaces between the organization and public networks and networks belonging to other organizations;

    appropriate authentication mechanisms for users and equipment;

    use of user access to information services.

Network Services Use Policy

Unprotected connecting to network services may affect the safety of the whole organization. Users should be provided direct access only to those services, on the use of which they received a special permission. This is especially important for network connections to confidential or critical business applications, as well as for users working in areas with an increased risk, for example, in public places and in external territories outside the area of \u200b\u200bprotection funds implemented in the organization.

It is necessary to develop policies for the use of networks and network services. This policy should cover:

    networks and network services to which access is allowed;

    administrative rules and tools for protecting access to network connections and network services.

This policy should be agreed with the access control policies in the organization.

User authentication for external connections

External connections (for example, connecting via telephone lines) provide a potential opportunity for unauthorized access to the organization information. In this regard, authentication should be applied to access remote users.

There are various authentication methods. Some of these methods provide more efficient protection compared to others - for example, encryption based methods can provide enhanced authentication. The required level of protection should be determined when assessing risks. This information will be required when choosing a suitable authentication method.

To authenticate remote users, you can use, for example, cryptographic methods, hardware or protocols with a request and confirmation. In addition, to ensure the authenticity of the connection source, highlighted private lines or network addresses checks can be used.

To protect against unauthorized and unwanted connections to information processing tools, the callback means can be used, for example, modems with a callback function. This monitoring method is used to authenticate users trying to connect to the organization's network from the remote item. When applying this method, you should not use network services that ensure call redirection. If the call redirection feature is still available, it should be turned off to avoid associated vulnerabilities. In addition, the reverse call process must necessarily include verification of the real termination of the organization from the organization. Otherwise, the remote user can remain on the line, sympting the check by the callback. Reverse callbacks should be carefully checked for the presence of this feature.

Authentication of nodes

Automatic connection to the remote computer can be used for attackers to obtain unauthorized access to business-offering. In this regard, connections to remote computer systems should require authentication. This is especially important if the network is used outside the organization control.

Node authentication can be an alternative to authenticate remote user groups when connected to shared protected computer services.

Protection of remote diagnostic ports

Access to diagnostic ports should be carefully monitored. In many computers and communication systems, there is a remote diagnostic system by connecting the telephone line used by the service service engineers. In the absence of protection, such diagnostic ports can be used for unauthorized access. Therefore, they must be protected using the appropriate protective mechanism (for example, a lock). It is necessary to enter rules that guarantee that these ports will be available only by agreement between the employee responsible for the computer system, and the service personnel professionals.

Separation of computing networks

As partnerships appear, requiring the association or sharing of networks and information processing, networks are increasingly overcome by the traditional framework of the organization. Such an extension can increase the risk of unauthorized access to the information systems connected to the network, some of which may require protection from other network users from being critical or confidentiality. In such conditions, it is recommended to consider the introduction of network control tools to separate information services, users and information systems.

One of the security control methods in large networks is the separation of such networks into separate logic network zones, for example, internal network zones of the organization and external network zones. Each such zone is protected by a certain perimeter of security. A similar perimeter can be implemented by installing a secure gateway between two united networks to monitor access and transmit information between these two domains. The configuration of this gateway should ensure the traffic filtering between these domains and blocking unauthorized access in accordance with the access control policies in the organization.

A good example of this gateway is the system that is called a firewall.

requirements for access. In addition, when implementing network routing and gateways, it is necessary to take into account the relative cost and impact on productivity.

Control network connections

Access control policy in shared networks, especially those networks that go beyond the limits of the organization, may require the implementation of means of restricting connection capabilities for users. Such tools can be implemented using network gateways filtering traffic in accordance with the specified table or set of rules. Entered restrictions should be based on the access policies and the needs of the organization. These restrictions must be supported and updated in a timely manner.

Here are examples of areas for which restrictions need to be introduced:

    email;

    one-sided transfer of files;

    bilateral file transfer;

    interactive access;

    network access with binding to a day or date.

Control network routing

In shared networks, especially those networks that go beyond the organization, there may be a need to create routing controls that guarantee that computer connections and data flows do not violate the access control policies in the organization. Such control is often needed for networks that are used in conjunction with other users who are not employees of the organization.

Routing control tools should be based on special mechanisms for checking the source addresses and destination. In addition, for the insulation of networks and prevent the occurrence of routes between two networks of various organizations, it is very convenient to use the network address transmission mechanism. These funds can be implemented both on software and hardware level. When implementing it is necessary to take into account the power of the selected mechanisms.

Standard materials provided by the company

When they talk about using the Internet, then in fact we are talking about individual services (services) that are implemented in this network. Depending on the purposes and tasks, the network clients use those services that they need.

Different services have different application protocols. Their compliance is provided and supported by the work of special programs that must be installed on the computer. Recall that such programs are called client.

Terminal mode (Telnet) . Historically, one of the earliest network services is the service remote control serviceTelnet . Connecting a remote computer using this service protocol, you can manage it. Such management is called console or terminal. Previously, this service was widely used to carry out complex mathematical calculations on powerful computing machines. The name of the mainsalel-clients is inappropriate, since each server providing such a service offers its client support. Work in this case reminds work for the terminal of the computer in the time separation mode. In practice, this mode is rarely used.

Email (e-mail).This is an email transmission method electronically. Special mail servers are engaged in providing this service on the Internet. Mail servers receive messages from customers and forward them along the chain to email servers of addressees.

The principle of working with e-mail is very similar to working with ordinary correspondence. The Internet Service Provider (Provider) opens the user an email box, which will be sent to the user to send the correspondence. This mailbox is put in accordance with the email address, the so-called E-mailand password. In fact, the user is given the opportunity to maintain a certain amount of information on the provider's computer. Since the capacity of the provider's discs is not irreplaceable, information in the mailboxes is either limited by volume and storage time, or the postal post is established. When exchanging mail messages, the sender and recipient should not be at the same time be on the communication line. Send messages fall into the mailbox, from where they can be taken at a convenient time. When you establish a connection between the addressee and its mail server, you can automatically transmit received messages to the address of the addressee.

Postal service is based on two applied protocols SMTP. (Simple. Mail Transfer. ProtocolThe simplest mail transfer protocol)and Pop3 (POST. Office. Protocol 3-prodocol of the post office, version 3).On the first, sending correspondence from the computer to the server, and on the second, the reception of the messages received.

There is a wide variety of client mail programs. These include, for example, MicrosoftOutlookExpress, which is part of the operating systemWindows98 as standard. A more powerful program that integrates in addition to supporting e-mail Other degree management tools -MicrosoftOutlook2000. Programs use programsTheBatiudoRapro.

Mailing lists (MailList). An ordinary email involves participation in the correspondence of two partners. To expand its circle of communication, you can subscribe to the postal information on the subject of interest to the so-called mailing lists. Special thematic servers that collect information on certain topics are transferred to your email address.

Teleconferencing services(Usenet).This is a huge, based on messages, an electronic announcement board called teleconferencesor news groups. Unlike email, information in newsgroups is available for universal review. For the convenience of discussion, various groups were formed, the participants of which send and accept messages on a certain topic.

The main use of newsgroups is to ask a question by contacting the whole world, and then get an answer or advice from those who have already understood with this issue. It is necessary to ensure that the question corresponds to the subject of the Conference.

Special client programs exist to work with teleconferencing. For example, the MicrosoftOutlookExpress application allows you to work with the teleconference service. To get started, you must configure the program to interact with the message group server, place a subscription to certain groups and periodically receive all messages passing through the selected topic.

FTP service (File Transfer Protocol- File transfer protocol).This service allows you to receive and transmit files and today is the most common to obtain software products.

WWW (World Wide Web- The World Wide Web).This This makes it possible to work with hypertext and hyperming documents. . WWW has a special HTTPHYPER TEXT Transfer Protocol protocol (hypertext transmission protocol). Hypertext documents are created using a special HTMLHYPER Text Markup Language language (Hypertext markup language). A document prepared using this language and accessible to the user is called a Web page. Programs for viewingWeb pages are called browsers or browsers. The most successful term to designate the WheB-Pages - Navigation.

ServiceArchie.Allows you to find the Internet file by his name. However, recently this service has become less popular, as search engines appeared in WWW, allowing you to search in a simple way.

Gopher.This system access system via the attached menu. It is a prototype of the World Wide Web, but currently gradually devies, as moving on WWW is simpler and more convenient.

WAIS (Wide Area Information Service-Information service of a wide area). This information search system for keyword.

IRC.. (Internet Relay Chat). Designed for direct communication of several people in real time. Sometimes this service is called chat conferencesor chaty.

There are several popular client programs for working with servers and networks that support the IRC service. One of the most popular programs is Mirc.exe program.

ICQ.. This service is designed to search for a networkip address of the person currently connected to the Internet. To use this service, you must register on the central server ( http.:// www.. iCQ.. com.) and get a personal identification numberUn ( Universal Internet Number). This number can be reported to partners in contacts, and then the service is a particular character-pager.

There are still many interesting destinations of the Internet, for example, telephone conversations,getting a radio and telecast.

They are divided into interactive, straight and pending readings. Services related to the deferred reading class (OFF-Line) are most common, most universal and least demanding of computer resources and communication lines. The main feature of this group is the feature that the request and receipt of information can be quite divided into time (e-mail). Direct circulation services are characteristic of the fact that information on request is returned immediately. However, the recipient does not require an immediate response (FTP). Services where immediate response to the received information is required, i.e. The information received is, in fact, the query is interactive (on-line) services (WWW).

Email (e-mail) is the first of the Internet services, the most common and effective of them. This is a typical delayed reader. E-mail ( E.lectronic mail) - Electronic analogue of ordinary mail. The usual letter consists of an envelope on which the recipient's address is written and the postcases of the post offices of the route, and the contents of the letter actually. The email also consists of headers containing official information (about the author of the letter, the recipient, the path of passing over the network, etc.), playing the role of an envelope, and the writer's own. Using emails, you can send and receive messages, send copies of the letter at the same time multiple recipients, forward the received email to another address, include files in the letter, etc.

Usenet's network news, or, as they are called in Russian networks, teleconference is, perhaps, the second most common Internet service. If email transmits messages on the principle of "from one to one", the network news transmit messages "from one to many". The transmission mechanism of each message is similar to the transfer of rumors: each network node, learned something new (i.e. received a new message), transfers the news to all familiar nodes, i.e. All those nodes with whom it exchanges news. Thus, once the sent message applies, repeatedly duplicated, on the network, reaching for quite a short time all participants of the USENET teleconferences throughout the world. At the same time, many people can participate in the discussion, regardless of where they are physically. The number of UseNet users is very large - estimated UUNET Technologies, the number of new messages entering teleconference daily is about a million.

Another simple, but at the same time a very useful Internet service - mailing lists (MailLists). This is almost the only service that does not have its own protocol and client program and operating exclusively through email. The idea of \u200b\u200bthe mailing list is that there is a certain email address, which is actually a common address of many people - subscribers of this mailing list. A letter sent to this address will receive all people signed on this mailing list. Causes of using mailing lists: First, messages distributed by e-mail will always be read by the subscriber, waiting for it in the mailbox, while the articles in the network news are erased after a certain time and become unavailable. Secondly, mailing lists are more manageable and confidential: the list administrator fully controls the subscriber set and can monitor the contents of the messages. Each mailing list is conducted by any organization, and it has complete control over the list, in contrast to the USENET news that do not belong to anyone and less managed. Thirdly, to work with the distribution list, it is enough to access email, and subscribers may have people who do not have access to UseNet news or any groups of these news. Fourth, this method of transmitting messages can simply be faster, since the messages are sent directly to subscribers, and not by a chain between Usenet servers.



FILE TRANSFER PROTOCOL (FTP) - remote file access, protocol that defines the rules for transferring files from one computer to another. To work with FTP, you need to have the right to log in to the remote machine with which you want to throw yourself files, i.e. Have an input name and know the appropriate password. Despite his prevalence, FTP has many drawbacks. FTP clients can not always be comfortable and easy to use. You can not always understand what exactly the file is in front of you. There is no simple and universal search tool on Anonymous FTP servers (this means that the connection to the FTP server can pass under its name). FTP programs are rather old and some of their features that are useful at birth, are not very clear and need today. FTP servers are undentered, and it carries their problems.

Perhaps the most "network" service Internet is remote access (Remote Login, telnet) - This is a job on a remote computer in the terminal emulation mode of the required network node, i.e. Execution of all (or almost all) actions that can be from a regular Telnet server terminal. Traffic relating to this type of work on the network is on average about 19% of the total network traffic. Telnet - Terminal emulation protocol, which provides support for remote Internet access. To use this service, you must have access to the Internet class not lower than Dial-Up access.

Wais. (Pronounced as Weis) - Another Internet service, which is decrypted as a wide profile information system, but in fact this is a set of programs intended for indexing large volumes unstructured, as a rule, simply textual, information, search for such documents and their extraction. There are programs for indexing, for local search for the obtained indexes, as well as a server and client program that communicate with each other by a special protocol.


Gopher. - This is a distributed system for exporting structured information. When working with it, you are in the system of nested menus, from which files of various types are available - as a rule, simple texts, but it can be graphics, and sound and any other types of files. Thus, files with information are exported to public access, but not in the form of a file system, as in FTP, but as an annotated tree structure. GoPher - direct access service and requires the server, and the client is fully connected to the Internet.

Gopher Shell is one of the integrators of Internet capabilities. It is available and sessions Telnet, and FTP, and E-mail, etc. This shell also includes interfaces with such servers, with which manual communication is impossible due to their machine-oriented protocol.

Another possibility of integrating network services Internet is the World Wide Web (WORD WIDE WEB, abbreviated Www). It's currently www gained the most widespread. The main unit of submission of network information in WWW is the so-called hypertext document.

traffic (Traffic):movement, data stream in the transmitting medium, the amount of data flow in the local or global network.

Universal Resource Identification (URI) This is a universal formation form of information resources, is a rather slim system that takes into account the experience of addressing and identifying E-Mail, Gopher, Wais, Telnet, FTP, and the like. But really, from all that is described in the URI, only Universal Resource Locator (URL) is required to organize databases in WWW. Without this specification, the entire HTML power would be useless. The URL is used in hypertext links and provides access to distributed network resources. In the URL you can address both other HTML hypertext documents and E-mail, Telnet, FTP, Gopher resources. Using the URL imposes two restrictions on the addressing resources: the first and most important is that the URL should not be spaces, the second limitation is that the URL distinguishes the uppercase and lowercase letters, even in those systems where they usually do not differ.

The network protocol provides links to local computers with remote servers.

Common Gateway Interface is designed to expand WWW capabilities by connecting external software. He allowed to continue the principle of publicity, ease of development. The proposed and described in CGI connection method did not require additional libraries. It was very simple .. The server interacted with programs through standard I / O streams, which simplified programming. The main purpose of Common Gateway Interface is to provide a uniform data flow between the server and the application program that runs from the server. CGI Defines the data exchange protocol between the server and the program.

The concept of the CGI gateway. Difference from the usual CGI program.

Application software running with the server is divided into conventional CGI programs and gateways. An ordinary CGI program is launched by the NTTT server to perform some work, returns the results to the server and completes its execution. The gateway is performed just like the usual CGI program, only in fact it initiates interaction as a client with a third program.

Hot Java allows you to use programs written in Java and built into the WWW document. These programs are called applets (Applet).