Understanding Network Protocols

To have a clear understanding of how firewalls operate (and how Crystal Enterprise is configured within a firewall), review the major protocols used within the Internet.

Major Internet Protocols and Services

A standard number of Internet services work in conjunction with firewalls. These services are the primary reason for firewalls because companies want to control who and what goes over these services to their internal network.

HyperText Transfer Protocol

HTTP is the primary protocol that underlies the Web: It provides users access to the files that make up the Web. These files can be in many different formats (text, graphics, audio, video, and so on). This protocol is in clear text and usually operates over TCP/IP. So a typical command in HTTP asking for a red picture might look like 192.168.0.16 -> naisan.net GET /~bigdir/agenmc/red.gif HTTP/1.0.

Simple Mail Transfer Protocol

SMTP is the Internet standard protocol for sending and receiving electronic mail. The most common SMTP server on Windows NT is Microsoft Exchange. Although SMTP is used to exchange electronic mail between servers, users who are reading electronic mail that has already been delivered to a mail server do not use SMTP. When they transfer that mail from the server to their desktop they use another protocol, POP (Post Office Protocol). SMTP is also a clear text protocol, so you could send an e-mail by connecting to a SMTP server, and then entering this:

 

MAIL From:ruhi@abha.net RCPT To:arsel@futbol-khoreh.org DATA Dude! Who stole my soccer ball? . QUIT

 

File Transfer Protocol

FTP is the Internet standard protocol for file transfers. Most Web browsers support FTP, as well as HTTP, and automatically use FTP to access locations with names that begin ftp. so many people use FTP without ever being aware of it. FTP was the initial transfer protocol used for the Internet before the advent of the World Wide Web. FTP is also an open text protocol.

Remote Terminal Access

Remote terminal access is most commonly known as Telnet. Telnet is the standard for remote terminal access on the Internet, and enables you to provide remote text access for your users.

DNS Hostname/Address Lookup

A naming service translates between the names that people use and the numerical addresses that machines use. The primary name lookup system on the Internet is Domain Name System (DNS), which converts between hostnames and IP addresses.

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is a family of basic communications protocols used on the Internet. TCP/IP uses what is termed a data packet to transfer information over the Internet from one computer to another. Packets contain the data that your browser shows when it is surfing the Net. Each packet is small, so many packets are needed to transmit the data contained on one HTML page. As more and more people access the Net and transmit data, more and more packets are being transferred. This increases the need to make sure all the packets that arrive at your door (Web server) are really supposed to come in.

The TCP/IP Protocol Stack

The TCP/IP protocol stack, which makes up each packet, is constructed of the following layers, from the highest to lowest:

Packets are constructed in such a way that layers for each protocol used for a particular connection are built atop one another.

At the Application layer the packet consists simply of the data to be transferred, such as an HTML page, which is simply text. As it moves down the layers, trying to reach the wire (network cable) that it needs to go out on, each layer adds a header to the packet; this preserves the data from the previous level. These headers are then used to determine where the packet is going and to make sure it all gets there in one piece. When the data packet reaches its destination, the process is reversed. In the end, therefore, all that TCP/IP is responsible for is specifying how data can make its way from one computer to another. These computers might reside on the same network or in completely different locations. As far as firewalls are concerned, the main thing to remember is that it is not so much about how the packet physically gets to its destination but what is in that packet and whether it is supposed to be there.

TCP/IP Rules

TCP/IP is ideally suited to being the standard protocol for the delivery of information through both external and internal network architectures for the following reasons:

Network Ports

A typical server sets up services to listen on ports. A port is a "logical connection place" and specifically, using the Internet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network. Higher-level applications that use TCP/IP, such as the Web protocol HTTP, have ports with preassigned numbers. These are known as well-known ports that have been assigned by the Internet Assigned Numbers Authority (IANA). Other application processes are given port numbers dynamically for each connection. When a service starts (or is initialized), it is said to bind to its designated port number. Any client program that wants to use that service must issue its request to the designated port number.

Port numbers range from 0 to 65536. Ports 0 to 1024 are reserved for use by certain privileged services. For example, for the HTTP service, port 80 is defined as a default. When a client makes a request, the server will assign that request to a port above 1024. Two pieces of information need to be passed in the TCP/IP header: the originating address of the source request, and the target address of the destination computer. This establishes the connection points for message exchange. You typically use the shorthand IP:port to denote an address, such as 192.9.0.95:1844, which refers to IP address 192.9.0.95 and port 1844 of that IP address.

Категории