Server

Any computerized process that shares a resource to one or more client processes is a server.

Server types The different types of servers are as below,

Application server

Catalog server

Communications server

Compute server

Database server

Fax server

File server

Game server

Home server

Mail server

Media server

Name server

Print server

Proxy server

Sound server

Stand-alone server

Web server

2

Application Server

An application server is a component-based product that resides in the middle-tier of a server centric architecture.

It provides middleware services for security and state maintenance, along with data access and persistence.

Java application servers are based on the Java 2 Platform, Enterprise Edition (J2EE).

Java application servers

Java Platform, Enterprise Edition or Java EE (was J2EE) defines the core set of API and features of Java Application Servers.

The Web modules include servlets, and JavaServer Pages. Enterprise JavaBeans are used to manage transactions.

According to the J2EE blueprints the business logic of an application resides in

Enterprise JavaBeans - a modular server component providing many features,

including declarative transaction management, and improving application

scalability.

Some Java Application Servers leave off many Java EE features like EJB and JMS including Tomcat from Apache, and Jetty from Eclipse Foundation.

Their focus is more on Java Servlets and JavaServer Pages.

There are many open source Java application servers that support Java EE

including JOnAS from Object Web, JBoss AS from JBoss (division of Red Hat),

Geronimo from Apache, TomEE from Apache, Resin Java Application Server

from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from

Enhydra.org, and GlassFish from Oracle.

Commercial Java application servers have been dominated by WebLogic

Application Server by Oracle, WebSphere Application Server from IBM and the

open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

3

A Java Server Page (JSP) executes in a web container. JSPs provide a way to create HTML pages by embedding references to the server logic within the page.

HTML coders and Java programmers can work side by side by referencing each other's code from within their own.

The application servers mentioned above mainly serve web applications, and services via RMI, EJB, JMS and SOAP.

Some application servers target networks other than web-based ones: Session Initiation Protocol servers, for instance, target telephony networks.

J2EE application server

B) Catalog servers

A catalog server provides a single point of access that allows users to centrally search for information across a distributed network.

In other words, it indexes databases, files and information across large network and allows keywords, Boolean and other searches.

Example: VPN, Intranet, Extranet, Internet and etc….

4

Communications server

Communications servers are open, standards-based computing systems that

operate as a carrier-grade common platform for a wide range of communication

applications and allow equipment providers to add value at many levels of the

system architecture.

Support for communications servers as a category of server is developing rapidly throughout the communications industry.

Standards bodies, industry associations, vendor alliance programs, hardware and

software manufacturers, communications server vendors and users are all part of

an increasingly robust communications server ecosystem.

Regardless of their specific, differentiated features, communications servers have the following attributes:

Open

Flexible

Carrier-grade and

Communications-focused.

5

Open

Based on industry-managed open standards.

Broad, multi-vendor ecosystem.

Industry certified interoperability.

Availability of tools that facilitate development and integration of applications at

the standardized interfaces.

Multiple competitive options for standards-based modules.

Flexible

Designed to easily incorporate application-specific added value at all levels of the

solution.

Can be rapidly repurposed as needs change to protect customer investment.

Multi-level, scalable, bladed architecture.

Meets needs of multiple industries beyond telecommunications, such as medical

imaging, defense and aerospace.

Carrier grade

Designed for

Longevity of supply. Extended lifecycle (>10 years) support.

High availability (>5NINES).

“Non-disruptively” upgradeable and updateable.

Hard real time capability to ensure quality of service for critical traffic.

Meets network building regulations.

6

Communications server

D) Compute server

It is a kind of parallel processor where the parallel processors have no I/O except

via a bus or other connection to a front-end processor which handles all I/O to

disks, terminals and network.

In some antiquated IBM mainframes, a second CPU was provided that could not access I/O devices, known as the slave or attached processor, while the CPU having access to all devices was known as the master processor.

Example: IBM mainframe series.

Compute server

7

E) Database server

A database server is a computer program that provides database services to other computer programs or computers, as defined by the client–server model.

Database management systems frequently provide database server functionality,

and some DBMSs (e.g., MySQL) rely exclusively on the client–server model for

database access.

Such a server is accessed either through a "front end" running on the user’s

computer which displays requested data or the "back end" which runs on the server

and handles tasks such as data analysis and storage.

In a master-slave model, database master servers are central and primary locations

of data while database slave servers are synchronized backups of the master acting

as proxies.

Most of the Database servers works with the base of Query language. Each

Database understands its query language and converts it to Server readable form

and executes it to retrieve the results.

Some examples of proprietary database servers are Oracle, DB2, Informix, and

Microsoft SQL Server. Examples of GNU General Public License database servers

are Ingres and MySQL. Every server uses its own query logic and structure. The

SQL query language is more or less the same in all relational database servers.

DB-Engines lists over 200 DBMSs in its ranking.

Database server

8

F) Fax server

A fax server is a system installed in a local area network (LAN) server that allows

computer users whose computers are attached to the LAN to send and receive fax

messages.

Alternatively the term fax server is sometimes used to describe a program that

enables a computer to send and receive fax messages, set of software running on a

server computer .

It is equipped with one or more fax-capable modems (or dedicated fax boards)

attached to telephone lines or, more recently, software modem emulators which

use T.38 ("Fax over IP") technology to transmit the signal over an IP network.

Its function is to accept documents from users, convert them into faxes, and

transmit them, as well as to receive fax calls and either store the incoming

documents or pass them on to users.

Users may communicate with the server in several ways, through either a local network or the Internet.

In a big organization with heavy fax traffic, the computer hosting the fax server

may be dedicated to that function, in which case the computer itself may also be

known as a fax server.

Fax server

9

In computing, a file server (or fileserver) is a computer attached to a network that

has the primary purpose of providing a location for shared disk access, i.e. shared

storage of computer files (such as documents, sound files, photographs, movies,

images, databases, etc.) that can be accessed by the workstations that are attached

to the same computer network.

The term server highlights the role of the machine in the client–server scheme, where the clients are the workstations using the storage.

A file server is not intended to perform computational tasks, and does not run programs on behalf of its clients.

It is designed primarily to enable the storage and retrieval of data while the computation is carried out by the workstations.

File servers are commonly found in schools and offices, where users use a LAN to connect their client computers.

File server

10

Game Server

A game server (sometimes host or shard) is a server which is the authoritative source of events in a multiplayer video game.

The server transmits enough data about its internal state to allow its connected

clients to maintain their own accurate version of the game world for display to

players.

They also receive and process each player's input.

Game server

11

I) Home Server

A home server is a server located in a private residence providing services to

other devices inside or outside the household through a home network or the

Internet.

Such services may include file and printer serving, media center serving, web

serving (on the network or Internet), web caching, account authentication and

backup services.

Because of the relatively low number of computers on a typical home network, a

home server commonly does not require significant computing power and can be

implemented with a re-purposed, older computer, or a plug computer.

An uninterruptible power supply is sometimes used in case of power outages that can possibly corrupt data.

Firefox home server architecture

12

A mail server (also known as a mail transfer agent or MTA, a mail transport agent,

a mail router or an Internet mailer) is an application that receives incoming e-mail

from local users (people within the same domain) and remote senders and forwards

outgoing e-mail for delivery.

Mail server

13

K) Media server

A media server refers either to a dedicated computer appliance or to a specialized

application software, ranging from an enterprise class machine providing video on

demand, to, more commonly, a small personal computer or NAS (Network

Attached Storage) for the home, dedicated for storing various digital media

(meaning digital videos/movies, audio/music, and picture files).

Media server

L) Name server

A name server is a computer hardware or software server that implements a network service for providing responses to queries against a directory service.

It translates an often humanly-meaningful, text-based identifier to a system-internal, often numeric identification or addressing component.

This service is performed by the server in response to a service protocol request.

14

An example of a name server is the server component of the Domain Name System (DNS), one of the two principal name spaces of the Internet.

The most important function of DNS servers is the translation (resolution) of

human-memorable domain names and hostnames into the corresponding numeric

Internet Protocol (IP) addresses, the second principal name space of the Internet

which is used to identify and locate computer systems and resources on the

Internet.

Name server

M) Print server

A print server, or printer server, is a device that connects printers to client computers over a network.

It accepts print jobs from the computers and sends the jobs to the appropriate

printers, queuing the jobs locally to accommodate the fact that work may arrive

more quickly than the printer can actually handle.

Ancillary functions include the ability to inspect the queue of jobs to be processed, the ability to reorder or delete waiting print jobs, or the ability to do various kinds

15

of accounting (such as counting pages, which may involve reading data generated

by the printer(s)).

Print servers may support a variety of industry-standard or proprietary printing

protocols including Internet Printing Protocol, Line Printer Daemon protocol,

NetWare, NetBIOS/NetBEUI, or JetDirect.

A print server may be a networked computer with one or more shared printers.

Alternatively a print server may be a dedicated device on the network, with

connections to the LAN and one or more printers.

Dedicated server appliances tend to be fairly simple in both configuration and

features. Print server functionality may be integrated with other devices such as a

wireless router, a firewall, or both.

A printer may have a built-in print server.

All printers with the right type of connector are compatible with all print servers.

Manufacturers of servers make available lists of compatible printers because a

server may not implement all the communications functionality of a printer (e.g.

low ink signal).

Print server

16

N) Proxy server

In computer networks, a proxy server is a server (a computer system or an

application) that acts as an intermediary for requests from clients seeking resources

from other servers.

A client connects to the proxy server, requesting some service, such as a file,

connection, web page, or other resource available from a different server and the

proxy server evaluates the request as a way to simplify and control its complexity.

Proxies were invented to add structure and encapsulation to distributed systems.

Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity.

Proxy server

17

O) Sound server

A sound server is software that manages the use of and access to audio devices (usually a sound card).

It commonly runs as a background process.

The term could also apply to a complete computer which is in a server role,

dedicated to audio streaming or a networked or stand-alone appliance for playing

sounds and sound files.

Sound server

P) Stand-alone server

A stand-alone server is a server that does not belong to or govern a Windows

domain; the server may, however, belong to a workgroup (a peer-to-peer network

of Microsoft Windows computers).

This definition could also apply to any non-virtualized singular instance operating system running on dedicated hardware, usually rack mounted.

The operating system need not only be Microsoft Windows but can include IBM AIX, Red Hat Linux, Oracle Solaris and many other operating system.

18

Stand alone server

Q) Web server

A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web.

The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests.

19

Web server

20

COMMUNICATION PROTOCOLS

The different communication protocols and the port numbers they use for communication is as below,

S.NO PROTOCOL NAME PORT NUMBER

1. File transfer protocol(FTP) 20,21

2. Hyper text transfer protocol(HTTP) 80

3. HTTP secure(HTTPS) 443

4. Simple mail Transfer protocol(SMTP) 25

5. SMTP secure(SMTPS) 465

6. Secure shell(SSH) 22

7. Post office protocol(POP3) 110

8. Network news transfer protocol(NNTP) 119

9. Internet message access protocol(IMAP) 143

10. Simple network management protocol(SNMP) 161

11. Telnet remote login service. 23

12. Domain name system(DNS) 53

13. Internet relay chat(IRC) 194

WELL KNOWN PROTOCOLS AND THEIR PORT NUMBERS

1. FILE TRANSFER PROTOCOL (FTP) FTP is a network model based on client-server architecture.

It is used to transfer files from one host to another.

It basically, works on TCP-based connections like Internet.

To sign into a FTP server we can follow either of the below,

A).We can use clear-text sign-in protocol, in the form of username and password.

B).Can anonymously connects to the server if it is configured to allow that.

21

FTP usually uses SSL/TLS (FTPS) for protecting username, password and data by encrypting them.

At rare cases, FTP also uses SSH File transfer protocol (SFTP) with a different technology.

Origin The original specification for FTP was written by Abhay Bhushan .

It was published on 16 April 1971 as RFC 114.

Until 1980, FTP ran on NCP which is the predecessor of TCP/IP.

The protocol was later replaced by a TCP/IP version, RFC 765 (June 1980) and RFC 959 (October 1985).

RFC (October 1985) acts as the current specification.

Several proposed standards amend RFC 959,

Example- 1 RFC 2228 (June 1997) proposes security extensions

Example-2 RFC 2428 (September 1998) adds support for IPv6 and defines a new type of passive mode.

How protocol works?

Communication and data transfer

1. FTP may run in active or passive mode.

2. In both the cases, the client creates a TCP control connection from a random,

usually an unprivileged, port N to the FTP server command port 21.

3. The mode determines the communication establishing method.

4. In active mode, the client starts listening for incoming data connections from the

server on port M.

5. Then, it sends the FTP command PORT M to inform the server on which port it is

listening.

6. By default, the port numbers M and N are equal.

7. The server then initiates a data channel to the client from its port 20, the FTP

server data port.

8. In situations where the client is behind a firewall and unable to accept incoming

22

TCP connections, passive mode can be used. 9. In this mode, the client uses the control connection to send a PASV command to

the server and then receives a server IP address and server port number from the

server.

10. From which the client then uses to open a data connection from an arbitrary client

port to the server IP address and server port number received.

11. Both modes were updated in September 1998 to support IPv6. 12. Further changes were introduced to the passive mode at that time, updating it

to extended passive mode. 13. The server responds over the control connection with three-digit status codes in ASCII

with an optional text message. 14. The numbers represent the code for the response and the optional text represents a human-

readable explanation or request (e.g. <Need account for storing file>).

15. An ongoing transfer of file data over the data connection can be aborted using an interrupt

message sent over the control connection.

16. While transferring data over the network, four data representations can be used.

They are as below,

ASCII mode.

Image mode.

EBCDIC mode.

Local mode.

Mode 1-ASCII It is used for text.

Data is converted, if needed, from the sending host's character representation to

8-bit ASCII before transmission, and (again, if necessary) to the receiving

host's character representation.

As a consequence, this mode is inappropriate for files that contain data other than plain text.

23

Mode 2-Image (commonly called Binary mode)

The sending machine sends each file by consequent bytes, and the recipient stores them as it receives it.

It is the recommended mode for all implementation of FTP.

Mode 3-EBCIDIC mode

It is used for plain text between hosts using the EBCDIC character set.

Mode 4- Local mode

It allows two computers with identical setups to send data in a proprietary format without the need to convert it to ASCII.

17. For text files, different format control and record structure options are provided.

18. These features were designed to facilitate files containing ASA or Telnet.

19. Data transfer can be done in any of three modes as below, Stream mode.

Block mode.

Compressed mode.

Mode 1- Stream mode Data is sent as a continuous stream, relieving FTP from doing any processing.

Rather, all processing is left up to TCP.

Unless the data is divided into records, no end-of-file indicator is needed.

Mode 2-Block mode

FTP breaks the data into several blocks (block header, byte count, and data field) and then passes it on to TCP.

Mode 3-Compressed mode Data is compressed using a single algorithm.

Usually by using an algorithm called run-length-encoding.

Illustration of starting a passive connection using port 21

24

Illustration of starting a passive connection using port 21

Login FTP login utilizes a normal username and password scheme for granting access.

The username is sent to the server using the USER command, and the password is sent using the PASS command.

If the information provided by the client is accepted by the server, the server will send a

greeting to the client and the session will commence.

If the server supports it, users may log in without providing login credentials, but the same server may authorize only limited access for such sessions.

Anonymous FTP A host that provides an FTP service may provide anonymous FTP access.

Users typically log into the service with an 'anonymous' (lower-case and case-sensitive in some FTP servers) account when prompted for user name.

Although users are commonly asked to send their email address instead of a password, no verification is actually performed on the supplied data.

Many FTP hosts whose purpose is to provide software updates will allow anonymous logins.

25

NAT and firewall traversal

FTP normally transfers data by having the server connect back to the client, after the PORT command is sent by the client.

This is problematic for both NAT and firewalls, which do not allow connections from the Internet towards internal hosts.

For NATs, an additional complication is that the representation of the IP addresses and

port number in the PORT command refer to the internal host's IP address and port, rather

than the public IP address and port of the NAT.

There are two approaches to this problem. One is that the FTP client and FTP server use

the PASV command, which causes the data connection to be established from the FTP

client to the server.

This is widely used by modern FTP clients. Another approach is for the NAT to alter the values of the PORT command, by using an application-level gateway for this purpose.

2. HYPER TEXT TRANSFER PROTOCOL(HTTP)

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed,

collaborative, hypermedia information systems.

HTTP is the foundation of data communication for the World Wide Web.

Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.

HTTP is the protocol to exchange or transfer hypertext.

Origin

The term “hypertext” was coined by Ted Nelson in 1965 in the Xanadu Project,

which was in turn inspired by Vannevar Bush's vision (1930s) of the microfilm-

based information retrieval and management "memex" system described in his

essay As We May Think (1945).

26

Tim Berners-Lee and his team at CERN are credited with inventing the original

HTTP along with HTML and the associated technology for a web server and a

text-based web browser.

The standards development of HTTP was coordinated by the Internet Engineering

Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in

the publication of a series of Requests for Comments (RFCs).

Among them, most notable one is RFC 2616 (June 1999), which defined HTTP/1.1, the version of HTTP most commonly used today.

In June 2014, RFC 2616 was retired and HTTP/1.1 was redefined by RFCs: RFC

7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, and RFC 7235.

HTTP/2 was published as RFC 7540 in May 2015.

How protocol works?

1. HTTP functions as a request-response protocol in the client-server computing model.

2. A web browser, for example, may be the client and an application running on a computer

hosting a web site may be the server.

3. The client submits an HTTP request message to the server.

4. The server, which provides resources such as HTML files and other contents, or performs

other functions on behalf of the client, returns a response message to the client.

5. The response contains completion status information about the request and may also

contain requested content in its message body.

6. A web browser is an example of a user agent (UA).

7. Other types of user agent include the indexing software used by search providers (web

crawlers), voice browsers, mobile apps, and other software that accesses, consumes, or

displays web content.

8. HTTP is designed to permit intermediate network elements to improve or enable

communications between clients and servers.

9. High-traffic websites often benefit from web cache servers that deliver content on behalf

of upstream servers to improve response time.

10. Web browsers cache previously accessed web resources and reuse them when possible to

reduce network traffic.

27

11. HTTP proxy servers at private network boundaries can facilitate communication for

clients without a globally routable address, by relaying messages with external servers.

12. HTTP is an application layer protocol designed within the framework of the Internet

Protocol Suite.

13. Its definition presumes an underlying and reliable transport layer protocol, and

Transmission Control Protocol (TCP) is commonly used.

14. However HTTP can use unreliable protocols such as the User Datagram Protocol (UDP),

for example in Simple Service Discovery Protocol (SSDP).

15. HTTP resources are identified and located on the network by Uniform Resource

Identifiers (URIs)—or, more specifically, Uniform Resource Locators (URLs)—using the

http or https URI schemes.

16. URIs and hyperlinks in Hypertext Markup Language (HTML) documents form webs of

inter-linked hypertext documents.

17. HTTP/1.1 is a revision of the original HTTP (HTTP/1.0). In HTTP/1.0 a separate

connection to the same server is made for every resource request.

18. HTTP/1.1 can reuse a connection multiple times to download images, scripts, style sheets,

etc after the page has been delivered. HTTP/1.1 communications therefore experience less

latency as the establishment of TCP connections presents considerable overhead.

HTTP session

An HTTP session is a sequence of network request-response transactions.

An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a server (typically port 80, occasionally port 8080)

An HTTP server listening on that port waits for a client's request message.

Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own.

The body of this message is typically the requested resource, although an error message or other information may also be returned.

28

HTTP Authentication

HTTP provides multiple authentication schemes such as Basic access authentication and

Digest access authentication which operate via a challenge-response mechanism whereby

the server identifies and issues a challenge before serving the requested content.

HTTP provides a general framework for access control and authentication, via an

extensible set of challenge-response authentication schemes, which can be used by a

server to challenge a client request and by a client to provide authentication information.

Authentication Realms

The HTTP Authentication spec also provides an arbitrary, implementation specific construct for further dividing resources common to a given root URI.

The realm value string, if present, is combined with the canonical root URI to form the protection space component of the challenge.

This in effect allows the server to define separate authentication scopes under one root URI.

Request methods

HTTP defines methods (sometimes referred to as verbs) to indicate the desired action to be performed on the identified resource.

What this resource represents, whether pre-existing data or data that is generated dynamically, depends on the implementation of the server.

Often, the resource corresponds to a file or the output of an executable residing on the server.

The HTTP/1.0 specification defined the GET, POST and HEAD methods and the HTTP/1.1 specification added 5 new methods namely,

OPTIONS.

PUT.

DELETE.

TRACE and

CONNECT.

29

By being specified in these documents their semantics are well known and can be depended upon.

Any client can use any method and the server can be configured to support any combination of methods.

If a method is unknown to an intermediate it will be treated as an unsafe and non-idempotent method.

There is no limit to the number of methods that can be defined and this allows for future methods to be specified without breaking existing infrastructure.

For example, WebDAV defined 7 new methods and RFC 5789 specified the PATCH method.

GET Requests a representation of the specified resource.

Requests using GET should only obtain data and should have no other effect.

(This is also true of some other HTTP methods.)

HEAD

Asks for the response identical to the one that would correspond to a GET request, but without the response body.

This is useful for retrieving meta-information written in response headers, without having to transport the entire content.

POST

Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.

The data POSTed might be, for example, an annotation for existing resources; a

message for a bulletin board, newsgroup, mailing list, or comment thread; a block

of data that is the result of submitting a web form to a data-handling process; or an

item to add to a database.

30

PUT Requests that the enclosed entity be stored under the supplied URI.

If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.

DELETE

Deletes the specified resource.

TRACE

Echoes back the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.

OPTIONS Returns the HTTP methods that the server supports for the specified URL.

This can be used to check the functionality of a web server by requesting '*' instead of a specific resource.

CONNECT

Converts the request connection to a transparent TCP/IP tunnel, usually to

facilitate SSL-encrypted communication (HTTPS) through an unencrypted

HTTP proxy.

PATCH Applies partial modifications to a resource.

All general-purpose HTTP servers are required to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method.

31

HTTP PROTOCOL

3.HTTP SECURE(HTTPS)

HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communication over a computer network which is widely used on the Internet.

HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a

connection encrypted by Transport Layer Security or its predecessor, Secure Sockets

Layer.

The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.

In its popular deployment on the internet, HTTPS provides authentication of the website

and associated web server that one is communicating with, which protects against man-in-

the-middle attacks.

Additionally, it provides bidirectional encryption of communications between a client and

server, which protects against eavesdropping and tampering with and/or forging the

contents of the communication.

32

In practice, this provides a reasonable guarantee that one is communicating with precisely

the website that one intended to communicate with (as opposed to an impostor), as well as

ensuring that the contents of communications between the user and site cannot be read or

forged by any third party.

Origin

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.

In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

How protocol works?

1. HTTPS is a URI scheme which has identical syntax to the standard HTTP scheme, aside

from its scheme token.

2. However, HTTPS signals the browser to use an added encryption layer of SSL/TLS to

protect the traffic.

3. SSL is especially suited for HTTP since it can provide some protection even if only one

side of the communication is authenticated.

4. This is the case with HTTP transactions over the Internet, where typically only the server

is authenticated (by the client examining the server's certificate).

5. HTTPS creates a secure channel over an insecure network.

6. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks,

provided that adequate cipher suites are used and that the server certificate is verified and

trusted.

7. Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying

HTTP protocol can be encrypted.

8. This includes the request URL (which particular web page was requested), query

parameters, headers, and cookies (which often contain identity information about the

user).

33

9. However, because host (website) addresses and port numbers are necessarily part of the

underlying TCP/IP protocols, HTTPS cannot protect their disclosure.

10. In practice this means that even on a correctly configured web server, eavesdroppers can

infer the IP address and port number of the web server that one is communicating with as

well as the amount (data transferred) and duration (length of session) of the

communication, though not the content of the communication.

11. Web browsers know how to trust HTTPS websites based on certificate authorities that

come pre-installed in their software.

12. Certificate authorities, such as Symantec, Comodo, GeoTrust, are in this way being

trusted by web browser creators to provide valid certificates.

13. Therefore, a user should trust an HTTPS connection to a website if and only if all of the

following are true:

The user trusts that the browser software correctly implements HTTPS with

correctly pre-installed certificate authorities.

The user trusts the certificate authority to vouch only for legitimate websites.

The website provides a valid certificate, which means it was signed by a

trusted authority.

The certificate correctly identifies the website

The user trusts that the protocol's encryption layer (TLS/SSL) is sufficiently

secure against eavesdroppers.

14. HTTPS is especially important over insecure networks (such as public WiFi access

points), as anyone on the same local network can packet sniff and discover sensitive

information not protected by HTTPS. 15. Additionally, many free to use and even paid for WLAN networks engage in packet

injection in order to serve their own ads on web pages.

16. However, this can be exploited maliciously in many ways, such as injecting malware onto

web pages and stealing users' private information.

17. HTTPS is also very important for connections over the Tor anonymity network, as

malicious Tor nodes can damage or alter the contents passing through them in an insecure

fashion and inject malware into the connection.

34

18. This is one reason why the Electronic Frontier Foundation and the Tor project started the

development of HTTPS Everywhere, which is included in the Tor Browser Bundle.

19. As more information is revealed about global mass surveillance and hackers stealing

personal information, the use of HTTPS security on all websites is becoming increasingly

important regardless of the type of Internet connection being used.

20. While metadata about individual pages that a user visits is not sensitive, when combined

together, they can reveal a lot about the user and compromise the user's privacy.

21. Deploying HTTPS also allows the use of SPDY, a networking protocol designed to

reduce page load times and latency.

22. It is recommended to use HTTP Strict Transport Security (HSTS) with HTTPS to protect

users from man-in-the-middle attacks, especially SSL stripping

23. HTTPS should not be confused with the little-used Secure HTTP (S-HTTP) specified in

RFC 2660.

HTTPS PROTOCOL

4.SIMPLE MAIL TRANSFER(SMTP)

Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission.

SMTP by default uses TCP port 25.

The protocol for mail submission is the same, but uses port 587.

35

SMTP connections are secured by SSL, known as SMTPS, default to port 465 (nonstandard, but sometimes used for legacy reasons).

Although electronic mail servers and other mail transfer agents use SMTP to send and

receive mail messages, user-level client mail applications typically use SMTP only for

sending messages to a mail server for relaying.

For receiving messages, client applications usually use either POP3 or IMAP.

Although proprietary systems (such as Microsoft Exchange and IBM Notes) and webmail

systems (such as Outlook.com, Gmail and Yahoo! Mail) use their own non-standard

protocols to access mail box accounts on their own mail servers, all use SMTP when

sending or receiving email from outside their own systems.

Origin

SMTP can trace its roots to two implementations described in 1971 as below,

A)The Mail Box Protocol, whose implementation has been disputed, but is

discussed in RFC 196 and other RFCs, and

B)the SNDMSG program, which, according to RFC 2235, Ray Tomlinson of BBN

invented for TENEX computers to send mail messages across the ARPANET.

Fewer than 50 hosts were connected to the ARPANET at this time.

Further implementations include FTP Mail and Mail Protocol, both from 1973.

Development work continued throughout the 1970s, until the ARPANET transitioned into the modern Internet around 1980.

Jon Postel then proposed a Mail Transfer Protocol in 1980 that began to remove the mail's reliance on FTP.

SMTP was published as RFC 788 in November 1981, also by Postel.

The SMTP standard was developed around the same time as Usenet, a one-to-many communication network with some similarities.

36

How protocol works?

1. SMTP is a connection-oriented, text-based protocol in which a mail sender communicates

with a mail receiver by issuing command strings and supplying necessary data over a

reliable ordered data stream channel, typically a Transmission Control Protocol (TCP)

connection.

2. An SMTP session consists of commands originated by an SMTP client (the initiating

agent, sender, or transmitter) and corresponding responses from the SMTP server (the

listening agent, or receiver) so that the session is opened, and session parameters are

exchanged.

3. A session may include zero or more SMTP transactions.

4. An SMTP transaction consists of three command/reply sequences (see example below.)

5. They are as below,

MAIL COMMAND

RCPT COMMAND

DATA COMMAND

MAIL COMMAND

It is used to establish the return address, Return-Path,reverse-path, bounce address, mfrom, or envelope sender.

This is the address to which bounce messages should be sent.

RCPT COMMAND It is used to establish a recipient of this message.

This command can be issued multiple times, one for each recipient.

These addresses are also part of the envelope.

DATA COMMAND

37

It is used to signal the beginning of the message text-the content of the message, as opposed to its envelope.

It consists of a message header and a message body separated by an empty line. DATA is actually a group of commands.

And the server replies twice:

Once to the DATA command proper, to acknowledge that it is ready to receive the text and

The second time after the end-of-data sequence, to either accept or reject the entire message.

6. Besides the intermediate reply for DATA, each server's reply can be either positive (2xx

reply codes) or negative.

7. Negative replies can be permanent (5xx codes) or transient (4xx codes). 8. A reject is a permanent failure by an SMTP server; in this case the SMTP client should

send a bounce message.

9. A drop is a positive response followed by message discard rather than delivery. 10. The initiating host, the SMTP client, can be either an end-user's email client, functionally

identified as a mail user agent (MUA), or a relay server's mail transfer agent (MTA), that

is an SMTP server acting as an SMTP client, in the relevant session, in order to relay mail. 11. Fully capable SMTP servers maintain queues of messages for retrying message

transmissions that resulted in transient failures.

12. A MUA knows the outgoing mail SMTP server from its configuration. 13. An SMTP server acting as client, i.e. relaying, typically determines which SMTP server

to connect to by looking up the MX (Mail eXchange) DNS resource record for each

recipient's domain name. 14. Conformant MTAs (not all) fall back to a simple A record in case no MX record can be

found. Relaying servers can also be configured to use a smart host.

15. An SMTP server acting as client initiates a TCP connection to the server on the "well-

known port" designated for SMTP: port 25. MUAs should use port 587 to connect to an

MSA.

38

16. The main difference between an MTA and an MSA is that SMTP Authentication is

mandatory for the latter only.

SMTP vs mail retrieval

SMTP is a delivery protocol only.

In normal use, mail is "pushed" to a destination mail server (or next-hop mail server) as it arrives.

Mail is routed based on the destination server, not the individual user(s) to which it is addressed.

Other protocols, such as the Post Office Protocol (POP) and the Internet Message

Access Protocol (IMAP) are specifically designed for use by individual users

retrieving messages and managing mail boxes.

To permit an intermittently-connected mail server to pull messages from a remote

server on demand, SMTP has a feature to initiate mail queue processing on a

remote server

POP and IMAP are unsuitable protocols for relaying mail by intermittently-

connected machines; they are designed to operate after final delivery, when

information critical to the correct operation of mail relay (the "mail envelope") has

been removed.

Remote Message Queue Starting

Remote Message Queue Starting is a feature of SMTP that permits a remote host

to start processing of the mail queue on a server so it may receive messages

destined to it by sending the TURN command.

This feature however was deemed insecure and was extended in RFC 1985 with

the ETRN command which operates more securely using an authentication

method based on Domain Name System information.

39

On-Demand Mail Relay

On-Demand Mail Relay (ODMR) is an SMTP extension standardized in RFC

2645 that allows an intermittently-connected SMTP server to receive email

queued for it when it is connected.

Internationalization

Users whose native script is not Latin based, or who use diacritic not in the ASCII character set have had difficulty with the Latin email address requirement.

RFC 6531 was created to solve that problem, providing internationalization

features for SMTP, the SMTPUTF8 extension and support for multi-byte and non-

ASCII characters in email addresses, such as Pelé@live.com (simple diacritic

Current support is limited, but there is strong interest in broad adoption of RFC

6531 and the related RFCs in countries like China that have a large user base

where Latin (ASCII) is a foreign script.

Outgoing mail SMTP server

An email client needs to know the IP address of its initial SMTP server and this has to be given as part of its configuration (usually given as a DNS name).

This server will deliver outgoing messages on behalf of the user.

Outgoing mail server access restrictions Server administrators need to impose some control on which clients can use the server.

This enables them to deal with abuse, for example spam.

Two solutions have been in common use,

In the past, many systems imposed usage restrictions by the location of the client,

only permitting usage by clients whose IP address is one that the server

administrators control. Usage from any other client IP address is disallowed.

Modern SMTP servers typically offer an alternative system that requires

authentication of clients by credentials before allowing access.

40

Restricting access by location

Under this system, an ISP's SMTP server will not allow access by users who are outside the ISP's network.

More precisely, the server may only allow access to users with an IP address provided by

the ISP, which is equivalent to requiring that they are connected to the Internet using that

same ISP.

A mobile user may often be on a network other than that of their normal ISP, and will then

find that sending email fails because the configured SMTP server choice is no longer

accessible.

This system has several variations.

For example, an organisation's SMTP server may only provide service to users on the same network, enforcing this by firewalling to block access by users on the wider Internet.

Or the server may perform range checks on the client's IP address.

These methods were typically used by corporations and institutions such as universities

which provided an SMTP server for outbound mail only for use internally within the

organisation.

However, most of these bodies now use client authentication methods, as described below.

By restricting access to certain IP addresses, server administrators can readily recognise the IP address of any abuser.

As it will be a meaningful address to them, the administrators can deal with the rogue machine or user.

Where a user is mobile, and may use different ISPs to connect to the internet, this kind of

usage restriction is onerous, and altering the configured outbound email SMTP server

address is impractical.

It is highly desirable to be able to use email client configuration information that does not need to change.

Client authentication

Modern SMTP servers typically require authentication of clients by credentials before allowing access, rather than restricting access by location as described earlier.

41

This more flexible system is friendly to mobile users and allows them to have a fixed choice of configured outbound SMTP server.

Open relay

A server that is accessible on the wider Internet and does not enforce these kinds of access

restrictions is known as an open relay.

This is now generally considered a bad practice worthy of blacklisting.

Ports

Server administrators choose whether clients use TCP port 25 (SMTP) or port 587

(Submission), as formalized in RFC 6409 (previously RFC 2476), for relaying outbound

mail to an initial mail server.

The specifications and many servers support both.

Although some servers support port 465 for legacy secure SMTP in violation of the

specifications, it is preferable to use standard ports and standard ESMTP commands

according to RFC 3207 if a secure session needs to be used between the client and the

server.

Some servers are set up to reject all relaying on port 25, but valid users authenticating on port 587 are allowed to relay mail to any valid address.

Some Internet service providers intercept port 25, redirecting traffic to their own SMTP server regardless of the destination address.

This means that it is not possible for their users to access an SMTP server outside the ISP's network using port 25.

Some SMTP servers support authenticated access on an additional port other than 587 or

25 to allow users to connect to them even if port 25 is blocked, but 587 is the standardized

and widely-supported port for users to submit new mail.

Microsoft Exchange Server 2013 SMTP can listen on ports 25, 587, 465, 475, and 2525, depending on server role and whether roles are combined on a single server.

Ports 25 and 587 are used to provide client connectivity to the front end transport service on the client access server (CAS) role.

Ports 25, 465, and 475 are used by the mailbox transport service. However, when the mailbox role is combined with the CAS role on a single server, port 2525 is used by the

42

mailbox role for SMTP from the CAS front end transport service, while CAS continues to

use port 25.

Port 465 is used by the mailbox transport service to receive client connections proxied by the CAS role.

Port 475 is used by the mailbox role to communicate directly with other mailbox roles,

transferring mail between the mailbox transport submission service and the mailbox

transport delivery service.

SMTP PROTOCOL

CLIENT TOOLS

CLIENT A client is a piece of computer hardware or software that accesses a service made

available by a server.

The server is often (but not always) on another computer system, in which case the client accesses the service by way of a network.

43

CLIENT TYPES

Client machines can be broadly classified into three as below,

Fat client.

Thin client.

Hybrid client.

A) Fat client

A fat client, also known as a rich client or thick client, is a client that performs the

bulk of any data processing operations itself, and does not necessarily rely on the

server.

The personal computer is a common example of a fat client, because of its relatively large set of features and capabilities and its light reliance upon a server.

For example, a computer running a CAD program (such as AutoCAD or CATIA) that ultimately shares the result of its work on a network is a fat client.

Common development tools for rich clients include Delphi, NetBeans and Visual Studio.

B) Thin client A thin client is a minimal sort of client.

Thin clients use the resources of the host computer.

A thin client generally only presents processed data provided by an application server, which performs the bulk of any required data processing.

A device using web application (such as Office Web Apps) is a thin client.

Programming environments for thin clients include JavaScript, ASP.NET, JSP, Ruby on Rails, HYPERLINK "https://en.wikipedia.org/wiki/Django_%28web_framework%29" Django, HYPERLINK "https://en.wikipedia.org/wiki/PHP" PHP and others.

Hybrid

A hybrid client is a mixture of the above two client models.

44

Similar to a fat client, it processes locally, but relies on the server for storing persistent data.

This approach offers features from both the fat client (multimedia support, high performance) and the thin client (high manageability, flexibility).

A device running the video game Diablo III is an example of hybrid client.

SOME CLIENT TOOLS TO CONNECT LINUX SERVER FROM WINDOWS

PuTTY

PuTTY is the most famous SSH and telnet client, developed originally by Simon Tatham for the Windows platform.

PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.

45

Putty is very easy to install and to use.You don’t usually need to change most of the configuration options.

To start the simplest kind of session, all you need to do is to enter a few basic parameters.

Bitvise SSH Client Bitvise SSH Client is an SSH and SFTP client for Windows.

It is developed and supported professionally by Bitvise.

The SSH Client is robust, easy to install, easy to use.

Bitvise SSH Client is a feature-rich graphical SSH/SFTP client for windows and allow

you dynamic port forwarding through an integrated proxy with auto-reconnecting

capability.

Bitvise SSH Client is free for personal use, as well as for individual commercial use inside organizations.

46

MobaXterm MobaXterm is your ultimate toolbox for remote computing.

In a single Windows application, it provides loads of functions that are tailored for

programmers, webmasters, IT administrators and pretty much all users who need to handle

their remote jobs in a more simple fashion.

MobaXterm provides all the important remote network tools (SSH, X11, RDP, VNC,

FTP, MOSH, …) and Unix commands (bash, ls, cat, sed, grep, awk, rsync, …) to

Windows desktop, in a single portable exe file which works out of the box.

MobaXterm is free for personal use.

47

DameWare SSH

It is the best free ssh client.

This free tool is a terminal emulator that lets you make multiple telnet and SSH connections from one easy-to-use console.

Manage multiple sessions from one console with a tabbed interface

Save favorite sessions within the Windows file system

Access multiple sets of saved credentials for easy log-in to different devices

Connect to computers and devices using telnet, SSH1, and SSH2 protocols

48

SmarTTY

SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly.

Most SSH servers support up to 10 sub-sessions per connection.

Cygwin

Cygwin is a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows.

49

Cygwin consists of a Unix system call emulation library, cygwin1.dll, together with a vast

set of GNU and other free software applications organized into a large number of optional

packages.

Among these packages are high-quality compilers and other software development tools,

an X11 server, a complete X11 development toolkit, GNU emacs, TeX and LaTeX,

OpenSSH (client and server), and much more, including everything needed to compile and

use PhysioToolkit software under MS-Windows.

REFERENCES

[For all topics]-

a) https://en.wikipedia.org/wiki/Client%E2%80%93server_model

b) https://simple.wikipedia.org/wiki/Client-server

50

[For client tools]-

a) http://www.hivemq.com/seven-best-mqtt-client-tools/ b) http://scn.sap.com/thread/3309579

c) http://toastytech.com/guis/remotecliserver.html

51