Layer 7 Protocols in Computer Science

Layer 7 Protocols Topics

Remote Control Protocols File Sharing Protocols Web Protocols Email Protocols Database Protocols Voice Protocols Security Protocols Management Protocols

Remote Control Protocols

Remote Desktop Protocol (RDP)

Used to interact with the desktop of a remote computer Chosen by Microsoft for its Terminal Services Has a client and server component . Third party apps for non-Microsoft clients Client sends keystrokes and mouse clicks to server Server sends back screen video Computing actually happens on the server Printer, speakers, drives, and file shares can be mapped between the client and server TCP 3389 (configurable) You have different choices for encryption and compression

RDP Login Screen

Client app name = mstsc Remote Desktop Connection - X Microsoft terminal Services client Remote Desktop Connection Computer: 192.168.8.102 V User name: admin You will be asked for credentials when you connect. Show Options Connect Help

RDP Server Configuration

System Properties X Computer Name Hardware Advanced System Protection Remote Remote Assistance Allow Remote Assistance connections to this computer What happens when I enable Remote Assistance? Advanced ... Remote Desktop Choose an option, and then specify who can connect. Don't allow remote connections to this computer Allow remote connections to this computer Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) Help me choose Select Users ... OK Cancel Apply

Telnet

Old style remote control protocol Provides client with a command prompt on a remote device TCP Port 23 All transmissions are sent and received in clear text

• Telnet client can be used to test open ports (see how / if they respond)

Telnet service automatically installed in Cisco devices (needs to be configured) Desktop operating systems need to have it installed / enabled some command R3#>

Telnet Example

C:>telnet 3.0.0.2 Trying 3.0.0.2 .. Open User Access Verification Password: Router>en Password: Router#show protocol Global values: Internet Protocol routing is enabled FastEthernet0/0 is up, line protocol is up Internet address is 40.0.0.1/8 Serial0/0 is up, line protocol is up Internet address is 3.0.0.2/8 Serial0/1 is up, line protocol is up Internet address is 90.0.0.2/8

Secure Shell (SSH)

Encrypted replacement for Telnet Microsoft requires a third-party app such as PuTTY (client) and OpenSSH (server) Both sides trade public keys to encrypt the session . Most SSH applications can create their own public/private key pair Also includes Secure Copy (SCP) and secure FTP (SFTP) Also known as Secure Socket Shell TCP port 22 "#@^x.&$" R3#>

Virtual Network Computing (VNC)

Open source desktop sharing/remote control system Server component of VNC runs on the computer that you want to control Client component of VNC runs on the computer you will use to make the connection Both client and server can run on Linux, Windows, macOS, Android, IOS (you can mix and match) Uses TCP 5900 (configurable) If you use a web client, uses TCP 5800 Session is encrypted Has a variety of "flavors" such as TightVNC, RealVNC, UltraVNC, etc. V2

File Sharing Protocols

Server Message Block (SMB)

Microsoft File and Print protocol Used to access shared folders, drives, and printers Originally TCP 139 using NetBIOS over TCP/IP Updated by Microsoft and renamed to Common Internet File System (CIFS) TCP 445 Now referred to as SMB 3.0 TCP 445 Was reverse-engineered for Linux/UNIX ◦ Server service is called "Samba' Subject to many exploits including:

• EternalBlue
• WannaCry ransomware

File Transfer Protocol (FTP)

TCP 21 = command port TCP 20 = data port Requires user to authenticate ◦ Can be configured to accept "anonymous" as the username, with any password Seperate caves All transmissions are in clear text Active Mode:

• Client tells the server what port it's using
• The server starts the data connection in a separate session
• The client's firewall may interpret that connection attempt as an unauthorized outside connection and block the server's data connection
• The administrator must open ports likely to be used by the data connection Passive Mode:
• The client starts the data connection in a separate session
• The client's firewall notes the client's outbound connection, and permits the server's inbound response

FTP Handshake

Active FTP SERVER CLIENT 20 Data 21 Cmd 1026 Cmd 1027 Data 1 2 3 4 Passive FTP SERVER CLIENT 20 Data 21 Cmd 1026 Cmd 1027 Data 2024 Data 1 2 3 4

Secure File Transfer Protocol (SFTP)

Secure File Transfer Protocol is also called SSH File Transfer Protocol Encrypts the file transfer Is a network protocol for accessing, transferring and managing files on remote systems Requires that the client be authenticated by the server Allows businesses to securely transfer billing data, funds and data recovery files Runs on TCP port 22 as part of the SSH suite You can change the port if desired Configurable

Trivial File Transfer Protocol (TFTP)

UDP port 69 Simplified version of FTP No authentication All transmissions are in clear text Often used to save/load router and switch operating systems, updates, and configuration files Because it uses UDP with no flow control or error checking, it is not well suited to cross multiple routers or traverse many network segments

Network File Share (NFS)

File sharing protocol for Unix / Linux Uses TCP 2049 NFS v3 also uses the portmapper service at TOP or UDP 111

• Consulted to get the port number for NFS and other services

NFS v4 does not require the portmapper service -

NFS Example

- /media/exports /media/share $ sudo mkdir -p /media/exports $ sudo mount -t nfs4 192.168.1.10: /media/exports /media/share

Web Protocols

Hyper Text Transfer Protocol (HTTP)

Used to carry web traffic TCP 80 Stateless . Doesn't attempt to remember any previous transactions or commands in the session · The server or client can send keepalive packets for a short while to keep the session active Transmissions are in clear text · It's not secure for transactions Has the following requests (methods): GET, POST, PUT, HEAD, DELETE, CONNECT, TRACE, OPTIONS Can be used like FTP to upload and download files · FTP has better performance than HTTP for bulk file transfer

Web Servers

Internet (The Web) (TCP/IP Network) Clients Servers

HTTP Process

HTTP Request Message HTTP Response Message HTTP Clients (Web Browser) HTTP over TCP/IP HTTP Server (Web Server)

HTTP GET Request Draw on card

(2) Browser sends a request message (1) User issues URL from a browser http://host:port/path/file (5) Browser formats the response and displays Client (Browser) GET URL HTTP/1.1 Host: host:port (4) Server returns a response message (3) Server maps the URL to a file or program under the document directory. HTTP/1.1 200 OK HTTP (Over TCP/IP) Server (@ host:port)

Uniform Resource Locator (URL)

Used to uniquely identify a resource over the web Has the following syntax: protocol://hostname:port/path-and-file-name http://www.company123.com/docs/index.html http://extranet.company123.com:8888/login.aspx Protocol: The application-level protocol used by the client and server · HTTP, HTTPS, FTP, etc. Hostname: The DNS domain name · www.company123.com · IP address (e.g., 192.128.1.2) of the server Port: The TCP port number that the server is listening for incoming requests from the clients (typically 80 or 443) Path-and-file-name: The name and location of the requested resource, under the server document base directory Note: Some browsers can use additional protocols/commands such as ftp:// file:// mms:// etc.

Hyper Text Transfer Protocol Secure (HTTPS)

HTTP over SSL or TLS TCP 443 Stateless (like HTTP) Should not be confused with SSL or TLS (Layer 6 protocols) . HTTPS uses Transport Layer Security (TLS) to encrypt data · TLS latest version is 1.3 · Older versions used Secure Sockets Layer (SSL) · SSL latest version is 3.0 https://www.google.com

Email Protocols

Email Process

DRAW MX company.com = mail 192.168.1.52 mail.company.com XYZ.com DNS Server 1 ABC.com Email Server XYZ.com Email Server DNS email server SMTP POP3, IMAP4, HTTPS or RPC ABC email server sends email message to XYZ email server SMTP ABC email client sends email message to abc.com email server XYZ email client retrieves email message from its mailbox XYZ.com Email Client ABC.com Email Client Mailbox Database ABC email server queries xyz DNS for IP address of XYZ

Simple Mail Transfer Protocol (SMTP)

Internet (TCP/IP) standard for electronic mail (email) transmission Transmissions are in clear text Used for sending email · Client to server · Server to server TCP port 25 (IANA also allocated UDP 25 but it's not used today) Has encrypted versions (SMTP using SSL/TLS): · TCP port 587 · TCP port 465 (legacy)

Post Office Protocol (POP3)

One of the most commonly used Internet mail protocols for retrieving emails from a server by a local client Supported by all modern email clients and email servers Allows you to download email messages on your local computer and read them even when you are offline . Messages are downloaded locally and removed from the email server POP3 protocol works on two ports: · Port 110 is the default POP3 clear text non-encrypted port · Port 995 uses SSL/TLS encrypted secure port

Internet Message Access Protocol (IMAP4)

A mail protocol used for accessing email on a remote web server from a local client IMAP is one of the most commonly used Internet mail protocols for retrieving emails Supported by all modern email clients and web servers · Messages stay on Email server · Allows interactive session with Email server IMAP allows simultaneous access by multiple clients Suitable if a user is going to access email from different locations or by multiple users TCP 143 (clear text) IMAP4/SSL uses TCP 993

HTTP / HTTPS for Email

You can also use a browser to retrieve your email . This requires that the email server also have a webserver front end The browser uses frames and scripting to organize your inbox into a collection of panes The main content pane shows a list of emails When you click an email, it takes up the main pane