Appendix H. Definitions of terms

AFS is a more secure way of distributing file systems over a network. If files are mounted over the Internet, AFS is fairly secure. Normally, AFS uses Kerberos for security management.

ARP, Address Resolution Protocol, is a protocol for mapping an IP address to a physical machine address in the local network. A thorough description of ARP can be found in RFC 826.

A client program is one that the user runs on her computer. A client program connects to a server. One example of a client program is Netscape (a WWW client). One benefit of dividing up a service into server and client programs is that the server program can be run on a larger computer with better resources, and the users do not have to make their own copies of the databases. This allows the client programs to be run on less powerful computers.

A person who breaks into computer systems and commits other criminal acts using a computer.

A daemon program is a server program for a service. This kind of program waits for and manages external calls. A typical example is FTP. A user starts his FTP client. The client connects to the FTP server. Now the user can transfer files to his own computer or to the server. See Server.

A type of attack that tries to block a network service by overloading the server.

DHCP, Dynamic Host Configuration Protocol, is a protocol for handing out IP addresses and other configuration information to computers without having to log on to every single machine. Instead, the computers themselves send out requests about this information at boot, and gets appropriate configuration parameters from a DHCP server. A thorough description of DHCP can be found in RFC 2131.

A DMZ is a computer network that is accessible from two other computer networks that have no direct contact with each other. Often, one of these networks is the Internet and the other is a local, internal network. There is no direct connection between the Internet and the local network, but both of them can access an intermediate network, a demilitarized zone.

DMZs are often used for special servers, such as web servers, which must be accessible from two separate networks.

Domain Name System; see Name servers.

A domain is a country, organization, or subdivision. All countries have one top domain for the country, except for the USA, which is divided into a commercial domain (.com), a non-profit organizational domain (.org), a university domain (.edu), a military domain (.mil), a governmental domain (.gov), and a network domain (.net). All domains are hierarchical and each domain is responsible for the domains directly under it.

A domain can have several sub-domains, which in turn can have sub-domains and so on. The structure combines the domain name of the organization with the overlying domain name.

For example, Stanford University has the domain name stanford, which is under the university domain of USA, .edu; together they form the domain stanford.edu. The university also has different departments under stanford.edu.

The departments of a company or organization can request a sub-domain from the domain manager. So if the technicians in the company's service division want their own domain, they can go to their domain manager and request a domain called, for instance, service. Below, we have `Company Inc.,' which consists of three departments: A sales department, a service department, and a computer department. The computer department is divided into an IBM section and a Unisys section.

Contact your internet service provider to register a domain.

Dynamic routing is used when the traffic between two computers have several routes available. The route for the packets can be changed if a connection is broken or a router is turned off. RIP is a protocol handling dynamic routing.

A device that prevents unauthorized access to a computer network.

See Relay.

Imagine that you have an account on a UNIX machine. You can retrieve and store files on the UNIX machine with FTP. The program that manages this is called the FTP server. You can also establish an area of files that are accessible to others. Anyone can log in as user anonymous and enter his e-mail address as a password. They can then access all files in this area, but nothing else. A computer with an FTP server and a freely available area is usually called an FTP site.

Gateway is an old name for a Router.

A person who is skilled and knowledgeable about computers and likes to examine the details of a computer system and what can be done with it. A hacker is good at programming and achieves good results. A hacker is not to be confused with a computer criminal; see Cracker.

HTTPS is WWW traffic (HTTP traffic) on an encrypted connection. The encrypted connection is established with the SSL protocol.

ICMP is used to forward information, primarily error messages. To see if a computer is running, the `ping' program sends an echo request, which is part of ICMP. If a problem occurs with a connection, a response is sent through ICMP that something is not right (the computer is not responding, the network is down, etc). If there are two possible paths for a connection, a router along the way may tell the computer to use the other path. The router sends an ICMP redirect. ICMP uses the IP protocol to send data over the network.

IP addresses are the Internet equivalent to telephone numbers. An IP address is divided into four groups, each of which is a number from 0 to 255. The groups are separated by dots. An example of an IP address is 192.165.122.42. Several IP addresses are required to connect several computers in a network; one for each computer.

IP addresses were previously divided into A networks, B networks and C networks, but that terminology is now considered obsolete. An A network was one where the first group of numbers is predetermined and you determine the remaining groups yourself; for example 17.x.y.z . A B network was one where the two first groups are predetermined; for example 128.42.y.z. A C network was one where the first three groups are predetermined; for example 192.168.12.z .

IP stands for Internet Protocol. This is a protocol that is used to send data between two computers on the same or different networks. IP performs no security checks. It works analogous to standard mail. Peter sends four postcards to Christy from the other side of the world. Christy gets postcard two first, then postcard one and postcard four. Postcard three disappears on the way. Peter and Christy know each other's addresses, and the post office knows how to read addresses and send postcards in the right direction. But Peter and Christy cannot know if all of their postcards will arrive. And Christy doesn't know what order the postcards were sent in.

For more information about IP addresses, see IP address.

Kerberos is a system to secure connections between several computers over networks. The Kerberos system uses a Kerberos server to manage security. Connections that go through Kerberos are often encrypted.

See NAT.

A DNS server is the Internet equivalent of dialing telephone information. If you know the name of a computer, you can access its IP address and vice versa. The server keeps track of names and IP addresses. Imagine that a user wants to connect to the computer "Tekla" through a Telnet (terminal) connection. The Telnet program asks the name server about Tekla and receives Tekla's IP address. If the name server does not know a name, it asks the nearest name server. See the figure.

Name servers are usually named primary, secondary, or other. If you have several networks with several name servers, they can communicate with each other. It is a good idea to make them secondary name servers to each other. Secondary name servers work as extra name servers if the primary server is not working.

A secondary name server updates its information from the primary name server at regular intervals. You can specify how often. Only the manager of the name server can set it up as a secondary name server for someone else. In the figure below, we have two local networks with separate name servers. If name server Amanda does not work, a machine in network 1 may ask the name server in network 2, Bertha, if this server is set up as secondary name server for Amanda. Other name servers outside network 1 and 2 belong to the other category.

The name server responds to name queries on port 53. Both TCP and UDP is used for name queries.

NAT (Network Address Translation), also known as masquerading, is a way to hide a network from outside computers. Used with firewalls to hide the computers on the internal network from the rest of the world.

See network mask.

A network mask tells what computers can be accessed locally without using a gateway, and what computers can only be reached through a gateway. The bits in the network mask determine what is a network and what is a computer. The total number of bits is 32 and the "one-bits" are for networks. The network mask can be specified as the number of one-bits grouped in the same way as IP addresses. For what formerly was called a class C network, the network mask is 24, which can also be expressed as 255.255.255.0 (i.e., 24 one-bits grouped in octets and then interpreted as binary numbers). If this network is divided into several parts, the network mask is different, depending on how the division is done. For example, the network mask 255.255.255.224 gives a network with 32 IP addresses in it. See also the table of network masks in appendix G, Lists of reserved ports, ICMP types and codes, and Internet protocols.

News is a distributed, loose conference system, which includes the entire Internet and more. News originated in e-mail, so it has many similarities to e-mail. It can also be called Usenet News and NetNews.

News is a conference system for exchange of ideas, questions and answers, and so on, just like in a BBS or COM system. What is written in News is not stored on a central computer; it is sent out all over the world and stored in several places. Your organization may choose to retrieve News and store all texts locally.

To keep track of everything, News is divided into news groups. A news group focuses on a specific area of interest. Each news group can have divisions and subgroups.

rec.motorcycles.harley is an example of a group name. rec is the main group, Recreational, which includes hobbies, recreation and the arts. A subgroup of rec is motorcycles, which is solely about motorcycles. A subgroup of rec.motorcycles is harley, which is only about Harley Davidson motorcycles. Another example is sci.geo.geology. Anyone can post articles to News; remember that several million people may be reading what you write. Make sure that all users are aware of this and are restrictive of what they write.

News servers use the NNTP protocol to communicate with each other. Many client programs also use NNTP to communicate with the news server. NNTP communication uses port 119.

NFS is a protocol for mounting disks from other computers over the network. NFS should be blocked against unsecure external networks. NFS uses port 2049.

NIS/YP is used to distribute central information to client machines in a network. Passwords and e-mail aliases are typical examples of such information. This also often used to allow users to sit at any work station, log in as themselves, and access their user accounts. NIS/YP should be blocked against unsecure external networks.

See News.

NTP stands for Network Time Protocol and is used for synchronizing computer clocks. The synchronization normally uses a computer with a very accurate clock, e. g., a computer with an atomic clock.

A client computer wanting to synchronize with a server via NTP usually uses a high port on the client, port 123 on the server and the UDP protocol. The server returns data using UDP from port 123 to a high port on the client computer.

Two NTP servers communicating with each other use port 123 and the UDP protocol.

Open Windows is a window system that is used by several work stations. A similar window system is the X Window System, which Open Windows is based on. The X Window System and Open Windows use ports 6000 and upward for traffic to the work stations. It is a good idea to block ports 6000-6010 for incoming traffic from an unsecure outside network.

When something is sent over a computer network, for example, a file or an e-mail, it is divided up into sections. These sections are called packets. They make up a sort of jigsaw puzzle, each piece sent individually. The receiving computer has to reassemble the pieces.

Ping is used to examine whether a computer works and is accessible over a network. Ping sends ICMP traffic to the computer in question, and the target computer replies with a reply ICMP packet if it is running and reachable from the network.

You can also ping a whole network, and thereby use ping to examine which computers exist on a certain network. Therefore it is not advisable to allow ping into an internal network.

The client computer sends a type 8 ICMP packet, echo-request, to find out whether the target computer is working and accessible. The target computer ("server" in the picture below) replies with a type 0 ICMP packet, echo-reply, to tell it is working and accessible over the network.

When two computers are connected, ports are used. A client machine that wants access to a certain service on a server connects to the standard port for that particular service on the server. The programs on the client machine receive an available port over 1023. For example, if a user on the computer Tekla wants to run a Telnet session to the computer Winona, the user's Telnet client program receives an available port over 1023 to connect to port 23 on Winona. If two server programs contact each other, one can act as a client program, receiving an available port over 1023 on its local machine. However, many server programs have special definitions of how servers communicate with each other, where both servers user their standard port.

PPP stands for Point-to-Point Protocol. This is usually used to send IP packets over modem connections. See also IP.

Protocols are sets of rules for how programs communicate with each other. For example, a web server can use the protocols HTTP and HTTPS.

Proxies are devices through which web pages, FTP files, and so on can be retrieved for a local network. This can be good to combine with a cache memory, which will store pages and files once fetched from the Internet site. When another user wants to look at a page already in the cache, it acts as a web server, sending the cached page instead of fetching a new copy through the Internet.

In your web client, specify a computer and cache/proxy to be used to store this information.

When the local network is connected to the Internet through a firewall, all types of services are usually blocked. It is as if the network is not connected to the Internet. Relays can then be set up to allow certain services, such as the WWW, to pass through under controlled circumstances. Think of it as a giant stone wall with a gate and a specialized gate keeper. The gate keeper only lets certain visitors pass. To allow others to pass through, you set up another gate with another specialized gate keeper.

An RFC (Request For Comments) is a document which standardizes some aspect of the Internet traffic. RFC:s are available at http://www.rfc-editor.org/rfcsearch.html.

RIP is a protocol that manages dynamic routing. Dynamic routing means that the path for traffic can be changed. RIP selects the path that goes through the least number of routers, but does not consider the bandwidth or load on the network. RIP is only used in local networks. Fixed paths for traffic are called static routing.

A router is a machine that is used to connect several smaller and larger networks. Often, a router is used to connect a local network to the Internet. This router only lets traffic to the Internet out; all other traffic remains on the local network. A router can also be called a gateway.

A routing is a path for the traffic between different computers.

A server can be a program that performs a service on a network or a computer that runs one or more server programs. One example is a computer that stores files centrally, which makes it a kind of server, usually called a file server. The program that manages traffic so that people from the outside can access an organization's web pages is a server program.

SIP, Session Initiation Protocol, is a protocol for creating, maintaining and terminating various media stream sessions over an IP network. SIP is used to negotiate which media streams the parts can send and receive, and which parts should be involved in the exchange. When this is established, the media streams are sent according to their own protocols (e.g. HTTP). A thorough description of SIP can be found in RFC 2543.

SLIP stands for Serial Line IP. This is usually used to send IP packets over modem connections. See IP.

SLIRP is a program that sends IP packets over serial connections, such a modem connections. SLIRP is run as a user program. SLIRP does not need its own IP address; it uses the server's IP address. The program works with both SLIP and PPP clients. See IP.

Simple Mail Transfer Protocol, a protocol for sending e-mail between e-mail servers. SMTP uses port 25.

A protocol used for network monitoring. SNMP uses ports 161 and 162.

When two computers connect to each other, they use their IP addresses and port numbers. The combination of an IP address and a port number is called a socket. See IP addresses and Ports.

SSH is a system for secure, encrypted connections between two computers over a network. SSH uses one open and one secret key. In contrast to Kerberos, SSH does not use a central server for security. SSH uses port 22.

SSL stands for Secure Sockets Layer. The SSL protocol handles establishing of encrypted computer connections. Usually HTTP and WWW traffic is sent on SSL. HTTP on SSL is called HTTPS.

A fixed path for the contact between computers. With a static routing, traffic cannot be redirected to another path if the connection is broken. This would require dynamic routing, for example, with RIP.

Syslog is a service for logging data. In UNIX, regular programs do not log any information; they send all data to a syslog server that saves data in a log file. One example is a web server that sends data over the computers that connects to the server and sends error messages for web pages that it could not locate. Messages to a syslog server can also be sent over the network. Syslog uses the UDP protocol. A syslog server listens to port 514 for syslog messages.

TCP connects two computers and makes sure that all data gets through and in the right order. TCP uses IP. IP manages addresses and makes sure that data is sent out to the network. When TCP connects, it receives a response from the TCP protocol layer on the receiving end. The recipient sends a little data along with a confirmation that the sender's data arrived. When a connection is made, a confirmation is always sent with all data packets. This can be compared with Peter and Christy sending postcards and, along with their message, commenting that they received the other's postcard. TCP shortens this confirmation to ACK (acknowledgment).

You know if a TCP packet is a connection attempt if it does not have ACK.

TCP keeps track of connections for different services using different port numbers. See Ports.

UDP does not make a connection. It examines data that comes from outside for accuracy, by checksums. This is like examining a postcard to ensure that it has not been torn up. UDP does not keep track of whether or not all data gets through or if it is in the right order; this is the job of the application. So the data does not have an ACK confirmation. Peter and Christy, sending postcards, have to keep track of their own postcards and Peter has to tell Christy the order in which they should be read. UDP keeps track of the contacts using port numbers, just like TCP.

UNIX to UNIX Copy, an old protocol for copying files between two UNIX computers. This is sometimes used to send e-mail between two computers.

The WWW is currently the best known Internet service. The World Wide Web consists of millions of documents that are interconnected all over the world. A document can contain text, pictures, sound, and even video sequences. The WWW is based on the client-server concept. This means that each document is in a database on a web server. The user runs a client program, such as Netscape or Internet Explorer, that connects to a server, which could be anywhere in the world, and request a document. This document is displayed on the user's screen and the user can use his client program to click on other documents to display them. WWW usually runs on the HTTP and HTTPS protocols, using ports 80 and 443, respectively.

A window system that is used by several work stations. A similar window system is Open Windows. The X Window System and Open Windows uses port numbers starting at 6000 and upward for traffic to the work stations. It is a good idea to block ports 6000-6010 from incoming traffic from an insecure outside network.