Unit 1-NMA PDF
Unit 1-NMA PDF
Unit 1-NMA PDF
4
NOVELL DIRECTORY (NDS)
It is known as Netware Directory Services.
Novell directory services is a popular software
product for managing access to computer resources
and keeping track of the users of a network such as a
company’s intranet from single point of
administration.
Using NDS, a network administrator can set up and
control a database of users and manage them.
Users of computers at remote locations can be added,
updated and managed centrally.
5
WINDOWS DOMAIN
A Windows domain is a form of a computer
network in which all user accounts, computers,
printers and other security principals, are registered
with a central database located on one or more
clusters of central computers known as domain
controllers.
Authentication takes place on domain controllers.
Each person who uses computers within a domain
receives a unique user account that can then be
assigned access to resources within the domain.
The concept of Windows domain is in contrast with
that of a workgroup in which each computer
6
maintains its own database of security principals.
MS ACTIVE DIRECTORY
Active Directory (AD) is a directory
service that Microsoft developed for Windows
domain networks.
It is an object-oriented, hierarchical, distributed directory
services database system.
That provide central database about hardware,software
and human resources of entire network.
A server running Active Directory Domain Services (AD
DS) is called a domain controller.
It authenticates and authorizes all users and computers
in a Windows domain type network—assigning and
enforcing security policies for all computers and installing
7
or updating software.
X500 DIRECTORY ACCESS PROTOCOL
X.500 is a series of computer networking standards
covering electronic directory services. The X.500
series was developed by ITU-T, formerly known as
CCITT, and first approved in 1988.
The primary concept of X.500 is that there is a
single Directory Information Tree (DIT), a
hierarchical organization of entries which are
distributed across one or more servers,
called Directory System Agents (DSA).
An entry consists of a set of attributes, each attribute
with one or more values.
8
Each entry has a unique Distinguished Name,
formed by combining its Relative Distinguished
Name (RDN), one or more attributes of the entry
itself, and the RDNs of each of the superior
entries up to the root of the DIT.
As LDAP implements a very similar data model
to that of X.500, there is further description of
the data model in the article on LDAP.
9
LDAP
The Lightweight Directory Access Protocol (LDAP) is
an open, scaled-down implementation of X.500.
Active directory and eDirectory are based on LDAP.
It is light weight and sufficient straight forward.
Easy to implement.
Runs directly above TCP/IP.
LDAP security model defines how information can be
protected.
Oldest version is written in C, new in Perl or Java.
Client constructs an LDAP message containing
request and send it to server.
It provides directory access, a centralized database of
information about people, groups and other entities. 10
LDAP is based on a simpler subset of the standards
contained within the X.500 standard. Because of this
relationship, LDAP is sometimes called X.500-lite.
Client-server: LDAP connection
client
LDAP server(s)
11
OBJECT TYPES, OBJECT NAMING, CANONICAL NAMES,
LDAP NOTATION, GLOBALLY UNIQUE IDENTIFIERS,
USER PRINCIPLE NAMES, DOMAIN, TREES & FORESTS.
Objects types in AD
Container object:
It is simply an object that stores other objects.
It functions as branches of tree.
AD uses container object like Organization Unit(OU).
Rights and permissions flow downward through tree.
Leaf object
It stands alone and cannot store other objects.
Object naming in AD
Every object is unique and based on LDAP standard.
Follows DN (distinguished name),RDN (relative
distinguished name)rules.
Canonical Name: A canonical name in DN in which
domain name comes fisrt then object’s parent containers
working down from the root separated by forward slashes. 12
Ex: tracker.com/sales/inside
ACTIVE DIRECTORY STRUCTURE ELEMENT
FORESTS, TREES, AND DOMAINS
The Active Directory framework that holds the
objects can be viewed at a number of levels.
The object, forest, tree, and domain are the logical
divisions in an Active Directory network.
Object: It represents various resources on network
14
NEED OF REMOTE NETWORK ACCESS
Internet Access
Remote access to stored private or shared files on
the LAN
For send or receive E-Mail
Local
17
loops
A small town may have one toll free office while
large city will have several end offices.
End offices are connected to one toll office.
Many toll offices are connected to primary office.
Many primary offices are connected to sectional
office.
Finally sectional offices are connected to Regional
office.
Dialing is performed through a touch tone
technique.
The frequency of signal depends on the row and
column of the pressed pad. 18
ISDN
(Integrated Services Digital Network) An
international standard for switched, digital dial-up
telephone service for voice and data.
Analog telephones and fax machines are used over
ISDN lines, but their signals are converted into
digital by the ISDN terminal adapter.
Channels
ISDN uses 64 Kbps "B" (bearer) channels to carry voice
and data.
A separate "D" (delta) channel is used for control.
The D channel signals the carrier's voice switch to make
calls, put them on hold and activate features such as19
conference calling and call forwarding.
20
Basic Service (BRI)
ISDN BRI (Basic Rate Interface) uses one wire pair to
carry two 64 Kbps B channels and one 16 Kbps D
channel (2B+D).
Both B channels are often "bonded" into one, providing a
total data rate of 128 Kbps.
27
28
REMOTE ACCESS VPN
29
SITE TO SITE VPN
30
VPN PROTOCOLS
IP Security (IPSec)
Transport mode
Tunnel mode
Point-to-Point Tunneling Protocol (PPTP)
Voluntary tunneling method
Uses PPP (Point-to-Point Protocol)
Layer 2 Tunneling Protocol (L2TP)
Exists at the data link layer of OSI
Composed from PPTP and L2F (Layer 2 Forwarding)
Compulsory tunneling method
SSL & TLS – 31
is not used as much as the ones above
VPN CLIENT
To use the VPN, both sides of a VPN connection
must be running compatible VPN software using
compatible protocols.
A VPN Client software on one computer connects
to a VPN server on another computer and by
using encryption and other security measures.
Types of VPN Clients are as below
SSL VPN Client
CISCO VPN Client
IPSec VPN Client
Open VPN Client
32
ADVANTAGE OF VPN
Advantages:
Greater scalability
Easy to add/remove users
Reduced long-distance telecommunications costs
Mobility
Security
33
DISADVANTAGE OF VPN
Disadvantages
Lack of standards
Understanding of security issues
Unpredictable Internet traffic
Difficult to accommodate products from different
vendors
34
IMP QUESTION FOR GTU EXAM
Explain X.500 – directory access protocol
Define forest, tree, root
Explain PSTN.
35
36
37