# Explain the Use of Web, File/Print, and Database Services ## Hypertext Transfer Protocol (HTTP) - TCP/80 (LEGACY) vs HTTPS (443) - Uniform Resource Locator (URL) - Headers and payloads - HTML - Web server implementation - hosting type - Server software ## SSL/TLS - Encryption service independent of application protocol - OSI session layer - typically used with TCP - DTLS used with UDP - HTTP Secure (HTTPS) over TCP/443 - Install key pair and digital certificate on web server - Issuing certificate authority (CA) trusted by both server and client - Clients use public key in certificate to encrypt - Server uses private key to decrypt - TLS asymmetric public encryption ## File Transfer Protocol (FTP) - FTP - Download, upload, and directory management - Active/passive transfer modes - Ports TCP/21 + TCP/20 - Port TCP/21 + ephemeral - Trivial FTP (TFTP) - Download (GET) and upload (PUT) ONLY - Port UDP/69 ## Secure File Transfer Protocol (SFTP) - SFTP - FTP over SSH on port TCP/22 - FTP or SSL (FTPS) - Explicit TLS (FTPES) - use the AUTH TLS command to upgrade an unsecure connection established over port TCP/21 - Implicit TLS (FTPS) - Negotiate an SSL/TLS tunnel before the exchange of any FTP commands - uses the secure port TCP/990 for the control connection ## File and Print Services - Server Message Block (SMB) - Underpins Windows File/Printer sharing - Supported on UNIX and Linux by the Samba Package - runs over over port TCP/445 or NetBIOS ports (137-139) on legacy hosts - Remote Print Protocols - Communicate with print monitor over network - port 9100Internet Printing Protocol (IPP) - web services for Devices (WSD)/AirPRint - Printer Sharing ## Database Services - Relational databases - Structured in linked tables defined by column (field)/row structure - Structured Query Language (SQL) - Relational Database Management System (RDBMS) - Oracle SQL`*`net over TCP/1521 - Microsoft SQL server over TCP/1433 - MySQL over TCP/3306 - PostgreSQL over TCP/5432 - NoSQL Databases # Explain the Use of Email and Voice Services ## Simple Mail Transfer Protocol ![[SMTP.png]] - Server -> to -> Server mail delivery - MX records -> external DNS says if you want to send to VA.gov send it thru us we have the MX record - Non-delivery report (NDR) - Connection Security methods - STARTTLS vs SMTPS SMTP communications can be secured using the TLS version of the protocol (SMTPS). This works much like HTTPS with a certificate on the SMTP server and a negotiation between client and server about which cipher suites to use. There are two ways for SMTP to use TLS: - STARTTLS—This is a command that upgrades an existing unsecure connection to use TLS. This is also referred to as explicit TLS or opportunistic TLS. - SMTPS—This establishes the secure connection before any SMTP commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS. The STARTTLS method is generally more widely implemented than SMTPS. Typical SMTP configurations use the following ports and secure services: - Port 25—Used for message relay between SMTP servers, or message transfer agents (MTAs). If security is required and supported by both servers, the STARTTLS command can be used to set up the secure connection. - Port 587—Used by mail clients or message submission agents (MSAs) to submit messages for delivery by an SMTP server. Servers configured to support port 587 should use STARTTLS and require authentication before message submission. - SMTP secured - TCP/25 -> message relay between SMTP servers or message transfer agents (MTAs) - TCP/587 -> Message Submission Agents (MSAs) to submit messages for delivery by a SMTP server - TCP/465 -> alternative port for message submission over implicit TLS (SMTPS) ## Mailbox Access Protocols SMTP is useful only to deliver mail to hosts that are permanently available. SMTP is a server and to access the mail in the server it uses access protocol (MAPPY) - Post Office Protocol (POP/POP3) -> early mailbox access protocol (LEGACY) - outlook, thunderbird - generally messages are deleted from server after messages are downloaded - allows client to retrieve messages from mailbox server - TCP/100 unsecure or TCP/995 secure - Internet Message Access Protocol (IMAP) -> mail retrieval protocol - supports permanent connections to a server as well as connecting multiple clients to the same mailbox simultaneously - Allows client to manage mail folders in mailbox - TCP/143 unsecure or TCP/993 secure ## Voice and Video Services - Private Branch Exchange (PBX) - Legacy PBX terminates lines from telecom provider to provision extensions and call features - Supplied as vendor-specific hardware - VoIP-enabled PBX -> replaced PBX - Voice over IP transfers voice traffic as packetized data - VoIP PBX can be hardware or software solutions - Normally placed at the network's edge and protected by a firewall ## VoIP Protocols - Session Initiation Protocol (SIP) - Most commonly used session control protocol - Session control - User agents and user discovery (SIP URI) uniform resource indicator - TCP|UDP/5060 and 5061 - Real-time transport protocol (RTP) -> tune sessions, make em' better - Delivery of media packets - RTP control protocol (RTCP) -> tune sessions, make em' better - monitor session and provide information to QoS ## VoIP Phones - software or handsets - can use normal data cabling but often assigned to separate VLAN for performance - PoE - Connection Security - Installation and testing ## VoIP Gateways - means of translating between VoIP network and external voice networks, such as public switch telephone network (PSTN) lines - Different VoIP gateways for different functions - Connect internal VoIP with external PSTN lines (foreign exchange office (FXO) gateway) - route voice calls to external VoIP service - Connect legacy phones/fax to VoIP (Foreign exchange subscriber (FXS) gateway) 2ⁿ - 2?????