NETWORK SECURITY & MANAGEMENT

UNIT-4
NETWORK ADMINISTRATION PROTOCOLS AND SERVICES
4.1 DIRECTORY SERVICE
Directory Service is defined as a network service that identifies all resources on a network and makes them
accessible to users and applications. (Resources include email address, domain name, computer and peripheral
devices such as printer). In most networks, you optimize the function of different services by hosting them on
different computers. Doing so makes sense. Putting all services on one computer may be a bit complex.
Moreover, you can achieve optimal performance, more reliability and higher security by segregating network
services in various ways.
Most networks have quite a few services that need to be provided, and often these services run on different
servers. Even a relatively simple network now offers the following services:
• File storage and sharing and Printer sharing
• E-mail services
• Web hosting, both for the Internet and an intranet
• Database server services
• Specific application servers
• Internet connectivity
• Fax services
• Domain Name System (DNS) service, Windows Internet Naming Service
• Dynamic Host Configuration Protocol (DHCP) services
• Centralized virus-detection services
• Backup and restore services
Directory services were invented to remove complexities from the network. Basically, directory services work
just like a phone book. Instead of using a name to look up an address and phone number in a phone book, you
query the directory service for a service name (such as the name of a network folder or a printer), and the
directory service tells you where the service is located.
You can also request directory services by property. For instance, if you request the directory service for all
items that are “printers,” it can return a complete list, no matter where the printers are located in the
organization.
Even better, directory services enable you to browse all the resources on a network easily. We don’t need to
make separate user lists on each server. Directory services eliminate this kind of complexity. By sharing itself
with all other servers.
To provide the above redundancy directory services usually run on multiple servers in an organization, with
each server having an entire copy of the directory service database. To avoid loss of data, it requires making
a backup directory server.
 NETWORK SECURITY & MANAGEMENT

There are five types of well-known directory services:

1) Novell Directory Services (NDS)
2) Microsoft’s Windows NT Domains
3) Microsoft’s Active Directory
4) X.500 Directory Access Protocol
5) Lightweight Directory Access Protocol

4.2 DIFFERENT DIRECTORIES ACCESS PROTOCOLS

4.2.1 Novell Directory Service (NDS)
Novell eDirectory has been available since 1993, introduced as NDS as part of NetWare 4.x. This product was
a real boon and was rapidly implemented in Novell networks, particularly in larger organizations that had
many NetWare servers and needed its capabilities. eDirectory is a reliable, robust directory service that has
continued to evolve(developed gradually) since its introduction. eDirectory uses a Master/Slave approach to
directory servers and also allows partitioning of the tree.
In addition to running on Novell network operating systems, eDirectory is also available for Windows, Solaris,
AIX(Advanced Interactive eXecutive) and Linux systems. The product’s compatibility with such a variety of
systems makes it a good choice for managing all these platforms under a single directory structure.
The NDS tree is managed from a client computer logged into the network with administrative privileges. You
can either use a graphical tool designed to manage the tree called NWAdmin or a text-based tool called NET
ADMIN. Both allow full management of the tree, although the graphical product is much easier to use.
The NDS tree contains a number of different object types. The standard directory service types are countries,
organizations and organizational units. The system also has objects to represent NetWare security groups,
NetWare servers and NetWare server volumes.

4.2.2 Windows NT Domains

The Windows NT (New Technology) domain model breaks an organization into chunks called domains, all of
which are part of an organization. The domains are usually organized geographically, which helps minimize
domain-to-domain communication requirements across WAN links, although you’re free to organize domains
as you wish.
Each domain is controlled by a primary domain controller (PDC), which might have one or more backup
domain controllers (BDCs) to kick in if the PDC fails.
All changes within the domain are made to the PDC, which then replicates those changes to any BDCs. BDCs
are read-only, except for valid updates received from the PDC. In case of a PDC failure, BDCs automatically
continue authenticating users. To make administrative changes to a domain that suffers PDC failure, any of
the BDCs can be promoted to PDC. Once the PDC is ready to come back online, the promoted BDC can be
demoted back to BDC status.
 NETWORK SECURITY & MANAGEMENT

Windows NT domains can be organized into one of four domain models:

1) Single domain: In this model, only one domain contains all network resources.
2) Master domain: The master model usually puts users in the top-level domain and then places network
resources, such as shared folders or printers, in lower-level domains (called resource domains). In this
model, the resource domains trust the master domain.
3) Multiple master domain: This is a slight variation on the master domain model, in which users might
exist in multiple master domains, all of which trust one another, and in which resources are located in
resource domains, all of which trust all the master domains.
4) Complete trust: This variation of the single-domain model spreads users and resources across all
domains, which all trust each other.
You can choose an appropriate domain model depending on the physical layout of the network, the number of
users to be served and other factors. (If you’re planning a domain model, you should review the white papers
on Microsoft’s website for details on planning large domains, because the process can be complex.)
Explicit trust relationships must be maintained between domains using the master or multiple master domain
models and must be managed on each domain separately. Maintaining these relationships is one of the biggest
difficulties in the Windows NT domain structure approach, at least for larger organizations. If you have 100
domains, you must manage the 99 possible trust relationships for each domain, for a total of 9,900 trust
relationships. For smaller numbers of domains (for example, less than 10 domains), management of the trust
relationship is less of a problem, although it can still cause difficulties.

4.2.3 X.500 Directory

The X.500 standard was developed jointly by the International Telecommunications Union (ITU) and the
International Standards Organization (ISO). Its purpose was to provide an international standard for directory
systems. The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical
organization of entries that are distributed across one or more servers, called Directory System Agents (DSA).
The X.500 protocol architecture consists of a Client-Server communicating via the Open Systems
Interconnection (OSI) networking model. The Client is called the Directory Service Agent (DUA) and the
Server is called the Directory System Agent (DSA).
X.500 is a directory service used in the same way as a conventional name service, but it is primarily used to
satisfy descriptive queries and is designed to discover the names and attributes of other users or system
resources.
Users may have a variety of requirements for searching and browsing in a directory of network users,
organizations and system resources to obtain information about the entities that the directory contains. The
uses for such a service are likely to be quite diverse. They range from inquiries that are directly analogous to
the use of telephone directories, such as a simple “white pages” access to obtain a user's electronic mail address
or a “yellow pages” query aimed, for example, at obtaining the names and telephone numbers of garages
 NETWORK SECURITY & MANAGEMENT

specializing in the repair of a particular make of car, to the use of the directory to access personal details such
as job roles, dietary habits or even photographic images of the individuals.

The above figure shows the model for X.500.

• In the X.500 directory architecture, the client queries and receives responses from one or more servers
in the servers Directory Service with the Directory Access Protocol (DAP) controlling the
communication between the client and the server.
• The Directory client, called the Directory User Agent (DUA), supports users in searching or browsing
through one or more directory databases and in retrieving the requested directory information. The
DUA can be implemented in all kinds of user interfaces through dedicated DUA clients, Web-server
gateways, e-mail applications or middleware. DUAs are currently available for virtually all types of
workstations.
• Directory information is stored in a Directory System Agent (DSA), a hierarchical database designed
to provide fast and efficient search and retrieval.
• The Directory System Protocol (DSP) controls the interaction between two or more DSAs. This is
done in a way that allows users to access information in the Directory without knowing its exact
location.
• The Directory Access Protocol (DAP) is used for controlling communication between a DUA and
DSA.
 NETWORK SECURITY & MANAGEMENT

4.2.4 LDAP
LDAP stands for Lightweight Directory Access Protocol.
LDAP was developed to solve the problem associated with x.500. LDAP contains 90% of the functionality of
the X.500, by this it is a sub-set of X.500.
LDAP runs over TCP/IP and uses a client/server model.
The LDAP standard describes not only the layout and fields within an LDAP directory but also the methods
to be used when a person logs in to a server that uses LDAP or queries or updates the LDAP directory
information on an LDAP server.
An LDAP tree starts with a root, which then contains entries. Each entry can have one or more attributes. Each
of these attributes has both a type and values associated with it. One example is the CommonName entry (CN),
which contains at least two attributes: FirstName and Surname. All attributes in LDAP use the text string data
type. Entries are broken up into a tree and managed geographically and then within each organization.
One nice feature of LDAP is an organization can build a global directory structure using a feature called
referral, where LDAP directory queries that are managed by a different LDAP server are transparently routed
to that server. Because each LDAP server knows its parent LDAP server and its child servers, any user
anywhere in the network can access the entire LDAP tree. In fact, the user won't even know he or she is
running on different servers in different locales.
The following are 4 basic models that describe LDAP:
1) Information Model: It defines the structure of the data stored in the directory.
2) Naming Model: It describes how to reference and organize the data.
3) Functional Model: It describes how to work with the data.
4) Security Model: It defines how to keep the data in the directory secure.

4.3 ACTIVE DIRECTORY

Active Directory was developed by Microsoft. Active Directory is essentially a database of network resources
(known as objects) and information about each of these objects. Active Directory is fully compatible with
LDAP and also with the Domain Name System (DNS) used on the Internet.
Active Directory uses a peer approach to domain controllers; all domain controllers are full participants at all
times. This arrangement is called a Multimaster because there are many “master” domain controllers but no
backup controllers.
Active Directory is built on a structure that allows “trees of trees,” which is called a forest. Each tree has its
domain and its domain controllers.
Within a domain, separate organizational units are allowed to make administration easier and more logical.
Trees are then aggregated into a larger forest structure. According to Microsoft, Active Directory can handle
millions of objects through this approach.
 NETWORK SECURITY & MANAGEMENT

Active Directory does not require the management of trust relationships, except when connected to Windows
NT 4. x servers that are not using Active Directory. Otherwise, all domains within a tree have automatic trust
relationships.
Active Directory uses two types of domain controller:
1) Primary Domain Controller
2) Backup Domain Controller
Active Directory uses LDAP protocol to access objects. Each domain controller in a domain is capable of
accepting requests for changes to the domain database and replicating that information with the other DCs in
the domain. The first domain that is created is referred to as the "root domain" and is at the top of the directory
tree. After combining this kind of tree becomes one general tree called a domain forest. All subsequent
domains will live under the root domain and are referred to as child domains. The child domain names must
be unique as shown in the below figure
There are three Directory Components :
1) Object: Objects in the database can include printers, users, servers, clients, shares, services, etc. and
are the most basic component of the directory. There are two basic types of objects in an active
directory:
a) Container Object: It is simply an object that stores other objects. These objects essentially function
as the branches of the tree.\
b) Leaf Object: It stands alone and can’t store other objects.
2) Attributes: An attribute describes an object. For example, passwords and names are attributes of user
objects. Different objects will have a different set of attributes that define them, however, different
objects may also share attributes. For example, a printer and Windows Vista computer may both have
an IP address as an attribute.
3) Schema: A schema defines the list of attributes that describe a given type of object. For example, let's
say that all printer objects are defined by name, PDL type and speed attributes. This list of attributes
comprises the schema for the object class "printers". The schema is customizable, meaning that the
attributes that define an object class can be modified.

4.4 VPN AND ITS PROTOCOLS

4.4.1 Introduction
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote
offices or individual users with secure access to their organization's network.
In other words, A VPN is a network technology that creates a secure network connection over a public network
such as the Internet or a private network owned by a service provider.
 NETWORK SECURITY & MANAGEMENT

4.4.2 Working of VPN

A VPN works by routing a device's internet connection through a private service rather than the user's regular
internet service provider (ISP). The VPN acts as an intermediary between the user getting online and
connecting to the internet by hiding their IP address.
Using a VPN creates a private, encrypted tunnel through which a user’s device can access the internet while
hiding their personal information, location, and other data. All network traffic is sent through a secure
connection via the VPN. This means that any data transmitted to the internet is redirected to the VPN rather
than from the user’s computer.
When the user connects to the web using their VPN, their computer submits information to websites through
the encrypted connection created by the VPN. The VPN then forwards that request and sends a response from
the requested website back to the connection.

4.4.3 Working of VPN in practice

Streaming services like Amazon Prime Video, Hulu, and Netflix offer different content to users located in
different countries. Using a VPN enables a streaming customer to access the content intended for people living
in different countries regardless of their actual location.
It can also enable a user to access a streaming subscription they have in their home country while traveling.
For example, a user on holiday in another country could use a VPN to set their location to the U.S. and stream
their favorite sports team’s live game.

4.4.4 VPN Protocols

VPN protocols work in various ways, but they usually perform two basic functions: authentication and
encryption. Authentication ensures your device is communicating with a trusted VPN server and encryption
makes the communication itself unreadable to outsiders.
Different encryption standards and authentication methods result in differing levels of speed and security for
VPN users. VPN protocols also have differing rules on how to handle potential errors, which affects stability
and reliability.
1) Point-to-Point Tunneling Protocol (PPTP)
PPTP is one of the oldest protocols still active on the internet. Created by Microsoft, it uses the Transmission
Control Protocol (TCP) control channel and Generic Routing Encapsulation (GRE) tunneling protocol. It
relies on the Point-to-Point Protocol (PPP), which is a Layer 2 communications protocol directly between two
routers, to implement security functionalities. This protocol has only the capability to encrypt data with 128-
bit so it ensures low security. PPTP is fast and simple to deploy but only really applicable to people using
older Windows operating systems. It also has several well-known security issues, so any VPN that only uses
PPTP should be avoided.
 NETWORK SECURITY & MANAGEMENT

2) Layer Two Tunneling Protocol (L2TP)

Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used
by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the
Internet. L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-
to-point datagram delivery, such as IP or Asynchronous Transfer Mode (ATM). L2TP is a combination of
PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the
best features of PPTP and L2F. Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE
(Microsoft Point-to-Point Encryption) to encrypt PPP datagrams. L2TP relies on Internet Protocol security
(IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as
L2TP/IPsec. Both L2TP and IPsec must be supported by both the VPN client and the VPN server. L2TP is
installed with the TCP/IP protocol. L2TP is available across famous operating systems, including Android,
Windows, macOS and iOS.

3) Secure Socket Tunneling Protocol (SSTP)

SSTP is a VPN tunnel created by Microsoft and is a much more secure option. It transports PPP traffic through
the secure sockets layer/transport layer security (SSL/TLS) channel, which provides encryption, key
negotiation, and traffic integrity checking. As such, only the two parties that transmit the data are able to
decode it. Using this over the TCP port 443 ensures that SSTP can travel through most firewalls and proxy
servers. SSTP is well-suited for Windows devices. While it supports other platforms—macOS, Linux or
mobile devices—may be more limited compared to other VPN protocols.

4) Internet Key Exchange Version 2 (IKEv2)

IKEv2 handles request and response actions to ensure traffic is secure and authenticated, usually using IPsec.
It establishes the security attributes of the device and server, then authenticates them, and agrees which
encryption methods to use. It supports 256-bit encryption and allows the use of popular ciphers such as
Advanced Encryption Standard (AES), Camellia and ChaCha20. IKEv2 is mostly used to secure mobile
devices, in which it is particularly effective. The protocol is extensively supported on a wide range of
platforms, including MacOS, Windows, Linux, iOS and Android.

5) OpenVPN
OpenVPN is an open-source and highly configurable protocol that is known for its security and versatility.
There are two types of OpenVPN protocols: Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP) for communication. OpenVPN is widely used due to its ability to provide a balance between
speed and security. It uses end-to-end AES 256-bit encryption, intrusion detection and prevention systems to
safeguard your data and SSL/TLS encryption. A kill switch feature prevents Domain Name Server (DNS)
 NETWORK SECURITY & MANAGEMENT

attacks and leakage, in case the VPN loses connection. It is available on MacOS, Microsoft Windows, MacOS,
Android, Linux and iOS.

6) Wireguard
Launched in 2015, WireGuard is a communication protocol that was developed by Jason A. Donenfeld. Unlike
older protocols, it is designed to be lightweight and efficient which makes it one of the fastest protocols.
WireGuard emphasizes simplicity in its design and implementation. Not only is it easier to set up and maintain,
but it also supports multiple types of primitives and encryption. WireGuard has gathered attention for its
potential to become a next-generation VPN protocol that offers both speed and security. The protocol is
available on multiple operating systems such as Windows, Linux, macOS, Android and iOS.

4.5 DHCP ARCHITECTURE, RARP AND BOOTP

4.5.1 DHCP
Introduction
DHCP (Dynamic Host Configuration Protocol) is a network administration protocol that is responsible for the
task of assigning an IP address to your system and network device. DHCP works on the Application layer of
the TCP/IP Protocol. The DHCP network model is based on the client-server architecture, where the
connection is established when the client device sends a request message to the server device to provide the
system with an IP address.

DHCP Architecture
The DHCP architecture is made up of DHCP clients, DHCP servers and DHCP relay agents. The client
interacts with servers using DHCP messages in a DHCP conversation to obtain and renew IP address leases.
Here is a brief description of the DHCP components:
1) DHCP Server: It automatically provides network information (IP address, subnet mask, gateway address)
on lease. Once the duration has expired, that network information can be assigned to another machine. It
also maintains the data storage which stores the available IP addresses.
2) DHCP Client: A DHCP client is any IP device connected on the network that has been configured to act
as a host requesting configuration parameters such as an IP address from a DHCP server.
3) DHCP Relay Agent: DHCP relay agents pass DHCP messages between servers and clients where the
DHCP server does not reside on the same IP subnet as its clients. Other components include the IP address
pool, subnet, lease and DHCP communications protocol.
The following diagram shows the changing port numbers and the source and destination addresses used during
the DHCP transaction. UDP port 68 is reserved for DHCP clients and UDP port 67 is reserved for DHCP
servers.
 NETWORK SECURITY & MANAGEMENT

Step 1: DHCP DISCOVER

Sent by the client looking for the IP address. The source IP is 0.0.0.0 because the client doesn’t have an IP
address. The destination is 255.255.255.255, which is the broadcast address, as the client doesn’t know where
the DHCP server is located, so it broadcasts to all devices on the network.

Step 2: DHCP OFFER

Sent by the DHCP server offering an IP address to the client. The source address is the DHCP server address.
The DHCP server doesn’t know the client address yet, so it broadcasts the offer to all devices on the network.

Step 3: DHCP REQUEST

Sent by the client to the DHCP server to say “I will take that IP address, thanks.” The client IP address is still
0.0.0.0 and it is again broadcast to all so that any other servers on the network that may have offered an IP
address will know to stop communicating with the client for now.
 NETWORK SECURITY & MANAGEMENT

Step 4: DHCP ACKNOWLEDGEMENT

Sent by the DHCP server to the client. It confirms the IP address and other details such as subnet mask,
default gateway and lease time with the client. The source address is the DHCP server and the destination is
still the broadcast address.

DHCP Client, Server and Relay Agent Model

The DHCP relay agent is located between a DHCP client and a DHCP server and forwards DHCP messages
between servers and clients as follows:
 NETWORK SECURITY & MANAGEMENT

1) The DHCP client sends a discover packet to find a DHCP server in the network from which to obtain
configuration parameters for the subscriber (or DHCP client), including an IP address.
2) The DHCP relay agent receives the discovered packet and forwards copies to each of the two DHCP
servers. The DHCP relay agent then creates an entry in its internal client table to keep track of the client’s
state.
3) In response to receiving the discover packet, each DHCP server sends an offer packet to the client. The
DHCP relay agent receives the offer packets and forwards them to the DHCP client.
4) On receipt of the offer packets, the DHCP client selects the DHCP server from which to obtain
configuration information. Typically, the client selects the server that offers the longest lease time on the
IP address.
5) The DHCP client sends a request packet that specifies the DHCP server from which to obtain
configuration information.
6) The DHCP relay agent receives the request packet and forwards copies to each of the two DHCP servers.
7) The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the
client’s configuration parameters.
8) The DHCP relay agent receives the ACK packet and forwards it to the client.
9) The DHCP client receives the ACK packet and stores the configuration information.
10) If configured to do so, the DHCP relay agent installs a host route and Address Resolution Protocol (ARP)
entry for this client.
11) After establishing the initial lease on the IP address, the DHCP client and the DHCP server use unicast
transmission to negotiate lease renewal or release. The DHCP relay agent “snoops” on all of the packets
unicast between the client and the server that pass through the router (or switch) to determine when the
lease for this client has expired or been released. This process is referred to as lease shadowing or passive
snooping.

4.5.2 RARP
The Reverse Address Resolution Protocol (RARP) is a networking protocol that is used to map a physical
(MAC) address to an Internet Protocol (IP) address. It is the reverse of the more commonly used Address
Resolution Protocol (ARP), which maps an IP address to a MAC address.
 NETWORK SECURITY & MANAGEMENT

RARP was developed in the early days of computer networking as a way to provide IP addresses to diskless
workstations or other devices that could not store their own IP addresses. RARP is specified in RFC 903 and
operates at the data link layer of the OSI model.

With RARP, the device would broadcast its MAC address and request an IP address and a RARP server on the
network would respond with the corresponding IP address.
While RARP was widely used in the past, it has largely been replaced by newer protocols such as DHCP
(Dynamic Host Configuration Protocol), which provides more flexibility and functionality in assigning IP
addresses dynamically. However, RARP is still used in some specialized applications, such as booting
embedded systems and configuring network devices with pre-assigned IP addresses.

4.5.3 BOOTP
Bootstrap Protocol (BOOTP) is a basic protocol that automatically provides each participant in a network
connection with a unique IP address for identification and authentication as soon as it connects to the network.
This helps the server to speed up data transfers and connection requests.
BOOTP uses a unique IP address algorithm to provide each system on the network with a completely different
IP address in a fraction of a second. This shortens the connection time between the server and the client. It
starts the process of downloading and updating the source code even with very little information.
BOOTP uses a combination of TFTP (Trivial File Transfer Protocol) and UDP (User Datagram Protocol) to
request and receive requests from various network-connected participants and to handle their responses.
In a BOOTP connection, the server and client just need an IP address and a gateway address to establish a
successful connection. Typically, in a BOOTP network, the server and client share the same LAN, and the
routers used in the network must support BOOTP bridging.
 NETWORK SECURITY & MANAGEMENT

A great example of a network with a TCP / IP configuration is the Bootstrap Protocol network. Whenever a
computer on the network asks for a specific request to the server, BOOTP uses its unique IP address to quickly
resolve them.

4.6 INTRODUCTION TO DNS AND ITS OBJECTIVES

4.6.1 Introduction to DNS
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through
domain names, such as gmail.com or youtube.com. Web browsers interact through Internet Protocol (IP)
addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device.
DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more
complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

How Does DNS Work?

In a usual DNS query, the URL typed in by the user has to go through four servers for the IP address to be
provided. The four servers work with each other to get the correct IP address to the client, and they include:
1) DNS Recursor: The DNS recursor, which is also referred to as a DNS resolver, receives the query
from the DNS client. Then it communicates with other DNS servers to find the right IP address. After
the resolver retrieves the request from the client, the resolver acts like a client itself. As it does this, it
makes queries that get sent to the other three DNS servers: root nameservers, top-level domain (TLD)
nameservers, and authoritative nameservers.
2) Root Name Servers: The root nameserver is designated for the internet's DNS root zone. Its job is to
answer requests sent to it for records in the root zone. It answers requests by sending back a list of the
authoritative nameservers that go with the correct TLD.
3) TLD Name Servers: A TLD (Top Level Domain) nameserver keeps the IP address of the second-level
domain contained within the TLD name. It then releases the website’s IP address and sends the query
to the domain’s nameserver.
4) Authoritative Name Servers: An authoritative nameserver is what gives you the real answer to your
DNS query. There are two types of authoritative nameservers: a master server or primary nameserver
and a slave server or secondary nameserver. The master server keeps the original copies of the zone
records, while the slave server is an exact copy of the master server. It shares the DNS server load and
acts as a backup if the master server fails.
 NETWORK SECURITY & MANAGEMENT

What is a Top Level Domain?

Top level domains (TLDs) are more commonly known as domain extensions. A top-level domain is everything
that follows the last dot in a domain name. For instance, .com is the TLD in the domain name
“domainwheel.com“.
The second-level domain is the actual website name, and the third-level domain (more often referred to as a
subdomain) is reserved for specific sections of your website. Note that all websites have a top-level domain
and a second-level domain, but most websites don’t have any third-level domains.
Example:
URL: https://www.example.com
In this URL:
1) Top-Level Domain (TLD): ".com" is the top-level domain. It represents the commercial domain
category and is one of the most commonly used TLDs on the internet.
2) Second-Level Domain (SLD): "example" is the second-level domain. It typically represents the name
of the organization, business, or entity that owns the domain. In this case, "example" is used as a
placeholder or demonstration domain.
3) Subdomain: "www" is the subdomain. It is an optional prefix added to the domain name to create
specific web addresses or to organize content within a domain. In this example, "www" is commonly
used to denote the World Wide Web portion of the website.
Together, these components form a complete URL that specifies the protocol (https://), subdomain (www),
second-level domain (example), and top-level domain (.com).

Top-Level Domain Types

There are five official types of TLDs:
1) Generic Top-level Domains (gTLD): Domains that can be used by anyone, without restrictions.
2) Country Code Top-level Domains (ccTLD): Domains that signal that your website operates in a
certain country. Many of these domains require you to prove that you live and/or do business in the
appropriate country.
3) Sponsored Top-level Domains (sTLD): These domains are overseen by specific authority
companies/organizations and typically have specific requirements for registration.
4) Infrastructure Top-Level Domain (ARPA): This domain extension is used by the Internet
Engineering Taskforce.
5) Test Top-Level Domains (tTLD): These TLDs are intended for documentation and website testing.

The first two types are the most common on the internet.
 NETWORK SECURITY & MANAGEMENT

Generic top-level domains are some of the oldest types of extensions, and there are eight of them:

Original top-level
The original meaning of the domain ending
domain

.com Open domain for commercial web offers

.org Open TLD for non-profit organizations

.net Open address for Internet service providers

Strictly limited extension for internationally operating

.int
companies, organizations and programs

.edu Domain intended for trade schools and universities

.gov Domain for government institutions

TLD is available only to departments, services, and agencies

.mil
of the U.S. Department of Defense

Some of the most popular ccTLDs are:

Country-specific top-level domain Domain ending meaning

.ch Switzerland

.cn China

.de Germany

.eg Egypt

.es Spain

.fr France

.it Italy

.in India

4.6.2 Objectives of DNS

The Domain Name System (DNS) serves several key objectives in computer networking and the internet:
1) Mapping Domain Names to IP Addresses: The primary function of DNS is to translate human-readable
domain names (like "example.com") into machine-readable IP addresses (like "192.0.2.1"). This mapping
allows users to access websites, send emails, and perform other network activities using familiar domain
names rather than numerical IP addresses.
 NETWORK SECURITY & MANAGEMENT

2) Hierarchical Structure: DNS organizes domain names in a hierarchical structure, which helps in efficient
and scalable management of the naming system. This hierarchy includes top-level domains (TLDs), such as
.com, .org, .net, and country-code TLDs like .uk, .fr, etc.
3) Distribution of Authority: DNS implements a distributed database system, where different parts of the
domain namespace are managed by various organizations and servers. This decentralization ensures reliability,
scalability, and fault tolerance of the DNS system.
4) Load Distribution and Load Balancing: DNS can be used to distribute incoming network traffic across
multiple servers, thereby optimizing resource usage and improving performance. This is achieved through
techniques like round-robin DNS and geographic load balancing.
5) Alias and Redirection: DNS supports aliasing and redirection, allowing multiple domain names to point
to the same IP address or to different IP addresses based on various criteria such as geographic location or
server availability.
6) Caching: DNS servers cache DNS records to reduce the time and resources required to resolve domain
names. Cached records can be reused for subsequent requests, improving the overall efficiency of DNS
resolution and reducing network latency.
7) Security: DNS plays a crucial role in security by supporting mechanisms like DNSSEC (Domain Name
System Security Extensions), which provides data integrity and authentication of DNS data to prevent DNS
spoofing and other malicious activities.
8) Scalability and Growth: DNS is designed to accommodate the growth of the internet and the increasing
number of domain names and network devices. Its distributed architecture and hierarchical structure make it
highly scalable and adaptable to changes in network topology and size.