Table of Contents
Introduction
About This Book
Conventions Used in This Book
Foolish Assumptions
How This Book Is Organized
Part I: TCP/IP from Names to Addresses
Part II: Getting Connected
Part III: Configuring Clients and Servers: Web, E-Mail, and Chat
Part IV: Even More TCP/IP Applications and Services
Part V: Network Troubleshooting and Security
Part VI: The Part of Tens
Icons Used in This Book
Where to Go from Here
Part I: TCP/IP from Names to Addresses
Chapter 1: Understanding TCP/IP Basics
Following Rules for the Internet: TCP/IP Protocols
Who’s in charge of the Internet and TCP/IP?
Checking out RFCs: The written rules
Examining Other Standards Organizations That Add to the Rules
Distinguishing Between the Internet, an Internet, and an Intranet
Extending Intranets to Extranets
Introducing Virtual Private Networks
Exploring Geographically Based Networks
Networks connected by wires and cables
Wireless networks
The geography of TCP/IP
Chapter 2: Layering TCP/IP Protocols
Taking a Timeout for Hardware
Starting with network connection media
Colliding with Ethernet
Stacking the TCP/IP Layers
Layer 1: The physical layer
Layer 2: The data link layer
Layer 3: The internet layer
Layer 4: The transport layer
Layer 5: The application layer
Chewing through Network Layers: A Packet’s Journey
Understanding TCP/IP: More than just protocols
Determining whether your network has a protocol, an application, or a service
Plowing through the Protocol List (In Case You Thought Only Two Existed)
Physical layer protocols
Data link layer protocols
Internet layer protocols
Transport layer protocols
Application layer protocols
Chapter 3: Serving Up Clients and Servers
Understanding the Server Side
Examining the server’s job
Identifying types of servers
Using dedicated servers
Understanding the Client Side
Defining a client
Clients, clients everywhere
Answering the Question “Are You Being Served?”
Supporting TCP/IP with Client/Server and Vice Versa
Recognizing Other Internetworking Styles: Peer-to-Peer Computing
Determining whether peer-to-peer workgroups are still handy
P2P applications — P2P across the Internet
Chapter 4: Nice Names and Appetizing Addresses
What Did You Say Your Host’s Name Is?
Playing the numbers game
Identifying a computer as uniquely yours
Translating names into numbers
Taking a Closer Look at IP Addresses
Savoring Classful Addressing
Recognizing the Parts of an IP Address
Class A is for a few enormous networks
Class B is for lots of big networks
Class C is for millions of small networks
Class D is for multicasting
Biting Down on Bits and Bytes
Obtaining an IP Address
Choosing whether to go public or stay private
Obeying the network police
Obtaining a globally unique IP address
Acquiring a static address
Getting dynamic addresses with DHCP
Finding out your IP address
Resolving Names and Addresses with DNS
Understanding the minimum amount of information about DNS
Using DNS to “Do Nifty Searches”
Describing Fully Qualified Domain Names (FQDNs)
Branching out into domains
Stalking new domains
Determining Whether the Internet Will Ever Fill Up
Choking on bandwidth
Panicking about not having enough addresses
Dishing Up More Kinds of Addresses
MAC: Media Access Control
Port numbers
Chapter 5: Need More Addresses? Try Subnetting and NAT
Working with Subnets and Subnet Masks
Defining subnet masks
Why a network has a mask when it has no subnets
Subnetting 101
Letting the DHCP Protocol Do the Work for You
One administrator’s nightmare is another’s fantasy
Understanding how the DHCP protocol works — it’s client/server again
Being evicted after your lease expires
Sharing Addresses with Network Address Translation (NAT)
Understanding how NAT works
Securing NAT
Using NAT and DHCP to work together
Swallowing NAT incompatibilities
Digesting NAT-PT (Network Address Translation-Protocol Translation)
Part II: Getting Connected
Chapter 6: Configuring a TCP/IP Network — the Software Side
Installing TCP/IP? Probably Not
Detecting whether TCP/IP is installed
Determining whether it’s IPv4, IPv6, or both
Savoring TCP/IP right out of the box
Six Steps to a Complete TCP/IP Configuration
Step 1: Determining whether your computer is a client or server or both
Step 2: Gathering client information
Step 3: Setting up your NIC(s)
Step 4: Deciding on a static IP address or a DHCP leased address
Step 5: Choosing how your host will translate names into IP addresses
Step 6: Gathering server information
Setting TCP/IP Client Properties
Configuring TCP/IP on a Mac OS X client
Configuring TCP/IP on a Linux or Unix client
Configuring a TCP/IP client on Windows Vista
Configuring a TCP/IP client on Windows XP
Setting TCP/IP Server Properties
Installing TCP/IP from Scratch
Feasting on Network Files
The local hosts file
The trusted hosts file, hosts.equiv
Freddie’s nightmare: Your personal trust file
The services file
Daemons Aren’t Devils
Relishing your daemons
Finding the daemons on your computer
Chapter 7: Networking SOHO with Wireless
Gulping the Minimum Hardware Details
NICs
Routers
Setting Up a Home Wireless Network in Four Steps
Step 1: Choose your wireless hardware
Step 2: Connect your wireless router
Step 3: Set up your wireless router
Step 4: Connect your computers
Securing Your Network
Securing the wired side
Securing the wireless side
Broadband for Everyone? We Hope
Level 1: Using wireless hotspots
Level 2: Paying for broadband wireless service
Level 3: Going anywhere you want to connect to the Internet with WiMAX
Chapter 8: Advancing into Routing Protocols
Understanding Routing Lingo
Routing Through the Layers — the Journey of a Packet
A new message heads out across the Net
The message visits the router
Into an Internet router and out again
Reaching the destination
Getting a Handle on How Routers Work
Getting Started with Routers
Swallowing Routing Protocols
Nibbling on IGP protocols
Exterior Gateway Protocols (EGP)
Understanding How BGP Routers Work
Juicing Up Routing with CIDR
C Is for Classless
CIDR pressing the routing tables
You say “subnet,” aggregating.net says “aggregate”
Securing Your Router
Coring the apple with Denial of Service (DoS) Attacks
Hijacking routers
Eavesdropping on BGP
It’s so sad
S-BGP (Secure BGP): Proposals to make BGP routing secure
Chapter 9: IPv6: IP on Steroids
Say Hello to IPv6
Digesting IPv4 limitations
Absorbing IPv6 advantages
If It Ain’t Broke, Don’t Fix It — Unless It Can Be Improved
Wow! Eight Sections in an IPv6 Address?
Why use hexadecimal?
There’s good news and there’s bad news
Take advantage of IPv6 address shortcuts
Special IPv6 Addresses
IPv6 — and the Using Is Easy
Checking out the network with autodiscovery
Ensuring that your address is unique
Automatically assigning addresses
Realizing that autoregistration says “Let us serve you”
IPv6 Installation
Configuring IPv6 on Windows XP and Windows Server 2003
Welcoming IPv6 to Mac OS X
Getting started with IPv6 in Unix and Linux
Other Delicious IPv6 Morsels
Security for all
Faster, better multimedia
Support for real-time applications
Improved support for mobile computing
Share the Planet — IPv6 and IPv4 Can Coexist
Stacking IPv4 and Iv6
Tunneling IPv6 through IPv4
Whew — You Made It!
Chapter 10: Serving Up DNS (The Domain Name System)
Taking a Look at the DNS Components
Going Back to DNS Basics
Revisiting Client/Server with DNS
Dishing up DNS client/server definitions
Snacking on resolvers and name servers
Who’s in charge here?
Serving a DNS client’s needs
Oops! Can’t help you
Who’s Responsible for Name and Address Information?
Understanding Servers and Authority
Primary name server: Master of your domain
Secondary name servers
Caching servers
Understanding Domains and Zones
Problem Solving with Dynamic DNS (DYNDNS)
Diving into DNSSEC (DNS Security Extensions)
Why does DNS need DNSSEC?
Glimpsing behind the scenes of DNSSEC
Part III: Configuring Clients and Servers: Web, E-Mail, and Chat
Chapter 11: Digesting Web Clients and Servers
Standardizing Web Services
Deciphering the Languages of the Web
HTML
HTML 4
XML
XHTML
HTML + MIME = MHTML
Java and other Web dialects
Hypertext and hypermedia
Understanding How Web Browsing Works
Serving up a Web page
Storing user information as cookies
Managing cookies with your browser
Dishing up multimedia over the Internet
Feeding Web Pages with Atom and RSS
Reducing the Web’s Wide Waistline to Increase Speed
Proxy Serving for Speed and Security
Caching pages
Improving security with filtering
Setting up a proxy client
Finishing touches
Setting Up a Caching Proxy Server
Outlining the general steps for installing and configuring squid
Configuring squid for Microsoft Windows Server 2008
Browsing Securely
Ensuring that a site is secure
Using your browser’s security features
Setting Up a Web Server
Setting up the Apache HTTP Server
Speeding up Apache
Making Apache more secure
Adding Security to HTTP
Taking a look at HTTPS
Getting up to speed on SSL
Stepping through an SSL Transaction
Using Digital Certificates for Secure Web Browsing
Chapter 12: Minimum Security Facilities
What’s the Worst That Could Happen?
Jump-Starting Security with the Big Three
Installing a personal firewall
Vaccinating your system with the anti-s
Encrypting data so snoopers can’t read it
Adding a Few More Basic Protections
Chapter 13: Eating Up E-Mail
Getting the Big Picture about How E-Mail Works
Feasting on E-Mail’s Client-Server Delights
E-mail clients
E-mail clients versus Web mail clients
E-mail servers
Postfix: Configuring the fastest-growing MTA
Sharpening the Finer Points of Mail Servers
Transferring e-mail by way of store-and-forward
Transferring e-mail by way of DNS MX records
Understanding How SMTP Works with MTAs
Defining E-Mail Protocols
Adding More Protocols to the Mix
POP3
IMAP4
HTTP
LDAP
DNS and its MX records
Chapter 14: Securing E-Mail
Common Sense: The Most Important Tool in Your Security Arsenal
Being Aware of Possible Attacks
Phishing
Popping up and under
Getting spied on
Meeting malware
Bombing
Have you got anything without spam? Spam, spam, spam!
Spoofing
Finding Out Whether You’re a Victim
Playing Hide-and-Seek with Your E-Mail Address
Layering Security
Layer 1: Letting your ISP protect your network
Layer 2: Building your own walls
Layer 3: Securing e-mail on the server side
Layer 4: Securing e-mail on the client side
Layer 5: Suitely extending e-mail security
Using Secure Mail Clients and Servers
Setting up a secure IMAP or POP client
Setting up a secure mail server
Encrypting e-mail
Chapter 15: Beyond E-Mail: Social Networking and Online Communities
Thumbing to Talk About
Choosing a Communication Method
Getting together with IRC
Jabbering with XMPP
Feeding Your Craving for News
Getting Even More Social
Part IV: Even More TCP/IP Applications and Services
Chapter 16: Mobile IP — the Moveable Feast
Going Mobile
Understanding How Mobile IP Works
Sailing into the Future: Potential Mobile IPv6 Enhancements
Mobilizing Security
Understanding the risks
Using basic techniques to protect your mobile devices
Chapter 17: Saving Money with VoIP (Voice Over Internet Protocol)
Getting the Scoop on VoIP
Getting Started Using VoIP
Step 1: Get broadband
Step 2: Decide how to call
Step 3: Make the call
Step 4: Convert the bits back into voice (with VoIP software)
Step 5: Converse
Yo-Yo Dieting: Understanding How VoIP Packets Move through the Layers
Trekking the Protocols from RTP to H.323
Talking the talk with the TCP/IP stack and more
Ingesting VoIP standards from the ITU
Vomiting and Other Vicious VoIP Vices
Securing Your Calls from VoIP Violation
You, too, can be a secret agent
Authenticating VoIP-ers
Keeping voice attacks separate from data
Defending with firewalls
Testing Your VoIP Security
Chapter 18: File and Print Sharing Services
Defining Basic File Sharing Terms
Using FTP to Copy Files
Understanding how FTP works
Using anonymous FTP to get good stuff
Choosing your FTP client
Transferring the files
Securing FTP file transfers
Using rcp or scp to Copy Files
Sharing Network File Systems
Nifty file sharing with NFS (Network File System)
Solving the buried file update problem with NFSv4
Examining the mount Protocol
Automounting
Configuring an NFS Server
Step 1: Edit the exports file
Step 2: Update the netgroup file
Step 3: Start the daemons
Configuring an NFS Client
Picking Up Some NFS Performance Tips
Hardware tips
Server tips
Client tips
Weighing performance against security
Getting NFS Security Tips
Sharing Files Off the Stack
Using Windows network shares
Using Samba to share file and print services
Working with Network Print Services
Valuing IPP features
Setting up Windows Server 2008 print servers over IPP
Printing with the Common Unix Print System (CUPS)
Chapter 19: Sharing Compute Power
Sharing Network Resources
Accessing Remote Computers
Using a telnet client
“R” you ready for more remote access?
Executing commands with rsh and rexec
Securing Remote Access Sessions
Taking Control of Remote Desktops
Sharing Clustered Resources
Clustering for high availability
Clustering for load balancing
Clustering for supercomputing
Sharing Compute Power with Grid and Volunteer Computing
Part V: Network Troubleshooting and Security
Chapter 20: Staying with Security Protocols
Determining Who Is Responsible for Network Security
Following the Forensic Trail: Examining the Steps for Securing Your Network
Step 1: Prescribing Preventive Medicine for Security
Step 2: Observing Symptoms of Malware Infection
Uncovering more contagions
Step 3: Diagnosing Security Ailments with netstat, ps, and Logging
Monitoring network use with ps
Nosing around with netstat
Examining logs for symptoms of disease
Syslog-ing into the next generation
Microsoft proprietary event logging
Chapter 21: Relishing More Meaty Security
Defining Encryption
Advancing Encryption with Advanced Encryption Standard (AES)
Peering into Authentication
Do you have any ID? A digital certificate will do
Getting digital certificates
Using digital certificates
Checking your certificates
Coping with certificate problems
IPSec (IP Security Protocol): More Authentication
Kerberos — Guardian or Fiend?
Understanding Kerberos concepts
Playing at Casino Kerberos
Training the dog — one step per head
Setting up a Kerberos server step by step
Setting up a Kerberos client step by step
Chapter 22: Troubleshooting Connectivity and Performance Problems
Chasing Network Problems from End to End
Getting Started with Ping
Pinging away with lots of options
And now, for “some-ping” completely different: Running ping graphically
Death by ping
Diagnosing Problems Step by Step
Pinging yourself and others
Using nslookup to query a name server
Using traceroute (tracert) to find network problems
Simplifying SNMP, the Simple Network Management Protocol
Just barely describing how SNMP works
Using SMNP programming free
Part VI: The Part of Tens
Chapter 23: Ten More Uses for TCP/IP
Find Internet Traffic Jams
Take Language Lessons on Your Phone
Visit Antarctica (Armchair Traveler)
Check on the State of the Internet
Create Animations Online
Test Your Computer’s Security for Free
Watch Diet Coke and Mentos Explode
Ride in a Big Rig Over 350 Miles of Ice
Chapter 24: Ten More Resources for Information about TCP/IP Security
Security from A to Z
CERT-ainly Don’t Forget the CERTs
Take a Virtual Museum Tour
Crime Stoppers’ Cinema
The TCP/IP Guide — Free and Online
Finding Podcasts about Internet Security
Save the Children
Microsoft TechNet Library
Security Cuisine
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Marshall met Candace Leiden in 1981 when they worked at the same company. He taught her everything she knows. They are also, most importantly, married (to each other). Candace and Marshall are both members-at-large of ICANN (Internet Corporation for Assigned Names and Numbers).
Candace dedicates this book to Marshall Wilensky (no one knows the meaning of the phrase “in sickness and in health” better than Marshall) and to Emily Duncan, who is wise beyond her years. Even though she has been through some tough times, Emily rules!
Marshall dedicates this edition of the book to his late parents, Leo and Estelle Wilensky, and to Roxcy Platte and the people who help him with the toughest subject he has ever tackled.
They are missed every day.
Thanks to everyone at Wiley who worked on this book. We continue to be surprised at how many people it takes to create a book. We’d like to thank the team at Wiley for putting up with us. Thanks also go to Katie Mohr, for her patience and diplomacy. So many people worked hard to turn our manuscript into a real book. Thanks also to our project editor, Kim Darosett, who never once had a discouraging word. When we finish a manuscript, Kim still has a lot of hard work to do. We’re grateful to Kim, Rebecca Whitney, Jen Riggs, and Barry Childs-Helton for their hard work. Their edits make this a better book in many ways. We appreciate the work the Composition Services department did in drawing tidy figures from our rough, hand-drawn sketches and in making our screen shots and text files look nice.
Finally, thank you to Cynthia Woods, a gifted and inspiring musician, who allowed us to use her beautiful Web page as one of our examples.
We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/.