Our networks support a wide range of services for our user community. In this video, you’ll learn about some of the most common services found on today’s networks.
This is a picture of a typical data center. It’s a room with many different rows of racks. And inside each of these racks are many different computers performing many different functions. In this video, we’ll look at the different devices that might be inside these racks and give you an idea of what network services you might expect to see.
One of the most popular server types on the internet is the web server. This is a web server that responds to browser requests sent from the browsers on your computer. This is using a standard set of protocols that is HTML or HTML5.
The web pages are stored on the server. So your browser on your computer will request those pages from the server, and those will be downloaded over the network to your browser. These can be either static pages that were created previously, or they might be dynamic pages that are created when the client is requesting them.
Most organizations need a central server they can use to store documents or videos or any other files that are in use by their users. These file servers will use a standard form of file management. In Windows, that’s usually SMB, or Server Message Block. If you have Mac OS, then you’re probably using Apple Filing Protocol. Of course, your users don’t know anything about SMB or AFP. They simply use the file manager available in their operating system, and the protocols between their computer and the file server handle all of these transactions.
If there are printers on your network, than you probably have print servers that act as a middleman between you and that printing device. This might be software that’s running inside of a computer, and then the computer is then connected to the printer. It might be a print server like this one that plugs into the printer itself, and there is a server that runs here that acts as the middleman between you and that printer.
There are a number of different printing protocols that you might see. If you’re using Windows then you’re using SMB, or the server message block. But you could also be printing using the Internet Printing Protocol, or IPP, or the Line Printer Daemon, which is LPD.
If you turned on your computer and you were able to get access to the network without any additional configurations, then you’re probably using DHCP, or the Dynamic Host Configuration Protocol. This is a protocol that will automatically configure the IP addressing for your device. This is a very common service. Almost every small office or home office router has a DHCP server inside of it. And if you’re in an enterprise, you probably have multiple DCP servers that handle the DSP configurations for all of your enterprise devices.
If you visited my website, you probably didn’t type in the IP address of my website into your browser. Instead, you typed in www.professormesser.com. But something needed to translate between the name of my site and the IP address that could then be used to communicate across the internet. That conversion process occurs on a DNS server, a Domain Name System server.
DNS is a very distributed system. There are thousands and thousands of DNS servers on the internet. These are obviously very critical resources. If you’re using DNS at home, you’re probably making use of a DNS server at your internet service provider. If you’re an organization that has your own internal services, then you probably have your own DNS servers that you run in your data center.
Some organizations use a proxy server for all of their internet communication. As the name implies, the proxy server is an intermediate server that sits between you and some other third party resource. For a proxy server to operate, you would bring up a browser on your computer as you normally do, and you would try to access a server that’s on the internet. Instead of you accessing that server directly, you’re really sending the request to the proxy server.
The proxy server then makes the actual request to that resource and receives the response from that resource. The proxy server then examines the information that it’s received. And if everything looks OK, it sends that information down to your workstation. Since this proxy sits in the middle of the communication, it’s a perfect place to perform some security functions. For example, it’s very common to do access control, malware scanning, and content filtering on the proxy server.
We’re used to reading through our email messages on our mobile devices and our computers. And the device that allows us to do that is the mail server. This is where we would store any incoming mail and be able to send any outgoing mail. The mail server is usually managed by your internet service provider or your mail provider, or you might have your own mail servers inside of your organization.
Email continues to be a very critical resource. We rely on our email 24 by 7 to provide connectivity, and you’ll find that most organizations have very stringent requirements for uptime relating to their mail servers. If you’ve ever logged into your corporate network or connected to your VPN, then you had to put in a username, a password, and perhaps other authentication credentials.
The device that checks these credentials is an authentication server. It’s a centralized repository of all of the authentication credentials for your organization. We don’t usually see an authentication server on a home network. And that’s usually because it’s a small group of people, and you can manage your usernames and passwords individually.
But in the enterprise, you need a centralized place where you can enable or disable accounts or make global changes to configurations for individual users. These are almost always a redundant service. You don’t want to lose your authentication capabilities, or no one would be able to gain access to the network. Instead, the authentication is usually spread across multiple servers. So if one server happens to go down, your system can still authenticate your users.
If you’re an organization that has any number of these different services, then you probably need a SIEM. A SIEM is a security information and event management device. It allows you to consolidate logs from all of these different services into one single database. This is commonly used by the security team to look for real time alerts and be able to look at trends over time, but it’s also consolidating logs from many different devices– your routers, your switches, your file servers, your DCP servers, and more. And you can usually perform some advanced reporting with all of this data that you’ve stored.
You’re able to link very diverse data types and create reports over a very long period of time. Since you’re storing information from so many different devices, it makes a perfect place for forensic analysis. If there’s a security event or something that you need to find out more information on, you can drill down into the details and find out across all of these different services exactly what happened.
There’s a standard process for transferring these types of log files to a SIEM, and this standard is called syslog. This means that no matter what type of device it happens to be, as long as it can communicate its logs back through syslog, you can consolidate everything into this central database. This means also that you’re going to need to store all of this data over a very long period of time, so you’re probably going to need a lot of storage space.
Some syslog consolidation tools and SIEMs will use WORM drive technology. That stands for Write Once Read Many. And so you’re able to write once onto optical drives, and no one is able to change that information once it’s been written.
Network administrators need some way to watch for intrusions onto their network. And they do this by using either an IDS or an IPS. That’s an Intrusion Detection System or an Intrusion Prevention System. These intrusions could be someone trying to take advantage of an operating system vulnerability. They might be looking to perform a buffer overflow, or they may be attacking a database with a database injection.
The IDS or IPS is looking for these types of attacks. And if any of those attacks are seen going across the network, you’re able to react to those particular events. The type of reaction that’s available is going to be based on the type of technology you’re using. If you’re using an intrusion detection system, then you’re able to see that that particular exploit was attempted.
And at that point, you can alarm or alert that that particular situation occurred. If you’re using an intrusion prevention system, you have the additional capability of blocking that particular event from occurring on the network. So if somebody did attempt a database injection, you could stop that communication on the network before it ever reached the database server.
These days, you might see many of these different components collapsed into a single device. This would be an all-in-one security appliance. You might also hear this referred to as a next-generation firewall or a Unified Threat Management device, or UTM device. This could also be called a web security gateway.
And this device might be your URL filter. It might provide some type of content inspection from your users. It can look for malware going across your network, and it could stop spam from coming into your network.
This might also be network connectivity. So it may have a wide area network CSU/DSU associated with it. And of course, it may have routing and switching technology as well. This could act as your firewall. It may include an IPS as part of its technology, and it might even be able to do bandwidth shaping and quality of service all from one single device.
If you’re managing a large group of devices on your network, then you know performing one single update to the operating system can be a very arduous task. You’d have to go to every single desktop, run that installation process, reboot the system, and make sure that it was working. With an endpoint management server, you can do all of this from what we call one pane of glass– one console that allows you to do this on all of your workstations.
So you could sit in one chair and perform software installations, driver installations, update the software that’s on these systems, perform security patches, and do remote troubleshooting. Most endpoint management services require that you install an agent initially on everyone’s workstation. But once that installation is done, you’re able to manage everyone from this central console.
It’s not uncommon for many companies to have a number of legacy systems that are still running on their network. These may be systems that have been running for years in their network. But they also may be running a very important set of services, and so it’s important that we’re able to maintain and keep these systems running.
Although we talk about learning the latest and greatest operating systems and applications, it could be just as important to learn about these older systems as well. And as a technologist, you may be asked to maintain embedded systems as well. These are systems that are not the normal operating systems you might work with, but they have a connectivity to the network, and they are an electronic system. These embedded systems might be the time card clocks, or they might be the security systems for your company. And so you may be responsible for maintaining all of these embedded operating systems as well.