Sunday, 27 December 2020

File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Web Hosting, Web Hosting Review, Compare Web Hosting

FTP stands for File Transfer Protocol. It is a protocol which is used to transfer or copies the file from one host to another host. But there may be some problems like different file name and different file directory while sending and receiving file in different hosts or systems. And in FTP, secure channel is not provided to transfer the files between the hosts or systems. It is used in port no-21.

SFTP stands for Secure File Transfer Protocol. It is a protocol which provides the secure channel, to transfer or copies the file from one host to another host or systems. SFTP establishes the control connection under SSH protocol and It is used in port no-22.

There are some difference between them which are given below:

FTP SFTP 
It stands for File Transfer Protocol. It stands for Secure File Transfer Protocol.
In FTP, secure channel is not provided to transfer the files between the hosts.  In SFTP, secure channel is provided to transfer the files between the hosts. 
It is a part of TCP/IP protocol.  It is a SSH protocol. 
It usually runs on port no-21.  It runs on port no-22. 
It establishes the connection under TCP protocol.  It establishes the control connection under SSH protocol. 
It does not encrypt the data before sending.  It encrypted data before sending. 
It works on direct method for file transfer.  It works on tunelling method for transferring of files. 
It makes uploading and downloading of files without any security.  It maintains full security of the data by using SSH keys. 

Saturday, 26 December 2020

Web Hosting, Web Hosting Reviews, Compare Web Hosting


When you call an IP address on your computer, you try to contact another computer on the internet but when you call the IP address 127.0.0.1 then you are communicating with the localhost. Localhost is always your own computer. Your computer is talking to itself when you call the localhost. Your computer not always directly identifies the local host. Within your personal network localhost has a separate IP address like 192.168.0.1.(for most cases) which is different to the one you use on the internet. This is usually dynamically assigned by the internet service provider (ISP). Localhost can be seen as a server that is used on your own computer.

This term is generally used in the context of networks. Localhost is not just the name for the virtual server but it is also its domain name. Just like .example, .test, or .invalid, ., .localhost is a top-level domain reserved for documentation and testing purposes. While accessing the domain, a loopback is triggered. If you access “http://localhost” in the browser, the request will not be forwarded to the internet through the router. It will instead remain in your own system. Localhost has the IP address 127.0.0.1. This refers back to your own server.

127.0.0.1 – how does loopback work?

To communicate with each other within a network IP addresses are used. The participants in the network has their own unique address. Using TCP/IP data packets are able to reach the correct destination. The protocol pair Transmission Control Protocol (TCP) and Internet Protocol (IP) are some of the main features of the internet. TCP/IP is also used outside of the internet in local networks. The Internet Protocol is responsible for allowing the IP address and subnet mask to address subscribers in a network during the transmission.

The allocation of public IP addresses is regulated by an international organization which is the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is also responsible for the allocation of domain names called the Domain Name System (DNS). But certain address ranges are reserved for special purposes, like the range from 127.0.0.0 to 127.255.255.255. There is no reliable information on why that range was chosen. IP addresses on the internet are divided into different classes. The first class Class A started with 0.0.0.0 (reserved address) and ended with 127.255.255.255. 127 is the last block of the Class A network. Its important position could have been the reason for its selection.

Within this address range a Localnet can be set up. The special thing about this range is that IP addresses are not uniquely assigned in it, as is usually the case. Also it was reserved by ICANN.

If you enter an IP address or corresponding domain name in your browser, the router forwards your request to the internet which corrects you to the server. This means that if you enter 172.217.0.0, you will reach the Google homepage but the situation is different with 127.0.0.1. The requests to this address will not be forwarded to the internet. TCP/IP recognizes from the first block (127) that you don’t want to access the internet, you are calling yourself instead. This then triggers the loopback.

The reason why loopback device is created so that the back link to your own computer works. Through the operating system this is a virtual interface that is created. The interface is called lo or lo0 and can also be displayed using the ifconfig command in Unix systems. A similar command for Windows is ipconfig.

What is localhost used for?

Developers use the local host to test web applications and programs. Network administrators use the loopback to test network connections. Another use for the localhost is the hosts file, where you can use the loopback to block malicious websites.

For Testing Purposes –

Web servers mainly use the local host for the programming applications that need to communicate over the internet. During development, it is important to find out whether the application actually works as developed once it has internet access. Localhosts’ other functions are only possible if the required files can be found on the internet. As we can see that there is a difference between opening a HTML document on your PC or loading it onto a server and accessing it. Releasing a product without testing it doesn’t make sense. So loopback is used by developers to test them. They can stimulate a connection while also avoiding the network errors. The connection just stays completely inside their own system.

Another advantage of using localhost for testing purposes is the speed. Usually more than 100 milliseconds are taken when you send a request over the internet. The maximum transmission time is just one millisecond for sending a ping to localhost. The correctness of the internet protocol can also be implemented using this technology.

If you want to set up your own test server on your PC to address it through the localhost, right softwares are needed. Softwares such as XAMPP specifically designed for use as a localhost can be used.

To block websites –

Localhost can also block the hosts files. This file is a predecessor of the Domain Name System (DNS). In this IP addresses can be assigned to the corresponding domains. The domain name is translated into an IP address when you enter a website address in the browser. It used to be the host file, but today usually the global DNS is used but the host file is still present in most operating systems. In Windows, the file is found under \system32\drivers\etc\hosts where as with macOS and other Unix systems, it is found under /etc/hosts.

There are probably these two entries left if there are no file changes done:

 127.0.0.1       localhost

 ::1             localhost 

The name resolution for the localhost need not have to be done over the internet. Localhost can also use the host file to block certain websites. For this, the website to be blocked must be entered into the list and the IP address 127.0.0.1 must be assigned to the domain. If you or a malicious script try to call up the locked domain, the browser will check the hosts file first and will find your entry there. The domain name 0.0.0.0 can also be used.

The browser will then try to access the corresponding website on the server with 127.0.0.1. However, it is unlikely that the browser will be able to locate it, as the requested file will not be there. However, if your own test server is set up, then the browser may find home.html, which is just your own file. An error message appears instead of the requested website if you have not set up your own test server. Ad inserts throughout the system can be switched off using this technology. To avoid every entry manually, you can find finished and regularly extended host files on the Internet.

Monday, 21 December 2020

Prerequisite – Domain Name System (DNS)

Need of DNS:

There are 232 IP Addresses (approximately 4, 294, 967, 296). With growth of internet at a rapid pace came issue of remembering websites with their IP Address (not an issue if superhuman or bot pretending to be human). This issue was resolved using DNS. Domain Name System is method of resolving human-understandable URLs into their respective IP addresses. While you enter URL (this URL is known as FQDN – Fully Qualified Domain Name) into browser, DNS takes care of looking at actual IP address associated with website.

DNS Look-Up:

To resolve such DNS queries, there are Domain Name Servers built across world that takes your DNS look-up request and resolve it. There are 5 types of Name Servers –

1. Caching Name Servers.

2. Recursive Name Servers.

3. Root Name Servers.

4. Top Level Domain (TLD) Name Servers.

5. Authorative Name Servers.

Caching and Recursive Name Servers are generally provided by Internet Service Providers. Purpose of Caching Name Server is to store known domain names for certain amount of time (similar to caching in data storage). Recursive Name Server performs Full Name Resolution. There are 13 Root Name Servers across globe, responsible for directing requests to appropriate TLD Server.

Web hosting, Web Hosting Reviews, Compare Web Hosting
Figure – DNS Look-up

◉ When you type FQDN in your browser, it checks host files already available in your system. A host file has entries as follows –

<IP-Address> <Domain-name>

Example –

127.0.0.1 localhost
216.58.203.36 www.google.com

◉ If the IP Address is not found in Host files, then DNS look-up is carried to Caching Name Server, which stores domain names for certain amount of time.

◉ If caching name server does not resolve look-up, it is then transmitted to Recursive Name Server. Recursive name servers are responsible to perform full DNS Resolution requests.

◉ The request from Recursive Name Server is transmitted to 13 Root Name Servers using Anycast (It is technique that is used to route traffic to different destinations depending on factors like location, link health and congestion).

◉ Root Name Server responds to DNS Look-up with name of TLD Name Server that should be queried.

◉ For each Top Level Domain in Domain Name (A top-level domain is part of domain that comes after the dot, for example, com, org or net) there is Top Level Domain (TLD) Name Server. TLD server responds to DNS Look-up with redirect, informing your system about which Authorative Name Server to contact.

◉ Finally, DNS Look-up is redirected to Authorative Name Server for resolving website name and it provides actual IP Address of the server.

This strict hierarchy maintains stability of internet by resolving every lookup in correct manner. This protects against malicious redirecting traffic. Nowadays devices have built-in local cache servers to prevent performing DNS lookup for every new TCP connection.

Friday, 18 December 2020

Web Hosting Reviews, Compare Web Hosting, Web Hosting, HTTP

Well everyone of us at least once come across the statement:

“Make sure abc website uses HTTPS before entering your private information.”

If yes then have you ever tried to find the reason behind this statement. Let’s find out the reason.

Before proceeding further two points must be clear-

1. HTTP :

HyperText Transfer Protocol (HTTP) is the core communication protocol used to access the World Wide Web.

It uses a message-based model in which a client sends a request message and server returns a response message.

2. HTTPS :

HyperText Transfer Protocol Secure (HTTPS) clearly it names indicate that this is an secure advancement of HTTP. It is basically the same application-layer protocol as HTTP but it is tunneled over secure transport mechanism.

The point to understand is that HTTP transfer data as plain text whereas HTTPS adds a encryption layer to data.

Now we have understand that HTTP does not encrypt our data while communication which means a attacker which is suitably positioned on the network can eavesdrop or look our data.

Let’s dive deeper!

To start our exploration we are using Linux machine and wireshark as packet analyzer tool (they are used for network analysis).

Firstly we have to setup wireshark to monitor all ongoing HTTP traffic for that we will enter the
following filter in wireshark to only get HTTP requests:

http && ip.addr == "ip address" 

Now, we are able to monitor all ongoing traffic as shown in image:

Web Hosting Reviews, Compare Web Hosting, Web Hosting, HTTP

You might be thinking that an attacker is only able to see your browsing but he can also get your credentials if victim try to login let’s see now visit a page and enter the credentials let say username =’test’ and password=’test’ then press login.When we switch back to wireshark and find that corresponding request we are able to see our entered username and password.

Web Hosting Reviews, Compare Web Hosting, Web Hosting, HTTP

But, if we try to analyze packets for HTTPS request it doesn’t disclose any credentials due to encryption.

Wednesday, 16 December 2020

Internet, WWW, Web Hosting, Web Hosting Review, Compare Web Hosting

1. Internet:

The internet is a globally connected network system facilitating worldwide communication and access to data resources through a huge collection of personal, public, business, academic and government networks. it’s governed by agencies just like Internet Assigned Numbers Authority (or IANA) that establish universal protocols.

2. World Wide Web (WWW):

World Wide Web (WWW), byname Web, is leading information retrieval service of web (the worldwide computer network). Online gives users access to a huge array of documents that are connected to every other by means of hypertext or hypermedia links—i.e., hyperlinks, electronic connections that link related pieces of data so as to permit a user quick access to them. Hypertext allows the user to pick a word or phrase from text and thereby access other documents that contain additional information concerning that word or phrase.

Difference between Internet and WWW :

INTERNET WWW 
Internet is a global network of networks.  WWW stands for World wide Web.
Internet is a means of connecting a computer to any other computer anywhere in the world. World Wide Web which is a collection of information which is accessed via the Internet.
Internet is infrastructure. WWW is service on top of that infrastructure. 
Internet can be viewed as a big book-store. Web can be viewed as collection of books on that store.
At some advanced level, to understand we can think of the Internet as hardware. At some advanced level, to understand we can think of the WWW as software.
Internet is primarily hardware-based.  WWW is more software-oriented as compared to the Internet.
It is originated sometimes in late 1960s. English scientist Tim Berners-Lee invented the World Wide Web in 1989. 
Internet is superset of WWW. WWW is a subset of the Internet. 
The first version of the Internet was known as ARPANET. In the beginning WWW was known as NSFNET. 
Internet uses IP address. WWW uses HTTP.

Monday, 14 December 2020

1. HyperText Transfer Protocol (HTTP) :

HyperText Transfer Protocol (HTTP) is a protocol using which hypertext is transferred over the Web. Due to its simplicity, http has been the most widely used protocol for data transfer over the Web but the data (i.e. hypertext) exchanged using http isn’t as secure as we would like it to be. In fact, hyper-text exchanged using http goes as plain text i.e. anyone between the browser and server can read it relatively easy if one intercepts this exchange of data.

2. Hypertext Transfer Protocol Secure (HTTPS) :

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication. In HTTPS, the communication protocol is encrypted using Transport Layer Security.

HTTP, HTTPS, Web Hosting, Web Hosting Reviews, Compare Web Hosting

Difference between HTTP and HTTPs:


HTTP HTTPS 
HTTP stands for HyperText Transfer Protocol. HTTPS for HyperText Transfer Protocol Secure.
In HTTP, URL begins with “http://”.  In HTTPs, URL starts with “https://”. 
HTTP uses port number 80 for communication.  HTTPs uses 443 port number for communication. 
HTTP is considered to be unsecure.  HTTPs is considered as secure.
HTTP works at Application Layer.  HTTPS works at Transport Layer.
In HTTP, Encryption is absent.  Encryption is present in HTTPS.
HTTP does not require any certificates.  HTTPS needs SSL Certificates. 

Friday, 11 December 2020

Prerequisite Domain Name Server, DNS Spoofing or DNS Cache poisoning

Domain Name Server is a prominent building block of the Internet. It’s developed as a system to convert alphabetical names into IP addresses, allowing users to access websites and exchange e-mails. DNS is organized into a tree-like infrastructure where the first level contains topmost domains, such as .com and .org. The second level nodes contain general, traditional domain names. The ‘leaf’ nodes on this tree are known as hosts.

DNS Attacks, Web Hosting, Compare Web Hosting, Web Hosting Reviews
DNS works similar to a database which is accessed by millions of computer systems in trying to identify which address is most likely to solve a user’s query.

In DNS attacks, hackers will sometimes target the servers which contain the domain names. In other cases, these attackers will try to determine vulnerabilities within the system itself and exploit them for their own good.

Types of Attacks:

1. Denial of service (DoS) –

An attack where the attacker renders a computer useless (inaccessible) to the user by making a resource unavailable or by flooding the system with traffic.

2. Distributed denial of service (DDoS) –

The attacker controls an overwhelming amount of computers (hundreds or thousands) in order to spread malware and flood the victim’s computer with unnecessary and overloading traffic. Eventually, unable to harness the power necessary to handle the intensive processing, the systems will overload and crash.

3. DNS spoofing (also known as DNS cache poisoning) –

Attacker will drive the traffic away from real DNS servers and redirect them to a “pirate” server, unbeknownst to the users. This may cause in the corruption/theft of a user’s personal data.

4. Fast flux –

An attacker will typically spoof his IP address while performing an attack. Fast flux is a technique to constantly change location-based data in order to hide where exactly the attack is coming from. This will mask the attacker’s real location, giving him the time needed to exploit the attack. Flux can be single or double or of any other variant. A single flux changes address of the web server while double flux changes both the address of web server and names of DNS serves.

5. Reflected attacks –

Attackers will send thousands of queries while spoofing their own IP address and using the victim’s source address. When these queries are answered, they will all be redirected to the victim himself.

6. Reflective amplification DoS –

When the size of the answer is considerably larger than the query itself, a flux is triggered, causing an amplification effect. This generally uses the same method as a reflected attack, but this attack will overwhelm the user’s system’s infrastructure further.

Measures against DNS attacks:

1. Use digital signatures and certificates to authenticate sessions in order to protect private data.

2. Update regularly and use the latest software versions, such as BIND. BIND is an open source software that resolves DNS queries for users. It is widely used by a good majority of the DNS servers on the Internet.

3. Install appropriate patches and fix faulty bugs regularly.

4. Replicate data in a few other servers, so that if data is corrupted/lost in one server, it can be recovered from the others. This could also prevent single point failure.

5. Block redundant queries in order to prevent spoofing.

6. Limit the number of possible queries.

Thursday, 10 December 2020

A directory is a hierarchical structure that stores information about objects on the network. A directory, in the most generic sense, is a comprehensive listing of objects. A phone book is a type of directory that stores information about people, businesses, and government organizations. Phone books typically record names, addresses, and phone numbers.

Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers.

Benefits of Active Directory –

◉ Hierarchical organizational structure.

◉ Multimaster Authentication & Multimaster replication (the ability to access and modify AD DS from multiple points of administration)

◉ A single point of access to network resources.

◉ Ability to create trust relationships with external networks running previous versions of Active Directory and even Unix.

Directory Service –

A directory service is a hierarchical arrangement of objects which are structured in a way that makes access easy. However, functioning as a locator service is not AD’s exclusive purpose. It also helps organizations have a central administration over all the activities carried out in their networks. Essentially a Network Directory Service:

◉ Provides information about the user objects, computers and services in the network.

◉ Stores this information in a secure database and provides tools to manage and search the directory.

◉ Allows to manage the user accounts and resources, apply policies consistently as needed by an organization.

Active Directory provides several different services, which fall under the umbrella of “Active Directory Domain Services, ” or AD DS. These services include:

1. Domain Services –

Stores centralized data and manages communication between users and domains; includes login authentication and search functionality

2. Certificate Services –

It generates, manages and shares certificates. A certificate uses encryption to enable a user to exchange information over the internet securely with a public key.

3. Lightweight Directory Services –

Supports directory-enabled applications using the open (LDAP) protocol.

4. Directory Federation Services –

Provides single-sign-on (SSO) to authenticate a user in multiple web applications in a single session.

5. Rights Management –

It controls information rights and management. AD RMS encrypts content, such as email or Word documents, on a server to limit access.

Domain Controllers –

A server that is running AD DS is called a domain controller.Domain controllers host and replicate the directory service database inside the forest. The directory service also provides services for managing and authenticating resources in the forest.These servers host essential services in AD DS, including the following:

– Kerberos Key Distribution Center (kdc)

– NetLogon (Netlogon)

– Windows Time (W32time)

– Intersite Messaging (IsmServ)

Active Directory Objects:

1. Container Objects –

These objects can contain other objects inside them, and we can make collection from them. For Ex- Forest, Tree, Domains, Organisational Units.

2. Leaf Objects –

These objects can not contain other objects inside them. For Ex- users, computers, printers, etc.

Active Directory Domain Services, Domain Name, Web Hosting, Compare Web Hosting, Web Hosting Reviews

Common Terminologies and Active Directory Concepts:


◉ Schema –

A set of rules, the schema, that defines the classes of objects and attributes contained in the directory, the constraints and limits on instances of these objects, and the format of their names.

◉ Global catalog –

A global catalog that contains information about every object in the directory. This allows users and administrators to find directory information regardless of which domain in the directory actually contains the data. For more information about the global catalog, see The role of the global catalog.

◉ Forest Root Domain –

The first domain that is installed in an Active Directory Forest is referred to as the root domain.

◉ Sites –

Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build
the most efficient replication topology.

◉ Lightweight Directory Access Protocol –

AD is based on the Lightweight Directory Access Protocol (LDAP). This protocol provides a common language for clients and servers to speak to one another.

Saturday, 5 December 2020

Domain Name, Web Hosting, Web Hosting Reviews, Compare Web Hosting


A domain name is an address that is used to access any website. Domain Name is unique in nature and it is very easy to remember. By typing the Domain Name user can reach the website whichever he desires. The actual address of any website is very complicated but with the help of Domain Name, this complicated address can be converted into a simplified human-comprehensible form. Domain Name is formed with the help of rules and procedures of DNS.

Why Domain Name is Important ?

The domain name is easy to remember but the IP address is not. Let’s take an example of the telephone directory, we don’t remember the phone number of the persons we just remember the name of the person and then search the number using their names, not with their phone numbers. An IP address can be changed in the back-end but the domain name remains the same.

History: We are using the Human Comprehensible form of the host’s numerical address since the ARPANET era. Earlier each computer on the network used to retrieve host files from the computer at SRI which used to map computer host names to numerical addresses. As networking started to grow rapidly henceforth it became nearly impossible to perform the task with traditional methods and therefore in 1983, the Domain Name System was introduced on the ARPANET.

Characteristics:

◉ The shorter the domain name then it’s easier to remember and understand and the longer the Domain Name it’s hard to remember and understand therefore keeping Domain Name short and crisp is advisable.

◉ Domain Name should be easy to spell because the user won’t be able to remember it correctly if it’s complicated.

◉ In Domain Name .com extension is most popular as many people remember the sites with this extension and tend to forget other extensions.

◉ Sometimes Domain Name will not have any meaning but it becomes so popular that people recognize that domain name just by listening to its name, so we can also create a brand, and we don’t really need any meaning unless and until Domain Name becomes a brand.

◉ Domain Name ideally should not contain hyphen and numbers as it becomes cumbersome to remember.

Steps for Domain Resolution and URL Processing: 

When we type a web address into a web browser, our computer needs to convert them into an IP address. So that it can contact our web server and delivers to you. This is called a forward lookup because we are converting a hostname into an IP address. It is also called a reverse lookup when we are converting an IP address into a hostname.

◉ First, we will type the name of the website which we want to access. For example — facebook.com.

◉ Then this domain name will map into their corresponding IP address, and the conversion of the domain name to IP address is the responsibility of the resolver. There is a resolver between request and root server.

◉ The website request first goes to the root server, it can be done by 2 methods either with a recursive method or with the iterative method. There are a total of 13 root servers all over the world.

◉ The resolver then gives an IP address of the next level to the resolver. The next level consists of generic servers or country servers.

◉ The resolver resolves the domain name from right to left means in our example it will first resolve “.com”. Then “.com” gives a link to the resolver after that our request will be forwarded to the Authoritative Server.

◉ Authoritative Servers stores all the IP addresses and names. There can be multiple IP addresses of a particular website. Facebook has more than 70 thousand servers hence the IP address can be multiple.

◉ This IP address is given to the resolver and then the resolver gives that IP address to our computer. Then we can access the data in our computer.

These steps are only performed when we access any website for the very first time. When we access that website a second time then our request is not forwarded to the root server because our internet service provider(ISP) cached that IP address so that whenever you need to access that website, it will provide IP address easily.

Advantages:

◉ Good Domain Name adds credibility also it separates from other Domain Names.

◉ Also, Domain Name gives visibility to the brand and it also attracts many users.

◉ Domain Name can increase search engine ranking once it becomes popular among Internet Users.

◉ Domain Name establishes a unique identity in cyberspace.

◉ Domain Name can be resold, leased, and bartered which is also one of the great advantages.

Disadvantages:

◉ DNS registry can only be controlled by ICANN which is a big challenge as it’s tied to only one country and henceforth it also challenges Net Neutrality.

◉ In DNS server-side only see the IP address and henceforth it can be manipulated by hackers.

◉ Also, the DNS server is based on the slave-master relationship which is another challenge.

◉ In case the host starts malfunctioning then it becomes hard to access the web page.

◉ In many instances, the hacker’s target server machine and makes the user redirect to another webpage which results in phishing.

Friday, 4 December 2020

1. Domain :

Domain is a client/server network where user can login from any device of the office. Also known as Remote login. It has a centralized administration and all devices can be managed from a centralized device. It prefers a centralized storage and all the users data is stored at a centralized storage device which can be NAS or SAN.

2. Workgroup :

Workgroup is a peer to peer windows computer network, where users can use his login credentials only on his or her system and not others. It holds an distributed administration wherein each user can manage his machine independently. Most storage is distributed. Each device has its own dedicated storage.

Domain and Workgroup, Web Hosting, Web Hosting Review, Web Hosting Guides, Compare Web Hosting


Difference between Domain and Workgroup :

DOMAIN WORKGROUP 
The computers in a domain have a centralized database. The computers in workgroup mainly has its own local database.
 A domain is mainly to transfer and share sensitive and important data only.  A Workgroup is used to share less secure and personal data only due to less security.
A domain is mainly preferred for large public and business networks. A workgroup is mainly preferred for small local area networks like schools, colleges, buildings, etc.
A domain is used to transfer and share sensitive and important data due to security. A workgroup is used to share personal data as it is less secure.
A domain can work better for large numbers of devices.  A workgroup works better for fewer computers. 
The domain names are provided by domain controller on the basis of IP address.  In workgroup there is no dependencies on any hardware components and server for assigning the name.
Data can be recovered in a domain from the centralized storage.   Data recovery is not possible in a workgroup due to the local storage of each device.
A Domain can be formed using the devices of one or more different networks domain and adding all the intended devices to it.   The devices of the same network can only be added to a workgroup.

Thursday, 3 December 2020

Dynamic Domain Name System (DDNS), Web Hosting, Domain Name, Web Hosting Certification, Compare Web Hosting

When DNS (Domain Name System) was designed, nobody expected that there would be so many address changes such as adding a new host, removing a host, or changing an IP address. When there is a change, the change must be made to the DNS master file which needs a lot of manual updating and it must be updated dynamically.

Dynamic Domain Name System (DDNS):

It is a method of automatically updating a name server in the Domain Name Server (DNS), often in real-time, with the active DDNS configuration of its configured hostnames, addresses, or other information. In DDNS, when a binding between a name and an address is determined, the information is sent, usually by DHCP (Dynamic Host Configuration Protocol) to a primary DNS server.

The primary server updates the zone. The secondary servers are notified either actively or passively. Inactive notification, the primary server sends a message to secondary servers, whereas, in the passive notification, the secondary servers periodically check for any changes. In either case, after being notified about the change, the secondary requests information about the entire zone (zone transfer).

DDNS can use an authentication mechanism to provide security and prevent unauthorized changes in DNS records.

Advantages:

1. It saves time required by static addresses updates manually when network configuration changes.

2. It saves space as the number of addresses are used as required at one time rather than using one for all the possible users of the IP address.

3. It is very comfortable for users point of view as any IP address changes will not affect any of their activities.

4. It does not affect accessibility as changed IP addresses are configured automatically against URL’s.

Disadvantages:

1. It is less reliable due to lack of static IP addresses and domain name mappings.

2. Dynamic DNS services alone can not make any guarantee about the device you are attempting to connect is actually your own.

Uses:

1. It is used for Internet access devices such as routers.

2. It is used for for security appliance manufacturers and even required for IP-based security appliances like DVRs.

Friday, 27 November 2020

The most common network devices used are routers and switches. But we still hear people talking about hubs, repeaters, and bridges. Do you ever wonder why these former devices are preferred over the latter ones? One reason could be: ‘because they are more efficient and powerful’. But what actually is the reason behind their efficiency? This is when terms like “Collision Domains” and “Broadcast Domains” come into picture.

Before going further, let us recall that a hub is a multiple-port repeater. Similarly, a switch is a multiple-port bridge so that you can understand why repeaters and bridges are not typically used in production networks(because of less number of ports).

Now, narrowing down to Hubs, Switches and Routers, let us discuss them in reference with the blow domains.

1. Collision Domain –

A Collision Domain is a scenario in which when a device sends out a message to the network, all other devices which are included in its collision domain have to pay attention to it, no matter if it was destined for them or not. This causes a problem because, in a situation where two devices send out their messages simultaneously, a collision will occur leading them to wait and re-transmit their respective messages, one at a time. Remember, it happens only in case of a half-duplex mode.

2. Broadcast Domain –

A Broadcast Domain is a scenario in which when a device sends out a broadcast message, all the devices present in its broadcast domain have to pay attention to it. This creates a lot of congestion in the network, commonly called LAN congestion, which affects the bandwidth of the users present in that network.

From this, we can realize that more the number of collision domains and more the number of broadcast domains, the more efficient is the network providing better bandwidth to all its users.

So, which of our network devices break collision domains and which of them break broadcast domains?

◉ HUB –

We start with a hub because we should get rid of it as soon as possible. The reason being, it neither breaks a collision domain nor a broadcast domain,i.e a hub is neither a collision domain separator nor a broadcast domain separator. All the devices connected to a hub is in a single collision and single broadcast domain. Remember, hubs do not segment a network, they just connect network segments.

◉ SWITCH –

Coming to switches, we have an advantage over the hub. Every port on a switch is in a different collision domain, i.e a switch is a collision domain separator. So messages that come from devices connected to different ports never experience a collision. This helps us during designing networks but there is still a problem with switches. They never break broadcast domains, means it is not a broadcast domain separator. All the ports on the switch are in still in a single broadcast domain. If a device sends a broadcast message, it will still cause congestion.

◉ ROUTER –

Last, but not least, we have our savior. A router not only breaks collision domains but also break broadcast domains, means it is both collision as well as broadcast domain separator. A router creates a connection between two networks. A broadcast message from one network will never reach the other one as the router will never let it pass.

Collision Domain, Broadcast Domain, Computer Network, Web Hosting, Compare Web Hosting, Web Hosting Reviews

Also, as repeaters and bridges differ from hubs and switches only in terms of the number of ports, a repeater does not break collision and broadcast domains, while a bridge breaks only collision domains.

Wednesday, 25 November 2020

1. Trade Mark:

A trade name is a name used to register a business as a legal entity within the state where it operates. Usually, this is often done at the Secretary of State or the Department of Corporations, or an identical state-run agency. A trade name must be unique within the state where it is registered. The trade name is additionally registered with the interior Revenue Service for purposes of federal tax laws.

A trademark can be a sign or symbol which represents graphically and it is capable of differentiating the products or services of 1 undertaking from those of other undertakings. An application for registration of a trademark shall be made to the Trade Marks Registry of the Property Department). The owner of a registered trademark has the prerogative to use the trademark in reference to the products and services that the mark is registered within the Hong Kong Special Administrative Region.

Example :

When the officer of an organization signs an agreement, he signs it as “CFO of XYZ Corporation.” Anyone who wants to see the status of that legal entity can interrogate XYZ Corporation on the records of the year of its state. For that reason, contracts normally will state the party to the contract and include something like this: “A Delaware indebtedness company” because that information allows someone to research the status of the business.

Trademark, Domain Name, Web Hosting, Web Hosting Reviews, Web Hosting Guides, Compare Web Hosting

2. Domain Name :


A domain name is an entry during a database—like a line during a spreadsheet. That entry corresponds to an online protocol address. A website name may be a website address on the web which provides you a web identity. A website name may be a human-readable Internet address, e.g, www.wilmerhale.com. It is the name that users/customers type into their Internet browsers to access your website. The proper to use a website name is regulated by name registrars.

You will obtain a website name by purchasing it from the registrar for your particular name. An application to register a website name under country code top-level domain(e.g. com.hk) or a generic top-level domain (e.g. .com) shall be made to at least one of the registrars. A website name is often registrable as a trademark if it functions to spot the source of particular goods or services.

Example :

It includes the utilization of the name on the particular pages of an internet site offering services, offline use of the name as something quite just a URL address, like the use of the name on marketing or promotional materials for services, and use of the name on the packaging for a product.

Trademark, Domain Name, Web Hosting, Web Hosting Reviews, Web Hosting Guides, Compare Web Hosting

Difference Between Trademark and Domain Name :


TRADE MARK DOMAIN NAME 
A trade mark may consist of words, designs, letters, numerals, colors, the shape of goods or their packaging etc. and any combination of such signs. A domain name must be contextual in for (e.g. www.ipd.gov.hk).
A trade mark would be registered in respect of the goods or services as classified under the Nice Classification.  A domain name does not have to be registered for a particular class of goods or services.
A registered trade mark is valid for 10 years and can be renewed for further periods of 10 years.  A domain name is only for a particular period as agreed between the registrant and the accredited registrar and these are subject to renewal.
A trade mark may not be registrable if it is different or similar to a previously registered trade mark.  A domain name is registrable if it is not different to a previously registered domain name.
A trade mark which consists exclusively of a sign or a symbol which describes the characteristics for the applied-of goods or services may not be registrable. Symbols such as “fresh bread” in respect of bakery services.  A domain name may describe the features of the application-of goods or services, e.g. “freshbread.com” for a bakery.
Trademark operates in the real world.  Domain name operates in the cyber world.
Different people living in different countries may have the same trademark for different goods and services as it does not generally have a global impact on it.  Domain names operates at a global level and so no two companies/persons can be having the same domain name.
Trademark can refer to or linked to a specific category of a product or products line.  The domain names are not given for every single product offered by a company.
As there are no jurisdiction issues, the dispute related to a trademark can be easily settled.  As the internet is very wide and does not any any boundries, so the disputes are hard to be settled.

Tuesday, 24 November 2020

In the Classful addressing the no of Hosts within a network always remains the same depending upon the class of the Network.

Class A network contains 2 (24) Hosts,

Class B network contains 2 (16) Hosts,

Class C network contains 2 (8) Hosts 

Now, let’s suppose an Organization requires 2(14) hosts, then it must have to purchase a Class B network. In this case, 49152 Hosts will be wasted. This is the major drawback of Classful Addressing.

In order to reduce the wastage of IP addresses a new concept of Classless Inter-Domain Routing is introduced. Now a days IANA is using this technique to provide the IP addresses. Whenever any user asks for IP addresses, IANA is going to assign that many IP addresses to the User.

Web Hosting, Compare Web Hosting, Web Hosting Reviews, Domain Routing

Representation: It is as also a 32-bit address, which includes a special number which represents the number of bits that are present in the Block Id.

a . b . c . d / n 

Where, n is number of bits that are present in Block Id / Network Id.

Example:

20.10.50.100/20 

Rules for forming CIDR Blocks:

1. All IP addresses must be contiguous.
2. Block size must be the power of 2 (2n).

If the size of the block is the power of 2, then it will be easy to divide the Network. Finding out the Block Id is very easy if the block size is of the power of 2.

Example:

If the Block size is 2(5) then, Host Id will contain 5 bits and Network will contain 32 – 5 = 27 bits.

Web Hosting, Compare Web Hosting, Web Hosting Reviews, Domain Routing

3. First IP address of the Block must be evenly divisible by the size of the block. in simple words, the least significant part should always start with zeroes in Host Id. Since all the least significant bits of Host Id is zero, then we can use it as Block Id part.

Example:

Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or not?

1. All the IP addresses are contiguous.
2. Total number of IP addresses in the Block = 16 = 2(4).
3. 1st IP address: 100.1.2.00100000

Since, Host Id will contains last 4 bits and all the least significant 4 bits are zero. Hence, first IP address is evenly divisible by the size of the block.

All the three rules are followed by this Block. Hence, it is a valid IP address block.

Wednesday, 11 November 2020

A Domain Name System (DNS) converts a human-readable name (such as www.want2host.com) to Numeric IP-address. The DNS system response one or more IP-address by which your computer connects to a website (such as want2host.com) by using one of the IP-address.

There is not only one DNS server. There are series of DNS server used to resolve the domain name. DNS uses cache to work efficiently so that it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again.

Although DNS caching increase the speed for domain name resolution process But the major change in the domain then it takes a day to reflect worldwide.

DNS Spoofing means getting a wrong entry or IP-address of the requested site from DNS server. Attackers find out the flaws in DNS system and take control and will redirect to a malicious website.

Web Hosting, Web Hosting Review, Compare Web Hosting, DNS

In above image –

1. Request to Real Website: User hit a request for paticular website it goes to DNS server to resolve the ip-address of that website.

2. Inject Fake DNS entry: Hackers already take control over the DNS server by detecting the flaws and now they add false entry in DNS server.

3. Resolve to Fake Website: Since fake entry in DNS server redirect user to wrong website.

To Prevent From DNS Spoofing –

DNS Security Extensions (DNSSEC) is used to add an additional layer of security in DNS resolution process to prevent security threats such as DNS Spoofing or DNS cache poisoning.
DNSSEC protects against such attacks by digitally ‘signing’ data so you can be assured it is valid.

Wednesday, 4 November 2020

Prerequisite – Domain Name System (DNS) in Application Layer

In the world of networking, computers do not represent by names like humans do, they represent by numbers because that is how computers and other similar devices talk and identify with each other over a network, which is by using numbers such as IP addresses.

Humans on the other hand are accustomed to using names instead of numbers, whether is talking directly to another person or identifying a country, place, or things, humans identify with names instead of numbers. So in order to bridge the communication gap between computers and humans and make the communication of a lot easier networking engineers developed DNS. 

DNS stands for a Domain Name System.

DNS resolves names to numbers, to be more specific it resolves domain names to IP addresses. So if you type in a web address in your web browser, DNS will resolve the name to a number because the only thing computers know are numbers. 

Domain Name System (DNS) Server, Web Hosting, Web Hosting Reviews, Compare Web Hosting

Working: 


If you wanted to go to a certain website you would open up your web browser and type in domain name of that website. Let us use google.com. Now technically you really do not have to type in google.com to retrieve Google web page, you can just type in IP address instead if you already knew what IP address was, but since we are not accustomed to memorizing and dealing with numbers, especially when there are millions of websites on Internet, we can just type in domain name instead and let DNS convert it to an IP address for us. 

So back to our example, when you typing google.com on your web browser DNS server with search through its cache to find a matching IP address for that domain name, and when it finds it it will resolve that domain name to IP address of Google web site, and once that is done then your computer is able to communicate with a Google web srver and retrieve webpage. 

So DNS basically works like a phone book, when you want to find a number, you do not look up number first, you look up name first then it will give you number. So to break this down into further detail let us examine steps that DNS takes. So when you type in google.com in your web browser and if your web browser or operating system cannot find IP address in its own cache memory, it will send query to next level to what is called resolver server. Resolver server is basically your ISP or Internet service provider, so when resolver receives query, it will check its own cache memory to find an IP address for google.com, and if it cannot find it it will send query to next level which is root server. The root servers are top of root of a DNS hierarchy. 

There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they are strategically placed around world, and they are operated by 12 different organizations and each set of these root servers has their own unique IP address. So when root server receives query for IP address for google.com, root server is not going to know what IP address is, but root server does know where to send resolver to help it find IP address. So root server will direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask TLD server for IP address for google.com. 

The top-level domain server stores address information for top-level domains such as .com and .net, .org, and so on. This particular TLD server manages .com domain which google.com is a part of. So when a TLD server receives query for IP address for google.com, TLD server is not going to know what IP addresses for google.com. So the TLD will direct resolver to next and final level, which are authoritative name servers. So once again the resolver will now ask authoritative name server for IP address for google.com. Authoritative name server or servers are responsible for knowing everything about domain which includes IP address. 

They are final authority. 

So when the authoritative name server receives query from resolver, name server will respond with IP address for google.com. And finally, resolver will tell your computer IP address for google.com and then your computer can now retrieve google web page. It is important to note that once resolver receives IP address, it will store it in its cache memory in case it receives another query for google.com. So it does not have to go through all those steps again.

DNS servers has different types of records to manage resolution efficiently and provide important information about a domain. These records are the details which are cached bu DNS servers. Each records have a TTL(Time To Live) value in seconds associated with it, these values set time for the expiration of cached record in DNS server which ranges to 60 to 86400 depending on the DNS provider.

◉ A records – points to IPv4 address of machine where website is hosted
◉ AAAA records – points to IPv6 address of machine where website is hosted
◉ MX – points to email servers
◉ CNAME – canonical name for alias points hostname to hostname
◉ ANAME – Auto resolved alias, works like cname but points hostname to IP of hostname
◉ NS – nameservers for subdomains
◉ PTR – IP address to hostname
◉ SOA  – containing administrative information about the DNS zone
◉ SRV – service record for other services
◉ TXT – Text records mostly used for verification, SPF, DKIM, DMARC and more
◉ CAA – certificate authority record for SSL/TLS certificate

DNSSEC(Domain Name System Security Extensions) are the cryptographic suite of authentication protocols added to the DNS to protect it from malicious actors  from using forged or manipulated DNS data, such as that created by DNS cache poisoning by digitally signing DNS zones. DNSSEC does not provide confidentiality of data; in particular, all DNSSEC responses are authenticated but not encrypted. DNSSEC is still yet to be implemented by some registrars and registrys

Monday, 2 November 2020

Increased mobility of the devices, the concept of remote access to a network, and many more opportunities like these have complicated the complete task of preventing hackers from accessing your private data.

In most fatal attacks, an attacker can take down your complete website without even accessing your system. An attacker could take advantage of the Internet to divert your website visitors and other incoming data before they reach your network. Here DNS system is the key. It is the first line of defense and plays a major role in data security.

What is DNS?

DNS- Domain Name System is a hierarchical naming system that is used for computers, services, or any other resource or device that is connected to the Internet. Or we can say that in simple language, DNS translates more readily memorized domain names to numerical IP Addresses needed for locating and identifying devices and services with the underlying network protocols.

Web Hosting, Web Hosting Reviews, Compare Web Hosting

A DNS server encompasses all the Domain Names and their corresponding IP Addresses. Whenever you enter a URL-

◉ Your browser will send IP Request (domain name- For example www.want2host.com) to the DNS Server.
◉ DNS Server will match the corresponding IP address of this URL and directs your browser to the website.

DNS system is essential as the browser is unable to understand the alphabetic URL and can only process the numerical IP Address.

What do you mean by DNS Leak?


As we have discussed above, DNS acts as a correspondent between the Internet and your device. However, in the case of default DNS settings, the online activities of the user are visible to the ISP or anyone with legal or illegal access to the DNS Server.
To eradicate such situations, many individuals tend to use VPN-Virtual Private Network, which helps to create a safe and virtual connection over the Internet. Adding a VPN pushes all the DNS requests and data through a VPN tunnel.

Unfortunately with pros there comes the cons. VPN Servers are not 100% secure, they could leak DNS requests. This is known as DNS Leak. Thus we can say DNS Leak is a security flaw, that exposes DNS requests to ISP DNS Servers.

Ways to check DNS Leak –


Checking DNS Leak is a very simple task. There are so many one-click testing tools available in the market to test DNS vulnerabilities. 

How a DNS Leak Test Work?


The answer is very simple if you are behind the VPN and perform a DNS Leak Test.

◉ The result should be the same IP where you have connected through a VPN.
◉ If you see your ISP on the list, it points to a DNS Leak.
◉ The lists which are not directed under your VPN Service could signal a leak.

Try not to select a DNS Leak Test tool offered by any VPN Service. VPN Service these days are developing their tools and using it as a bait to scare users and sell their products.

What are the major DNS Leak Issues?


In this section, we will be discussing major issues contributing to DNS Leak.

1. Irregular Network Configuration: When connecting to VPN, connect your device first to the local network. Ensure proper settings as DHCP settings can sometimes automatically assigns a DNS Server when you connect to a new network and this could be your ISP DNS Server.

2. IPv6 Leak: Most VPNs have IPv4 support and they are unable to handle any request to or from an IPv6 device. The request sent from the machine using a dual-stack tunnel which converts IPv4 to IPv6 couldn’t be handled by these VPNs. Therefore, the DNS request eventually goes to the DNS Server and DNS leak causes real IP to expose.

3. Transparent DNS Proxies: In cases where ISPs detect users changing their DNS Server setting to a third-party server, they enforce their own DNS Servers. This transparent server will interrupt the user web traffic and send it to the ISP DNS Server. Such types of servers can be detected through DNS Leak Test.

4. Teredo Technology: Mircosoft has introduced Teredo Technology to resolve the issue of IPv6 and IPv4. However, in the case of VPN, it can still cause DNS Leak as it is a tunneling protocol and it is capable of bypassing VPNs encrypted tunnel too.

5. Windows OS Versions 8, 8.1, and 10: Windows feature Smart Multi-Homed Name Resolution has been introduced in Windows 8 and later versions. This feature tends to send the request to all available DNS Servers. It makes sure that the response from the non-standard server is only acceptable in case favorites fail to respond. Most probably, that ISP DNS response is accepted which eventually results in DNS Leak.

How to Prevent DNS Leak?


◉ Encrypt DNS requests using DNS over HTTPS or DNS over TLS.
◉ Use VPN Client which sends DNS requests over the VPN.
◉ Use Firewalls to disable DNS on the whole device or setting DNS servers to non-existing ones like 127.0.0.1 or 0.0.0.0
◉ Use anonymous browsers like Tor Browser, which makes user anonymous and doesn’t require any DNS to be set up on the operating system.
◉ Use your own DNS resolving server.
◉ Use Cloudflare DNS Server.
◉ Use proxy or VPN, system-wide, via third-party app helpers like Proxifier or in the form of a web browser extension.

Friday, 30 October 2020

Shared Web Hosting, Web Hosting, Web Hosting Guides

Shared web hosting is the most popular hosting solution purchased from hundreds of web host companies all over the world. The sheer size of the huge market of shared solutions often causes problems to customers since most people purchasing shared plans are new to web technologies, and usually do not know what to pay look for when choosing a good hosting package.

How to Choose Proper Web Hosting Package


Web hosting is a complex of functions and hardware features; thus, you need to understand some technical processes in order to find for a proper solution. The system is not complicated at all—you just have to keep in mind that the abundance of unlimited features awarded by a certain web host does not mean that their shared plan is exactly what you need. Of course, it would be great if you could just consult a web master who would explain what features you will need for this or that online project. If you don't have that option, read on to understand some key facts about shared hosting plans and choose a proper solution.

Key Features of Shared Hosting


Here are five most relevant features included into shared hosting packages:

The Essentials: Disk Space & Traffic


Let's start with the basics. When you want to host a website on the web, you need some disk space that will be used for things like different code files, databases, and media. That's when you need a certain amount of disk space. Logically, the smaller your website is, the less importance this feature has. Now that you have hosted some files and made them into a website, you will want users to access that data. That's when bandwidth comes in. Imagine a tunnel: the wider the tunnel is, the more information can pass through it. Bandwidth works the same way. Many web hosts offer unlimited bandwidth but restrict traffic speed, which can also influence the performance of your website. Pay attention to bandwidth and traffic speed when searching for a good shared plan. Again, the bigger your website will be, the more disk space you will need. Additional hard drive security is very good, but typically this feature is not included in shared packages.

Uptime


Uptime is the time when your website works online and when users can access the site without any problems. It is usually measured in percentages from the total expected uptime (twenty-four hours a day, seven days a week). Of course, it depends if your website has to be online one hundred percent of the time.. Normally, if you purchase shared hosting, your project is not too big, so you don't really need 100% uptime. In such cases, the level of 98% is common. When choosing a hosting plan, do not pay much attention to what companies say about their uptime-- they only use best servers for their company website while you may get a worse one. Still, if you want to know the actual online rate, use some independent web projects to measure this number for you; likewise, you can check out some forums or ask you friends for advice. You also have to pay attention to different security features included in the plan, which will ensure better safety for your server. Be aware that most web host companies do not include pricey security options into cheap shared plans (for example, your server will be more secure if the package includes RAID, server backup, manual server restart, advanced network architecture, or other similar services).

Support


Support is extremely important. If you are new to web hosting, support will be your eyes, hands, and everything else. That's why we advise that you browse the web and check different reviews for information about support of your web host candidates. Also browse through forums where users discuss web hosting to give you an insider’s review. Why is support so important? When making your first steps in hosting management, you will have many questions, and many of them will require immediate answers--that's why the working speed of customer support is so crucial.

Pre-Installed Apps


Many web host companies include so many additional features into their shared plans that it's becomes a giant mess. They will offer some unlimited options, pre-installed apps, extra-fee services, and the like. Concentrate on the pre-installed apps, which are special widgets that help you create a website quickly and manage it more efficiently. One of the most basic apps is the control panel. If your shared plan includes a control panel, you can breathe a sigh of relief. Life gets much easier with one, as you will be able to control the most complicated server processes through a very convenient interface. The most popular control panel is cPanel, but some web hosts of will offer you an alternative — Zpanel, Webmin, Virtualmin, or even their own customized control panel (which is not always so good as it sounds). Now, most control panels have some apps and add-ons pre-installed, so you can switch some important functions on with only one click, like eCommerce tools such as payment instruments or shopping carts. You can also have a CMS like WordPress or Joomla available for quick automatic installation. Note that all those extras are only reasonable if you need them. If you have someone make you a promo website or a portfolio, most of those features are not necessary.

Free Bonuses


Finally, we get to the sweetest thing about shared plans. Since the market of shared web hosting is so big, different companies try to attract more clients by offering free bonuses. Some of them will offer a free domain name, website transfer, site-building tools, or some other nice features. Of course, this great and convenient, so the more free bonuses you get, the better the deal. When it comes to free bonuses, the main item that needs your attention is the so-called “renewal fees.” What happens here is that the company will grant you the first year of domain usage free, but later on you will have to pay yearly fees. As always, examine the user agreement thoroughly if a company offers you free features. Choosing a shared package is very subjective. You have to spend some time considering the requirements for your website so that you know what features are priorities and what features are non-essentials. Remember to keep pricing and reliability at the forefront.Your web host must have a good reliability-price ratio.

Wednesday, 28 October 2020

Cloud Services, Hosted Services, Web Hosting, Hosting Reviews, Compare Web Hosting


It seems as if everyone has their own definition of cloud services and hosted services. In truth, hosted and cloud services are very similar — both are off-premises and are accessed through an Internet connection. While some believe that these services are essentially the same, experts argue that cloud services are more interrelated with other web-based offerings. When it comes down to it, the main difference between hosted and cloud services is multi-tenancy.

What Is Multi-tenancy?

According to Gartner, "Multitenancy refers to the mode of operation of software where multiple independent instances of one or multiple applications operate in a shared environment. The instances (tenants) are logically isolated but physically integrated. The degree of logical isolation must be complete, but the degree of physical integration will vary. The more physical integration, the harder it is to preserve the logical isolation. The tenants (application instances) can be representations of organizations that obtained access to the multitenant application (this is the scenario of ISV offering services of an application to multiple customer organizations)."

In other words, multi-tenancy implements the sharing of resources and costs among a large pool of users and allows infrastructure to be concentrated in locations with lower costs, maximizing peak-load capacity and improving utilization and efficiency in systems that are often only used up to 10 to 20% of the time. Hosted services generally do not offer the same cost efficiencies, elasticity, or reliability as cloud services. 

The cloud provider benefits of multi-tenancy are amplified by only having to support a single version of software, the uniformity of its hardware environment, and its efficiency. The general rule is that if a solution is not multi-tenant, then it isn't a cloud solution, and won't have the same benefits.

What Are Hosted Services?

Hosted services are technology services offered by a provider hosting physical servers that are removed from the customer’s premise. A hosted service provider owns and oversees infrastructure, software, and administrative tasks at a private location. The hosted service system is available to clients, typically through a direct network connection that uses the Internet (VPN, Remote Desktop, etc.). There are three main elements of hosted services: 

◉ Software as a Service (SaaS)

◉ Platform as a Service (PaaS)

◉ Infrastructure as a Service (IaaS)

These three combined encompass software, network capacity, and the equipment used to support operations such as storage, hardware, servers, and networking components.

What Are The Benefits of Hosted Services?

Hosted services are generally very secure and provide a wide range of services, data warehousing, off-site backup, and more. When thinking about hosted services in the real-world, you actually come across them most days. Some examples of common hosted services include:

◉ Virtual server hosting

◉ Security

◉ File hosting

◉ Website hosting

◉ Email

What Are Cloud Services?


Cloud services are a subset of hosted services. Hosted services, even those accessible using the Internet, cannot be referred to as real cloud solutions unless they have been built to capitalize on the collaboration and interconnectivity that is a fundamental part of the cloud. Cloud applications are web-enabled, meaning, instead of being based on physical hardware, they are based in a shared virtual environment managed by a cloud-hosting provider. Only server installation and a device with an Internet connection are needed for cloud services. Many line-of-business (LOB) applications are adding cloud services to their offering. Cloud servers can be constructed to provide varying levels of performance, security, and control to configure to your business’s needs.

What Are the Benefits of Cloud Services?


Cloud servers allow your business to optimize IT performance without the overwhelming costs associated with the purchase and management of fully dedicated infrastructure. These cloud servers are the ideal fit for businesses of variable demands and workloads. The most significant benefit of cloud services compared to hosted services is the scalability of solutions while remaining relatively affordable for most businesses. When selecting cloud services, the expenses related to the equipment and maintenance of the data center or colocation facility are spread across everyone within the facility.

Cloud services offer on-demand utilities, multi-tenancy features with seamless uninterrupted scaling, and features that are sure to meet your business’ needs to adapt and help you meet the demands of your client base.

Cloud Services vs. Hosted Services


When it comes down to cloud services vs. hosted services, there is no right or wrong answer when selecting one. It’s up to the organization to evaluate their needs and wants to select the best service. Today’s cloud services and hosted services have something to offer to everyone, so take your time to ensure you select the right service for your company.

Friday, 23 October 2020

Understanding DNS

Understanding DNSSEC first requires basic knowledge of how the DNS system works.

The DNS is used to translate domain names (like example.com) into numeric Internet addresses (like 198.161.0.1).

Although this address system is very efficient for computers to read and process the data, it is extremely difficult for people to remember. Let’s say that every time when you need to check a website, you should remember the IP address of the machine where it is located. People often call the DNS system the "phone book of the Internet".

To solve this problem, a numeric IP address was attached to every domain name. The website addresses we know are actually domain names.

Domain name information is stored and accessed on special servers, known as domain name servers, that convert domain names into IP addresses and vice versa.

The top level of the DNS resides in the root zone where all IP addresses and domain names are kept in databases and sorted by top-level domain name, such as .com, .net, .org, etc.

When the DNS was first implemented, it was not secured, and soon after being put into use, several vulnerabilities were discovered. As a result, a security system was developed in the form of extensions that could be added to the existing DNS protocols.

Domain name system security extensions (DNSSEC) are a set of protocols that add a layer of security to the domain name system (DNS) lookup and exchange processes, which have become integral in accessing websites through the Internet.

Advantages of DNSSEC

DNSSEC is aimed at strengthening trust in the Internet by helping to protect users from redirection to fraudulent websites and unintended addresses. In such a way, malicious activities like cache poisoning, pharming, and man-in-the-middle attacks can be prevented.

DNSSEC authenticates the resolution of IP addresses with a cryptographic signature, to make sure that answers provided by the DNS server are valid and authentic. In case DNSSEC is properly enabled for your domain name, the visitors can be ensured that they are connecting to the actual website corresponding to a particular domain name.

How DNSSEC Works

The original purpose of DNSSEC was to protect Internet clients from counterfeit DNS data by verifying digital signatures embedded in the data.

When a visitor enters the domain name in a browser, the resolver verifies the digital signature.

If the digital signatures in the data match those that are stored in the master DNS servers, then the data is allowed to access the client computer making the request.

The DNSSEC digital signature ensures that you're communicating with the site or Internet location you intended to visit.

DNSSEC uses a system of public keys and digital signatures to verify data. It simply adds new records to DNS alongside existing records. These new record types, such as RRSIG and DNSKEY, can be retrieved in the same way as common records such as A, CNAME and MX.

Web Hosting, Hosting Reviews, Compare Web Hosting
These new records are used to digitally "sign" a domain, using a method known as public key cryptography.

A signed nameserver has a public and private key for each zone. When someone makes a request, it sends information signed with its private key; the recipient then unlocks it with the public key. If a third party tries to send untrustworthy information, it won’t unlock properly with the public key, so the recipient will know the information is bogus.

Note that DNSSEC does not provide data confidentiality because it does not include encryption algorithms. It only carries the keys required to authenticate DNS data as genuine or genuinely not available.

Also, DNSSEC does not protect against DDoS Attacks.

Keys used by DNSSEC

There are two types of keys that are used by DNSSEC:

The zone signing key (ZSK) - is used to sign and validate the individual record sets within the zone.

The key signing key (KSK) - is used to sign the DNSKEY records in the zone.

Both of these keys are stored as "DNSKEY" records in the zone file.

Viewing the DS record

The DS record stands for Delegation Signer, and it contains a unique string of your public key as well as metadata about the key, such as what algorithm it uses.

Each DS record consists of four fields: KeyTag, Algorithm, DigestType and Digest and it looks like the following:

Web Hosting, Hosting Reviews, Compare Web Hosting

We can break up different components of the DS record to see what information each part holds:

◉ Example.com. - domain name that the DS is for.

◉ 3600 - TTL, the time that the record may remain in cache.

◉ IN stands for internet.

◉ 2371 - Key Tag, ID of the key.

◉ 13 - algorithm type. Each allowed algorithm in DNSSEC has a specified number. Algorithm 13 is ECDSA with a P-256 curve using SHA-256.

◉ 2 - Digest Type, or the hash function that was used to generate the digest from the public key.

◉ The long string at the end is the Digest, or the hash of the public key.

All DS records must comply with RFC 3658.

You can always use the DNSSEC Debugger in order to find out if there are any issues with the domain name settings.

Facebook

Twitter

Popular Posts

Blog archive

Total Pageviews