ch06.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,095 行 · 第 1/4 页

	In fact, the Gopher interface is designed to resemble a file system since a file
	system is a good model for locating documents and services.
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>The complete documentation
	on the Gopher protocol can be obtained in RFC 1436 (<A HREF="http://sunsite.auc.dk/RFC/rfc/rfc1436.html"><TT>http://sunsite.auc.dk/RFC/rfc/rfc1436.html</TT></A>).
	
<HR>


</BLOCKQUOTE>

<P>The Gopher service is very powerful. It can serve text documents, sounds, and
other media. It also operates largely in text mode and is therefore much faster than
HTTP through a browser. Undoubtedly, the most popular Gopher client is for UNIX.
(Gopher2_3 is especially popular, followed by Xgopher.) However, many operating systems
have Gopher clients. See Table 6.6 for a few.
<H4><FONT COLOR="#000077"><B>Table 6.6. Gopher clients for various operating systems.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Operating System</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Client</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Microsoft Windows (all)</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Hgopher, Ws_Gopher</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Macintosh</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Mac Turbo Gopher</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">AS/400</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">The AS/400 Gopher Client</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">OS/2</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Os2Gofer</TD>
	</TR>
</TABLE>
</P>
<P>Typically, the user launches a Gopher client and contacts a given Gopher server.
In turn, the Gopher server forwards a menu of choices. These may include search menus,
pre-set destinations, or file directories. Figure 6.5 shows a client connection to
the University of Illinois.</P>
<P><A NAME="05"></A><A HREF="05.htm"><B>Figure 6.5.</B></A><B><BR>
</B><I>A sample gopher session.</I></P>
<P>Note that the Gopher model is completely client/server based. The user never logs
on per se. Rather, the client sends a message to the Gopher server, requesting all
documents (or objects) currently available. The Gopher server responds with this
information and does nothing else until the user requests an object.
<H4><FONT COLOR="#000077"><B>Hypertext Transfer Protocol</B></FONT></H4>
<P>Hypertext Transfer Protocol is perhaps the most renowned protocol of all because
it is this protocol that allows users to surf the Net. Stated briefly in RFC 1945,
HTTP is

<DL>
	<DD>...an application-level protocol with the lightness and speed necessary for distributed,
	collaborative, hypermedia information systems. It is a generic, stateless, object-oriented
	protocol which can be used for many tasks, such as name servers and distributed object
	management systems, through extension of its request methods (commands). A feature
	of HTTP is the typing of data representation, allowing systems to be built independently
	of the data being transferred.
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>RFC 1945 has been superseded by
	RFC 2068, which is a more recent specification of HTTP and is available at <A HREF="ftp://ds.internic.net/rfc/rfc2068.txt"><TT>ftp://ds.internic.net/rfc/rfc2068.txt</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>HTTP has forever changed the nature of the Internet, primarily by bringing the
Internet to the masses. In some ways, its operation is much like Gopher. For example,
it too works via a request/response scenario. And this is an important point. Whereas
applications such as Telnet require that a user remain logged on (and while they
are logged on, they consume system resources), protocols such as Gopher and HTTP
eliminate this phenomenon. Thus, the user is pushed back a few paces. The user (client)
only consumes system resources for the instant that he or she is either requesting
or receiving data.</P>
<P>Using a common browser like Netscape Navigator or Microsoft Internet Explorer,
you can monitor this process as it occurs. For each data element (text, graphic,
sound) on a WWW page, your browser will contact the server one time. Thus, it will
first grab text, then a graphic, then a sound file, and so on. In the lower-left
corner of your browser's screen is a status bar. Watch it for a few moments when
it is loading a page. You will see this request/response activity occur, often at
a very high speed.</P>
<P>HTTP doesn't particularly care what type of data is requested. Various forms of
multimedia can be either embedded within or served remotely via HTML-based WWW pages.
In short, HTTP is an extremely lightweight and effective protocol. Clients for this
protocol are enumerated in Table 6.7.
<H4><FONT COLOR="#000077"><B>Table 6.7. HTTP clients for various operating systems.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Operating System</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>HTTP Client</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Microsoft Windows (all)</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Netscape Navigator, WinWeb, Mosaic, Microsoft Internet Explorer, WebSurfer, NetCruiser,
			AOL, Prodigy</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Macintosh</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Netscape Navigator, MacMosaic, MacWeb, Samba, Microsoft Internet Explorer</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">UNIX</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Xmosaic, Netscape Navigator, Grail, Lynx, TkWWW, Arena</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">OS/2</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Web Explorer, Netscape Navigator</TD>
	</TR>
</TABLE>
</P>
<P>Until recently, UNIX alone supported an HTTP server. (The standard was NCSA HTTPD.
Apache has now entered the race, giving HTTPD strong competition in the market.)
The application is extremely small and compact. Like most of its counterparts, it
runs as a daemon. Its typically assigned port is 80. Today, there are HTTP servers
for nearly every operating system. Table 6.8 lists those servers.
<H4><FONT COLOR="#000077"><B>Table 6.8. HTTP server for various operating systems.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Operating System</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>HTTP Server</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Microsoft Windows 3.<I>x</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Website, WinHTTPD</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Microsoft Windows 95</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">OmniHTTPD, Server 7, Nutwebcam, Microsoft Personal Web Server, Fnord, ZB Server,
			Website, Folkweb</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Microsoft Windows NT</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">HTTPS, Internet Information Server, Alibaba, Espanade, Expresso, Fnord, Folkweb,
			Netpublisher, Weber, OmniHTTPD, WebQuest, Website, Wildcat</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Macintosh</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">MacHTTP, Webstar, Phantom, Domino, Netpresenz</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">UNIX</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">HTTPD, Apache</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">OS/2</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">GoServe, OS2HTTPD, OS2WWW, IBM Internet Connection Server, Bearsoft, Squid &amp;
			Planetwood</TD>
	</TR>
</TABLE>

<H4><FONT COLOR="#000077"><B>Network News Transfer Protocol</B></FONT></H4>
<P>The Network News Transfer Protocol is one of the most widely used protocols. It
provides modern access to the news service commonly known as USENET news. Its purpose
is defined in RFC 977:

<DL>
	<DD>NNTP specifies a protocol for the distribution, inquiry, retrieval, and posting
	of news articles using a reliable stream-based transmission of news among the ARPA-Internet
	community. NNTP is designed so that news articles are stored in a central database
	allowing a subscriber to select only those items he wishes to read. Indexing, cross-referencing,
	and expiration of aged messages are also provided.
</DL>

<P>NNTP shares characteristics with both Simple Mail Transfer Protocol and TCP. Similarities
to SMTP consist of NNTP's acceptance of plain-English commands from a prompt. It
is similar to TCP in that stream-based transport and delivery is used. NNTP typically
runs from Port 119 on any UNIX system.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>I refer readers seeking
	in-depth information on NNTP to RFC 977 (<A HREF="http://andrew2.andrew.cmu.edu/rfc/rfc977.html"><TT>http://andrew2.andrew.cmu.edu/rfc/rfc977.html</TT></A>).<BR>
	You may also wish to obtain RFC 850 for examination of earlier implementations of
	the standard (<A HREF="http://sunsite.auc.dk/RFC/rfc/rfc850.html"><TT>http://sunsite.auc.dk/RFC/rfc/rfc850.html</TT></A>).
	
<HR>


</BLOCKQUOTE>

<H4><FONT COLOR="#000077"><B>Concepts</B></FONT></H4>
<P>You have examined TCP/IP services and protocols individually, in their static
states. You have also examined the application-level protocols. This was necessary
to describe each protocol and what they accomplish. Now it is time to examine the
larger picture.
<H2><FONT COLOR="#000077"><B>TCP/IP <I>Is</I> the Internet</B></FONT></H2>
<P>By now, it should be apparent that TCP/IP basically comprises the Internet itself.
It is a complex collection of protocols, many of which remain invisible to the user.
On most Internet servers, a minimum of these protocols exist:</P>

<UL>
	<LI>Transmission Control Protocol
	<LI>Internet Protocol
	<LI>Internet Control Message Protocol
	<LI>Address Resolution Protocol
	<LI>File Transfer Protocol
	<LI>The Telnet protocol
	<LI>The Gopher protocol
	<LI>Network News Transfer Protocol
	<LI>Simple Mail Transfer Protocol
	<LI>Hypertext Transfer Protocol
</UL>

<P>Now, prepare yourself for a shock. These are only a handful of protocols run on
the Internet. There are actually hundreds of them. Better than half of the primary
protocols have had one or more security holes.</P>
<P>In essence, the point I would like to make is this: The Internet was designed
as a system with multiple avenues of communication. Each protocol is one such avenue.
As such, there are hundreds of ways to move data across the Net.</P>
<P>Until recently, utilizing these protocols called for accessing them one at a time.
That is, to arrest a Gopher session and start a Telnet session, the user had to physically
terminate the Gopher connection.</P>
<P>The HTTP browser changed all that and granted the average user much greater power
and functionality. Indeed, FTP, Telnet, NTTP, and HTTP are all available at the click
of a button.
<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>In this chapter, you learned about TCP/IP. Relevant points about TCP/IP include</P>

<UL>
	<LI>The TCP/IP protocol suite contains all protocols necessary to facilitate data
	transfer over the Internet
	<LI>The TCP/IP protocol suite provides quick, reliable networking without consuming
	heavy network resources
	<LI>TCP/IP is implemented on almost all computing platforms
</UL>

<P>Now that know the fundamentals of TCP/IP, you can progress to the next chapter.
In it, you will explore some of the reasons why the Internet is not secure. As you
can probably guess, there will be references to TCP/IP throughout that chapter.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch05/ch05.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch07/ch07.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>