A kind of directory service on Win Server, other directory service OpenLDAP, Apache directory server
Basically a centralized DB storing objects
An obj could be a user, group, computer. each obj has some attributes, such as first name, email, credentials, permissions etc
Intra-site replica (automatically) and inter-site replica (IP/SMTP) between Domain Controllers (AD Servers).
support kerberos and LDAP protocol
forest -> domain -> child domain -> OU (group, user, computer, ...) -> CN (user/server name)
DC -> OU -> CN
DN: the LDAP API references an LDAP obj by its distinguished name

LDAP/LDAPS

C/S model, LDAP server (most case AD server) store dir entry in a tree structure
cross platform interface/protocol for querying/communicating with dir service, such as AD

The Difference Between Active Directory and LDAP

What is the difference between Kerberos and LDAP

network basics

IP addr

private ip
1. 10.0.0.0-10.255.255.255
2. 172.16.0.0-172.31.255.255
3. 192.168.0.0-192.168.255.255
localhost: device establish network to itself, 127.0.0.1 (IPv4), ::1 (IPv6)
CIDR: notation, variable-length subnet mask, 192.168.1.0/24
default gateway: a device (router) between local network and other network (such as Internet)
1. route packet to appropriate external network, when there is no routing info available about dest
2. obtain device MAC addr in another network using ARP
VLAN: logical group of devices, seperate different traffic (different departments) and narrow broadcast domain, switch use VLAN ID (1-4094) identify each VLAN
1. port-based VLAN: port1-3 vlan1, port2-8 vlan2
2. protocol based; IP/IPX
3. MAC-based
DMZ

VRF - virtual routing and forwarding

allows more than 1 routing table on single router, similar to VLANs on switches

VRF – Virtual Routing and Forwarding

protocols

SSH/RDP

SSH: remote access, file transfer, remote cmd execution, SSH tunnel
1. Authentication: pw, public key, host-based
2. port forwarding: tunnel to other protocols (HTTP, FTP)
3. secure file transfer: SCP (secure copy protocol), SFTP (ssh file transfer protocol)
4. encryption
RDP: tcp 3389
1. multi-platform support
2. encryption, authentication
3. dynamic resolution adjustment, clipboard sharing

HTTP/HTTPS

HTTP: stateless (not retain session state from prev req, indepedent reqs between each other)

SPN

Can someone please explain Windows Service Principle Names (SPNs) without oversimplifying

What is Azure Service Principal

Infoblox

DDI mgt: DNS, DHCP, IP

layer 4 vs layer 7 FW

layer 7: application layer inspect, such as URLs

load balancer

traffic routing, SSL offloading, session stickiness or HTTP profiles

bandwidth mgt

full BW, business down, how to solve???

ICAP/Secure ICAP

protocol for communicating between proxy/gateway and content adaptation server (ICAP server)
ICAP server can modify/analyse request and response content, for virus scan, ad filtering etc

What is ICAP Protocol

DHCP

assign IP automatically based on MAC when connect to network
process
1. discover: broadcast to locate a DHCP server
2. offer: unicast containing IP etc
3. req: confirm IP and other info
4. ack: server confirm the assignment

DNS

MS maintains its nameserver storing all final DNS records (A, MX, CNAME)

DNS NS record

DNS basics

NAT

middleman between LAN and Internet, translate private IP to a single shared public IP
implement on router, FW
1. static nat: 1-1 mappings
2. dynamic nat: 1-1 mappings, but public IP chosen from a pool
3. port address translation (PAT): multiple private IP maps to a single public IP, but change to diff ports
how to operate
1. outbound: change source IP (private) to NATed IP (public on router)
2. inbound: change destination IP (public on router) to NATed IP (private)

Network address translation

ARP

IP -> MAC, route data within same LAN
broadcast ARP req, all devices compare target IP with own IP, send ARP reply (contain MAC) if match
update ARP cache (IP-to-MAC mappings)
security concerns: ARP poisoning, etc

BGP

eBGP: route between autonomous systems
iBGP: used within AS
BGP table:

How does BGP routing work

SNMP

manager machine (run software as NMS/network management system), managed machine, SNMP agent (software installed on managed machine)
manager send reqs for info, managed machine response
SNMP Trap: an agent can send unrequested msg to manager to notify an important event

RTO / RPO

RTO is the goal your organization sets for the max length of time it should take to restore normal operations following an outage or data loss
RPO is your goal for the max amount of data the organization can tolerate losing. This parameter is measured in time: from the moment a failure occurs to your last valid data backup. For example, if you experience a failure now and your last full data backup was 24 hours ago, the RPO is 24 hours.

location, domain, vDOM, zone, vlan, subnet

Troubleshooting tools

nslookup

mainly for DNS, supports various DNS record types

dig - domain info groper

DNS query

port scanner

Nmap: host discovery, port scanning through ICMP echo req, TCP SYN/ACK probes, ARP scans
Masscan,

ping

ICMP Echo Req and Echo Reply
ping example.com
use
1. verify remote device is active and responding
2. identify latency
3. test resolution of domain name -> IP
some servers may configured not respond to ICMP reqs -> no respond/time out

ipconfig

Win only, display network config settings

iptables

packet filtering, add/delete FW rules in Linux: INPUT, OUTPUT, FORWARD
will lost when system reboot, can save and persistent

ARP

view device's ARP cache
ARP spoofing (Poisoning): link attacker's MAC to legitimate IP, thus intercept and DoS attacks
monitor ARP traffic, use static ARP table, employ NIPS/NIDS

netstat

network connections, routing tables, interface stat

netstat

tcpdump

capture packets, and filter based on IP/protocol/port
other packet sniffer: Wireshark, Npcap

route

view and manipulate IP routing table, need admin privileges

tracert/traceroute

identify each hop and RTT
cross OS,
some routers may discard ICMP echo reqs

mtr

combine traceroute and ping

Network-based attacks

DoS/DDoS

flooding by sending massive reqs, overwhelming server capacity
Ping of Death: send large, malformed ICMP packets
Distributed DoS: UDP or HTTP flood

DNS

DNS cache poisoning
DDoS
DNS hijacking

IPSec VPN

collection of protocols and encryption algorithms, operates at the network layer
Authentication, Confidentiality, Data Integrity, Anti-Replay Protection
Components
1. AH (Authentication Header): add an authentication header to each IP packet
2. ESP (Encapsulating Security Payload): ESP provides confidentiality by encrypting the data in IP packets
modes
1. Transport Mode: IPSec is applied only to the payload of an IP packet
2. Tunnel Mode: IPSec is applied to the entire IP packet, including the header
process
1. establish a security association (SA), contains the necessary information, such as encryption keys and chosen encryption algorithms, for secured communication. The Internet Key Exchange (IKE) protocol is widely used to create and manage SAs
2. exchange data with key

Linux systemd service

system service: /etc/systemd/system/xxx.service -> /usr/lib/systemd/system/xxx.service
1. root user
2. sudo systemctl enable xxx.service
3. config files auto generates in /etc/xxx/
user service to all users: /etc/systemd/user/xxx.service -> /usr/lib/systemd/user/xxx.service
1. service avaiable to all users at once
user service to specific user: ~/.config/systemd/user/xxx.service
1. systemctl --user enable xxx.service
2. need have its own config files if it's a self-defined service

if sudo yum install httpd, then for a specific service xxx, its config file is in /etc/xxx/

/etc/xxx/conf  # main file is /etc/xxx/conf/xxx.conf
/etc/xxx/conf.d
/etc/xxx/conf.modules.d
/etc/xxx/logs
/etc/xxx/modules
/etc/xxx/run
/etc/xxx/state

Placing httpd config outside /etc/httpd/conf

How to create a systemd service in Linux

Systemd 入门教程：实战篇

systemd user services and systemctl --user

centos7上搭建http服务器以及设置目录访问