1. “Windows Networking” ITL

2. © Hans Kruse & Shawn Ostermann, Ohio University 2 Overview Networking under Windows Mixture of applications and protocols

3. © Hans Kruse & Shawn Ostermann, Ohio University 3 Windows Protocols Application Layer: –“Providers”: Vendor-specific networking clients –Application (http, ftp, etc.) Presentation Layer –Usually empty

4. © Hans Kruse & Shawn Ostermann, Ohio University 4 Windows Protocols Session Layer –Redirectors – linked to Provider modules –Servers Transport Layer –TDI – Transport Driver Interface –Various transport protocols (TCP, NWLink, NBF) Lower Layers

5. © Hans Kruse & Shawn Ostermann, Ohio University 5 Some Definitions NBF: NetBIOS Frame Protocol –Based on NetBEUI (Network Basic Input Output System Extended User Interface) NWLink –Implementation of the Novell protocols IPX/SPX IPX: Internet Packet Exchange SPX: Sequence Packet Exchange

6. © Hans Kruse & Shawn Ostermann, Ohio University 6 Protocol Structure NetBIOS (Kernel) TCP/IP NetBT SPX/IPXNBF NDIS NIC Driver Note: TCP/NetBT and IPX/SPX are routable, NBF (NetBEUI) is not.

7. © Hans Kruse & Shawn Ostermann, Ohio University 7 Specifications & Info Karanjit S. Siyan, “Windows NT TCP/IP”, New Riders Professional Library RFCs 1001 & 1002 SNIA CIFS Spec 0.9

8. © Hans Kruse & Shawn Ostermann, Ohio University 8 Some History Windows networking –Windows for Workgroups –LAN Manager (various versions) Intended for small LANs Similar to AppleTalk

9. © Hans Kruse & Shawn Ostermann, Ohio University 9 History … Novell used for server-based large networks Windows networking used for Peer- to-Peer RFCs 1001 and 1002 define NetBIOS over TCP (NetBT)

10. © Hans Kruse & Shawn Ostermann, Ohio University 10 UNC Uniform Naming Convention –\\ServerName\ShareName\Path\FileName\\ServerName\ShareName\Path\FileName Defines a flat namespace used to locate network resources

11. © Hans Kruse & Shawn Ostermann, Ohio University 11 SMB Server Message Block –Application layer protocol –Defines access to files, printers, and named pipes SMB specs are not public CIFS specs are public under SNIA

12. © Hans Kruse & Shawn Ostermann, Ohio University 12 Protocol Stacks for SMB SMB NetBIOS TCP/IPNetBEUI IPX/SPX Data Link Layer

13. © Hans Kruse & Shawn Ostermann, Ohio University 13 SMB Functions Session Setup and Disconnect File Access Printer Access Directory Searching Setting File Attributes File Creation and Deletion

14. © Hans Kruse & Shawn Ostermann, Ohio University 14 SMB File Access Open and Close Read and Write Record and byte range locking File Locks “Opportunistic” locks (caching support)

15. © Hans Kruse & Shawn Ostermann, Ohio University 15 SMB Variants SMB is not a single specification Microsoft and other vendors made numerous enhancements SMB session setups include a required version negotiation

16. © Hans Kruse & Shawn Ostermann, Ohio University 16 Name Resolution NetBIOS uses 15 character names Flat name space inside a NetBIOS Scope Nodes assert a name upon startup Assertion is successful unless challenged

17. © Hans Kruse & Shawn Ostermann, Ohio University 17 Node Types b-nodes –Use broadcast for name resolution –Can interact only with b-nodes (and mixed nodes) p-nodes –Use a NetBIOS name server (NBNS, Microsoft WINS) –Cannot interact with b-nodes

18. © Hans Kruse & Shawn Ostermann, Ohio University 18 Mixed Node Types m-nodes –mixed operation, broadcast first h-nodes –mixed, NBNS, LMHOST file, broadcst Windows defaults: –b-node –h-node if a WINS server is specified

19. © Hans Kruse & Shawn Ostermann, Ohio University 19 Some Notes WINS is NBNS as defined in RCFs 1001 and 1002, but WINS replications (server to server updates) are vendor-specific WINS is dynamic, entries come from NetBIOS name registration at system startup

20. © Hans Kruse & Shawn Ostermann, Ohio University 20 WINS and DNS Up to Windows NT 4, these are separate –Computers can have unrelated DNS and NetBIOS names DHCP clients without dynamic DNS –Have “generic” or no DNS names –Dynamically register NetBIOS names

21. © Hans Kruse & Shawn Ostermann, Ohio University 21 Windows 2000 Pure Windows 2000 networks use dynamic DNS WINS lookups used for mixed environments Names lookups can trigger –DNS queries –WINS queries –Broadcasts

22. © Hans Kruse & Shawn Ostermann, Ohio University 22 WINS and DNS names Windows 2000 machines use FQDN (Fully Qualified Domain Names) NetBIOS names are derived from the host name –Pad short names with spaces up to 15 characters –Truncate names with >15 chars

23. © Hans Kruse & Shawn Ostermann, Ohio University 23 Microsoft DNS Dynamic Updates Replication (If used with Active Directory aka LDAP) UTF-8 character coding unless restricted to RFC 1123 Additional DNS record types

24. © Hans Kruse & Shawn Ostermann, Ohio University 24 Service Discovery LDAP - based starting with Windows 2000 Previous versions use a proprietary systen of “domain browsers” Creates some broadcast traffic

25. © Hans Kruse & Shawn Ostermann, Ohio University 25 Access Control in SMB “Share Level Access” –Used with FAT16 and FAT32 –Single password for a directory tree User Level Access –Requires User/Password Authentication –NTFS required to make access file- specific

26. © Hans Kruse & Shawn Ostermann, Ohio University 26 Security Models “Workgroup” –relies on share level security or –user/password settings on Windows NT or 2000 workstations Domain Controller –Windows NT or 2000 server which contains a central user database

27. © Hans Kruse & Shawn Ostermann, Ohio University 27 Dual Access Control NTFS-based file sharing checks credentials twice –Share-level permissions –File level access control lists Non-file objects (e.g. printers) can have share permissions

28. © Hans Kruse & Shawn Ostermann, Ohio University 28 Security protocols in CIFS Authentication required for session setup to a server –Plain Text Password (discouraged for obvious reason) –Challenge-response Requires a shared secret (password) May be stored on a separate authentication server