Network Operating Systems (NOS) connects devices with users enabling them to access resources on a central server (through the use of redirector that points for the client directly to the resource).

Domain Name Service (DNS) resolves hosts names to IP Addresses. On the Internet, there are root DNS servers that maintains each 13 files for the top-level domain servers. The responsibility for allocating IP addresses is by ICANN (Internet Corporation for Assigned Names and Numbers).

Inside a DNS server, networks are split up into zones. The DNS server holding this zone is the authoritative name server for those domains. Mappings of hosts to IP addresses are resource records. It is recommended to have a primary and a secondary DNS server for each zone. They synchronize with zone transfer. This should be controlled and not allowed from any host.

Top-level domains are com, edu, org, us... Second-level domains for example microsoft, google... If a DNS server does not know an IP address it passes the request to another DNS, and so on...

Poisoning DNS happens by intercepting DNS request and responding with a wrong IP address before a regular DNS server responds. To get rid of this situation we could use DNSSEC (DNS security), but each DNS server would need a certificate from a common PKI...

DNS splitting is used by resolving external IPs from DMZ DNS and internal from LAN DNS.

Network Information System (NIS), or Yellow Pages (YP) is like a telephone book and records every resource on the network. It allows to keep configuration files (like password for unix) in a central place, with no need to have copies on each computer. The workstation has a client service (ypbind) and the server has ypserver. It works similar to DHCP. Attackers have been using NIS to get password files for example.

NIS+ corrects the weakness of NIS: hierarchical system, automatic updates, adds secure RPC (S-RPC) and it's backward compatible to NIS. NIS+ has 2 levels: 0 (no security), 1 (no authentication), 2 (default with authentication and authorization)

Directory Services holds a hierarchical database of all resources. It is commonly built upon X.500 model. Several directories communicates with each other and build a meta-directory. Each directory follow a specific schema. Examples are LDAP, AD, NDS.

LDAP (Lightweight Directory Access Protocol) has been developped because DAP was to complex. It uses a tree with entries (leaves) with unique distinguished names (DNs).

Network Address Translation (NAT) is used to extend the numbers of possible IP address to communicate with Internet. Private IP addresses are reserved (10.x.x.x, 172.16.x.x to 172.31.x.x, 192.168.x.x) and non routable. These addresses are used internally. A gateway translates these address to one public IP address making possible connections from inside LAN to external IPs. Implementations are:

• Static mapping: each private address is mapped to a public address
• Dynamic mapping: works on first come first served
• Port Address Translation (PAT): is used when only one public IP address is available. Different internal connections are mapped to different port

Intranet are web-based applications working inside a company. Extranet are web-based applications open to the external world.

EDI (Electronic Data Interchange) brings organization for document sharing in internet. A Value Added Network (VAN) is an EDI infrastructure maintained by a service bureau. For example EDI is used to make orders and paiements without paper work.

Metropolitan Area Network (MAN) is the connection of LANs and LANs to WANs over cable networks like SONET (Synchronous Optical Networks) or FDDI.