Windows Server Domain Controller 기본 포트 목록

[Source] Microsoft Help and Support

Active Directory를 실행 중인 Windows 2000 기반 Server 또는 Windows Server 2003 기반 Server에서 가장 일반적으로 열리는 Port/Protocol -- Service

21/TCP(Transmission Control Protocol) -- FTP

이 FTP(File Transfer Protocol) Server는 Internet Information Service(IIS)의 일부로 IIS Management Console에서 관리.

25/TCP -- SMTP

이 SMTP(Simple Mail Transfer Protocol) Service는 IIS Management Console에서 관리.

53/UDP(User Datagram Protocol) -- DNS

DNS(Domain Name System)를 사용하면 계층적이고 친숙한 이름을 통해 IP Network에서 Computer와 다른 Resource를 쉽게 찾을 수 있다. DNS를 사용하여 이름을 확인하는 것은 Windows Server에서는 중요한 작업. 이름이 제대로 확인되지 않으면 User가 Network에 있는 Resource를 찾을 수 없다.

80/TCP -- HTTP

HTTP(Hypertext Transfer Protocol)는 WWW(World Wide Web)에서 Text, Graphic Image, Sound, Video 및 기타 Multimedia File을 교환할 때 적용되는 Ruleset. Internet에서의 정보 교환에 기본이 되는 TCP/IP Protocol Suite와 비교해보면 HTTP는 Program Protocol.

88/UDP -- Kerberos

Kerberos Protocol은 Key Distribution Model에 기반을 둔 Network Authentication Method. 이 Protocol을 사용하면 Network를 통해 통신하는 Entity들이 서로에게 자신의 신분을 증명하면서 동시에 도청이나 재연 공격을 방지할 수 있다. Kerberos KDC(Key Distribution Center)는 Ticket Request에 대해 이 Port에서 수신 대기. Kerberos Protocol의 Port 88도 TCP/UDP가 될 수 있다.

Kerberos : The Network Authentication Protocol

119/TCP -- NNTP

NNTP(Network News Transfer Protocol)는 Computer에서 Usenet News Group에 게시된 참고 사항을 관리하는 데 사용되는 주요 Protocol. NNTP Server는 수집된 Usenet News Group의 global Network를 관리.

135/TCP -- RPC

RPC(Remote Procedure Call)는 Distributed Network에서 Windows-based Computer(Client)의 Program이 별도의 Windows-based Computer(Server)에서 실행 중인 다른 Program의 Service를 호출할 수 있게 해주는 기능. RPC는 TCP/IP를 포함하여 Windows Networking Protocol 중 하나의 통신 Service를 사용할 수 있는 Program Level Protocol.

137/UDP -- NetBIOS Name Server

NetBIOS Name Server(NBNS) Protocol은 NetBT(NetBIOS over TCP/IP) Protocol 제품군의 일부로 NetBIOS 인식 Network에서 Host name과 Address를 mapping할 수 있게 해준다.

* Enable NetBIOS Over TCP/IP (NetBT)

138/UDP -- NetBIOS Datagram

NetBIOS(Network Basic Input Output System) Datagram은 NetBT(NetBIOS over TCP/IP) Protocol 제품군의 일부로 Network Logon과 Search에 사용.

139/TCP -- NetBIOS Session Service

NetBIOS Session Service는 NetBT(NetBIOS over TCP/IP) Protocol 제품군의 일부로 SMB(Server Message Block), File Sharing 및 Print에 사용.

389/UDP -- LDAP

LDAP는 Lightweight Directory Access Protocol. LDAP는 Directory Service에 대한 Access를 제공하기 위한 표준 방법으로 설계되었다. Windows Server에서 LDAP는 Operating System이 Active Directory Database에 Access할 때 사용하는 기본 방법.

443/TCP -- HTTPS

HTTPS(Secure Hypertext Transfer Protocol)는 HTTP의 변형으로 Security Transaction을 처리하는 데 사용된다. HTTPS는 고유한 Protocol로 HTTP에서의 SSL(Secure Sockets Layer).

445/TCP -- SMB

SMB Protocol은 Microsoft Windows NT와 Windows Server에서의 File Sharing에 사용된다. Windows Server에서는 NetBT라는 추가 계층 없이 TCP/IP를 통해 직접 SMB를 실행할 수 있다.

464/TCP -- Kerberos Password V5

Kerberos Change Password Protocol은 Administrator가 새 User의 Password 설정을 거부하는 데 사용된다. 일부 환경에서는 이 기능이 유용하며 Password 설정을 사용 가능하게 설정하는 데 이 제안이 사용될 수 있다. 이 Protocol은 User가 자신의 Password를 변경할 때 사용된다.

500/UDP-- ISAKMP

ISAKMP(Internet Security Association and Key Management Protocol)나 IKE(Internet Key Exchange;Windows Server의 경우)는 VPN(Virtual Private Network)의 Key Exchange Mechanism. ISAKMP는 암호화 Key의 교환을 관리하고 2단계 Process를 사용하여 두 Gateway 사이에서 IPSec(Internet Protocol Security) 연결을 설정.

563/TCP -- SNEWS

SNEWS는 보안 NNTP(NNTP over SSL).

593/TCP -- RPC over HTTP

RPC over HTTP는 COM+ Internet Service에 사용되며 IIS가 작동하고 있어야 한다.

636/TCP -- LDAP over SSL

SSL이 설정되어 있으면 전송 및 수신되는 LDAP Data가 암호화된다.

1067/TCP -- Installation Bootstrap Service

Installation Bootstrap Protocol Server.

1068/TCP -- Installation Bootstrap Service

Installation Bootstrap Protocol Client.

1645/UDP -- IAS: Internet Authentication Service

이 Service는 RADIUS(Remote Authentication Dial-in User Service) Authentication Message를 처리하는 데 사용, IAS에서 이전 버전의 RADIUS Server와의 호환성을 제공하기 위해 지원.

1646/UDP -- IAS: 인터넷 인증 서비스

이 Service는 RADIUS Account Message를 처리하는 데 사용, IAS에서 이전 버전의 RADIUS Server와의 호환성을 제공하기 위해 지원.

1701/UDP -- L2TP

L2TP(Layer 2 Tunneling Protocol)은 다양한 미디어를 통해 Standard PPP(Point-to-Point Protocol)를 캡슐화하기 위한 방법. 또한 UDP Packet을 사용하여 PPP를 캡슐화할 수도 있다.

1723/TCP -- PPTP

PPTP는 지점간 터널링 프로토콜(Point-to-Point Tunneling Protocol)의 약어이다. VPN 제품에서는 IP가 자주 사용된다. Windows NT가 PPTP Server를 지원하고 Windows NT와 Windows 95 둘 다 PPTP Client를 지원한다.
(PPTP enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.)

1812/UDP -- IAS: Internet Authentication Service

이 Service는 RADIUS Account Message를 처리하는 데 사용.

1813/UDP -- IAS: Internet Authentication Service

이 Service는 RADIUS Account Message를 처리하는 데 사용.

3268/TCP -- Microsoft Global Catalog

Active Directory Global Catalog가 이 Port에서 수신 대기한다.

3269/TCP -- LDAP/SSL 포함 Microsoft Global Catalog

Microsoft Global Catalog SSL 연결이 이 Port에서 수신 대기한다.

3389/TCP -- Remote Desktop Protocol

RDP는 Thin Client가 Network를 통해 Terminal Server와 통신할 수 있게 해주는 Protocol. 이 Protocol은 현재 Microsoft NetMeeting 에서 사용되고 있는 다중 채널 회의 프로토콜의 국제 표준인 ITU(International Telecommunication Union) T.120 Protocol에 기반을 두고 있다.

More to read:
Service overview and network port requirements for the Windows Server system

Windows 서버 시스템의 서비스 개요 및 네트워크 포트 요구 사항

[Tip][Link] Protecting yourself when downloading using BitTorrent

If you’ve been using BitTorrent to download any of the more popular files, such as the latest episode of some major TV show, you may have found yourself receiving lots of “Wasted” data. This is data that has been discarded after being deemed corrupt or invalid by your BitTorrent client. Every so often, you will have received more wasted data than the size of the files you are downloading!

...... more
Protecting yourself when downloading using BitTorrent

Regular Expressions Summary table

[Source] O'Reily - Mastering Regular Expressions 2nd Edition

Summary Table.pdf

[Definition] Backup-Strategien + Overview for the backup types

[Quelle] bullhost.de PC-Lexikon

Bei dem EDV Begriff Backup-Strategien handelt es sich um verschiedene Vorgehensweisen beim Anlegen von Sicherungskopien eines Datenbestand. Es werden prinzipiell 3 unterschiedliche Strategien unterschieden, das Gesamt- bzw. die Vollsicherung, das Inkrementelle- bzw. die Differenzialsicherung und das Zuwachs-Backup bzw. die Zuwachssicherung.

Gesamt-Backup bzw. Vollsicherung: Bei dieser Strategie handelt es sich um eine zeitsparende, komfortable Strategie, da der komplette Datenbestand eines Datenträgers oder einer Partition gesichert wird. Diese Vorgehensweise hat den wesentlichen Nachteil, das eine hohe Speicherkapazität benötigt wird.

Differenzial- bzw. Inkrementelles-Backup: Bei der Differenzialsicherung werden nur die Daten bzw. Dateien gesichert, die sich seit dem letzten Gesamt-Backup geändert haben. Das hat den wesentlichen Vorteil das geringe Speicherreserven und ein geringer Zeitaufwand bei der Sicherung benötigt werden. Setzt jedoch ein zuvor angelegtes Gesamt-Backup als Basis voraus.

Zuwachs-Backup bzw. Zuwachssicherung: Bei dieser Strategie werden nur die Daten, Dateien und Dokumente gesichert, die seit der letzten Differenzialsicherung bzw. Vollsicherung hinzugekommen oder geändert wurden. Diese Strategie ist wie die Differenzialsicherung bei der Sicherung sehr zeitsparend und speicherkapazitätsfreundlich, ist jedoch bei der Wiederherstellung der einzelnen Daten, Dateien oder Dokumente sehr zeitaufwendig.

Die Mischform aus allen drei Strategien bezeichnet man als Medienrotationsverfahren und gilt als zuverlässigste und optimalste Sicherung eines Datenbestands. Man unterscheidet 3 Arten von Medienrotationsverfahren.
1. Tägliches Gesamt Backup
2. Wöchentliches Gesamt- & tägliches Differenzial-Backup
3. Monatliches & wöchentliches Gesamt- & tägliches Differenzial-Backup

Die Zeitspanne des zyklischen Medienrotationsverfahren bezeichnet man als Sicherungshorizont und je nach Sicherungsstufe Generationsprinzip, dabei unterscheidet man 2 Sicherungsstufen Vater-Sohn-Prinzip und Großvater-Vater-Sohn-Prinzip.

Overview of the Backup types : full backup, differential backup, incremental backup and mirror backup

[Source] Backup4all - Help - Articles

Full backup is the starting point for all other types of backup and contains all the data in the folders and files that are selected to be backed up. Because full backup stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer.

Read full backup page for more details.

---

Differential backup contains all files that have changed since the last FULL backup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup. However, if you perform the differential backup too many times, the size of the differential backup might grow to be larger than the baseline full backup.

Read differential backup page for more details.

---

Incremental backup stores all files that have changed since the last FULL, DIFFERENTIAL OR INCREMENTAL backup. The advantage of an incremental backup is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job.

Read incremental backup page for more details.

---

Mirror backup is identical to a full backup, with the exception that the files are not compressed in zip files and they can not be protected with a password. A mirror backup is most frequently used to create an exact copy of the backup data. It has the benefit that the backup files can also be readily accessed using tools like Windows Explorer.

Read mirror backup page for more details.

Some backup softwares inspect each file's Archive flag to identify which files have been modified.

Active Directory Collection

Source : Microsoft Technet
            Active Directory Collection : Active Directory

........

Active Directory is typically used for one of three purposes:

• Internal directory. Used within the corporate network for publishing information about users and resources within the enterprise. A company’s internal directory may be accessible to employees when they are outside the company network using a secure connection such as a virtual private network (VPN) connection, but it is not accessible to non-employees.
  
• External directory. These are directories typically located on servers in the perimeter network or demilitarized zone (DMZ) at the boundary between the corporate local area network (LAN) and the public Internet. External directories are typically used to store information about customers, clients, and business partners who access external applications or services. They are also made available to customers, clients, and business partners to provide them with selected business information such as catalogs and so on.
  
• Application directory. Application directories store “private” directory data that is relevant only to the application in a local directory, perhaps on the same server as the application, without requiring any additional configuration to Active Directory. The personalization data, which is only interesting to the portal application and does not need to be widely replicated, can be stored solely in the directory associated with the application. This solution reduces replication traffic on the network between domain controllers.

Active Directory on a Windows Server 2003 Network

Active Directory is the information hub of the Windows Server 2003 operating system. The following figure shows Active Directory as the focal point of the Windows Server 2003 network used to manage identities and broker relationships between distributed resources so they can work together.

Active Directory on a Windows Server 2003 Network

........

[wiki] Active Directory

Quelle : Active Directory - Wikipedia DE

Der Verzeichnisdienst von Microsoft Windows 2000/Windows Server 2003 heißt Active Directory (AD). Ab der aktuellen Version Windows Server 2008 wird die Kernkomponente als Active Directory Domain Services (ADDS) bezeichnet. .....

Active Directory ermöglicht es, ein Netzwerk entsprechend der realen Struktur des Unternehmens oder seiner räumlichen Verteilung zu gliedern. Dazu verwaltet es verschiedene Objekte in einem Netzwerk wie beispielsweise Benutzer, Gruppen, Computer, Server, Dateifreigaben und andere Geräte wie Drucker und Scanner und deren Eigenschaften. Mit Hilfe von Active Directory kann ein Administrator die Informationen der Objekte organisieren, bereitstellen und überwachen.

Den Benutzern des Netzwerkes können Zugriffsbeschränkungen erteilt werden. So darf zum Beispiel nicht jeder Benutzer jede Datei ansehen oder jeden Drucker verwenden.

Serverrollen

Seit Windows Server 2008 sind unter dem Begriff Active Directory fünf verschiedene Serverrollen zusammengefasst:

• Active Directory Domain Services (Active Directory Domänen Verzeichnisdienst, ADDS) sind die aktuelle Version des ursprünglichen Verzeichnisdienstes und der zentrale Punkt der Domänen- und Ressourcenverwaltung.
• Active Directory Lightweight Directory Services (Active Directory Lightweight Verzeichnisdienst, ADLDS) sind eine funktional eingeschränkte Version des ADDS, die der Anbindung von Anwendungen oder Diensten, die LDAP-konforme Informationen aus dem Verzeichnis benötigen, dient. Erstmals in Windows Server 2003 implementiert, wurde der Dienst dort als Active Directory Application Mode (ADAM) bezeichnet.
  
  
• Active Directory Federation Services (Active Directory Verbunddienste, ADFS) dienen der webgestützten Authentifizierung von Benutzern, wenn diese sich in Bereichen außerhalb der ADDS-Infrastruktur befinden.
  
  
• Active Directory Rights Management Services (Active Directory Rechteverwaltungsdienste, ADRMS) schützen Ressourcen durch kryptografische Methoden gegen unbefugte Einsicht.
  
  
• Active Directory Certificate Services (Active Directory-Zertifikatsdienste, ADCS) stellen eine Public-Key-Infrastruktur bereit.

Die vier Hauptkomponenten

1. Lightweight Directory Access Protocol (LDAP)

Der LDAP-Server stellt Informationen über Benutzer und deren Gruppenzugehörigkeit bereit. Aber auch andere Objekte wie zum Beispiel die Zertifikate eines Computers werden in dem Verzeichnis gespeichert.

2. Kerberos-Protokoll

Kerberos ist ein Protokoll, mit welchem der Benutzer authentifiziert wird, so dass er ein sogenanntes „Ticket Granting Ticket“ (TGT) erhält. Mit diesem ist es möglich, sich Diensttickets für den Zugriff auf einen bestimmten Dienst innerhalb des Netzwerks zu besorgen. Der Benutzer muss dabei nur einmal sein Passwort eingeben, um das TGT zu erhalten. Die Besorgung der Diensttickets erfolgt dabei im Hintergrund.

3. Common Internet File System (CIFS)

Das CIFS-Protokoll ist für die Ablage von Dateien im Netzwerk vorgesehen. Dabei wird DNS zum Auffinden der einzelnen Computersysteme und Dienstinformationen (SRV Resource Record) genutzt. Es stellt außerdem aufgrund des standardisierten Protokolls eine Möglichkeit zur Anbindung an das Internet dar.

4. Domain Name System (DNS)

Anders als frühere Windows-Versionen wie zum Beispiel Windows NT 4.0, welche für die Namensauflösung NetBIOS verwendeten, ist für Active Directory ein eigenes DNS erforderlich. Um voll funktionsfähig zu sein, muss der DNS-Server SRV-Ressourceneinträge unterstützen.
Aus Gründen der Kompatibilität sind Windows 2000 oder -XP-Clients mit entsprechender Konfiguration auch bei Einsatz eines Active Directories weiterhin in der Lage, mit Hilfe von NetBIOS oder WINS Ressourcen im Netzwerk ausfindig zu machen.

...............



2007/08/27 - [Network/Link for Network] - Active Directory란 무엇인가?

Active Directory란 무엇인가?

출처 : 포항 MBC 기술부 홈페이지

Directory Service란 Network 상의 Resources을 정의하고 Users 및 Applications이 이를 사용할 수 있도록 하는 Network Service .....  
여기서 Resource이란 Computer, Email Address, Printer 등을 포함 .....
이상적인 Directory Service는 물리적인 Network Topology나 Protocol을 투명하게 해서 물리적으로 그것들이 어떻게 구성되어 있건 간에 User가 Resource를 이용하고자 할 때 실제로 그 Resource가 어디에 어떻게 연결되어 있는지 몰라도 이용가능하도록 구현되어야 한다.

현재 가장 널리 이용되는 Directory Service를 들라고 하면 Email Address를 대상으로 주로 사용되는 LDAP와 Novell Netware Network에서 이용되는 NDS(Netware Directory Service)가 있으며 거의 모든 Directory Service가 ITU(International Telecommunication Union)의 X.500 Standard에 기반..... 
간단하게 말하면 Network 상의 모든 Resources에 관한 정보를 담고 있는 중앙 Service 또는 Server.

Windows 2000의 Active Directory는 위와 같은 표준에 따른 Microsoft Version의 Directory Service.

Details ...