Upload
georgina-bruce
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Reasons To Know Networking In Reasons To Know Networking In Regard to Computer SecurityRegard to Computer Security
To understand the flow of information on To understand the flow of information on the Internetthe InternetTo understand the levels of activity in To understand the levels of activity in network traffic flownetwork traffic flowTo understand the basis for vulnerabilitiesTo understand the basis for vulnerabilitiesTo understand the basis for security tools To understand the basis for security tools and how they workand how they work
Base Principle – Packet SwitchingBase Principle – Packet Switching
Messages broken up into packetsMessages broken up into packetsPackets are sent onto network, routed to Packets are sent onto network, routed to destination, reassembleddestination, reassembledAdvantages (compared to circuit Advantages (compared to circuit switching; e.g. traditional phones)switching; e.g. traditional phones) Better sharing of bandwidthBetter sharing of bandwidth Greater overall efficiencyGreater overall efficiency Allows more users, no greater delayAllows more users, no greater delay
Protocol LayeringProtocol Layering
Protocol: a convention for communication Protocol: a convention for communication between two agents (aka handshaking)between two agents (aka handshaking)
Motivation: Separation of functionalityMotivation: Separation of functionality Layers take care of particular task re: informationLayers take care of particular task re: information Offer services to next layer in protocol stackOffer services to next layer in protocol stack Advantage: modularityAdvantage: modularity Disadvantages: possible overlap, redundancy of Disadvantages: possible overlap, redundancy of
functionalityfunctionality
Protocol Data UnitsProtocol Data Units
Layer sends message by building a Layer sends message by building a protocol data unit (PDU)protocol data unit (PDU) Take data from layer N, add additional Take data from layer N, add additional
information to meet needs of layer N-1information to meet needs of layer N-1
PDU handed to next lower layerPDU handed to next lower layer
Lower layer now has responsibility for Lower layer now has responsibility for messagemessage
Internet Protocol StackInternet Protocol Stack
Seven layers in Open Systems Interconnect Seven layers in Open Systems Interconnect (OSI) model(OSI) model 7) Application7) Application 6) Presentation6) Presentation 5) Session5) Session 4) Transport4) Transport 3) Network3) Network 2) Data Link2) Data Link 1) Physical1) Physical
General Layer FunctionsGeneral Layer Functions
Segmentation / ReassemblySegmentation / Reassembly Breaking large message into standard size chunksBreaking large message into standard size chunks
Error ControlError Control How to detect or correct errorsHow to detect or correct errors
Flow ControlFlow Control Avoid overwhelming slower systemsAvoid overwhelming slower systems
MultiplexingMultiplexing Sharing of lower-level connectionsSharing of lower-level connections
Connection setupConnection setup How to establish a virtual communication pathHow to establish a virtual communication path
Application Layer (7)Application Layer (7)
Function: High-Level Application Systems Function: High-Level Application Systems and End-User Processesand End-User Processes
Implemented in: SoftwareImplemented in: Software
PDU: MessagePDU: Message
ExamplesExamples ftp, http, smtp, telnet, …ftp, http, smtp, telnet, …
Presentation Layer (6)Presentation Layer (6)
Function: Provides independence from Function: Provides independence from differences in data representation by differences in data representation by formatting and encrypting dataformatting and encrypting data
Implemented in SoftwareImplemented in Software
Examples: ASCII encoding, NFS, FTP file Examples: ASCII encoding, NFS, FTP file path/name translationpath/name translation
Session Layer (5)Session Layer (5)
Function: Establishes, manages and Function: Establishes, manages and terminates connections between terminates connections between applicationsapplications
Implemented in softwareImplemented in software
Examples: SSL, DNS, RPCExamples: SSL, DNS, RPC
Transport Layer (4)Transport Layer (4)
Function/Service: Transport message from Function/Service: Transport message from one system to another system one system to another system
Implemented in: SoftwareImplemented in: Software
PDU: SegmentPDU: Segment
Two methodsTwo methods TCP (connection-oriented protocol)TCP (connection-oriented protocol) UDP (connectionless protocol)UDP (connectionless protocol)
TCPTCP
TCP=Transmission Control ProtocolTCP=Transmission Control ProtocolConnection-Oriented ServiceConnection-Oriented Service Guaranteed Delivery of MessageGuaranteed Delivery of Message Flow ControlFlow Control
Breaks message into shorter segmentsBreaks message into shorter segmentsAdvantage: More ControlAdvantage: More ControlExamplesExamples http, ftp, smtp, telnethttp, ftp, smtp, telnet
UDPUDP
UDP = User Datagram ProtocolUDP = User Datagram ProtocolConnection-less ServiceConnection-less Service No Guaranteed Delivery of MessageNo Guaranteed Delivery of Message No Flow Control / HandshakingNo Flow Control / Handshaking No Overhead For ConnectionNo Overhead For Connection
Continuous Data StreamContinuous Data StreamAdvantage: FasterAdvantage: FasterDisadvantage: Possible loss of informationDisadvantage: Possible loss of informationExamplesExamples Video, Voice (e.g. phone)Video, Voice (e.g. phone)
Network Layer (3)Network Layer (3)
Function/Service: Routing segments from Function/Service: Routing segments from host to host, through intermediate systemshost to host, through intermediate systems Network Layer receives segment and destination Network Layer receives segment and destination
address from Transport Layeraddress from Transport Layer
Implemented in: Hardware & SoftwareImplemented in: Hardware & SoftwarePDU: DatagramPDU: DatagramTwo major partsTwo major parts IP Protocol: structure of datagram, how end IP Protocol: structure of datagram, how end
systems (and routers) act on this informationsystems (and routers) act on this information Routing protocols: for transfer from source host to Routing protocols: for transfer from source host to
destination hostdestination host
Examples: IP, IPXExamples: IP, IPX
Data Link Layer (2)Data Link Layer (2)
Function/Service: Move a datagram from Function/Service: Move a datagram from one node to the next in the routeone node to the next in the route
Implemented in: HardwareImplemented in: Hardware
PDU: FramePDU: Frame
Examples:Examples: Ethernet, Token Ring, FDDI, Gigabit EthernetEthernet, Token Ring, FDDI, Gigabit Ethernet
Physical Layer (1)Physical Layer (1)
Function/Service: Routing physical bits Function/Service: Routing physical bits from one network node to adjacent from one network node to adjacent nodenodeImplemented in: HardwareImplemented in: HardwarePDU: BitsPDU: BitsExamplesExamples Optical fiber, Twisted pair wire, Coaxial Optical fiber, Twisted pair wire, Coaxial
cablecable Voltage levels, signalingVoltage levels, signaling
Types of Hardware/Software Types of Hardware/Software SystemsSystems
End Systems / HostsEnd Systems / Hosts Implement all layersImplement all layers
Routers/Packet SwitchesRouters/Packet Switches Implement layers 1-3Implement layers 1-3 Can implement IP protocolCan implement IP protocol
BridgesBridges Implement layer 1-2Implement layer 1-2
HubsHubs Implement layer 1 onlyImplement layer 1 only Essentially repeatersEssentially repeaters
FirewallsFirewalls Packet filtering (operate at layer 3)Packet filtering (operate at layer 3) Application gateways (operate at layer 7)Application gateways (operate at layer 7)
Internet AddressingInternet Addressing
32-bit quantity that uniquely identifies internet 32-bit quantity that uniquely identifies internet hosthostDisplayed www.xxx.yyy.zzzDisplayed www.xxx.yyy.zzzSplit into two parts: network and hostSplit into two parts: network and host E.g. 198.23.168 network (198.23.168.0/24) has 256 E.g. 198.23.168 network (198.23.168.0/24) has 256
possible hosts (last part 0-255)possible hosts (last part 0-255)
Certain network segments reservedCertain network segments reserved Can be used for isolated private networksCan be used for isolated private networks 10.0.0.0 – 10.255.255.255; 172.16.0.0 – 10.0.0.0 – 10.255.255.255; 172.16.0.0 –
172.31.255.255; 192.168.0.0 – 192.168.255.255172.31.255.255; 192.168.0.0 – 192.168.255.255
PortPort
Certain system process must respond to a Certain system process must respond to a particular application protocol (e.g. ftp, smtp)particular application protocol (e.g. ftp, smtp)Port is the “address” for application Port is the “address” for application communication on systemcommunication on system E.g. Port 80 for httpE.g. Port 80 for http E.g. Port 25 for smtpE.g. Port 25 for smtp E.g. Port 1521 for Oracle connectionsE.g. Port 1521 for Oracle connections
Port List: Port List: http://www.iana.org/assignments/port-numbershttp://www.iana.org/assignments/port-numbers
SocketSocket
Interface between the application layer and the Interface between the application layer and the transport layertransport layer
Acts as an API between application and networkActs as an API between application and network
Programmer only controls application side, plus Programmer only controls application side, plus a few transport level detailsa few transport level details Transport protocol (TCP or UDP)Transport protocol (TCP or UDP) A few transport parameters (e.g. maximum buffer A few transport parameters (e.g. maximum buffer
size)size)
Additional InformationAdditional Information
Internet Engineering Task Force (IETF)Internet Engineering Task Force (IETF) http://www.ietf.orghttp://www.ietf.org Primary documents: RFCsPrimary documents: RFCs
IP: RFC 791IP: RFC 791TCP: RFC 793TCP: RFC 793UDP: RFC 768UDP: RFC 768Internet Addressing: RFC 900Internet Addressing: RFC 900
OSI Model and Information SecurityOSI Model and Information Security http://www.giac.org/practical/GSEC/Damon_Rhttp://www.giac.org/practical/GSEC/Damon_R
eed_GSEC.pdfeed_GSEC.pdf