Module A. Copyright Pearson Prentice-Hall 2010  Octet ◦ A Byte (collection of 8 bits)  8 bits = 1 Character ◦ Bit  Is the basic unit of IT represented.

Slides:



Advertisements
Similar presentations
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Advertisements

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Copyright © 2014 M. E. Kabay. All rights reserved. DATACOMM CSH6 Chapter 5 “Data Communications & Information Security” Raymond Panko.
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Chapter 7 – Transport Layer Protocols
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Network Architectures Week 3 Part 2. Comparing The Internet & OSI.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
OSI Model 7 Layers 7. Application Layer 6. Presentation Layer
Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.
Process-to-Process Delivery:
Data Communications and Networks
OSI Model Routing Connection-oriented/Connectionless Network Services.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Computers Are Your Future Tenth Edition Chapter 8: Networks: Communicating & Sharing Resources Copyright © 2009 Pearson Education, Inc. Publishing as Prentice.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
Networking Concepts Module A Copyright Pearson Prentice Hall 2013.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Networking Concepts Module A Copyright Pearson Prentice Hall 2013.
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.
TCP: A Closer Look Transmission Control Protocol.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
1 Figure 3-2: TCP/IP Standards (Study Figure) Origins  Defense Advanced Research Projects Agency (DARPA) created the ARPANET  An internet connects multiple.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Data Networking Fundamentals Chapter 7. Objectives In this chapter, you will learn to: Discuss basic networking concepts, including the elements common.
William Stallings Data and Computer Communications
TCP/IP (Transmission Control Protocol / Internet Protocol)
Institute of Technology Sligo - Dept of Computing Chapter 12 The Transport Layer.
Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.
1 Internet Protocols To support the Internet and all its services, many protocols are necessary Some of the protocols that we will look at: –Internet Protocol.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.
1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
Data Communications and Networks Chapter 6 – IP, UDP and TCP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
1 28-Sep-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI network layer CCNA Exploration Semester 1 Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI network layer CCNA Exploration Semester 1 – Chapter 5.
The Transport Layer Implementation Services Functions Protocols
Introduction to TCP/IP networking
Review of TCP/IP Internetworking
TCP/IP Internetworking
Understand the OSI Model Part 2
TCP/IP Internetworking
Lecture 6: TCP/IP Networking By: Adal Alashban
Data Networking Fundamentals
Networking Concepts Module A Copyright Pearson Prentice Hall 2013.
Networking Concepts Module A Copyright Pearson Prentice Hall 2013.
Topic 5: Communication and the Internet
Week 5: Network Protocols Part 1
Process-to-Process Delivery:
Figure 3-23: Transmission Control Protocol (TCP) (Study Figure)
TCP/IP Protocol Suite: Review
Networking Theory (part 2)
Net 323 D: Networks Protocols
ITIS 6167/8167: Network and Information Security
Networking Theory (part 2)
Presentation transcript:

Module A

Copyright Pearson Prentice-Hall 2010  Octet ◦ A Byte (collection of 8 bits)  8 bits = 1 Character ◦ Bit  Is the basic unit of IT represented as a  0 or 1  Host ◦ Any Device connected to the Internet 2

Copyright Pearson Prentice-Hall NIC = Network Interface Card, provides capability for Network communications

 Router ◦ Connects one network to another  Is a Switch ◦ Sends frames between computers  Is a Wireless Access Point (WAP) ◦ Signals are spread wide increasing danger  Contains a Dynamic Host Configuration Protocol (DHCP) ◦ Provides each host an IP address  Provides Network Address Translation (NAT) ◦ Hides IP address from attack Copyright Pearson Prentice-Hall

5 Note: this wiring is unshielded. Meaning it is vulnerable

 LAN (Local Area Network) ◦ Operate within building not across geographic locations  WAN (Wide Area Network, internet) ◦ Operate across geographic locations ◦ Because corporations don’t have regulatory rights to lay network lines in public areas they rely on commercial companies  Internet ◦ Network of Network’s Copyright Pearson Prentice-Hall

7 Workgroup Switch: connect computers to the network Core Switch: Connect switches to other switches Any computer can plug into a wall jack and potentially gain access to the network x requires any computer to first authenticate before gaining access to the network

Copyright Pearson Prentice-Hall Two Types of Leased Lines Point to Point Public Switched Data Network (PSDN) – passes frames between multiple sites Connections to these Networks is limited Security by Obscurity – not the best if it is breached there is no security Connections to these Networks is limited Security by Obscurity – not the best if it is breached there is no security

Copyright Pearson Prentice-Hall As of January 2011 ISPs Internet Exchange Points Network Information Center Organization Network University

Copyright Pearson Prentice-Hall Network Browser Packet Router Packet Router Packet Route Webserver Software Router The global Internet has thousands of networks connected by routers The global Internet has thousands of networks connected by routers

 Messages (data) can move from any computer to any other computer on any other network connected to the Internet  Frames: ◦ Messages (data) between a single network (LAN or WAN)  Packets ◦ Messages (data) between computers across the Internet ◦ Internet was designed specifically to NOT ADD SECURITY! Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall Packet travels in a different frame in each network Packet travels in a different frame in each network

Copyright Pearson Prentice-Hall US Backbone Map

 Networks must “talk” with each other ◦ Interoperability  Requires Standards  Standards Security Issues: 1.Is it inherently secureinherently  an essential constituent or characteristic 2.Explicitly designed into standard 3.If added “after-the-fact” usually to newer versions going forward 4.Vendor implementations can be defective Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall Super LayerDescription ApplicationCommunication between application programs on different hosts attached to different networks on an internet. InternetworkingTransmission of packets across an internet. Packets contain application layer messages. Single NetworkTransmission of frames across a network. Frames contain packets. Core Standards for each sub-system of the network communication process

Copyright Pearson Prentice-Hall Super LayerTCP/IPOSIHybrid TCP/IP-OSI Application Presentation Session InternetTransport InternetNetworkInternet Single NetworkSubnet AccessData Link Physical

Copyright Pearson Prentice-Hall Switched Network 1 Data Link Physical LinkFrame In a single network (LAN or WAN), a physical link connects adjacent devices. A data link is the path that a frame takes across a single network. One data link; three physical links.

 Device Connection Types ◦ UTP  Links between computers and switches  Uses voltage changes (high vs low)  Act like radio antennas, so signal can be intercepted without tapping ◦ Optical Fiber  Uses light changes (on or off)  Require tapping for interception of data ◦ Wireless  Uses radio waves for transmission  Spread widely and easily intercepted Copyright Pearson Prentice-Hall

 Internet ◦ How routers forward packets ◦ Main standard is Internet Protocol (IP)  Transport ◦ Main standard is Transport Control Protocol (TCP)  Fixes transmission errors  Ensures proper order of packets  Slows transmission if necessary ◦ For transmissions that do NOT require these capabilities will use  User Datagram Protocol (UDP) Copyright Pearson Prentice-Hall

 Connection-Oriented ◦ Requires agreement for transmission to commence ◦ Monitors transmission for errors to ensure Reliability of transmission  Connectionless ◦ Does NOT require agreement, transmission occurs when needed ◦ No monitoring of transmission for errors occurs Copyright Pearson Prentice-Hall

 Connectionless  Unreliable  Purpose ◦ How are packets organized ◦ How routers move packets to destination host  Versions ◦ IPv4  32 bit address size 2 32 = 4,294,967,296 ◦ IPv6  128 bit address size = 3.4e+38 Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP, 6=TCP, 17=TCP Bit 0Bit 31 IP Version 4 Packet Source IP Address (32 bits) Fragment Offset (13 bits) Diff-Serv (8 bits) Header Length (4 bits) Version (4 bits) Destination IP Address (32 bits) Options (if any)Padding Data Field 0100

 Represented as 32 bit rows  Consists of: ◦ Header consists of 5 rows  May have optional rows ◦ Data Copyright Pearson Prentice-Hall

 Version ◦ 0100 = 4  Header Length (usually 5 rows) ◦ 0101 = 5 ◦ More than 5 rows usually indicates an attack so examining this part of the header is important to detect attacks  Diff-Serv ◦ Rarely uses intended to provide priority to different packets (Network Neutrality)  Total Length ◦ Length of (entire packet - header) in bytes ◦ Maximum size of a packet is 2 16 = 65,536 Copyright Pearson Prentice-Hall

 Used if a packet is too large and is divided into smaller packets  This is rare and can indicate an attack  Most O/S don’t allow fragmentation Copyright Pearson Prentice-Hall

 Time to Live (TTL) ◦ Set to a value between 0 and 255  Usually set to 64 or 128 by O/D ◦ As packet moves from router to router ◦ TTL decremented by 1 ◦ If TTL reaches 0 the packet is discarded ◦ Attackers can determine how many router hops are between hacker and victim host by examining TTL and guessing 64 or 128 so…  Protocol Message  Header ChecksumChecksum Copyright Pearson Prentice-Hall

 Each Address is 32 bits long   Kind of hard to remember so…  Divided into 4 8 bit segments & converted to decimal (0 to 255)    4 segments divided into a mask ◦ First 2 are for the network ◦ = UCF ◦ 217 = College of Business ◦ 166 = Web Server Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall Payload length = Total Length from IPv4 Hop Limit = TTL from IPv4 Note there is no Checksum Reliability is assumed from higher level security

 Unlike IPv4 IPv6 utilized optional header rows  One such use is for IPSec  Remember that IP was developed without Security  IPSec was added later to provide security ◦ Everything in the data field of the packet is Secure ◦ Application message is also secure ◦ Two Modes:  Transport – host to host protection  Tunnel – protection between hosts  Details in Chapter 4 Copyright Pearson Prentice-Hall

 Transmission Control Protocol (TCP) ◦ Connection-oriented, reliable ◦ TCP message is called a Segment  User Datagram Protocol (UDP) ◦ Connectionless, unreliable Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgement of 1) 3. ACK (2) Open (3) 3-Way Open 1.Syn = Synchronize sequence numbers, I want to send a message 2.SYN, ACK (Acknowledge), OK I’ll accept your message 3.ACK = OK I’m acknowledging that I received your acknowledgement

 Hacker floods victim host with SYN messages  The victim host ◦ Sends SYN, ACK & ◦ Sets aside resources for the upcoming message  Hacker never sends ACK back ◦ Half-open SYN attack Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgement of 1) 3. ACK (2) 4. Data = HTTP Request 5. ACK (4) 6. Data = HTTP Response 7. ACK (6) Open (3) Carry HTTP Req & Resp (4)

Copyright Pearson Prentice-Hall PC Transport Process Webserver Transport Process 8. Data = HTTP Request (Error) Carry HTTP Req & Resp (4) 9. Data = HTTP Request (No ACK so Retransmit) 10. ACK (9) 11. Data = HTTP Response 12. ACK (11) Error Handling

Copyright Pearson Prentice-Hall PC Transport Process Webserver Transport Process Close (4) 13. FIN (Close) 14. ACK (13) 15. FIN 16. ACK (15) Note: An ACK may be combined with the next message if the next message is sent quickly enough Normal Four-Way Close

Copyright Pearson Prentice-Hall PC Transport Process Webserver Transport Process Close (1) RST Abrupt Close Either side can send A Reset (RST) Segment At Any Time Ends the Session Immediately Rejection of a SYN (from an untrusted host) with a RST will provide Hacker with IP address of internal host, something the hacker tries to get

 Sequence Number field ◦ Allows for segments to be put together in order  First segment uses a randomly generated number  If segment contains no data (SYN, ACK, etc)  number is 1 + last segment  If segment contains data  Number of first octet (byte) for the data field is used  Acknowledgement Number field ◦ Enables verification that a segment has arrived  Number of last octet (byte) for the data field + 1 Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

 Clients ◦ Random number used to when connecting to Host for transmission session (short-lived session)  Servers ◦ Represents a specific application runningapplication running  Socket ◦ Combination of IP Address and Port Number ◦ :80 Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

 There is NO security built into the standard  Security is instead provided by IPSec in the IP standard since it secures the data package where the TCP segment is contained. Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall Source Port Number (16 bits)Destination Port Number (16 bits) UDP Length (16 bits)UDP Checksum (16 bits) Data Field

Copyright Pearson Prentice-Hall Messages delivered in data fields of IP packets.

 Ping ◦ Are you there?  Traceroute ◦ How do packets go from my client to a host  ICMP messages contain error messages back to originator ◦ Hackers can send mal-formed ICMP message hoping to identify IP address of host Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

 Organized Hierarchically ◦ 13 DNS Root Servers ◦ Top-level Domain Servers (.com,.edu, etc.) ◦ Second-level (University of Central Florida)  Need to know the names of host computers within its own network  Cache Poisoning occurs if an attacker replaces an IP address on the DNS with a fake one Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall

Copyright Pearson Prentice-Hall 2010  Application Exploits ◦ By taking over applications, hackers gain the permissions of the exploited program ◦ A multitude of application standards ◦ Consequently, there is a multitude of security issues at the application level 52

Copyright Pearson Prentice-Hall 2010  Many Applications Need Two Types of Standards ◦ One for the transmission of messages, one for the content of application documents ◦ For the World Wide Web, these are HTTP and HTML, respectively ◦ For transmission, uses SMTP, POP, and IMAP ◦ For message content, uses RFC 2822 (all- text), HTML, and MIME 53

Copyright Pearson Prentice-Hall 2010  FTP and Telnet ◦ Have no security ◦ Passwords are transmitted in the clear so can be captured by sniffers ◦ Secure Shell (SSH) can replace both securely  Anyone remember what happened with HB Gary and SSH? 54

Copyright Pearson Prentice-Hall 2010  Many Other Application Standards Have Security Issues ◦ Voice over IP ◦ Service-oriented architecture (SOA); web services ◦ Peer-to-peer applications 55

56

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Copyright © 2010 Pearson Education, Inc. Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.