Presentation is loading. Please wait.

Presentation is loading. Please wait.

Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 Advanced Networking Developed by: Alberto Escudero Pascual,

Published byRafe Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 Advanced Networking Developed by: Alberto Escudero Pascual,"— Presentation transcript:

1 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 1 Advanced Networking Developed by: Alberto Escudero Pascual, IT +46

2 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 2 Goals To understand “networking” aspects that can affect the overall performance of a wireless network To understand theinteractions between IEEE 802.11 (Physical/Link) and TCP (Transport) To be able to improve the quality of service of a network

3 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 3 Table of Contents Methodology of the unit OSI versus Internet (TCP/IP) PHY/MAC –Media Access Layer, Error Control, MAC and Encryption Network –IP addressing, Error Control, Routing, NAT, IP Tunneling, IPSec Transport –TCP, UDP, Layer 3 Firewalls Application –Proxies, Firewalls++

4 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 4 Methodology Travelling through the protocol 'stack' Bottom-up Focus on 'concepts', not implementation specific Identify 'key' issues that need to be consider in your network design

5 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 5 Methodology This unit is not: Magic A substitute for several weeks training in networking Training in how to implement each of the 'key' aspects that you need to consider

6 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 6 Wireless!

7 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 7 Physical1 Media AccessData link2 Network 3 Transport4 Session5 Presentation6 Application 7 TCP/IPOSILayer OSI versus TCP/IP

8 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 8 Physical layer –Modulation techniques, bit encoding, physical access to shared media –RS-232, V.35, 10BASET, ISDN Link Layer –Addressing/delivering packets on shared channel –Ethernet (IEEE 802.3), PPP, ATM Medium Access Control

9 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 9 IEEE 802.11 (WLAN) –Physical layer and link layer Physical layer protocols –IrDA –Spread Spectrum FHSS, DSSS, OFDM Media Access Layer

10 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 10 CSMA/CD –Aloha, Ethernet CSMA/CD and CSMA/CA IEEE 802.11 (WLAN) –TDD, CSMA/CA (RTS,CTS) IEEE 802.16 (WMAN) –TDMA, DAMA Error Control Protocols

11 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 11 48 bit unique address Hardware coded but can easily be modified MAC as authentication –Low security MAC Addressing

12 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 12 Secure data between hosts on same physical link Encryption algorithm and shared secret Requires trusted intermediate hosts WEP (low security) WPA, WPA-2 Does not provide end-to-end security Link Layer Encryption

13 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 13 Physical1 Media AccessData link2 Network 3 Transport4 Session5 Presentation6 Application 7 TCP/IPOSILayer OSI versus TCP/IP

14 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 14 IP Address –Routing, identify host, firewalling Subnetting –Netmask, classes –Subnetting is crucial –Troubleshooting –Limit to 32-64 hosts per subnet Network Layer (IP)

15 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 15 ICMP –Report problems that prevents delivery (destination unreachable) –Troubleshoot network (ping) –Large amount of ICMP? Viruses and trojans IP Error Control

16 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 16 Source and Destination routing Policy Routing –IP Source as routing decision Load balancing Routing

17 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 17 Shortage of public IP addresses Firewall/DMZ Traffic load balance Computing load balance Network Address Translation

18 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 18 Rewrites IP addresses –Let router act on others behalf Simple firewall security Limits access to outside services for internal hosts Masquerading - SNAT

19 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 19 Make internal services publicly available –Rewriting destination IP Avilability of services Affect routing of packets Redirect web requests Login/registration processes Destination NAT

20 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 20 Encapsulating IP packets inside of IP packets Requires fully routable end-points Provides no added security unless the encapsulated packet is encrypted IP Tunneling

21 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 21 Encapsulation inside of encrypted IP packets is known as: –Secure tunneling or VPN Secure tunneling is normally provided using IPSEC IP Tunneling

22 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 22 Ensures security on IP level Provides following protection: –Confidentiality –Authentication –Integrity Three main protocols: –AH, ESP, IKE IPSEC

23 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 23 –Fully functional firewalls instead of NAT –Use IPSec with compression –Consider Application layer VPN's Check www.openvpn.org IPSEC

24 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 24 Physical1 Media AccessData link2 Network 3 Transport4 Session5 Presentation6 Application 7 TCP/IPOSILayer OSI versus TCP/IP

25 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 25 Transfer of IP packets between processes using ports A port is a logical connection that associate a certain transfer with a running process Transport Layer

26 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 26 Connection-oriented Reliable transport –acknowledgements Flow control –sliding window –window size –congestion avoidance TCP

27 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 27 YesNoConnection establishment YesNoAcknowledgements Most application and protocols Priority of speed, small packets, multicast/broadcast Suitable for Low but higher thatn UDPLowOverhead YesNoRetransmission Sliding window, window size, congestion avoidance NoFlow control Reliable serviceBest effortQoS TCPUDPCharacteristics TCP versus UDP

28 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 28 –TCP brings bad performance in IEEE 802.11 –Scenario 1: lots of low bit rate nodes –Scenario 2: corrupted wireless packets TCP and IEEE 802.11 MAC

29 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 29 Layer 3 Firewalls Block outgoing traffic of type X Block incoming traffic of type Y Forward traffic of type Z –To provide an external service from an internal firewalled host –To provide multiple instances of a service from internal firewalled hosts for the purpose of load balancing

30 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 30 –Crucial in wireless networks –Traffic shaping and monitoring –Detecting, blocking and removing malicious programs that exhaust bandwidth resources Firewall Design

31 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 31 Physical1 Media AccessData link2 Network 3 Transport4 Session5 Presentation6 Application 7 TCP/IPOSILayer OSI versus TCP/IP

32 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 32 Identify and make sure that the sender/receiver is ready for communication Authenticate (sender, receiver, message) Identifiy necessary communication resources Ensure agreements (error recovery, data integrity, privacy) Determine protocol and data syntax at application leve l Application Layer

33 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 33 Prevents: SMTP, POP3 and DNS buffer overflow Webserver attacks based on information in http headers and requests Evil code hidden within SSL tunnels Block applications running at the top of HTTP (Messengering) Internal users to spread sensitive information Application Firewalls

34 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 34 Disadvantages: Reduce performance in network Expensive Overrides personal integrity Missconfiguration Application Firewalls

35 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 35 Anti-virus and Anti-spam –Blocks or tags content –SPAM represents 30-50% of SMTP Web proxy server –Caches frequently requested data in RAM –Caches DNS lookups Application Firewalls

36 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 36 Wise configuration of all protocol layers Good network architecture The goal: –Maximize the useful bits Advanced Wireless Networking Implies

37 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 37 Conclusions Building wireless networks that work is very “easy” Building wireless networks that perform well is not as “simple” Measure, measure, measure... Do not stop trying! Share your experiences with others.

38 Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK www.itrainonline.org 38 Physical1 Media AccessData link2 Network 3 Transport4 Session5 Presentation6 Application 7 VoIPISOLayer Discussion Question: How can we optimised a VoIP wireless network?

Download ppt "Last updated: 24 April 2006 Alberto Escudero Pascual ItrainOnline MMTK 1 Advanced Networking Developed by: Alberto Escudero Pascual,"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Computer Network Architecture and Programming

Computer Network Architecture and Programming
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
OSI Reference Model & Layered Communication Sritrusta Sukaridhoto.

OSI Reference Model & Layered Communication Sritrusta Sukaridhoto.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Similar presentations

Ads by Google