Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networking Concepts Module A Copyright Pearson Prentice Hall 2013.

Similar presentations


Presentation on theme: "Networking Concepts Module A Copyright Pearson Prentice Hall 2013."— Presentation transcript:

1 Networking Concepts Module A Copyright Pearson Prentice Hall 2013

2 Copyright Pearson Prentice-Hall 2010  Bit ◦ Is the basic unit of IT represented as a ◦ 0 or 1  Octet ◦ A Byte (collection of 8 bits)  8 bits = 1 Character  01100001 = a  Host ◦ Any Device connected to the Internet  internet vs. Internet  i = computer networks or internet protocol  I = The global computer network 2

3 Copyright Pearson Prentice-Hall 2010 3 NIC = Network Interface Card, provides capability for Network communications

4  Router ◦ Connects one network to another  Is a Switch ◦ Sends frames between computers  Is a Wireless Access Point (WAP) ◦ Signals are spread wide increasing danger  Contains a Dynamic Host Configuration Protocol (DHCP) ◦ Provides each host an IP address  Provides Network Address Translation (NAT) ◦ Hides IP address from attack Copyright Pearson Prentice-Hall 2010 4

5 5 Copyright Pearson Prentice Hall 2013

6  LAN (Local Area Network) ◦ Operate within building not across geographic locations  WAN (Wide Area Network, internet) ◦ Operate across geographic locations ◦ Because corporations don’t have regulatory rights to lay network lines in public areas they rely on commercial companies  Internet ◦ Network of Network’s Copyright Pearson Prentice-Hall 2010 6

7 7 Workgroup Switch: connect computers to the network Core Switch: Connect switches to other switches Any computer can plug into a wall jack and potentially gain access to the network. 802.1x requires any computer to first authenticate before gaining access to the network

8 Copyright Pearson Prentice-Hall 20108 Two Types of Leased Lines Point to Point Public Switched Data Network (PSDN) – passes frames between multiple sites Connections to these Networks is limited Security by Obscurity – not the best if it is breached there is no security Connections to these Networks is limited Security by Obscurity – not the best if it is breached there is no security

9 9 Network Browser Packet Router Packet Router Packet Route Webserver Software Router The global Internet has thousands of networks connected by routers The global Internet has thousands of networks connected by routers Copyright Pearson Prentice Hall 2013

10  Messages (data) can move from any computer to any other computer on any other network connected to the Internet  Frames: ◦ Messages (data) between a single network (LAN or WAN)  Packets ◦ Messages (data) between computers across the Internet ◦ Packets are contained within Frames  Different Frame per Network ◦ Internet was designed specifically to NOT ADD SECURITY! Copyright Pearson Prentice-Hall 2010 10

11 11 Packet travels in a different frame in each network Packet travels in a different frame in each network Copyright Pearson Prentice Hall 2013

12 Copyright Pearson Prentice-Hall 2010 12 US Backbone Map Submarine Cable Map

13  Networks must “talk” with each other ◦ Interoperability  Requires Standards  Standards & Security Issues: 1.Is it inherently secureinherently  an essential constituent or characteristic of the standard  Incidental security results from inherent security Incidental 2.Explicitly designed into standard 3.If added “after-the-fact” usually to newer versions going forward 4.Vendor implementations can be defective Copyright Pearson Prentice-Hall 2010 13

14 Copyright Pearson Prentice-Hall 2010 14 Super LayerDescription ApplicationCommunication between application programs on different hosts attached to different networks on an internet. InternetworkingTransmission of packets across an internet. Packets contain application layer messages. Single NetworkTransmission of frames across a network. Frames contain packets. Core Standards for each sub-system of the network communication process

15 15 Super LayerTCP/IPOSIHybrid TCP/IP-OSI Application Presentation Session InternetTransport InternetNetworkInternet Single NetworkSubnet AccessData Link Physical Copyright Pearson Prentice Hall 2013

16 CS144, Stanford University Network Link Network Link Transport Application Router Source End-Host Network Link Transport Application Destination End-Host Network Link Router

17 17 In a single network, a physical link connects adjacent devices. A data link is the path that a frame takes across a single network. One data link; three physical links. Copyright Pearson Prentice Hall 2013 1 1 2 2 3 3

18  Device Connection Types ◦ UTP  Links between computers and switches  Uses voltage changes (high vs. low)  Act like radio antennas, so signal can be intercepted without tapping ◦ Optical Fiber  Uses light changes (on or off)  Require tapping for interception of data ◦ Wireless  Uses radio waves for transmission  Spread widely and easily intercepted Copyright Pearson Prentice-Hall 2010 18

19  Internet ◦ How routers forward packets ◦ Best effort protocol ◦ No Guarantee packets will arrive or will arrive in order ◦ Main standard is Internet Protocol (IP)  Transport ◦ Main standard is Transport Control Protocol (TCP)  Fixes transmission errors  Ensures proper order of packets  Slows transmission if necessary ◦ For transmissions that do NOT require these capabilities use  User Datagram Protocol (UDP) Copyright Pearson Prentice-Hall 2010 19

20  Connection/Reliable-Oriented ◦ Requires agreement for transmission to commence ◦ Monitors transmission for errors to ensure Reliability of transmission  Connectionless/Unreliable ◦ Does NOT require agreement, transmission occurs when needed ◦ No monitoring of transmission for errors occurs Copyright Pearson Prentice-Hall 2010 20

21  Connectionless  Unreliable  Purpose ◦ How are packets organized ◦ How routers move packets to destination host  Versions ◦ IPv4  32 bit address size 2 32 = 4,294,967,296 ◦ IPv6  128 bit address size 2 128 = 3.4e+38 ( three hundred forty undecillion) Copyright Pearson Prentice-Hall 2010 21

22 Link Hdr IP Hdr IP Data CS144, Stanford University22 IP Hdr IP Datagram Network Link Transport Application DataHdr IP Data DataHdr Transport Segment Link Data Link Frame

23 23 CS144, Stanford University Property Behavior Datagram Individually routed packets. Hop-by-hop routing. Unreliable Packets might be dropped. Best effort …but only if necessary. Connectionl ess No per-flow state. Packets might be mis- sequenced. Router A B C Link DataIP D A IP S A

24  Simple, dumb, minimal: Faster, more streamlined and lower cost to build and maintain.  The end-to-end principle: Where possible, implement features in the end hosts.  Allows a variety of reliable (or unreliable) services to be built on top.  Works over any link layer: IP makes very few assumptions about the link layer below. CS144, Stanford University 24

25 25 Copyright Pearson Prentice Hall 2013

26  Represented as 32 bit rows  Consists of: ◦ Header consists of 5 rows  May have optional rows ◦ Data Copyright Pearson Prentice-Hall 2010 26

27 Copyright Pearson Prentice-Hall 2010 27 Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP, 6=TCP, 17=UDP Bit 0Bit 31 IP Version 4 Packet Source IP Address (32 bits) Fragment Offset (13 bits) Diff-Serv (8 bits) Header Length (4 bits) Version (4 bits) Destination IP Address (32 bits) Options (if any)Padding Data Field 0100

28  Version ◦ 0100 = 4  Header Length (usually 5 rows) ◦ 0101 = 5 ◦ More than 5 rows usually indicates an attack so examining this part of the header is important to detect attacks  Diff-Serv ◦ Rarely uses intended to provide priority to different packets (Network Neutrality)  Total Length ◦ Length of (entire packet - header) in bytes ◦ Maximum size of a packet is 2 16 = 65,536 Copyright Pearson Prentice-Hall 2010 28 Total Length (16 bits) Diff-Serv (8 bits) Header Length (4 bits) Version (4 bits)

29  Used if a packet is too large and is divided into smaller packets  This is rare and can indicate an attack  Most O/S don’t allow fragmentation  Flag values: Copyright Pearson Prentice-Hall 2010 29 Identification (16 bits)FlagsFragment Offset (13 bits)

30  Time to Live (TTL) ◦ Set to a value between 0 and 255  Usually set to 64 or 128 by O/D ◦ As packet moves from router to router ◦ TTL decremented by 1 ◦ If TTL reaches 0 the packet is discarded ◦ Attackers can determine how many router hops are between hacker and victim host by examining TTL and guessing 64 or 128 so…  Protocol Message  List of IP Protocol Numbers List of IP Protocol Numbers  Header ChecksumChecksum Copyright Pearson Prentice-Hall 2010 30 Header Checksum (16 bits) Time to Live (8 bits) Protocol (8 bits) 1=ICMP, 6=TCP, 17=UDP

31 Copyright Pearson Prentice-Hall 2010 31 Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP, 6=TCP, 17=UDP Bit 0Bit 31 IP Version 4 Packet Source IP Address (32 bits) Fragment Offset (13 bits) Diff-Serv (8 bits) Header Length (4 bits) Version (4 bits) Destination IP Address (32 bits) Options (if any)Padding Data Field 0100

32  Each Address is 32 bits long  111111110000000011 11111100000000  Kind of hard to remember so…  Divided into 4 8 bit segments & converted to decimal (0 to 255)  132.170.217.166 132.170.217.166  www.bus.ucf.edu  4 segments divided into a mask ◦ First 2 are for the network ◦ 132.170 = UCF ◦ 217 = College of Business ◦ 166 = Web Server Copyright Pearson Prentice-Hall 201032

33 33 Copyright Pearson Prentice Hall 2013

34  Organized Hierarchically ◦ 13 DNS Root Servers ◦ Top-level Domain Servers (.com,.edu, etc.) ◦ Second-level (University of Central Florida)  Need to know the names of host computers within its own network  Cache Poisoning occurs if an attacker replaces an IP address on the DNS with a fake one Copyright Pearson Prentice-Hall 2010 34

35 Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010

36 Illustration courtesy of Niranjan Kunwar / Nirlog.comNiranjan Kunwar / Nirlog.com

37  DNS Servers cache data to improve performance  But…what happens if the cached data is wrong?

38 More detailed explanation: http://www.iana.org/about/presentations/davies-cairo-vulnerability-081103.pdfhttp://www.iana.org/about/presentations/davies-cairo-vulnerability-081103.pdf

39  Packet Interception ◦ DNS's usual behavior of sending an entire query or response in a single unsigned, unencrypted UDP packet makes these attacks particularly easy  Attacker intercepts query to DNS or response back  Substituting their own message  ID Guessing & Query Prediction ◦ Attacker guesses UDP ID for DNS Query  DNS port number is well-known  16 bits per ID so 2 ⌃ 16 – susceptible to brute force  Name Chaining or Cache Poisoning (see previous slide)  DOS – no different from any other server

40 Original illustration courtesy of Niranjan Kunwar / Nirlog.comNiranjan Kunwar / Nirlog.com

41 Copyright Pearson Prentice-Hall 2010 41 Payload length = Total Length from IPv4 Hop Limit = TTL from IPv4 Note there is no Checksum Reliability is assumed from higher level security

42  Unlike IPv4 IPv6 utilized optional header rows  One such use is for IPSec  Remember that IP was developed without Security  IPSec was added later to provide security ◦ Everything in the data field of the packet is Secure ◦ Secure = Encrypted ◦ Application message is also secure ◦ Two Modes:  Transport – host to host protection  Tunnel – protection between hosts  Details in Chapter 4 Copyright Pearson Prentice-Hall 2010 42

43  Transmission Control Protocol (TCP) ◦ Connection-oriented, reliable ◦ TCP message is called a Segment  User Datagram Protocol (UDP) ◦ Connectionless, unreliable Copyright Pearson Prentice-Hall 2010 43

44 44 Copyright Pearson Prentice Hall 2013

45 Copyright Pearson Prentice-Hall 2010 45

46 Copyright Pearson Prentice-Hall 2010 46 PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgement of 1) 3. ACK (2) Open (3) 3-Way Open 1.Syn = Synchronize sequence numbers, I want to send a message 2.SYN, ACK (Acknowledge), OK I’ll accept your message 3.ACK = OK I’m acknowledging that I received your acknowledgement

47  Hacker floods victim host with SYN messages  The victim host ◦ Sends SYN, ACK & ◦ Sets aside resources for the upcoming message  Hacker never sends ACK back ◦ Half-open SYN attack Copyright Pearson Prentice-Hall 2010 47

48 48 PC transport process Webserver transport process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgement of 1) 3. ACK (2) 4. Data = HTTP Request 5. ACK (4) 6. Data = HTTP Response 7. ACK (6) Open (3) Carry HTTP Req & Resp (4) Copyright Pearson Prentice Hall 2013

49 49 PC transport process Webserver transport process 8. Data = HTTP Request (Error) Carry HTTP Req & Resp (4) 9. Data = HTTP Request (No ACK so Retransmit) 10. ACK (9) 11. Data = HTTP Response 12. ACK (11) Error Handling Copyright Pearson Prentice Hall 2013

50 50 PC transport process Webserver transport process Close (4) 13. FIN (Close) 14. ACK (13) 15. FIN 16. ACK (15) Note: An ACK may be combined with the next message if the next message is sent quickly enough Normal Four-Way Close Copyright Pearson Prentice Hall 2013

51 Copyright Pearson Prentice-Hall 2010 51 PC Transport Process Webserver Transport Process Close (1) RST Abrupt Close Either side can send A Reset (RST) Segment At Any Time Ends the Session Immediately Rejection of a SYN (from an untrusted host) with a RST will provide Hacker with IP address of internal host, something the hacker tries to get

52 Copyright Pearson Prentice-Hall 2010 52

53  Sequence Number field ◦ Allows for segments to be put together in order  First segment uses a randomly generated number  If segment contains no data (SYN, ACK, etc)  number is 1 + last segment  If segment contains data  Number of first octet (byte) for the data field is used  Acknowledgement Number field ◦ Enables verification that a segment has arrived  Number of last octet (byte) for the data field + 1 Copyright Pearson Prentice-Hall 2010 53

54 54 Copyright Pearson Prentice Hall 2013

55 Copyright Pearson Prentice-Hall 2010 55

56  Clients ◦ Random number used when connecting to Host for transmission session (short-lived session)  Servers ◦ Represents a specific application runningapplication running  Socket ◦ Combination of IP Address and Port Number ◦ 132.170.217.166:80 Copyright Pearson Prentice-Hall 2010 56

57 57 Copyright Pearson Prentice Hall 2013

58 58 Copyright Pearson Prentice Hall 2013

59  There is NO security built into the standard  Security is instead provided by IPSec in the IP standard since it secures the data package where the TCP segment is contained. Copyright Pearson Prentice-Hall 2010 59

60 60 Copyright Pearson Prentice Hall 2013

61 61 Copyright Pearson Prentice Hall 2013

62  Ping ◦ Are you there?  Traceroute ◦ How do packets go from my client to a host  ICMP messages contain error messages back to originator ◦ Hackers can send mal-formed ICMP message hoping to identify IP address of host Copyright Pearson Prentice-Hall 2010 62

63 63 Copyright Pearson Prentice Hall 2013

64 64 Copyright Pearson Prentice Hall 2013

65  Application Exploits ◦ By taking over applications, hackers gain the permissions of the exploited program ◦ A multitude of application standards ◦ Consequently, there is a multitude of security issues at the application level 65 Copyright Pearson Prentice Hall 2013

66  Many Applications Need Two Types of Standards ◦ One for the transmission of messages, one for the content of application documents ◦ For the World Wide Web, these are HTTP and HTML, respectively ◦ For transmission, e-mail uses SMTP, POP, and IMAP ◦ For message content, e-mail uses RFC 2822 (all- text), HTML, and MIME 66 Copyright Pearson Prentice Hall 2013

67  FTP and Telnet ◦ Have no security ◦ Passwords are transmitted in the clear so can be captured by sniffers ◦ Secure Shell (SSH) can replace both securely 67 Copyright Pearson Prentice Hall 2013

68  Many Other Application Standards Have Security Issues ◦ Voice over IP ◦ Service-oriented architecture (SOA); web services ◦ Peer-to-peer applications 68 Copyright Pearson Prentice Hall 2013

69 69

70 Copyright © 2013 Pearson Education, Inc. Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall


Download ppt "Networking Concepts Module A Copyright Pearson Prentice Hall 2013."

Similar presentations


Ads by Google