Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP Protocols Contains Five Layers

Published byColleen Simon Modified over 9 years ago

Similar presentations

Presentation on theme: "TCP/IP Protocols Contains Five Layers"— Presentation transcript:

1 TCP/IP Protocols Contains Five Layers
Top three layers contains many protocols Actual transmission at the physical layer

2 TCP/IP Layers Application Presentation Session SMTP FTP DNS TELNET
Applications SMTP FTP DNS TELNET HTTP Transport TCP UDP Network ICMP ARP RARP Data Link Physical Protocols specific to the underlying physical media used for data communication at the hardware level IP

3 Message Transfer using TCP/IP
Original Message Original Message TCP header IP header Frame header Source Destination

4 TCP Reliable transport layer communication
Establishes a logical connection between the communicating hosts Socket-to-socket communication (Socket = Port + IP address)

5 TCP Segment Format Source Port number Destination Port number
Sequence Number Acknowledgement Number Data 2 bytes 4 bytes 20-to-60 bytes header consisting of the following fields Header Length 4 bits Reserved 6 bits Flag Window size Checksum Urgent pointer Options 0 to 40 bytes

6 IP Best effort delivery Does not guarantee success
Leaves error checking to higher layers (e.g. to TCP)

7 Destination IP address
IP Datagram Format Version HLEN Service Type Total Length (4 bits) (4 bits) (8 bits) (16 bits) Identification Flags Fragmentation Offset (16 bits) (3 bits) (13 bits) Time to live Protocol Header Checksum (8 bits) (8 bits) (16 bits) Source IP address (32 bits) Destination IP address Data Options

8 Network Aspects Internal network (e.g. LAN)
External Network (e.g. Internet) Threats from the External Network to the Internal Network

9 Network Threats N e t w o r k B a c k b o n e
Router To Internet Outside dangers can come in from here Inside information can leak out from here Corporate network

10 Firewall Special type of router
Controls transmission between internal and external networks Decides what to allow/disallow

11 NAT Implementation Internal network with internal IP addresses
 Internet Router’s internal IP address Router’s external IP address NAT router

12 Internal network with internal IP addresses
NAT Example Internal network with internal IP addresses Internet NAT router Source: Source: Destination: Destination:

13 NAT Translation Table Source: 192.168.10.1 Destination: 210.10.20.20
Source: Destination: Destination: Internal External Translation table

14 Firewall Concept N e t w o r k B a c k b o n e To Internet Firewall
Corporate network Firewall

15 Firewall Types Firewalls Packet Filters Application Gateways

16 Internal (Private) Network
Packet Filter Internet Internal (Private) Network Packet filter Protected zone

17 Packet Filter Operation
Outgoing packets Incoming packets Receive each packet. Apply rules. If no rules, apply default rules.

18 Packet Filter Defeating IP Spoofing Attack
Incoming packet  Internal network and the IP addresses of the hosts Packet filter Source address: STOP!

19 Application Gateway Inside connection Outside connection
HTTP SMTP FTP TELNET Outside connection Inside connection Application gateway

20 Circuit Gateway Source address = 178.29.10.90
HTTP SMTP FTP TELNET Application gateway IP address = IP address = Source address = Source address = IP packet Inside host Outside host

21 Application Gateway - Illusion
HTTP SMTP FTP TELNET External host Internal host Application gateway User’s illusion Real connection

22 Firewall Configurations
Screened host firewall, Single-homed bastion Dual-homed bastion Screened subnet firewall

23 Screened Host Firewall, Single-homed Bastion
 Packet filter HTTP SMTP FTP TELNET Internet Application gateway Internal network

24 Screened Host Firewall, Dual-homed Bastion
 Packet filter HTTP SMTP FTP TELNET Internet Application gateway Internal network

25 Screened Subnet Firewall
 Packet filter HTTP SMTP FTP TELNET Internet Application gateway Internal network

26 Demilitarized Zone (DMZ)
 Internet Internal private network Demilitarized Zone (DMZ) Firewall

27 Security at multiple Layers
Application Layer Transport Layer Internet Layer Data Link Layer Physical Layer First level of security Second level of security

28 IPSec Not concerned with application layer security
Applies security at the Internet layer More effective in IPv6

29 IPSec Processing Result
Actual data (Encrypted) Transport header (Encrypted) Internet header (Not encrypted)

30 IPSec in TCP/IP Sender Receiver Original message Application Transport
Transmission medium Application Transport IPSec Internet Data link Sender Receiver

31 Authentication Header (AH) Encapsulating Security Payload (ESP)
IPSec Protocols IPSec Authentication Header (AH) Encapsulating Security Payload (ESP)

32 AH and ESP Operation Modes
AH and ESP modes of operation Tunnel mode Transport mode

33 Tunnel Mode X  P1 Proxy P2 Y Network 1 Network 2 Tunnel

34 Tunnel Mode Implementation
A <---> B P1 <---> P2 … Internal IP header and data (encrypted) External IP header (not encrypted)

35 IPSec steps Step 1 Algorithm and Key negotiations using IKE Step 2
Actual AH and ESP operations

36 Security Parameter Index (SPI) Authentication data (Variable size)
AH Format Bit Next header Payload length Reserved Security Parameter Index (SPI) Sequence number Authentication data (Variable size)

37 Receiver’s Sliding Window
Receiver’s sliding window (W = 8) N – W Marked if a valid packet is received Unmarked if a valid packet is not yet received N

38 AH Transport Mode IP header TCP header Original data
(a) Before applying AH (b) After applying AH AH

39 AH Tunnel Mode IP header TCP header Original data
(a) Before applying AH Original IP header (b) After applying AH AH New IP header

40 ESP Format Bit 0 16 24 31 Security Parameter Index (SPI)
Sequence Number Padding (0-255 bytes) Payload data (Variable size) Padding length Next header Authentication data (Variable size)

41 (a) Before applying ESP
ESP Transport Mode IP header TCP header Original data (a) Before applying ESP (b) After applying ESP ESP header Original IP header ESP trailer ESP auth Encrypted Authenticated

42 (a) Before applying ESP
ESP Tunnel Mode IP header TCP header Original data (a) Before applying ESP (b) After applying ESP ESP header Original IP header ESP trailer ESP auth Encrypted Authenticated New IP header

43 ISAKMP Header Format Bit 0 8 16 24 31 Initiator cookie
Responder cookie Next payload Major version Minor version Exchange type Flags Message ID Length

44 Virtual Private Network (VPN)
Uses the Internet as if it is a private network Far less expensive than a leased line Uses IPSec protocol

45 VPN Between Two Networks
X  Network 1 Y Network 2 Firewall 1 Firewall 2 VPN tunnel Internet

Download ppt "TCP/IP Protocols Contains Five Layers"

Similar presentations

CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 1 Chapter 09 Network Protocols.

Copyright © 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 1 Chapter 09 Network Protocols.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Lecture 5: TCP/IP OSI layers 3 (IP) and 4 (TCP/UDP) IPv4 – addresses and routing, “best-effort” service Ethernet, Appletalk, etc wrap IP packets with their.

Lecture 5: TCP/IP OSI layers 3 (IP) and 4 (TCP/UDP) IPv4 – addresses and routing, “best-effort” service Ethernet, Appletalk, etc wrap IP packets with their.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems

Similar presentations

Ads by Google