Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and.

Published byGilbert Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and Applications

2 Name: Williams Obinkyereh MSc. IT, Post Masters Software Engineering DSC (Doctor of Computer Science) Student. Contacts: Phone: 612-516-9712 Email: obinkytt@yahoo.co.ukobinkytt@yahoo.co.uk

3 Introduction Class introduction Introduction of Course Syllabus. –Course Summary –Lab Infrastructure (Mock) –Course Plan –Evaluation –Academic integrity Discussion and questions about syllabus.

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3220 Information Technology Infrastructure Security Learning Objective Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3220 Information Technology Infrastructure Security Key Concepts  TCP/IP protocol analysis using NetWitness Investigator  Differentiating clear-text from cipher-text  Essential TCP/IP characteristics  IP networking protocol behavior  Network management tools

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3220 Information Technology Infrastructure Security EXPLORE: CONCEPTS

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3220 Information Technology Infrastructure Security TCP/IP Networking and OSI Reference Models 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data link 1. Physical Application Transport Internet Network Interface

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3220 Information Technology Infrastructure Security TCP/IP Protocol Suite Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Hypertext Transfer Protocol (HTTP), Tele-network (Telnet), File Transfer Protocol (FTP) Application Transmission Control Protocol (TCP), User Datagram Protocol (UDP) Transport Internet Protocol (IP), IPSec, Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), and Internet Group Management Protocol IGMP Internet Serial Line Internet Protocol (SLIP), Purchasing Power Parity (PPP) Network Interface

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3220 Information Technology Infrastructure Security The Structure of a Packet

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3220 Information Technology Infrastructure Security A Packet Moves Through the Protocol Stack

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3220 Information Technology Infrastructure Security Protocol Analysis Functions of a Protocol Analyzer  Why analyze data packets? Detect network problems, such as bottlenecks Detect network intrusions Check for vulnerabilities Gather network statistics  What does a protocol analyzer do? Captures and decodes data packets traveling on a network Allows you to read and analyze them

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3220 Information Technology Infrastructure Security NetWitness Investigator  Threat analysis software − Protocol Analyzer  Captures raw packets from wired and wireless interfaces  Analyzes real-time data throughout the seven layers

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3220 Information Technology Infrastructure Security NetWitness Investigator (cont.)  Filters by Media Access Control (MAC) address, IP address, user, and more  Supports Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)  Gets daily threat intelligence data from the SANS Internet Storm Center  Freely available

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3220 Information Technology Infrastructure Security Wireshark  Network protocol analyzer  Captures Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other packets  Analyzes real-time and saved data  Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others  Supports IPv4 and IPv6  Allows Voice over IP (VoIP) analysis  Freely available

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3220 Information Technology Infrastructure Security EXPLORE: PROCESS

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3220 Information Technology Infrastructure Security Packet Capture Using NetWitness Investigator Start the capture Verify capture configuration settings Network Adapter, Advanced Capture Settings, and Evidence Handling Define rules or capture Filters and alerts Select parsers to use with capture Geolocation IP (GeoIP), Search, FLEXPARSE

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3220 Information Technology Infrastructure Security Trace Analysis Using NetWitness Investigator Navigation Search Select a collection. Click Navigation. Select a report. Select a group of sessions. Search for specific content. Open a collection. Click the Content Search icon. Search on keyword or regular expression.

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3220 Information Technology Infrastructure Security TCP/IP Transaction Sessions  Connection-oriented Sender -Breaks data into packets -Attaches packet numbers Receiver -Acknowledges receipt; lost packets are resent -Reassembles packets in correct order

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3220 Information Technology Infrastructure Security TCP Three-Way Handshake Server Host 1 - SYN 2 - SYN/ACK 3 - ACK Synchronize (SYN) Acknowledge (ACK)

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3220 Information Technology Infrastructure Security TCP Connection Termination Acknowledge (ACK) Finish (FIN) Server Host 1 – ACK/FIN 2 –ACK 4 - ACK 3 –ACK/FIN

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3220 Information Technology Infrastructure Security TCP Connection Reset Server Host 1 - SYN 2 –SYN/ACK 3 - RST Synchronize (SYN) Acknowledge (ACK) Reset (RST)

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3220 Information Technology Infrastructure Security EXPLORE: CONTEXT

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3220 Information Technology Infrastructure Security IPv4 Addressing  Assigned to computers for identification on a network  32-bit address space  Internet routing uses numeric IP addresses  Dotted decimal notation Example: 192.168.0.10  IP addresses in packet headers  A packet makes many hops between source and destination

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3220 Information Technology Infrastructure Security Network Protocol Examination  Normal Packet Connecting to an FTP server Port 53 (dns) in UDP Three-way handshake completes  Packet Showing Evidence of Port Scan Series of TCP packets, part of three-way handshake Arrange segments in sequential order by source port Destination ports also in sequential order Classic TCP port scan

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3220 Information Technology Infrastructure Security Clear-Text Vs Encrypted Protocols  Clear-text Protocols Are human readable FTP, Telnet, Simple Mail Transfer Protocol (SMTP), HTTP, Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAPv4), Network Basic Input/Output System (NetBIOS), Simple Network Management Protocol (SNMP)  Encrypted Protocols Are not human readable Secure Shell (SSH), SSH File Transfer Protocol (SFTP), HTTP Secure (HTTPS)

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3220 Information Technology Infrastructure Security Summary  TCP/IP protocol analysis using NetWitness Investigator  Differentiating clear-text from cipher-text  Essential TCP/IP characteristics  IP networking protocol behavior  Network management tools

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and."

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Chapter 7: Transport Layer

Chapter 7: Transport Layer
Lecture 7 Transport Layer

Lecture 7 Transport Layer
Network Services Networking for Home & Small Business.

Network Services Networking for Home & Small Business.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
1 Introduction to TCP/IP. 2 Agenda What Is TCP/IP? IP Addressing.

1 Introduction to TCP/IP. 2 Agenda What Is TCP/IP? IP Addressing.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
1 Protocol Interaction (ISO’s Open Systems Interconnection (OSI model)) the 7 layers.

1 Protocol Interaction (ISO’s Open Systems Interconnection (OSI model)) the 7 layers.
CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.

CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Similar presentations

Ads by Google