Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Router Security Packeting Filtering. OSI Model 1.It is the most commonly refrenced protocol model. It provides common ground when describing any.

Similar presentations


Presentation on theme: "Network Router Security Packeting Filtering. OSI Model 1.It is the most commonly refrenced protocol model. It provides common ground when describing any."— Presentation transcript:

1 Network Router Security Packeting Filtering

2 OSI Model 1.It is the most commonly refrenced protocol model. It provides common ground when describing any network protocol. 2.It has seven layers: application, presentation, session, transport, network, datalink, physical layers. Each layer performs a specific function and then passes the result on to another layer. A sending station passes its data down to the lower layers, appending its own information to it. At the receiving station, the process happens in reverse.

3 Network Layer 1.It has two basic function: Logic network addressing, Routing. a. Logic network addressing is protocol- dependent. It translates logical addresses and names into physical addresses b. Routing using Routing table of the router to control inbound or outbound traffic. It also determines which path the data should take based on network conditions, priority of service, and other factors. 2. Packet filtering happens at Network Layer.

4 IP addressing 1.It is a Network layer-defined logical address through DNS. 2.It takes decimals number from 0 to 255 to identify the addresses of the network and the host. 3.IP addressing is divided into classes. 4.The subnet and class addressing defines IP network address and host address.

5 Routing 1.A router will maintain a routing table of all known networks. It is a multiport device that makes decisions on how to direct the data based on protocol and network address. 2. Router is placed at the borders of a network segment.The CRC check is performed to ensure thst bad frams are not propagated through out the network. 3. Router has ability to block broadcast unless it is configured to forward all frames.

6 Routing -Contiued (example)

7 Routing -Contiued 1.System B broadcast a route request query to system F. Router1 acts as System B’s only destination and adds its own MAC address as source address and puts Router2’s MAC adress in its destination field. 2.Strips off the header and trailer of the previous data beacause new destination address and new CRC have been applied to the original data..

8 Pocket 1.A packet is a unit of information transmitted as a whole from one device to another on a network 2.When the data passes down the OSI model, at each layer, information relevant to that layer is added to the data. This information is for the corresponding layer in the receiving computer to reassembles. 3.It has three components: Header, Data, Trailer.

9 Packet -Contiued 1.Header includes: an alter signal to indicate that the packet is being transmitted; the source and destination address; clock information to synchronize transmission. 2.Data: actual data must be broken into chunks to fit into packet. 3.Trailer usually contains checking component called CRC(Cyclical Redundancy Check).

10 Packrt Filtering 1.Static packet filtering: Controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination. 2.It parse the headers of a packet and then apply rules from a simple rule base to determine whether to route or drop the packet.

11 Packet Filtering -Contiued 3. Generally, the header fields that are available to the filter are packet type (TCP, UDP, etc.), source IP address, destination IP address, and destination TCP/UDP port. 4.Routing table format: Action Sour- Port Dest- Port Type deny xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx (type) allow xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx (type)

12 Static packet filtering (example) Rule Dir Type SrcAddr DstAddr SrcPort DstPort Act A in TCP External Internal >=1024 25 Permit B out TCP Internal External 25 > =1024 Permit C out TCP Internal External >=1024 25 Permit D in TCP External Internal 25 >=1024 Permit E either any any any any any Permit

13 Packet Filtering -Contiued 1.Stateful Inspection(Also referred to as dynamic packet filtering):It tracks each connection traversing all interfaces of the firewall and makes sure they are valid. 2.It may examine not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.

14 Packet Filtering -Contiued 3.It also monitors the state of the connection and compiles the information in a state table. 4.Unlike static packet filtering, it closes off ports until connection to the specific port is requested.

15 Conclusion For static packet filtering, since it is based on source IP address, a certain denied IP source address can use dynimic IP addressing to bypass a router. For statefull inspection firewall filtering, since it may examine the contents of a packet as well, the words contents can be converted into graphics to avoid router filtering.


Download ppt "Network Router Security Packeting Filtering. OSI Model 1.It is the most commonly refrenced protocol model. It provides common ground when describing any."

Similar presentations


Ads by Google