Introduction to Networks

munchdrabΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 4 χρόνια και 2 μήνες)

74 εμφανίσεις

Network Security

Part I: Introduction

Introduction to
Networks

SECURITY INNOVATION
©2003

2

Outline

1.
Internet Protocols

2.
Protocol hierarchies

3.
The OSI reference model

4.
Services in the OSI model

5.
Example networks

SECURITY INNOVATION
©2003

3

1. Internet Protocols

Network

Web Browser

Web Server

SECURITY INNOVATION
©2003

4


Application Layer


How does web browser retrieve data from
web server?


Application Protocol: Hypertext Transfer
Protocol (HTTP).


Users invoke applications which “speak”
using application protocol.


Applications interact with a transport protocol
to send or receive data.


Others: FTP, SMTP, DNS, SMB, …

SECURITY INNOVATION
©2003

5

Application Layer Example


HTTP outline:


GET /directory/dirsearch.html HTTP/1.1


Host: www.phoenix.co.uk

GET /directory/dirsearch.html HTTP/1.1

Host: www.sisecure.com

HTTP Message

SECURITY INNOVATION
©2003

6

Transport Layer


Provides end
-
to
-
end communication between
applications.


Transport Protocol: Transport Control Protocol (TCP)


A transport protocol may be reliable, flow may be
regulated.


Divides stream of application messages into packets.


Interacts with Internet Layer to send or receive data.


Others: UDP, ICMP

SECURITY INNOVATION
©2003

7

Transport Layer Example



TCP outline:


Source Port: 1081


Destination Port: 80


Checksum: 0xa858

GET /directory/dirsearch.html HTTP/1.1

Host: www.sisecure.com

Src: 1081 Dst: 80

Chksum: 0xa858

HTTP Message

TCP header

SECURITY INNOVATION
©2003

8

Internet Layer


Communication between one machine and another.


Accepts requests to send packets to destination
address.


Encapsulates packets in IP datagram with IP header
and uses routing algorithm to decide if to send
directly or indirectly.


Also handles incoming IP datagrams.


If addressed to local machine, remove the IP
datagram header and pass up to transport layer.

SECURITY INNOVATION
©2003

9

Internet Layer Example


IP outline:


Time to live: 128


Header checksum: 0x57d1


Source: pelican (192.168.0.40)


Destination:
www.sisecure.com

(192.168.0.50)

GET /directory/dirsearch.html HTTP/1.1

Host: www.sisecure.com

Src: 1081 Dst: 80

Chksum: 0xa858

Src: 192.168.0.40

Dst: 192.168.0.50 TTL: 128

HTTP Message

TCP header

IP datagram header

SECURITY INNOVATION
©2003

10

Network Interface Layer


Accepts IP datagrams and transmits over
specific networks.


Maybe a simple device driver (e.g. an Ethernet
driver) or a complex subsystem with further
data link protocols.

SECURITY INNOVATION
©2003

11

Src: 00:e0:81:10:19:fc Dst: 00:a0:cc:54:1d:4e Type: IP

Network Interface Layer
Example


Ethernet outline:


Destination: 00:a0:cc:54:1d:4e


Source: 00:e0:81:10:19:fc


Type: IP

GET /directory/dirsearch.html HTTP/1.1

Host: www.sisecure.com

Src: 1081 Dst: 80

Chksum: 0xa858

Src: 192.168.0.40

Dst: 192.168.0.50 TTL: 128

Ethernet Frame

SECURITY INNOVATION
©2003

12

Protocol Layering

Application Layer

Transport Layer

Internet Layer

Network Layer

Physical Network

Application Layer

Transport Layer

Internet Layer

Network Layer

HTTP Message

TCP Packet

IP Datagram

Ethernet Frame

Web Browser

Web Server

SECURITY INNOVATION
©2003

13

Internetworking


No single networking technology can satisfy
all requirements.


Universal interconnection is desired.


Protocols allow communication between
nodes without understanding underlying
mechanisms.

SECURITY INNOVATION
©2003

14

Routing

Web Browser

Web Server

Router

Network

A

Network

B

SECURITY INNOVATION
©2003

15

Protocol Layering

Application Layer

Transport Layer

Internet Layer

Network Layer

Physical Network

Application Layer

Transport Layer

Internet Layer

Network Layer

HTTP Message

TCP Packet

Ethernet

Frame

Ethernet

Frame

IP Datagram

IP Datagram

Internet Layer

Network Layer

Physical Network

Host B

Host A

Router

SECURITY INNOVATION
©2003

16

2 Protocol Hierarchies


Protocols are stacked vertically as series of
‘layers’.


Each layer offers Services to layer above,
shielding implementation details.


Layer n on one machine communicates with
layer n on another machine (they are peer
processes/entities) using Layer n Protocol.

SECURITY INNOVATION
©2003

17

Layers, protocols & interfaces

Physical communications medium

Layer 1

Layer 1

Layer 1 protocol

Layer 2

Layer 2

Layer 1/2

interface

Layer 1/2

interface

Layer 2 protocol

Layer
n

protocol

Layer
n

Layer
n

Layer 2/3

interface

Layer
n
-
1/
n

interface

Layer 2/3

interface

Layer
n
-
1/
n

interface

Layer
n
/
n
+1

interface

Layer
n
/
n
+1

interface

SECURITY INNOVATION
©2003

18

Layer/interface design


Important objective is ‘clean’ interfaces,
having minimal set of well
-
defined services.


Clean
-
cut interfaces enable:


minimisation of inter
-
layer communications


easy replacement of individual layers


Set of layers and protocols is the Network
Architecture.

SECURITY INNOVATION
©2003

19

Virtual & Actual Communication


Vital to understand difference between:


virtual and actual communications,


protocols and interfaces.


Peer processes ‘think’ of communications as
being ‘horizontal’ using protocol.


Actual communications is via interfaces.


Peer process idea is key to understanding the
way networks operate.

SECURITY INNOVATION
©2003

20

Design Issues


Some issues affect many layers, e.g:


need to address data (say who it’s for),


possible need for setting up connections,


data transfer rules (simplex, half
-
duplex, ...),


error management,


deal with message component re
-
ordering,


flow control,


routing.

SECURITY INNOVATION
©2003

21

3 The OSI Reference model


OSI Reference Model
-

internationally
standardised network architecture.


An abstract representation of an ideal network
protocol stack


OSI = Open Systems Interconnection


Specified in ISO 7498
-
1.


Model has 7 layers.

SECURITY INNOVATION
©2003

22

Internet Protocols vs OSI

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application

TCP

IP

Network Interface

Hardware

1

2

3

4

5

1

2

3

4

6

5

7

Internet Protocols OSI

SECURITY INNOVATION
©2003

23

The OSI model

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Communications

subnet boundary

SECURITY INNOVATION
©2003

24

Lower/Upper Layers


Layers 1
-
4 often referred to as ‘lower layers’


Layers 5
-
7 are the upper layers.


Lower layers relate more closely to the
communications technology.


Upper layers relate to application.

SECURITY INNOVATION
©2003

25

Layer 7: Application Layer


Home to wide variety of protocols for specific
user needs, e.g.:


virtual terminal service,


file transfer,


electronic mail,


directory services.

SECURITY INNOVATION
©2003

26

Layer 6: Presentation Layer


Concerned with representation of transmitted
data.


Deals with different data representations, e.g.
of numbers, characters.


Also deals with data compression and
encryption.


Layer for source coding.

SECURITY INNOVATION
©2003

27

Layer 5: Session Layer


Allows establishment of sessions between
machines, e.g. to


allow remote logins


provide file transfer service.


Responsible for dialogue control.


Also performs token management and
synchronisation.

SECURITY INNOVATION
©2003

28

Layer 4: Transport Layer


Basic function is to take data from Session
Layer, split it up into smaller units, and
ensure that the units arrive correctly.


Concerned with efficient provision of service.


The Transport Layer also determines the
‘type of service’ to provide to the Session
Layer.

SECURITY INNOVATION
©2003

29

Layer 3: Network Layer


Controls the subnet.


Key issue is routing in the subnet; can be
based on:


static tables,


determined at start of session,


highly dynamic (varying for each packet).


Also responsible for congestion control.

SECURITY INNOVATION
©2003

30

Layer 2: Data Link Layer


Provides reliable, error
-
free service on top of
raw Level 1 service.


Breaks data into frames. Requires creation of
frame boundaries.


Frames used to manage errors via
acknowledgements and selective frame
retransmission.

SECURITY INNOVATION
©2003

31

Layer 1: Physical Layer


Concerned with bit transmission over
physical channel.


Issues include:


definition of 0/1,


whether channel simplex/duplex,


connector design.


Mechanical, electrical, procedural matters.

SECURITY INNOVATION
©2003

32

4 Services in the OSI Model


In OSI model, each layer provide services to
layer above, and ‘consumes’ services provided
by layer below.


Active elements in a layer called entities.


Entities in same layer in different machines
called peer entities.

SECURITY INNOVATION
©2003

33

Connections


Layers can offer connection
-
oriented or
connectionless services.


Connection
-
oriented like telephone system.


Connectionless like postal system.


Each service has an associated Quality
-
of
-
service (e.g. reliable or unreliable).

SECURITY INNOVATION
©2003

34

Reliability Issues


Reliable services never lose/corrupt data.


Reliable service costs more.


Typical application for reliable service is file
transfer.


Typical application not needing reliable
service is voice traffic.


Not all applications need connections.

SECURITY INNOVATION
©2003

35

Services and Protocols


Service = set of primitives provided by one
layer to layer above.


Service defines what layer can do (but not
how it does it).


Protocol = set of rules governing data
communication between peer entities, i.e.
format and meaning of frames/packets.


Service/protocol decoupling very important.

SECURITY INNOVATION
©2003

36

5 Example networks


Local area networks (IEEE 802)


Internet (TCP/IP)


ISDN


GSM, 3G

SECURITY INNOVATION
©2003

37

Local Area Networks


The IEEE 802 standards have come to
dominate LANs. They specify protocols for
use at Layers 1 and 2.


LANs (Local Area Networks) used within
limited areas (e.g. buildings/campuses) as
opposed to WANs (Wide Area Networks).


ISO/IEC 8802
-
n = IEEE 802.n

SECURITY INNOVATION
©2003

38

IEEE 802


IEEE 802.2 = Layer 2 (most of).


IEEE 802.3, 802.4 and 802.5 are three options
for Layer 1 (and a bit of Layer 2).


IEEE 802.3 = Ethernet.

SECURITY INNOVATION
©2003

39

ISDN


ISDN=Integrated Services Digital Network.


ISDN enables public
-
switched telephone
network to carry data as well as voice.


Current (N
-
ISDN) offers 64 kbit/sec channels
-

via modern telephone exchanges.


Can be used to support variety of applications
-

e.g. video
-
conference.

SECURITY INNOVATION
©2003

40

GSM & 3G


Global System for Mobile Communications


Digital technology and time division multiple access
transmission methods.


Voice is digitally encoded, allowing very efficient data
rate/information content ratio.


Open, non
-
proprietary standard


3G is 3
rd

generation GSM


High end services including substantially enhanced capacity,
quality and data rates than currently available.


Makes video on demand, high speed multimedia and
internet access possible.



SECURITY INNOVATION
©2003

41

The Internet


Internet
-

evolved out of a US Government
funded network (ARPANET).


Developed in parallel with OSI so it does not
conform.


Has its own protocols at layers 3/4 called TCP
(layer 4) and IP (layer 3).


Has pushed OSI out (de facto beats de jure)


Now 150 million web sites
1
, 650 million users.


1
Internet Domain Survey, Jan 2002