Network Security Part 1

greydullNetworking and Communications

Oct 30, 2013 (3 years and 9 months ago)

75 views

Telecommunications &
Network Security

Part 1

Open System Interconnect Model


OSI

Application (7)

Presentation (6)

Session (5)

Transport (4)

Network (3)

Data link (2)

Physical (1)


TCP/IP

Application



Host
-
to
-
Host

Internet

Network Access

Application Layer (Layer 7)

Protocols (standard rules) that support
applications are defines at this layer

Simple Mail Transport Protocol (SMTP)

Post Office Protocol 3 (POP3)

Hypertext Transfer Protocol (HTTP)

File Transfer Protocol (FTP)

Telnet

Trivial File Transfer Protocol (TFTP)

Layers 6
-
5

Presentation Layer (6)


Representation standards defined at this layer (GIF,
JPEG, ASCII, EBCDIC, compression, encryption)


Format conversions occur at this layer

Session Layer (5)


Sessions between computers coordinated at this
layer (Connection establishment, data transfer,
connection release)

Simplex


one direction communication

Half
-
duplex


communication in both directions, one at a time

Full
-
duplex


communication in both directions
simultaneously


Secure Sockets Layer (SSL), Remote Procedure Call
(RPC), Structured Query Language (SQL) work at this
layer

Transport Layer (Layer 4)

End to end communication protocols occur
at this layer

Error detection and correction, flow
control, packet retransmission occur at this
layer

Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)

Sequenced Packet Exchange (SPX)

Network Layer (Layer 3)

Responsible for delivering packets from end to
end

Does
not

insure packets are delivered

Routers work at this layer

Internetworking Protocol (IP)

Internet Control Message Protocol (ICMP)

Routing Information Protocol (RIP)

Open Shortest Path First (OSPF)

Border Gateway Protocol (BGP)

Data Link Layer (Layer 2)

Responsible for point to point delivery of packets

Defines format of data frame

Hubs and switches work at this layer

Ethernet, Gigabit Ethernet (IEEE 802.3)

Token Ring (IEEE 802.5)

Asynchronous Transfer Mode (ATM)

Point
-
to
-
Point Protocol (PPP)

Integrated Services Digital Network (ISDN)

Address Resolution Protocol (ARP)

Physical Layer (Layer 1)

Defines how bits are converted to voltages
or sounds

Defines signal to noise ratios for various
types of cables, laser wavelength use for
fiber optic cable


TCP/IP


Structure Terminology

Data (L5
-
7, application layer) meant to be sent
across a TCP/IP network is called a
message.

Message is passed to

transport layer (L4), TCP
or UDP header added, and now is called a
segment
.

Network layer (L3) adds routing and addressing
to message. Packet is now called a
datagram
.

Data link layer (L2) adds header and trailer, now
called
frame
.

At every point, the data can be called a packet.

IP Addresses

Current IP addresses are IPv4, 32 bits


Called dotted quad notation


Contain a network and host number


x.x.x.x, x = 0
-

255


Was traditionally divided into classes (class A, class B, class C)
and subnets indicated by the
netmask


Classless Inter
-
Domain Routing (CIDR) notation has replaced
classed notation.

Refers to how many bits make up the network portion of the
address

Class C = /24 (254 usable hosts)

/27 = 1/8 of a Class C (30 usable hosts)

Future Internet2 addressing will be IPv6, 128 bits, and
includes built in security and QOS

LAN Technology

Local Area Network media addresses
needs of small distances.

Wide Area Network (WAN) media
addresses needs of large distances.

WANs are always formed when LANs are
connected by routers.

LAN Terminology

Unicast


Packet is sent from one station to another

Multicast


Packet is sent from one station to several specific
stations

Broadcast


Packet is sent from one station to all other computers
on a segment, regardless of collision domain

Segment


Division in a network, separated by a router

TCP/IP


TCP Protocol

Connection oriented protocol

Ensures delivery of packets using packet
acknowledgement and retransmission

Ensures sequencing of packets

Provides flow and congestion control

Provides error detection and correction

High overhead, high reliability

TCP packets include
code bits

in header


URG


Urgent Pointer


ACK


Acknowledgement of earlier
transmission


PSH


Push Function, used to flush data


RST


Indicates connection should be reset


SYN


Indicates system should sync
sequence number for session, packet must
include Initial Sequence Number (ISN)


FIN


Indicate session is finished and should
be torn down

Normal session begins with 3 way
handshake


3
-
Way Handshake

System A

Port 1234

System B

Port 80

SYN with ISN
A

ACK ISN
A

& SYN with

ISN
B

ACK ISN
B

Communication Session

TCP is port oriented to separate multiple
TCP sessions

Source computer includes source IP
address and random port number (>1023)

Destination includes destination IP
address and
well known port number
(generally <1024)

Protocols using TCP include FTP (port
21), SMTP (port 25), POP3 (port 110),
HTTP (port 80)


TCP/IP


UDP Protocol

Connectionless, best
-
effort

No packet sequencing

No flow or congestion control

No acknowledgment of packets

Used when reliability is not important, such as
streaming audio or video

Much lower overhead

Much harder for firewalls to police and control

ARP

Address Resolution Protocol

All network cards have a Media Access Control (MAC)
address


Unique 24 bit number made up of manufacturer code and serial
number

Used to create cross
-
reference between MAC addresses
and IP addresses at data link layer (L2)

Station sends out an ARP broadcast containing an IP
address, only the match responds

Responses have a lifetime and are refreshed after
expiration

ARP Table Poisoning attacks used to reroute traffic

ICMP

Internet Control Message Protocol

Basic network layer (L3) messenger
protocol

Low priority

Ping


Test communication between two stations

Traceroute


Traces each hop between two stations

Ethernet

10 Mbps


10base2, uses thin coaxial cable


10base5, uses thick coaxial cable


10base
-
T, uses category 3 or greater unshielded
twisted pair (UTP) cable

100 Mbps, Fast Ethernet


100base
-
TX, uses cat 5 or greater UTP

1000 Mbps (1 Gbps), Gigabit Ethernet


1000base
-
T, uses cat 5e or 7 UTP (depending on
manufacturer)


1000base
-
SX, uses fiber optic cable

Uses CSMA/CD cable access method


Carrier Sense Multiple Access with Collision
Detection


Monitors carrier activity on wire, transmits
during absence of carrier


If two stations simultaneously transmit,
collision

occurs


In case of collision, both stations stop
transmitting for a random amount of time


Although some collisions are normal, high
levels are detrimental to performance


Collisions are controlled by creating
collision
domains

using bridges, switches, routers


Collision domains also limit sniffer usage

Other LAN Technologies

Token Ring


4


17 Mbps


Similar to 10baseT Ethernet

Fiber Distributed Data Interface (FDDI)


100 Mbps over fiber optic cable


Works over 2 counter rotating rings for fault tolerance

ATM


Primarily a WAN technology, but is sometimes used
in LANs


Can guarantee specific bandwidth to users


Speeds up to 2.5 Gbps

Cable Types

Coaxial

Unshielded or Shielded Twisted Pair


Noise


interference caused by electrical devices


Attenuation


loss of signal over distance


Crosstalk


signal on one wire spills to other

Fiber Optic Cable


Considered most secure as it can not be easily
tapped


Attenuation is a problem over very long distances or
with many fiber cuts

Physical LAN/WAN Topologies

Bus


Used in 10base2 and 10base5 Ethernets

Star


Used in 10baseT Ethernets

Tree

Ring

Mesh

Networking Devices

Repeaters


Physical layer (L1) device


Used to amplify signals


Dumb device makes no decisions

Hub


Multiport repeater

Bridges


Data link layer (L2) device


Intelligent repeater which answers ARP requests,
forwards broadcasts, puts packet on proper segment


Makes decisions based on MAC addresses

Switch


Multiport bridge


Data link layer (L2) switch

Basic inexpensive switch that simply bridges
packets based on MAC addresses


Network layer (L3) switch

Adds the ability to make decisions based on IP
addresses

IP based packet forwarding and ACLs

Much faster than a router

Can prioritize traffic


Quality of Service (QoS)



Transport layer (L4) switch

Adds the ability to make decisions based on
content like Web address

Virtual LANs (VLANs)


Used to virtually segment switched networks


Separates LAN devices into broadcast
domains


Provides security since packets are not sent
to ports not assigned to a particular VLAN

Router


Network layer (L3) device


Makes decisions based on IP addresses


Uses a routing table to decide where to send
packets

Routing tables populated using dynamic routing
protocols like BGP, RIP, or OSPF or static entries

Autonomous System Numbers (ASN) differentiate
between different routing domains


ACLs used to filter packets based on IP
addresses, source or destination ports,
protocol

Homework Project 2

Locate and review the various existing
YSU computer Acceptable Use Policies
(AUP)

Create a more complete YSU
-
wide AUP
that takes into account all the current
computer security threats

Describe how students and faculty can be
made more aware of the AUP