module a. this is a module that some teachers will cover while others will not this module is a...

Module A

This is a module that some teachers will cover while others will not

This module is a refresher on networking concepts, which are important in information security

If your teacher does not cover networking, you might want to cover it yourself, to “get the rust out” of your networking knowledge

Copyright Pearson Prentice-Hall 20092


Access Routerwith Built-in

Wireless Access PointFunctionality

PC withWireless

NIC

WirelessCommunication

DSLBroadband

Modem

PC withInternal

NIC

UTP

File Sharing

PrinterSharing


OfficeBuilding

WorkgroupSwitch

1

Core Switch

Optical Fiber Cord

Equipment Room

To WANRouter

WorkgroupSwitch

2

WirelessAccess PointWireless Client

Server

UTPTelephone

Wiring

WiredClient


FrameRelay

Credit CardAuthorization

BureauDa Kine Island

Headquarters

Branchin State

(60)

ISP 1

FrameRelay

North Shore

Operations

T1

T1

T3

T3

ISP 2

Internet

T3 Leased Line

LeasedLine

LeasedLine

LeasedLine

LeasedLines

LeasedLine

LeasedLine


ServerHost

ApplicationApplication

ClientHost

Network Network

AccessLine

AccessLine

Router

Network Network

Network

Network


NetworkBrowser

Packet

Router

PacketRouter

Packet

Route

WebserverSoftware

Router

The global Internet has thousands of networks connectedby routers

The global Internet has thousands of networks connectedby routers


Frame XPacket

Frame Z

Packet

Router

Router

Switch Switch

Switch Switch

Frame Y Packet

Network X

Network Z

NetworkZ

Packet travels in a differentframe in each network

Packet travels in a differentframe in each network


Router

User PC'sInternet Service

Provider

ISP

Internet Backbone(Multiple ISP Carriers)

User PCHost Computer

WebserverHost Computer

ISP

NAP

NAP

NAP

NAP = Network Access Point

Webserver'sInternet Service

Provider

AccessLine

Access Line

ISP

ISP


Super Layer Description

Application Communication between application programs on different hosts attached to different networks on an internet.

Internetworking Transmission of packets across an internet. Packets contain application layer messages.

Network Transmission of frames across a network. Frames contain packets.


Super Layer TCP/IP OSI Hybrid TCP/IP-OSI

Application Application Application Application

Presentation

Session

Internet Transport Transport Transport

Internet Network Internet

Single Network Subnet Access Data Link Data Link

Physical Physical


SwitchedNetwork 1

Data Link

Physical Link Frame

In a single network, a physical link connects adjacent devices.

A data link is the path that a frame takes across a single network.

One data link; three physical links.


Server

Router 1

Client PC

Router 2 Router 3

Transport LayerEnd-to-End (Host-to-Host)

TCP Is Connection-Oriented, Reliable

Internet Layer(Usually IP)

Hop-by-Hop (Host-Router or Router-Router)Connectionless, Unreliable


Total Length(16 bits)

Identification (16 bits)

Header Checksum (16 bits)Time to Live

(8 bits)

Flags

Protocol (8 bits)1=ICMP, 6=TCP,

17=TCP

Bit 0 Bit 31IP Version 4 Packet

Source IP Address (32 bits)

Fragment Offset (13 bits)

Diff-Serv(8 bits)

HeaderLength(4 bits)

Version(4 bits)

Destination IP Address (32 bits)

Options (if any) Padding

Data Field

0100


Source IP Address (128 bits)

Destination IP Address (128 bits)

Next Header or Payload (Data Field)

Version(4 bits)

Value is 6(0110)

Diff-Serv(8 bits)

Flow Label (20 bits)Marks a packet as part of a specific flow

Payload Length (16 bits) Next Header(8 bits)

Name of next header

Hop Limit(8 bits)

Bit 0 Bit 31


Source Port Number (16 bits) Destination Port Number (16 bits)

Sequence Number (32 bits)

TCP Checksum (16 bits)

Data Field

Flag fields are 1-bit fields. They include SYN, ACK, FIN, RST, PSH, and URG

Urgent Pointer (16 bits)

Bit 0 Bit 31

Acknowledgement Number (32 bits)


Reserved(6 bits)

Flag Fields(6 bits)

Window(16 bits)

Options (if any) Padding



Acknowledgment Number (32 bits)

Sequence Number (32 bits)

TCP Checksum (16 bits)

Window Size(16 bits)

Flag Fields(6 bits)

Reserved(6 bits)


Urgent Pointer (16 bits)


PCTransport Process

WebserverTransport Process

1. SYN (Open)

2. SYN, ACK (1) (Acknowledgement of 1)

3. ACK (2)

Open(3)

3-Way Open


PCTransport Process


1. SYN (Open)

2. SYN, ACK (1) (Acknowledgement of 1)

3. ACK (2)

4. Data = HTTP Request

5. ACK (4)

6. Data = HTTP Response

7. ACK (6)

Open(3)

CarryHTTPReq &Resp(4)


PCTransport Process


8. Data = HTTP Request (Error)CarryHTTPReq &Resp(4)

9. Data = HTTP Request (No ACK so Retransmit)

10. ACK (9)

11. Data = HTTP Response

12. ACK (11)

Error Handling


PCTransport Process


Close(4)

13. FIN (Close)

14. ACK (13)

15. FIN

16. ACK (15)

Note: An ACK may be combined with the next message if the next messageis sent quickly enough

Normal Four-Way Close


PCTransport Process


Close(1)

RST

Abrupt Close

Either side can sendA Reset (RST) Segment

At Any TimeEnds the Session Immediately


47ISN

48 49-55 56-64 65 - 85

47 48 49 56 65

48 NA 56 65 86

Data Octets inTCP segment

1 2 3 4 5TCP segment number

Value inSequence Numberfield of segment

Value in Ack. No.field of acknowledgingsegment

Note: ISN = initial sequence number (randomly generated).


MultitaskingServer

HTTPApplication

SMTPApplication

FTPApplication

Port80Port

25

Ports20 and

21


From: 60.171.18.22:2707To: 1.33.17.13:80

Webserver1.33.17.13

Port 80

Client60.171.18.22

SMTP Server123.30.17.120

Port 25

From: 1.33.17.13:80To: 60.171.18.22:2707

From: 60.171.18.22:4400To: 123.30.17.120:25



UDP Length (16 bits) UDP Checksum (16 bits)

Data Field


RouterHost Unreachable

Error Message

Echo Request(Ping)

EchoReply

IPHeader

ICMPMessage


Host Name……Voyager.cba.hawaii.edu…

IP Address……128.171.17.13…

3.DNS Hostdoes table

lookup

1.Client wishes

to sendpackets to

Voyager.cba.hawaii.edu

2. DNS Request Message"The host name is Voyager.cba.hawaii.edu”

4. DNS Response Message“The IP address is 128.171.17.13"

DNS Table

HostVoyager.cba.hawaii.edu128.171.17.13

5.Packets to

128.171.17.13


Autonomous System

InternalRouter

BGP Is an Exterior DynamicRouting ProtocolAutonomous System

RIP,OSPF, orEIGRP

RIP,OSPF, orEIGRP

InternalRouter

BorderRouter

BorderRouter

RIP, OSPF, and EIGRPInterior Dynamic Routing Protocols


Network ManagementSoftware (Manager)

Network ManagementAgent (Agent)

Managed Device

Simple NetworkManagement Protocol (SNMP)

Command (Get, Set, etc.)

Response

Trap

ManagementInformationBase (MIB)

ManagementInformationBase (MIB)

Application Exploits◦ By taking over applications, hackers gain the

permissions of the exploited program

◦ A multitude of application standards

◦ Consequently, there is a multitude of security issues at the application level


Many Applications Need Two Types of Standards◦ One for the transmission of messages, one for the

content of application documents

◦ For the World Wide Web, these are HTTP and HTML, respectively

◦ For transmission, e-mail uses SMTP, POP, and IMAP

◦ For message content, e-mail uses RFC 2822 (all-text), HTML, and MIME


FTP and Telnet◦ Have no security

◦ Passwords are transmitted in the clear so can be captured by sniffers

◦ Secure Shell (SSH) can replace both securely


Many Other Application Standards Have Security Issues◦ Voice over IP

◦ Service-oriented architecture (SOA); web services

◦ Peer-to-peer applications


module a. this is a module that some teachers will cover while others will not this module is a...

Documents

network slide

bits version

bits options

bits fragment

bits time

bits identification

way open slide

bits header length