Telecommunications & Telecommunications & Network SecurityNetwork Security

Part 1Part 1

Open System Interconnect ModelOpen System Interconnect Model

OSIOSI

Application (7)Application (7)

Presentation (6)Presentation (6)

Session (5)Session (5)

Transport (4)Transport (4)

Network (3)Network (3)

Data link (2)Data link (2)

Physical (1)Physical (1)

TCP/IPTCP/IP

ApplicationApplication

Host-to-HostHost-to-Host

InternetInternet

Network AccessNetwork Access

Application Layer (Layer 7)Application Layer (Layer 7)

Protocols (standard rules) that support Protocols (standard rules) that support applications are defines at this layerapplications are defines at this layerSimple Mail Transport Protocol (SMTP)Simple Mail Transport Protocol (SMTP)Post Office Protocol 3 (POP3)Post Office Protocol 3 (POP3)Hypertext Transfer Protocol (HTTP)Hypertext Transfer Protocol (HTTP)File Transfer Protocol (FTP)File Transfer Protocol (FTP)TelnetTelnetTrivial File Transfer Protocol (TFTP)Trivial File Transfer Protocol (TFTP)

Layers 6-5Layers 6-5

Presentation Layer (6)Presentation Layer (6) Representation standards defined at this layer (GIF, Representation standards defined at this layer (GIF,

JPEG, ASCII, EBCDIC, compression, encryption)JPEG, ASCII, EBCDIC, compression, encryption) Format conversions occur at this layerFormat conversions occur at this layer

Session Layer (5)Session Layer (5) Sessions between computers coordinated at this layer Sessions between computers coordinated at this layer

(Connection establishment, data transfer, connection (Connection establishment, data transfer, connection release)release)

Simplex – one direction communicationSimplex – one direction communicationHalf-duplex – communication in both directions, one at a timeHalf-duplex – communication in both directions, one at a timeFull-duplex – communication in both directions Full-duplex – communication in both directions simultaneouslysimultaneously

Secure Sockets Layer (SSL), Remote Procedure Call Secure Sockets Layer (SSL), Remote Procedure Call (RPC), Structured Query Language (SQL) work at this (RPC), Structured Query Language (SQL) work at this layerlayer

Transport Layer (Layer 4)Transport Layer (Layer 4)

End to end communication protocols occur End to end communication protocols occur at this layerat this layer

Error detection and correction, flow Error detection and correction, flow control, packet retransmission occur at this control, packet retransmission occur at this layerlayer

Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)User Datagram Protocol (UDP)

Sequenced Packet Exchange (SPX)Sequenced Packet Exchange (SPX)

Network Layer (Layer 3)Network Layer (Layer 3)

Responsible for delivering packets from end to Responsible for delivering packets from end to endendDoes Does notnot insure packets are delivered insure packets are deliveredRouters work at this layerRouters work at this layerInternetworking Protocol (IP)Internetworking Protocol (IP)Internet Control Message Protocol (ICMP)Internet Control Message Protocol (ICMP)Routing Information Protocol (RIP)Routing Information Protocol (RIP)Open Shortest Path First (OSPF)Open Shortest Path First (OSPF)Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)

Data Link Layer (Layer 2)Data Link Layer (Layer 2)

Responsible for point to point delivery of packetsResponsible for point to point delivery of packetsDefines format of data frameDefines format of data frameHubs and switches work at this layerHubs and switches work at this layerEthernet, Gigabit Ethernet (IEEE 802.3)Ethernet, Gigabit Ethernet (IEEE 802.3)Token Ring (IEEE 802.5)Token Ring (IEEE 802.5)Asynchronous Transfer Mode (ATM)Asynchronous Transfer Mode (ATM)Point-to-Point Protocol (PPP)Point-to-Point Protocol (PPP)Integrated Services Digital Network (ISDN)Integrated Services Digital Network (ISDN)Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)

Physical Layer (Layer 1)Physical Layer (Layer 1)

Defines how bits are converted to voltages Defines how bits are converted to voltages or soundsor sounds

Defines signal to noise ratios for various Defines signal to noise ratios for various types of cables, laser wavelength use for types of cables, laser wavelength use for fiber optic cablefiber optic cable

TCP/IP – Structure TerminologyTCP/IP – Structure Terminology

Data (L5-7, application layer) meant to be sent Data (L5-7, application layer) meant to be sent across a TCP/IP network is called a across a TCP/IP network is called a message. message. Message is passed toMessage is passed to transport layer (L4), TCP transport layer (L4), TCP or UDP header added, and now is called a or UDP header added, and now is called a segmentsegment..Network layer (L3) adds routing and addressing Network layer (L3) adds routing and addressing to message. Packet is now called a to message. Packet is now called a datagramdatagram..Data link layer (L2) adds header and trailer, now Data link layer (L2) adds header and trailer, now called called frameframe..At every point, the data can be called a packet.At every point, the data can be called a packet.

IP AddressesIP Addresses

Current IP addresses are IPv4, 32 bitsCurrent IP addresses are IPv4, 32 bits Called dotted quad notationCalled dotted quad notation Contain a network and host numberContain a network and host number x.x.x.x, x = 0 - 255x.x.x.x, x = 0 - 255 Was traditionally divided into classes (class A, class B, class C) Was traditionally divided into classes (class A, class B, class C)

and subnets indicated by the and subnets indicated by the netmasknetmask Classless Inter-Domain Routing (CIDR) notation has replaced Classless Inter-Domain Routing (CIDR) notation has replaced

classed notation. classed notation. Refers to how many bits make up the network portion of the addressRefers to how many bits make up the network portion of the addressClass C = /24 (254 usable hosts)Class C = /24 (254 usable hosts)/27 = 1/8 of a Class C (30 usable hosts)/27 = 1/8 of a Class C (30 usable hosts)

Future Internet2 addressing will be IPv6, 128 bits, and Future Internet2 addressing will be IPv6, 128 bits, and includes built in security and QOSincludes built in security and QOS

LAN TechnologyLAN Technology

Local Area Network media addresses Local Area Network media addresses needs of small distances. needs of small distances.

Wide Area Network (WAN) media Wide Area Network (WAN) media addresses needs of large distances. addresses needs of large distances.

WANs are always formed when LANs are WANs are always formed when LANs are connected by routers.connected by routers.

LAN TerminologyLAN Terminology

UnicastUnicast Packet is sent from one station to anotherPacket is sent from one station to another

MulticastMulticast Packet is sent from one station to several specific Packet is sent from one station to several specific

stationsstations

BroadcastBroadcast Packet is sent from one station to all other computers Packet is sent from one station to all other computers

on a segment, regardless of collision domainon a segment, regardless of collision domain

SegmentSegment Division in a network, separated by a routerDivision in a network, separated by a router

TCP/IP – TCP ProtocolTCP/IP – TCP Protocol

Connection oriented protocolConnection oriented protocol

Ensures delivery of packets using packet Ensures delivery of packets using packet acknowledgement and retransmissionacknowledgement and retransmission

Ensures sequencing of packetsEnsures sequencing of packets

Provides flow and congestion controlProvides flow and congestion control

Provides error detection and correctionProvides error detection and correction

High overhead, high reliabilityHigh overhead, high reliability

TCP packets include TCP packets include code bitscode bits in header in header URG – Urgent PointerURG – Urgent Pointer ACK – Acknowledgement of earlier ACK – Acknowledgement of earlier

transmissiontransmission PSH – Push Function, used to flush dataPSH – Push Function, used to flush data RST – Indicates connection should be resetRST – Indicates connection should be reset SYN – Indicates system should sync SYN – Indicates system should sync

sequence number for session, packet must sequence number for session, packet must include Initial Sequence Number (ISN)include Initial Sequence Number (ISN)

FIN – Indicate session is finished and should FIN – Indicate session is finished and should be torn downbe torn down

Normal session begins with 3 way Normal session begins with 3 way handshakehandshake

3-Way Handshake3-Way Handshake

System APort 1234

System BPort 80

SYN with ISNA

ACK ISNA & SYN with ISNB

ACK ISNB

Communication Session

TCP is port oriented to separate multiple TCP is port oriented to separate multiple TCP sessionsTCP sessions

Source computer includes source IP Source computer includes source IP address and random port number (>1023)address and random port number (>1023)

Destination includes destination IP Destination includes destination IP address and address and well known port number well known port number (generally <1024)(generally <1024)

Protocols using TCP include FTP (port Protocols using TCP include FTP (port 21), SMTP (port 25), POP3 (port 110), 21), SMTP (port 25), POP3 (port 110), HTTP (port 80)HTTP (port 80)

TCP/IP – UDP ProtocolTCP/IP – UDP Protocol

Connectionless, best-effortConnectionless, best-effort

No packet sequencingNo packet sequencing

No flow or congestion controlNo flow or congestion control

No acknowledgment of packetsNo acknowledgment of packets

Used when reliability is not important, such as Used when reliability is not important, such as streaming audio or videostreaming audio or video

Much lower overheadMuch lower overhead

Much harder for firewalls to police and controlMuch harder for firewalls to police and control

ARPARP

Address Resolution ProtocolAddress Resolution ProtocolAll network cards have a Media Access Control (MAC) All network cards have a Media Access Control (MAC) addressaddress

Unique 24 bit number made up of manufacturer code and serial Unique 24 bit number made up of manufacturer code and serial numbernumber

Used to create cross-reference between MAC addresses Used to create cross-reference between MAC addresses and IP addresses at data link layer (L2)and IP addresses at data link layer (L2)Station sends out an ARP broadcast containing an IP Station sends out an ARP broadcast containing an IP address, only the match responds address, only the match responds Responses have a lifetime and are refreshed after Responses have a lifetime and are refreshed after expirationexpirationARP Table Poisoning attacks used to reroute trafficARP Table Poisoning attacks used to reroute traffic

ICMPICMP

Internet Control Message ProtocolInternet Control Message Protocol

Basic network layer (L3) messenger Basic network layer (L3) messenger protocolprotocol

Low priorityLow priority

PingPing Test communication between two stationsTest communication between two stations

TracerouteTraceroute Traces each hop between two stationsTraces each hop between two stations

EthernetEthernet

10 Mbps10 Mbps 10base2, uses thin coaxial cable10base2, uses thin coaxial cable 10base5, uses thick coaxial cable10base5, uses thick coaxial cable 10base-T, uses category 3 or greater unshielded 10base-T, uses category 3 or greater unshielded

twisted pair (UTP) cabletwisted pair (UTP) cable

100 Mbps, Fast Ethernet100 Mbps, Fast Ethernet 100base-TX, uses cat 5 or greater UTP100base-TX, uses cat 5 or greater UTP

1000 Mbps (1 Gbps), Gigabit Ethernet1000 Mbps (1 Gbps), Gigabit Ethernet 1000base-T, uses cat 5e or 7 UTP (depending on 1000base-T, uses cat 5e or 7 UTP (depending on

manufacturer)manufacturer) 1000base-SX, uses fiber optic cable1000base-SX, uses fiber optic cable

Uses CSMA/CD cable access methodUses CSMA/CD cable access method Carrier Sense Multiple Access with Collision Carrier Sense Multiple Access with Collision

DetectionDetection Monitors carrier activity on wire, transmits Monitors carrier activity on wire, transmits

during absence of carrierduring absence of carrier If two stations simultaneously transmit, If two stations simultaneously transmit,

collisioncollision occurs occurs In case of collision, both stations stop In case of collision, both stations stop

transmitting for a random amount of timetransmitting for a random amount of time Although some collisions are normal, high Although some collisions are normal, high

levels are detrimental to performancelevels are detrimental to performance Collisions are controlled by creating Collisions are controlled by creating collision collision

domainsdomains using bridges, switches, routers using bridges, switches, routers Collision domains also limit sniffer usageCollision domains also limit sniffer usage

Other LAN TechnologiesOther LAN Technologies

Token RingToken Ring 4 – 17 Mbps4 – 17 Mbps Similar to 10baseT EthernetSimilar to 10baseT Ethernet

Fiber Distributed Data Interface (FDDI)Fiber Distributed Data Interface (FDDI) 100 Mbps over fiber optic cable100 Mbps over fiber optic cable Works over 2 counter rotating rings for fault toleranceWorks over 2 counter rotating rings for fault tolerance

ATMATM Primarily a WAN technology, but is sometimes used Primarily a WAN technology, but is sometimes used

in LANsin LANs Can guarantee specific bandwidth to usersCan guarantee specific bandwidth to users Speeds up to 2.5 GbpsSpeeds up to 2.5 Gbps

Cable TypesCable Types

CoaxialCoaxial

Unshielded or Shielded Twisted PairUnshielded or Shielded Twisted Pair Noise – interference caused by electrical devicesNoise – interference caused by electrical devices Attenuation – loss of signal over distanceAttenuation – loss of signal over distance Crosstalk – signal on one wire spills to otherCrosstalk – signal on one wire spills to other

Fiber Optic CableFiber Optic Cable Considered most secure as it can not be easily Considered most secure as it can not be easily

tappedtapped Attenuation is a problem over very long distances or Attenuation is a problem over very long distances or

with many fiber cutswith many fiber cuts

Physical LAN/WAN TopologiesPhysical LAN/WAN Topologies

BusBus Used in 10base2 and 10base5 EthernetsUsed in 10base2 and 10base5 Ethernets

StarStar Used in 10baseT EthernetsUsed in 10baseT Ethernets

TreeTree

RingRing

MeshMesh

Networking DevicesNetworking Devices

RepeatersRepeaters Physical layer (L1) devicePhysical layer (L1) device Used to amplify signalsUsed to amplify signals Dumb device makes no decisionsDumb device makes no decisions

HubHub Multiport repeaterMultiport repeater

BridgesBridges Data link layer (L2) deviceData link layer (L2) device Intelligent repeater which answers ARP requests, Intelligent repeater which answers ARP requests,

forwards broadcasts, puts packet on proper segmentforwards broadcasts, puts packet on proper segment Makes decisions based on MAC addressesMakes decisions based on MAC addresses

SwitchSwitch Multiport bridgeMultiport bridge Data link layer (L2) switchData link layer (L2) switch

Basic inexpensive switch that simply bridges Basic inexpensive switch that simply bridges packets based on MAC addressespackets based on MAC addresses

Network layer (L3) switchNetwork layer (L3) switchAdds the ability to make decisions based on IP Adds the ability to make decisions based on IP addressesaddressesIP based packet forwarding and ACLsIP based packet forwarding and ACLsMuch faster than a routerMuch faster than a routerCan prioritize traffic – Quality of Service (QoS)Can prioritize traffic – Quality of Service (QoS)

Transport layer (L4) switchTransport layer (L4) switchAdds the ability to make decisions based on Adds the ability to make decisions based on content like Web addresscontent like Web address

Virtual LANs (VLANs)Virtual LANs (VLANs) Used to virtually segment switched networksUsed to virtually segment switched networks Separates LAN devices into broadcast Separates LAN devices into broadcast

domainsdomains Provides security since packets are not sent Provides security since packets are not sent

to ports not assigned to a particular VLANto ports not assigned to a particular VLAN

RouterRouter Network layer (L3) deviceNetwork layer (L3) device Makes decisions based on IP addressesMakes decisions based on IP addresses Uses a routing table to decide where to send Uses a routing table to decide where to send

packetspacketsRouting tables populated using dynamic routing Routing tables populated using dynamic routing protocols like BGP, RIP, or OSPF or static entriesprotocols like BGP, RIP, or OSPF or static entries

Autonomous System Numbers (ASN) differentiate Autonomous System Numbers (ASN) differentiate between different routing domainsbetween different routing domains

ACLs used to filter packets based on IP ACLs used to filter packets based on IP addresses, source or destination ports, addresses, source or destination ports, protocolprotocol

Homework Project 2Homework Project 2

Locate and review the various existing Locate and review the various existing YSU computer Acceptable Use Policies YSU computer Acceptable Use Policies (AUP)(AUP)

Create a more complete YSU-wide AUP Create a more complete YSU-wide AUP that takes into account all the current that takes into account all the current computer security threatscomputer security threats

Describe how students and faculty can be Describe how students and faculty can be made more aware of the AUPmade more aware of the AUP