Computer Security Networking Basics Reasons To Know Networking
Computer Security Networking Basics
Reasons To Know Networking In Regard to Computer Security To understand the flow of information on the Internet To understand the levels of activity in network traffic flow To understand the basis for vulnerabilities To understand the basis for security tools and how they work
Base Principle – Packet Switching Messages broken up into packets Packets are sent onto network, routed to destination, reassembled Advantages (compared to circuit switching; e. g. traditional phones) n n n Better sharing of bandwidth Greater overall efficiency Allows more users, no greater delay
Protocol Layering Protocol: a convention for communication between two agents (aka handshaking) Motivation: Separation of functionality n n Layers take care of particular task re: information Offer services to next layer in protocol stack Advantage: modularity Disadvantages: possible overlap, redundancy of functionality, overhead of layer translation
Protocol Data Units Layer sends message by building a protocol data unit (PDU) n Take data from layer N, additional information to meet needs of layer N-1 PDU handed to next lower layer Lower layer now has responsibility for message
Internet Protocol Stack Seven layers in Open Systems Interconnect (OSI) model – theoretical standard from 1970 s n n n n 7) Application 6) Presentation 5) Session 4) Transport 3) Network 2) Data Link 1) Physical
TCP/IP Stack Five layers in Open Systems Interconnect (OSI) model – more practical standard from 1970 s n n n 5) Application (incl. Presentation/Session issues) 4) Transport 3) Network 2) Data Link 1) Physical
General Layer Functions Segmentation / Reassembly n Breaking large message into standard size chunks Error Control n How to detect or correct errors Flow Control n Avoid overwhelming slower systems Multiplexing n Sharing of lower-level connections Connection setup n How to establish a virtual communication path
Application Layer (OSI 7) Function: High-Level Application Systems and End-User Processes Implemented in: Software PDU: Message Examples n ftp, http, smtp, telnet, …
Presentation Layer (OSI 6) Function: Provides independence from differences in data representation by formatting and encrypting data Implemented in Software Examples: ASCII encoding, NFS, FTP file path/name translation
Session Layer (OSI 5) Function: Establishes, manages and terminates connections between applications Implemented in software Examples: SSL, DNS, RPC
Transport Layer (4) Function/Service: Transport message from one system to another system Implemented in: Software PDU: Segment Two methods n n TCP (connection-oriented protocol) UDP (connectionless protocol) Information includes port and protocol
TCP TCP=Transmission Control Protocol Connection-Oriented Service n n n Guaranteed Delivery of Message Flow Control Uses “Handshaking” to Establish Connection Breaks message into shorter segments Advantage: More Control Examples n http, ftp, smtp, telnet
UDP = User Datagram Protocol Connection-less Service n n n No Guaranteed Delivery of Message No Flow Control / Handshaking No Overhead For Connection Continuous Data Stream Advantage: Faster Disadvantage: Possible loss of information Examples n Video, Voice (e. g. phone)
Network Layer (3) Function/Service: Routing segments from host to host, through intermediate systems n Network Layer receives segment and destination address from Transport Layer Implemented in: Hardware & Software PDU: Datagram Two major parts n n IP Protocol: structure of datagram, how end systems (and routers) act on this information Routing protocols: for transfer from source host to destination host Examples: IP, IPX Information Content: Source and Destination Address
Data Link Layer (2) Function/Service: Move a datagram from one node to the next in the route Implemented in: Hardware PDU: Frame Examples: n Ethernet, Token Ring, FDDI, Gigabit Ethernet Information Content n NIC card addresses (e. g. 00: 3 A: 26: F 9: 45: 27) for source and destination
Physical Layer (1) Function/Service: Routing physical bits from one network node to adjacent node Implemented in: Hardware PDU: Bits Examples n n Optical fiber, Twisted pair wire, Coaxial cable Issues: Voltage levels, signaling Information content: bits with all data
Types of Hardware/Software Systems End Systems / Hosts n Implement all layers Routers/Packet Switches n n Implement layers 1 -3 Can implement IP protocol Bridges n Implement layer 1 -2 Hubs n n Implement layer 1 only Essentially repeaters Firewalls n n Packet filtering (operate at layer 3) Application gateways (operate at layer 7)
Additional Information Internet Engineering Task Force (IETF) n n http: //www. ietf. org Primary documents: RFCs IP: RFC 791 TCP: RFC 793 UDP: RFC 768 OSI Model and Information Security n http: //www. giac. org/practical/GSEC/Damon_R eed_GSEC. pdf
Internet Addressing 32 -bit quantity that uniquely identifies internet host Displayed www. xxx. yyy. zzz Split into two parts: network and host n E. g. 198. 23. 168 network (198. 23. 168. 0/24) has 256 possible hosts (last part 0 -255) Network Types n Class A: only first triple specified; e. g. 78. X. X. X 256 ^ 3 hosts = 16, 777, 216 hosts n Class B: first two triples specified; e. g. 137. 28. X. X 256 ^ 2 = 65, 536 hosts n Class C: first three triples specified; e. g. 110. 27. 16. x 256 hosts
Internet Addressing (2) Certain network segments reserved n n Can be used for isolated private networks 10. 0 – 10. 255 : Class A 172. 16. 0. 0 – 172. 31. 255 : Class B 192. 168. 0. 0 – 192. 168. 255 : Class C RFC 900
Address Resolution Protocol (ARP) ARP deals with the mapping of IP addresses (level 3) to Data Link addresses (level 2) With Ethernet at the Data Link level, this involves mapping an IP address (e. g. 137. 28. 109. 71) to a MAC address for an ethernet card (e. g. 00: 02: 6 A: 2 C: 78: 52)
This can be attacked by spoofing a MAC address for a given IP address (called ARP spoofing or ARP poisoning) E. g. an attacker could send a packet that convinces a system that the normal network gateway’s IP be associated with the attacker’s MAC address
Port Certain system process must respond to a particular application protocol (e. g. ftp, smtp) Port is the “address” for application communication on system n n n E. g. Port 80 for http E. g. Port 25 for smtp E. g. Port 1521 for Oracle connections Port List: http: //www. iana. org/assignments/portnumbers
Socket Interface between the application layer and the transport layer Acts as an API between application and network Programmer only controls application side, plus a few transport level details n n Transport protocol (TCP or UDP) A few transport parameters (e. g. maximum buffer size)
ICMP = Internet Control Message Protocol Used by hosts, routers and gateways to communicate network layer information Used for error reporting, part of other protocols (e. g. , ping) Exists just above IP layer
Packet Switching Desired Features: n n n Storage: system stores packet temporarily if can’t reach desired neighbor Forwarding: system intelligently forwards packet to desired interface only Filtering: system drops packet if packet does/doesn’t meet certain conditions
Network Equipment Hub Bridge Switch Router Firewall
Hub Physical Layer transmission Essentially repeats incoming signal to all interfaces Counts on each connected host system to take what it is interested in, drop anything else Some intelligence n n E. g. if certain interface malfunctions, hub can ignore it Otherwise, no store and forward switching
Bridge Store and forward packet switch Operate on Ethernet frames Data Link Layer Advantages: n n Plug-and-play Relatively high filtering and forwarding Disadvantages: n n Require use of spanning tree protocol No protection against broadcast storms
Ethernet Switch High-performance multi-interface bridges Advantages n n Often more interfaces than bridge Can operate in full-duplex mode Disadvantages n Similar to bridges E. g. no protection against broadcast storms
Router Packet-switch Store and forward Network Layer system Advantages n n Packets can use best path Provide protection against broadcast storms Disadvantages n n Need to configure Slightly slower than bridge (up to network level)
Firewall Two major functions n Packet filtering (primarily at network layer) Restrict traffic by: n n n IP source or destination address TCP or UDP source and destination port ICMP message type Connect. –init. datagrams using TCP SYN or ACK bits Application gateway (application layer) Advantage: Allows fine level control Disadvantages: One gateway per application, slower
Network Structure Concepts / Terminology n Bastion Host A host machine open to outside (internet) access, designed to screen internal secure network from outside contact n DMZ (Demilitarized Zone) Network area between first layer of protection and secured area n Secure Area / Network area meant for only internal/intranet access
Network Topology Given what we’ve discussed so far… Balancing considerations of filtering, forwarding, broadcast control, efficiency, … How can we design a network with 3 departments with 8 workstations each, a web server, a database server and a mail server n n What network equipment? Where?
- Slides: 36