Computer Networks

ContentsContents......................................................................................................................................................1

Question No. 1 (6 Marks).............................................................................................................................2

Introduction to LAN.................................................................................................................................2

Introduction to WAN...............................................................................................................................2

Question No. 2 (6 Marks).............................................................................................................................2

OSI Layer..................................................................................................................................................2

TCP/ IP.....................................................................................................................................................4

Question No. 3 (6 Marks).............................................................................................................................8

Link Layer.................................................................................................................................................8

Ethernet & 802.3.....................................................................................................................................9

SLIP........................................................................................................................................................10

PPP........................................................................................................................................................12

Question No. 4 (7 Marks)...........................................................................................................................12

IP............................................................................................................................................................14

General..............................................................................................................................................14

IPv4 Address......................................................................................................................................15

IP Packet structure.............................................................................................................................16

References :.......................................................................................................................................16

ICMP......................................................................................................................................................16

ARP........................................................................................................................................................19

RARP......................................................................................................................................................19

UDP – User Datagram Protocol.............................................................................................................20

Telnet Protocol......................................................................................................................................39

FTP – File Transfer Protocol...................................................................................................................41

III – Unit Test topics...............................................................................................................................44

What is a firewall? Explain 2 types of firewall.......................................................................................44

Question No. 1 (6 Marks)

Introduction to LAN

1. Three LAN implementations are used most commonly

a. Ethernet/IEEE 802.3,b. Token Ring/IEEE 802.5, and c. Fiber Distributed Data Interface (FDDI)

Router - A node that sends network packets in one of many possible directions to get them to their destination. It can also take decision in which route the information should take. It operates at network layer.

GatewaysIt is a generic term that refers to an entity used to interconnect two or more networks that have different rules of communication.

Introduction to WAN

Question No. 2 (6 Marks)

OSI Layer

1. (Open Systems Interconnection) model defined by the International Organization for Standardization.

2. The OSI reference model is a conceptual model composed of seven layers, each specifying particular network functions. The model was developed by the International Organization for Standardization (ISO) in 1984, and it is now considered the primary architectural model for inter-computer communications.

3. The basic idea of a layered architecture is to divide the design into small pieces. Each layer adds to the services provided by the lower layers in such a manner that the highest layer is provided a full set of services to manage communications and run the applications.

4. The benefits of the layered models are a. Modularity and clear interfaces, i.e. open architecture and b. Comparability between the different providers' components.

5. The basic elements of a layered model are services, protocols and interfaces. A service is a set of actions that a layer offers to another (higher) layer. Protocol is a set of rules that a layer uses to exchange information with a peer entity. These rules concern both the contents and the order of the messages used. Between the layers service interfaces are defined. The messages from one layer to another are sent through those interfaces.

6. A set of layers and protocols is known as network architecture .

TCP/ IP

The TCP/IP communication stack (OSI levels 3 and 4) is at the heart of most modern industrial communication stacks

Internet protocol suite is the set of communications protocols that implements the protocol stack on which the Internet and many commercial networks run. It is part of the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined.

The Internet protocol suite - like many protocol suites - can be viewed as a set of layers and can be compared to the OSI model. Each layer solves a set of problems

involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The original TCP/IP reference model consists (see Figure   5.1, “The TCP/IP protocol stack”) of 4 layers, but has evolved into a 5-layer model.

Figure 5.1. The TCP/IP protocol stack

Question No. 3 (6 Marks)

Link Layer1. This is one of the TCP/IP layer2. Send/Receive IP datagrams for IP Module3. Link Layer Protocols

o ARP Requests and Replieso RARP Requests and Replies

4. Different link layers –o Ethernet, o token ring,o FDDI o and Serial Lines

SLIP & PPP

o loopback driver5. Two standards:

o Etherneto IEEE 802

6. MTU and path MTU

o There is a limit on the size of the frame for both Ethernet and 802.3 encapsulations. This limits the number of bytes of data to 1500 and 1492, respectively. This characteristic of the link layer is called the MTU, its maximum transmission unit.

o When two hosts on the same network are communicating with each other, it is the MTU of the network that is important. But when two hosts are communicating across multiple networks, each link can have a different MTU. The important numbers are not the MTUs of the two networks to which the two hosts connect, but rather the smallest MTU of any data link that packets traverse between the two hosts. This is called the path MTU.

Ethernet & 802.3

1. Ethernet was developed by Xerox Corporation’s Palo Alto Research Center (PARC) in the 1970s.2. Ethernet was the technological basis for the IEEE 802.3 specification, which was initially released

in 1980. 3. Shortly thereafter, Digital Equipment Corporation, Intel Corporation, and XeroxCorporation

jointly developed and released an Ethernet specification (Version 2.0) that is substantially compatible with IEEE 802.3.

4. Ethernet/IEEE 802.3 Similarityo Both are CSMA/CD LANs. Stations on a CSMA/CD  (Carrier Sense Multiple Access /

Collision Detection) LAN can access the network at any time.o Both Ethernet and IEEE 802.3 LANs are broadcast networks.o Ethernet and IEEE 802.3 are implemented in hardware.o Both of these protocols specify a bus topology

5. Differences between Ethernet and IEEE 802.3 LANs are subtle.o Ethernet provides services corresponding to Layers 1 and 2 of the OSI reference model,

while IEEE 802.3 specifies the physical layer (Layer 1) and the channel-access portion of the link layer (Layer 2), but does not define a logical link control protocol.

o IEEE 802.3 specifies several different physical layers, whereas Ethernet defines only one.

o

o Ethernet is most similar to IEEE 802.3 10Base5.o In the case of Ethernet, the upper-layer protocol is identified in the type field. In the

case of IEEE 802.3, the upper-layer protocol must be defined within the data portion of the frame, if at all.

o

o Note:- In IEEE 802.3 frames, the 2-byte field following the source address is a length field, which indicatescthe number of bytes of data that follow this field and precede the frame check sequence (FCS) field.

Ethernet

7 1 6 6 246-

1500 4Preambl

eSOF Destination Address Source Address Type Data

FCS

IEEE 802.3Preambl

eSOF Destination Address Source Address

Length Data

FCS

o

SLIP

1. The Serial Line Internet Protocol (SLIP) is a mostly obsolete encapsulation of the Internet Protocol designed to work over serial ports and modem connections.

2. It is documented in RFC 1055.3. SLIP modifies a standard Internet datagram by appending a special SLIP END character to it,

which allows datagrams to be distinguished as separate.4. SLIP has been largely replaced by the Point-to-Point Protocol (PPP), which is better engineered,

has more features and does not require its IP address configuration to be set before it is established.

PPP

1. The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for transporting IP traffic over point-to-point links.

2. RFC 1548 and RFC 13323. PPP provides a method for transmitting datagrams over serial point-to-point links, which include

the following three components:o A method for encapsulating datagrams over serial linkso An extensible LCP to establish, configure, and test the connectiono A family of NCPs for establishing and configuring different network layer protocols

4. Six fields make up the PPP frame.

5. The PPP LCP provides a method of establishing, configuring, maintaining, and terminating the point-to-point connection

Question No. 4 (7 Marks)

Internet Protocol

Internet Protocols IntroductionThe Internet protocols are the world’s most popular open-system (nonproprietary) protocol suite because they can be used to communicate across any set of interconnected networks and are equally well suited for LAN and WAN communications.

The Internet protocols consist of a suite of communication protocols, of which the two best known are the Transmission-Control Protocol (TCP) and the Internet Protocol (IP).

Internet protocols span the complete range of OSI model layers

IP

General

The purpose of IP is to provide unique global computer addressing to ensure that two computers communicating over the Internet can uniquely identify one another.

The current and most popular network layer protocol in use today is IPv4; IPv4 RFC-791 IPv4 is a data-oriented protocol to be used on a packet switched internetwork. It

is a best effort protocol in that it doesn't guarantee delivery. o It doesn't make any guarantees on the correctness of the data; it may

result in duplicated packets and/or packets out-of-order. These aspects are addressed by an upper layer protocol (e.g., TCP, and partly by UDP).

All TCP, UDP, ICMP data transmitted as IP datagrams. Provides unreliable, connectionless datagram delivery service. Hosts and routers have a routing table used for all routing decisions. Three types of routes :

o Host specific, o network specific and o default routes

The internet protocol implements two basic functions: o addressing and

The internet modules use the addresses carried in the internet header to transmit internet datagrams toward their destinations. The selection of a path for transmission is called routing.

o Fragmentation Fragmentation of an internet datagram is necessary when it

originates in a local net that allows a large packet size and must traverse a local net that limits packets to a smaller size to reach its destination. The internet fragmentation and reassembly procedure needs to be able to break a datagram into an almost arbitrary number of pieces that can be later reassembled.

The internet modules use fields in the internet header to fragment and reassemble internet datagram when necessary for transmission through "small packet" networks..

Figure 5.2. Encapsulation of user data inside an IP packet

IPv4 Address

Every interface on an internet must have a unique Internet Address, (called IP address). These addresses are 32-bit numbers.

IP Packet structure

An IP packet consists of two sections:o Header- The header consists of 13 fields, of which only 12 are required.

The 13th field is optional o Data

* 0-3 4-7 8-15 16-18 19-31

0 VersionHeader Length

Type of service Total Length

32 Identification Flag Fragment offset64 Time to live Protocol Header Checksum96 Source Address

128 Destination Address160 Options

Data

References : http://www.consultants-online.co.za/pub/itap_101/html/ch05s03.html#tcp_ip.sec_3.2 Also, refer the attached PDF

ICMP1. Internet Control Message Protocol (ICMP) is a network-layer Internet protocol 2. The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet

protocol suite. It is chiefly used by networked computers' operating systems to send error messages - indicating, for instance, that a requested service is not available or that a host or router could not be reached

3. Acted on by IP or higher layer TCP, UDP

4. ICMP Messages - ICMPs generate several kinds of useful messages, including a. Destination Unreachable

i. When an ICMP destination-unreachable message is sent by a router, it means that the router is unable to send the package to its final destination. The router then discards the original packet.

ii. Destination-unreachable messages include four basic types: network unreachable, host unreachable, protocol unreachable, and port unreachable

b. Echo Request and Replyi. An ICMP echo-request message, which is generated by the ping command , is

sent by any host to test node reach-ability across an internetwork. The ICMP echo-reply message indicates that the node can be successfully reached.

c. Redirecti. An ICMP Redirect message is sent by the router to the source host to stimulate

more efficient routing.ii. ICMP redirects allow host routing tables to remain small

d. Time Exceededi. An ICMP Time-exceeded message is sent by the router if an IP packet’s Time-to-

Live field (expressed in hops or seconds) reaches zeroe. Router Advertisement and Router Solicitation

i. ICMP Router-Discovery Protocol (IDRP) IDRP uses Router-Advertisement and Router-Solicitation messages to discover the addresses of routers on directly attached subnets.

ii. Each router periodically multicasts Router-Advertisement messages from each of its interfaces. Hosts then discover addresses of routers on directly attached subnets by listening for these messages. Hosts can use Router-Solicitation messages to request immediate advertisements rather than waiting for unsolicited messages.

f. Address Mask Request/ Address Mask Replyi. The ICMP address mask request is intended for a diskless system to obtain its

subnet mask at bootstrap time. The requesting system broadcasts its ICMP request.

g. Timestamp / Timestamp Replyi. The ICMP timestamp request allows a system to query another for the current

time. The recommended value to be returned is the number of milliseconds since midnight, Coordinated Universal Time (UTC).

5. If an ICMP message cannot be delivered, no second one is generated . This is to avoid an endless flood of ICMP messages.

6. ICMP is documented in RFC 792.7. The version of ICMP for Internet Protocol version 4 is also known as ICMPv4, as it is part of IPv48. ICMP differs in purpose from TCP and UDP in that it is usually not used directly by user network

applications. One exception is the ping tool, which sends ICMP Echo Request messages

9. Many commonly-used network utilities are based on ICMP messages.a. The traceroute command - The traceroute command is implemented by transmitting

UDP datagrams with specially set IP TTL header fields, and looking for ICMP Time to live exceeded in transit (above) and "Destination unreachable" messages generated in response.

b. The related ping utility is implemented using the ICMP "Echo request" and "Echo reply" messages.

10. ICMP messages encapsulated within an IP datagram

a. ICMP Address Mask request and reply messages

ARP

1. Address Resolution Protocol (ARP) is a link-layer Internet protocol2. (rfc 826)3. Provides mapping between 32 bit IP address and 48 bit MAC address4. An ARP cache is maintained on each host. ARP cache is maintained to store recent mappings.

Normal expiration time is 20 min5. We can examine the ARP cache with the arp command. The -a option displays all entries in the

cache: % arp-a6. For two machines on a given network to communicate, they must know the other machine’s

physical (or MAC) addresses. By broadcasting Address Resolution Protocols (ARPs), a host can dynamically discover the MAC-layer address corresponding to a particular IP network-layer address. After receiving a MAC-layer address, IP devices create an ARP cache to store the recently acquired IP-to-MAC address mapping, thus avoiding having to broadcast ARPS when they want to recontact a device. If the device does not respond within a specified time frame, the cache entry is flushed.

7. Proxy ARP - Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks. This fools the sender of the ARPrequest into thinking that the router is the destination host, when in fact the destination host is "on the other side" of the router. The routeris acting as a proxy agent for the destination host, relaying packets to it from other hosts.

8.

RARP1. Link Layer Protocol

2. In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-layer addresses to IP addresses. RARP, which is the logical inverse of ARP, might be used by diskless workstations that do not know their IP addresses when they boot. RARP relies on the presence of a RARP server with table entries of MAC-layer-to-IP address mappings.

3. RFC 9034. RARP is used to obtain IP address when bootstrapping5. Packet format same as ARP6. RARP req. is broadcast asking for sender’s IP address, MAC address provided.7. Reply is normally unicast. It is optional in TCP/IP implementation

Test – II Topics

UDP – User Datagram Protocol1. Simple, datagram oriented, transport layer protocol.2. No implicit handshaking dialogues for providing reliability, ordering, or data integrity.3. Provides unreliable service and datagrams may arrive may arrive out of order, appear

duplicated, or go missing without notice.4. Time sensitive applications often use UDP because dropping packets is preferable to waiting for

delayed packets.5. Its stateless nature is also useful for servers answering small queries from huge number of

clients.6. Unlike TCP, UDP is compatible with packet broadcast and multicasting

UDP Data packet format

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Source Port Destination Port

Length Checksum

Data :::

Source Port - 16 bits.The port number of the sender. Cleared to zero if not used.

Destination Port - 16 bits.The port this packet is addressed to.

Length - 16 bits.The length in bytes of the UDP header and the encapsulated data. The minimum value for this field is 8.

Checksum- 16 bits.Computed as the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded as needed with zero bytes at the end to make a multiple of two bytes. If the checksum is cleared to zero, then checksuming is disabled. If the computed checksum is zero, then this field must be set to 0xFFFF.

Data

UDP data to be transmitted.

Application of UDP protocol

1. Domain Name System  (DNS),

2. Streaming media applications such as IPTV, Voice over IP (VoIP)

3. Trivial File Transfer Protocol  (TFTP)

Broadcasting

1. Broadcasting is sending a packet to all the hosts on a network, usually a locally connected network.

2. Broadcasting makes sense in UDP since a single message can be sent multiple recipients.

Different forms of IP broadcast address

1. Limited broadcast2. Net-directed broadcast3. Subnet-directed broadcast4. All-subnet-directed broadcast

Multicasting

Multicast is the delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source creating copies automatically in other network elements, such as routers, only when the topology of the network requires it.

IP multicasting provides 2 services for an application

1. Delivery to multiple destinations. There are many applications that deliver information to multiple recipients; interactive conferencing and dissemination of mail or news to multiple recipients.

2. Solicitation of servers by clients.

Multicast group address

Class D IP address:

1. 4 higher order bits – 11102. 26 lower order bits – Multicast group ID3. They are usually written in the range from 224.0.0.0 to 239.255.255.255

How it works?

1. The sending process specifies the destination IP address that is a multicast address, the device driver has to convert this to the corresponding Ethernet address, and send it.

2. The receiving process must notify the IP layer that it wants to receive the datagrams destined for a multicast address.

3. Then the device driver must somehow enable reception of these multicast frames. This is called ‘Joining the multicast group’. When a multicast datagram is received by a host, it must deliver a copy to all the processes that belong to that multicast group.

Multicast using a UDP datagram

TCP – Transmission Control Protocol

1. TCP provides a connection oriented, reliable, ordered delivery of byte streams from one compute to another.

2. Two end points communication with each other on a TCP connection3. TCP packetizes the user data into segments

4. Sets a timeout any time it sends data5. Acknowledges data received by the other end

TCP services

1. Re-orders out-of-order data2. Discards duplicate data3. Provides end to end flow control4. Calculates and verifies a mandatory end to end checksum5. Application – Telnet, Rlogin, FTP, SMTP

TCP Header

TCP Packet

The TCP header contains a fixed portion which is 20 bytes long, which includes the following information:

1. source port (16 bits)

2. destination port (16 bits)

3. sequence number (32 bits)

4. acknowledgment number (32 bits)

5. window size (16 bits)

6. checksum on the TCP header and the segment data (16 bits)

Connection establishment in TCP

To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a

server, the server must first bind to a port to open it up for connections: this is called a passive open.

Once the passive open is established, a client may initiate an active open. To establish a connection, the

three-way (or 3-step) handshake occurs:

The establishment of a TCP connection takes place with the usage of a 3 way handshaking protocol:

1. The initiator (client) of the session sends a segment with the SYN flag set to the recipient, with a

randomly assigned sequence number J.

2. Upon receipt of the segment, the recipient (server) sends a SYN segment to the initiator with the

ACK number set to the sequence number + 1 (J+1), and sets new sequence number for its own

end, say K.

3. The initiator then sends an ACK of its own in response to the recipient's SYN, with the ACK

number set to the recipient’s sequence number + 1, i.e. K+1.

At this point, both the client and server have received an acknowledgment of the connection.

TCP connection termination

TCP is a full duplex protocol, i.e. data can be sent in both directions independently. Therefore, to fully

close the connection, it has to be terminated in both directions. If one end of the connection sends

segment with the FIN flag set, it means that that end has got no more data to send. However, this end

can still receive data from the other end until the other end has explicitly closed its end of the connection.

This is known as a half-close.

The full termination of a TCP connection takes place with the usage of a 4 way handshake:

1. The client of the close sends a FIN segment to the server.

2. The server sends an ACK of the FIN segment.

3. The server sends a FIN segment of its own to the client.

4. The client responds with an ACK to that FIN segment.

Thus a TCP connection formally ends.

Sliding Window protocol

A protocol used by the TRANSMISSION CONTROL PROTOCOL which sends data into a

network.

The protocol varies the number of packets that are sent out at each transmission depending on

the current network conditions: if the network is heavily loaded then a small number are sent; if

the network is lightly loaded then many more are sent.

The collection of packets sent is known as a WINDOW.

This protocol is occasionally referred to as the SLOW START PROTOCOL.

Responsibilities of sliding window protocol:

1. First role is to enable reliable delivery of packets

a. Timeouts and acknowledgements

2. Second role is to enable in order delivery of packets

a. Receiver doesn’t pass data up to app until it has packets in order

3. Third role is to enable flow control

a. Prevents sender from overflowing receiver’s buffer. This is achieved by receiver telling

the sender about its buffer size during connection set up.

Sliding Window – Sender

1. Assign sequence number to each frame (SeqNum)

2. Maintain three state variables:

a. send window size (SWS)

b. last acknowledgment received (LAR)

c. last frame sent (LFS)

3. Maintain invariant: LFS - LAR <= SWS

4. Advance LAR when ACK arrives

5. Buffer up to SWS frames

Sliding Window – Receiver

1. Maintain three state variables

a. receive window size (RWS)

b. largest frame acceptable (LFA)

c. last frame received (LFR)

2. Maintain invariant: LFA - LFR <= RWS

3. Frame SeqNum arrives:

a. if LFR < SeqNum < = LFA - accept

b. if SeqNum < = LFR or SeqNum > LFA - discarded

4. Send cumulative ACKs – send ACK for largest frame such that all frames less than this have been received

Security - Encryption and Authentication

2 types of encryption methods:

£ SWS

LAR LFS

… …

£ RWS

LFR LFA

… …

1. Substitution cipher2. Transposition cipher

Substitution Cipher

1. Each letter or a group of letters is replaced by another letter or a group of letters to disguise it.

2. A slight generalization of the Caesar cipher allows the cipher text alphabet to be shifted by k letters. In this case K becomes a key to the general method of circularly shifted alphabets.

3. The next improvement is to have each symbol in plain text map to another letter.

E.g. A->M, B ->K, C->X , etc.

Transposition Cipher

1. The cipher re-orders the letter, but doesn’t disguise them. 2. A common transposition cipher is the columnar transposition. The cipher is keyed by entering a

word that doesn’t contain a repeated letter.

E.g. consider the example below.

Plain Text – PLEASETRANSFERAB, Cipher - MEGABUCK

Encrypted Text - AFSETALNESRBPAER

Cryptographic Algorithm Types

Algorithm type defines what size of text should be encrypted in each step of the algorithm.

1. Stream Cipher Encryption happens one bit at a time. Decryption also happens one bit at a time.

2. Block Cipher Encryption happens one block at a time Decryption also happens one block at a time

Cryptographic Algorithm Modes

Algorithm mode defines the details of the cryptographic algorithm.

1. Electronic Code Block (ECB)2. Cipher Block Chaining (CBC)3. Cipher Feedback (CFB)4. Output Feedback (OFB)

Most of the encryption systems belong to 2 categories:

1. Symmetric Key encryptionEach computer has a secret code to encrypt the packet before sending the packet.

2. Public key encryptionThis uses a combination of private and public keys for encryption. A private key is held by a single computer, while the public key is shared with other computers which want to communicate with this computer.

Symmetric Key Systems

DES (Data Encryption Standard)a. It is used to work on symmetric crypto systemsb. It is designed to work with 64 bit blocks of datac. Each block of data is encrypted in 16 rounds.d. Each round uses a 48 bit key for encryptione. Each of the 16 keys are derived from a 56 bit master key

Blowfish Algorithma. It is a symmetric encryption algorithm. It uses the same key for encryption and

decryptionb. It is block cipher, meaning it breaks the given data into specific blocks and then

performs encryption or decryption.c. It is designed to work with 64bit blocks of data. It a data block is not 64 bits in length, it

needs to be padded.d. It is designed to work in a performance - constrained environment like an embedded

system.e. It can take up to 5kb of memory and 12 clock cycles to encrypt a 64 bit data block, on a

32 bit machine.

Problems with public key algorithms:

a. Key distributionb. Preventing theft

New algorithm a. D(E(p)) = pb. It should be difficult to deduce D from Ec. It should not be possible to break E from plain text attack

Asymmetric Key algorithms:

a. 2 separate keys for encryption and decryptionb. One key is publicly distributed while the other is kept secret

Comparison of Symmetric Key algorithm with Asymmetric key algorithm

MD5 – Hash function

SHA – Secure Hash Algorithm

SMTP Protocol

a. Uses TCP connectionsb. Carries about 1k to 2k bytes of messages and also attachmentsc. Users deal with user agentsd. User MTAs (message transfer agent) to transfer mailse. Uses TCP port 25 for communicationf. User agents pass the message to MTA for deliveryg. MTAs communicate with TCP connections

Outline of electronic mail

Telnet Protocol

FTP – File Transfer Protocol

III – Unit Test topics

What is a firewall? Explain 2 types of firewall.A firewall is a secure and trusted machine that sits between a private network and a public network. The firewall machine is configured with a set of rules that determine which network traffic will be allowed to pass and which will be blocked or refused.

2 major classes of firewall design:

What is SSL? How does it work?

The SSL protocol is an internet protocol for secure exchange of information between a web browser and a web server

Provides 2 basic types of services:o Authenticationo Confidentiality

Netscape corporation developed SLL in 1994 SSL comes in 3 versions: 2, 3 and 3.1 SSL can be conceptually considered to be an additional layer in the TCP/IP protocol

stack. The SSL layer is located between the application layer and the transport layer

How SSL works?

SSL has 3 sub protocols: Handshake protocol Record protocol Alert protocol

Handshake protocol:

Phase I:

Phase II:

Phase III:

Phase IV:

The Record protocol:

The alert protocol:

Closing and resuming SSL connection:

What is IPSec?

It is a set of IP extension developed by IETA [Internet Engineering Task Force] to provide security services compatible with the existing IP standard [IPv4].

IPSec can protect any protocol that runs on top of IP for instance UDP, TCP and ICMP.

Goals of IPSec:

Privacy to ensure data confidentiality Integrity to ensure that data has not been tampered with. No one can modify your data

as it flowing by without the legitimate receiver noticing it Authenticity to protect against identity spoofing Robustness to prevent replay attacks

IPSec Security Architecture:

The following are the fundamental components of the IPSec security architecture:

Security protocols – Authentication Header [AH] and Encapsulating Security payload [ESP]

Security Associations – What they are and how they work, how they are managed, associated processing

Key management - Manual and Automatic [Internet key exchange] Algorithms for authentication and encryption

How IPSec works?

IPSec Security Protocols

IPSec uses 2 security protocols namely, Authentication Header [AH] and Encapsulating Security Payload [ESP]

AH provides connectionless integrity, data origin authentication and an optional anti-replay service

ESP provides confidentiality and limited traffic flow. It may also provide integrity, data origin authentication and an anti-replay service

Both AH and ESP are vehicles for access control, based on cryptographic keys and the management of traffic flows relative to these security protocols.

The protocols may be applied individually or in combination to provide security services in IPV4 and IPV6.

It can be used in 2 modes:o Transport mode - Used for protection of upper layer protocolso Tunnel mode – Used for tunneled IP packets as well.

IPSec allows user to control the granularity at which a security service is offered. One can create:

o Single encrypted tunnel to carry all traffic between 2 security gatewayso A separate encrypted tunnel for each TCP connection between each pair of

hosts communicating across these gateways. IPSec management must incorporate facilities to specify:

o Which security service to use and in what combinationo The granularity at which a given security protection should be appliedo The algorithms used to effect cryptographic-based security

Security Associations

A security association is a simplex “connection” that affords security services to the traffic carried by it. Security services are offered to an SA by the use of AH or ESP, but not both.

To secure typical, bi-directional communication between 2 hosts, or between 2 security gateways, 2 security associations are required.

A security association is uniquely identified by:o Security Parameter Index [SPI]o Destination IP addresso A security Protocol Identifier [AH/ESP]

2 types of SAs are defined:o Transport mode

A transport mode SA is a security association between 2 hosts.It appears immediately after the IP header and any options, and before any higher layer protocol like UDP or TCP.

o Tunnel modeA tunnel mode SA is essentially applied to an IP tunnel.Whenever either end of a security association is a security gateway, the SA must be in tunnel mode.Tunnel mode is also applied in cases when there is a security association between a host and a security gateway.

Summary: A host must support both tunnel mode and transport mode A security gateway is required to support only tunnel mode. If it supports

transport mode, then it must be as a host.

SA and Key management IPSec mandates support for both manual and automated SA and cryptographic key

management IPSec protocols, AH and ESP are largely independent of the associated SA

management techniques involved that affect the security services offered by the protocols.

Authentication Header format

Before and after applying AH

Encapsulating Security Payload Format [ESP format]

ESP Before and After

What is IP packet filtering?

IP packet filtering is a mechanism that decides which type of IP datagram packets will be processed normally and which will be discarded.

Stateless packet filtering:

A border router configured to pass or reject packets based on information in the header of each individual packet

It can theoretically be configured to pass/reject based on any field

IP protocol based filteringFiltering based on the IP protocol field allows rejecting of entire protocol suites

o UDPo TCPo ICMPo IGMP

This is almost too general. Hence it’s seldom used

IP address filteringPass/reject packets based on membership in a set of acceptable IP addresses.

Port based filteringMost commonly used technique for filtering IP packets.• can also be thought of as protocol filtering as most ports below 1024 relate to specific high

level protocols• pass all but those specified• reject all but those specified

Fragmentation filtering Fragmentation was added to IP to facilitate passing through a network that only supports

small packet sizes Any router in the path can break a large packet up into smaller pieces

o problem is that the port number is only in the first fragment meaning that filtering on TCP or UDP is lost

Source route filtering

• Source routed packed should never be allowed into your network

• Allows you to specify the path a packet will take through your network

• Strict Source Routing

• Specifies the exact path to be taken

• Loose Source Routing

• Indicates one or more hosts the packet must go through

Stateful packet filtering

• Record the state of all connections flowing through the firewall and use the connection state as the basis for dropping packets

• create an in memory state table for the state of all Network and session layers

• Pass only packets relating to allowed (configured) ports that are currently in the state table.

• Drop entries when the TCP close session happens or after a few minutes, this insures that the table stays “clean” and without holes in it

Location of packet filters:

SNMP – Simple Network Management protocol

SNMP provides a set of operations that can be used to manage IP based network devices.

Network Manager

A network manager is a person responsible for monitoring and controlling the hardware and software systems that comprise an internet.

A manager works to detect and correct a problem within a network which may make the communication impossible or inefficient and also avoid the recurrence of the issue.

Goals of SNMP:

Ubiquity Inclusion of management should be inexpensive Limited functionality Small code New MIBs [Management Information Base] Management should be robust Management extension should be possible Connectionless transport

SNMP Structure

SNMP uses UDP for transport UDP application port numbers are used to identify the origin and the destination end points of a

message Many client applications use available port numbers from a pool and use it. They release them

once they are done with it.

SNMP message Format

PDU [Protocol data units]

PDU Type - Name

0 – get-request

1 – get-next-request

2 – get-response

3 – set-request

4 – Trap

Structure of Management Information [SMI]

SMI operates in SNMP to defines sets of related managed objects in Management Information Base [MIB]

SMI subdivides into 3 parts:

a. Module definitions – Used to describe information modules. MODULE_IDENTITY is used to clearly convey the semantics of an information module.

b. Object definitions – Used to describe the syntax and semantics of a managed object.c. Notification definitions – Used to describe the syntax and semantic of a notifications,

also known as ‘traps’.

MIB [Management Information Base]

Each device maintains one or more variables that describe its state. In SNMP context they are called objects. The collection of all possible objects in a network is given in a data structure called MIB. MIB is a set of named items that an SNMP agent understands. To monitor or control a remote computer, a manager must fetch or store values to MIB

variables.

Interaction between a Manager and an Agent

Routing Table:

In computer networking, a routing table or Routing Information Base (RIB) is a data structure in the form of a table like object.

It is stored in a router or a network computer that lists the routes to particular network destinations.

In some cases it also stores metric associated with those routes. The routing table contains information about the topology of the network immediately around

it. The construction of routing tables is the primary goal of routing protocols. Static routes entries are made into the routing table by non-automatic means which are fixed

rather than being the result of some topology ‘discovery’ procedure. Routing tables are generally not used for packet forwarding, in modern router architectures.

They are instead used to generate the information for a smaller forwarding table which contained only the routes chosen by the routing algorithm as preferred routes for packet forwarding. The routes are often pre-compiled and optimized for hardware storage and lookup.

How it works?

Whenever a node needs to send a data packet to another node on a network, it must know where to send it, first. If the node cannot directly connect to the destination node, it has to send it via other nodes along proper route to the destination node.

Most nodes don’t try to figure out which is the best route to forward the packet. Instead they forward the node will send an IP packet to a gateway in the LAN, which then decides how to route the package of data to the correct destination.

Each gateway will need to keep track of which way to deliver various packages of data, and for this it uses a Routing Table.

With hop-by-hop routing, each routing table lists, for all reachable destinations, the address of the next device along the path to that destination; the next hop.

Assuming the routing tables are consistent, the simple algorithm of relaying packets to their destination’s next hop thus suffices to deliver a packet anywhere in the network.

Contents of a Routing Table

The routing table consists of at least 3 information fields:

d. The Network Id – The destination network ide. Cost – The cost or metric of the path through which the packet is to be sentf. Next Hop – The next hop or gateway is the address of the next station to which the

packet is to be sent on the way to its final destination

Internet Routing

a. OSPF – Open Shortest Path First protocolb. RIP – Routing Internet Protocol

Compare them based on these parameters:

A –Algorithm, M – Maximum Hops S - Subsystem segmentation, M -Metric I – Integrity, C - Complexity A - Acceptance, R - Route options, T – Types of routes

Feature RIP OSPF

Algorithm vector-distance link-state

Maximum Hops

15-16 hops is considered to be infinity, implying that the destination is unreachable

Limited only by size of routing tables within routers

Subsystem Segmentation

Treats the autonomous system as a single subsystem

Breaks the autonomous system into one or more areas with two levels of routing algorithms, intra-area, and inter-area.

Metric destination/hop destination/cost/link identifier

Integrityno authentication in RIP-1, Authentication has been added to RIP-2

Supports Authentication. Several authentication algorithms are available ranging from simple password operations to more complex cryptographic algorithms.

Complexity Relatively Simple - Each router

More Complex. Several more PDUs and exchanges are defined in the protocol. Routing tables are large and include not only destinations, but also a tree representation of local network.

AcceptanceWidely Available, BSD routed supports RIP

newer, published in RFCs

Route Options

Identifies a single route to a destination

Supports multiple routes to a single destination. Facilitates load-balancing traffic distribution

Types of Routes

Host, network. RIP-2 adds the ability to transfer sub-network route entries

Host, network, and subnetwork routes

Commonalities:

Both RIP and OSPF provide a mechanism to identify the failures in adjacent routing node or a link to that node

Both algorithms result in a set of route tables that define the next hop between the routing node and packet destinations.

IPV4 Tunnel

What happens when 2 IPV6 nodes are separated by an IPV4 network? How do they communicate?

By using dual stack routers, a tunnel can be dug across the IPV4 network. Tunnels are dug by encapsulating an IP packet within the payload of another packet. The dual stack router on one end of this communication takes IPV6 packets from the sender,

encapsulates them within IPV4 packets, then forwards the packets across the IPV4 packets, extracts the IPV6 packets inside and forwards the IPV6 packets to their proper destination.

Conversion fromIPV4 to IPV6

RFC 2553 defines new set of sockets API for IPv6 Protocol Independent IPV4, IPV6 or IPVn Core socket function Address data structures: sockaddr_in6, AF_INET6 and in6_addr Name to address translations: getHostByName(), getAddrInfo() Address conversion functions: inet_pton(), inet_ntop()