Telecommunications & Network Security Part 1. Open System Interconnect Model OSI OSI Application (7)...
-
Upload
julius-griffith -
Category
Documents
-
view
220 -
download
0
Transcript of Telecommunications & Network Security Part 1. Open System Interconnect Model OSI OSI Application (7)...
Telecommunications & Telecommunications & Network SecurityNetwork Security
Part 1Part 1
Open System Interconnect ModelOpen System Interconnect Model
OSIOSI
Application (7)Application (7)
Presentation (6)Presentation (6)
Session (5)Session (5)
Transport (4)Transport (4)
Network (3)Network (3)
Data link (2)Data link (2)
Physical (1)Physical (1)
TCP/IPTCP/IP
ApplicationApplication
Host-to-HostHost-to-Host
InternetInternet
Network AccessNetwork Access
Application Layer (Layer 7)Application Layer (Layer 7)
Protocols (standard rules) that support Protocols (standard rules) that support applications are defines at this layerapplications are defines at this layerSimple Mail Transport Protocol (SMTP)Simple Mail Transport Protocol (SMTP)Post Office Protocol 3 (POP3)Post Office Protocol 3 (POP3)Hypertext Transfer Protocol (HTTP)Hypertext Transfer Protocol (HTTP)File Transfer Protocol (FTP)File Transfer Protocol (FTP)TelnetTelnetTrivial File Transfer Protocol (TFTP)Trivial File Transfer Protocol (TFTP)
Layers 6-5Layers 6-5
Presentation Layer (6)Presentation Layer (6) Representation standards defined at this layer (GIF, Representation standards defined at this layer (GIF,
JPEG, ASCII, EBCDIC, compression, encryption)JPEG, ASCII, EBCDIC, compression, encryption) Format conversions occur at this layerFormat conversions occur at this layer
Session Layer (5)Session Layer (5) Sessions between computers coordinated at this layer Sessions between computers coordinated at this layer
(Connection establishment, data transfer, connection (Connection establishment, data transfer, connection release)release)
Simplex – one direction communicationSimplex – one direction communicationHalf-duplex – communication in both directions, one at a timeHalf-duplex – communication in both directions, one at a timeFull-duplex – communication in both directions Full-duplex – communication in both directions simultaneouslysimultaneously
Secure Sockets Layer (SSL), Remote Procedure Call Secure Sockets Layer (SSL), Remote Procedure Call (RPC), Structured Query Language (SQL) work at this (RPC), Structured Query Language (SQL) work at this layerlayer
Transport Layer (Layer 4)Transport Layer (Layer 4)
End to end communication protocols occur End to end communication protocols occur at this layerat this layer
Error detection and correction, flow Error detection and correction, flow control, packet retransmission occur at this control, packet retransmission occur at this layerlayer
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)User Datagram Protocol (UDP)
Sequenced Packet Exchange (SPX)Sequenced Packet Exchange (SPX)
Network Layer (Layer 3)Network Layer (Layer 3)
Responsible for delivering packets from end to Responsible for delivering packets from end to endendDoes Does notnot insure packets are delivered insure packets are deliveredRouters work at this layerRouters work at this layerInternetworking Protocol (IP)Internetworking Protocol (IP)Internet Control Message Protocol (ICMP)Internet Control Message Protocol (ICMP)Routing Information Protocol (RIP)Routing Information Protocol (RIP)Open Shortest Path First (OSPF)Open Shortest Path First (OSPF)Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Data Link Layer (Layer 2)Data Link Layer (Layer 2)
Responsible for point to point delivery of packetsResponsible for point to point delivery of packetsDefines format of data frameDefines format of data frameHubs and switches work at this layerHubs and switches work at this layerEthernet, Gigabit Ethernet (IEEE 802.3)Ethernet, Gigabit Ethernet (IEEE 802.3)Token Ring (IEEE 802.5)Token Ring (IEEE 802.5)Asynchronous Transfer Mode (ATM)Asynchronous Transfer Mode (ATM)Point-to-Point Protocol (PPP)Point-to-Point Protocol (PPP)Integrated Services Digital Network (ISDN)Integrated Services Digital Network (ISDN)Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)
Physical Layer (Layer 1)Physical Layer (Layer 1)
Defines how bits are converted to voltages Defines how bits are converted to voltages or soundsor sounds
Defines signal to noise ratios for various Defines signal to noise ratios for various types of cables, laser wavelength use for types of cables, laser wavelength use for fiber optic cablefiber optic cable
TCP/IP – Structure TerminologyTCP/IP – Structure Terminology
Data (L5-7, application layer) meant to be sent Data (L5-7, application layer) meant to be sent across a TCP/IP network is called a across a TCP/IP network is called a message. message. Message is passed toMessage is passed to transport layer (L4), TCP transport layer (L4), TCP or UDP header added, and now is called a or UDP header added, and now is called a segmentsegment..Network layer (L3) adds routing and addressing Network layer (L3) adds routing and addressing to message. Packet is now called a to message. Packet is now called a datagramdatagram..Data link layer (L2) adds header and trailer, now Data link layer (L2) adds header and trailer, now called called frameframe..At every point, the data can be called a packet.At every point, the data can be called a packet.
IP AddressesIP Addresses
Current IP addresses are IPv4, 32 bitsCurrent IP addresses are IPv4, 32 bits Called dotted quad notationCalled dotted quad notation Contain a network and host numberContain a network and host number x.x.x.x, x = 0 - 255x.x.x.x, x = 0 - 255 Was traditionally divided into classes (class A, class B, class C) Was traditionally divided into classes (class A, class B, class C)
and subnets indicated by the and subnets indicated by the netmasknetmask Classless Inter-Domain Routing (CIDR) notation has replaced Classless Inter-Domain Routing (CIDR) notation has replaced
classed notation. classed notation. Refers to how many bits make up the network portion of the addressRefers to how many bits make up the network portion of the addressClass C = /24 (254 usable hosts)Class C = /24 (254 usable hosts)/27 = 1/8 of a Class C (30 usable hosts)/27 = 1/8 of a Class C (30 usable hosts)
Future Internet2 addressing will be IPv6, 128 bits, and Future Internet2 addressing will be IPv6, 128 bits, and includes built in security and QOSincludes built in security and QOS
LAN TechnologyLAN Technology
Local Area Network media addresses Local Area Network media addresses needs of small distances. needs of small distances.
Wide Area Network (WAN) media Wide Area Network (WAN) media addresses needs of large distances. addresses needs of large distances.
WANs are always formed when LANs are WANs are always formed when LANs are connected by routers.connected by routers.
LAN TerminologyLAN Terminology
UnicastUnicast Packet is sent from one station to anotherPacket is sent from one station to another
MulticastMulticast Packet is sent from one station to several specific Packet is sent from one station to several specific
stationsstations
BroadcastBroadcast Packet is sent from one station to all other computers Packet is sent from one station to all other computers
on a segment, regardless of collision domainon a segment, regardless of collision domain
SegmentSegment Division in a network, separated by a routerDivision in a network, separated by a router
TCP/IP – TCP ProtocolTCP/IP – TCP Protocol
Connection oriented protocolConnection oriented protocol
Ensures delivery of packets using packet Ensures delivery of packets using packet acknowledgement and retransmissionacknowledgement and retransmission
Ensures sequencing of packetsEnsures sequencing of packets
Provides flow and congestion controlProvides flow and congestion control
Provides error detection and correctionProvides error detection and correction
High overhead, high reliabilityHigh overhead, high reliability
TCP packets include TCP packets include code bitscode bits in header in header URG – Urgent PointerURG – Urgent Pointer ACK – Acknowledgement of earlier ACK – Acknowledgement of earlier
transmissiontransmission PSH – Push Function, used to flush dataPSH – Push Function, used to flush data RST – Indicates connection should be resetRST – Indicates connection should be reset SYN – Indicates system should sync SYN – Indicates system should sync
sequence number for session, packet must sequence number for session, packet must include Initial Sequence Number (ISN)include Initial Sequence Number (ISN)
FIN – Indicate session is finished and should FIN – Indicate session is finished and should be torn downbe torn down
Normal session begins with 3 way Normal session begins with 3 way handshakehandshake
3-Way Handshake3-Way Handshake
System APort 1234
System BPort 80
SYN with ISNA
ACK ISNA & SYN with ISNB
ACK ISNB
Communication Session
TCP is port oriented to separate multiple TCP is port oriented to separate multiple TCP sessionsTCP sessions
Source computer includes source IP Source computer includes source IP address and random port number (>1023)address and random port number (>1023)
Destination includes destination IP Destination includes destination IP address and address and well known port number well known port number (generally <1024)(generally <1024)
Protocols using TCP include FTP (port Protocols using TCP include FTP (port 21), SMTP (port 25), POP3 (port 110), 21), SMTP (port 25), POP3 (port 110), HTTP (port 80)HTTP (port 80)
TCP/IP – UDP ProtocolTCP/IP – UDP Protocol
Connectionless, best-effortConnectionless, best-effort
No packet sequencingNo packet sequencing
No flow or congestion controlNo flow or congestion control
No acknowledgment of packetsNo acknowledgment of packets
Used when reliability is not important, such as Used when reliability is not important, such as streaming audio or videostreaming audio or video
Much lower overheadMuch lower overhead
Much harder for firewalls to police and controlMuch harder for firewalls to police and control
ARPARP
Address Resolution ProtocolAddress Resolution ProtocolAll network cards have a Media Access Control (MAC) All network cards have a Media Access Control (MAC) addressaddress
Unique 24 bit number made up of manufacturer code and serial Unique 24 bit number made up of manufacturer code and serial numbernumber
Used to create cross-reference between MAC addresses Used to create cross-reference between MAC addresses and IP addresses at data link layer (L2)and IP addresses at data link layer (L2)Station sends out an ARP broadcast containing an IP Station sends out an ARP broadcast containing an IP address, only the match responds address, only the match responds Responses have a lifetime and are refreshed after Responses have a lifetime and are refreshed after expirationexpirationARP Table Poisoning attacks used to reroute trafficARP Table Poisoning attacks used to reroute traffic
ICMPICMP
Internet Control Message ProtocolInternet Control Message Protocol
Basic network layer (L3) messenger Basic network layer (L3) messenger protocolprotocol
Low priorityLow priority
PingPing Test communication between two stationsTest communication between two stations
TracerouteTraceroute Traces each hop between two stationsTraces each hop between two stations
EthernetEthernet
10 Mbps10 Mbps 10base2, uses thin coaxial cable10base2, uses thin coaxial cable 10base5, uses thick coaxial cable10base5, uses thick coaxial cable 10base-T, uses category 3 or greater unshielded 10base-T, uses category 3 or greater unshielded
twisted pair (UTP) cabletwisted pair (UTP) cable
100 Mbps, Fast Ethernet100 Mbps, Fast Ethernet 100base-TX, uses cat 5 or greater UTP100base-TX, uses cat 5 or greater UTP
1000 Mbps (1 Gbps), Gigabit Ethernet1000 Mbps (1 Gbps), Gigabit Ethernet 1000base-T, uses cat 5e or 7 UTP (depending on 1000base-T, uses cat 5e or 7 UTP (depending on
manufacturer)manufacturer) 1000base-SX, uses fiber optic cable1000base-SX, uses fiber optic cable
Uses CSMA/CD cable access methodUses CSMA/CD cable access method Carrier Sense Multiple Access with Collision Carrier Sense Multiple Access with Collision
DetectionDetection Monitors carrier activity on wire, transmits Monitors carrier activity on wire, transmits
during absence of carrierduring absence of carrier If two stations simultaneously transmit, If two stations simultaneously transmit,
collisioncollision occurs occurs In case of collision, both stations stop In case of collision, both stations stop
transmitting for a random amount of timetransmitting for a random amount of time Although some collisions are normal, high Although some collisions are normal, high
levels are detrimental to performancelevels are detrimental to performance Collisions are controlled by creating Collisions are controlled by creating collision collision
domainsdomains using bridges, switches, routers using bridges, switches, routers Collision domains also limit sniffer usageCollision domains also limit sniffer usage
Other LAN TechnologiesOther LAN Technologies
Token RingToken Ring 4 – 17 Mbps4 – 17 Mbps Similar to 10baseT EthernetSimilar to 10baseT Ethernet
Fiber Distributed Data Interface (FDDI)Fiber Distributed Data Interface (FDDI) 100 Mbps over fiber optic cable100 Mbps over fiber optic cable Works over 2 counter rotating rings for fault toleranceWorks over 2 counter rotating rings for fault tolerance
ATMATM Primarily a WAN technology, but is sometimes used Primarily a WAN technology, but is sometimes used
in LANsin LANs Can guarantee specific bandwidth to usersCan guarantee specific bandwidth to users Speeds up to 2.5 GbpsSpeeds up to 2.5 Gbps
Cable TypesCable Types
CoaxialCoaxial
Unshielded or Shielded Twisted PairUnshielded or Shielded Twisted Pair Noise – interference caused by electrical devicesNoise – interference caused by electrical devices Attenuation – loss of signal over distanceAttenuation – loss of signal over distance Crosstalk – signal on one wire spills to otherCrosstalk – signal on one wire spills to other
Fiber Optic CableFiber Optic Cable Considered most secure as it can not be easily Considered most secure as it can not be easily
tappedtapped Attenuation is a problem over very long distances or Attenuation is a problem over very long distances or
with many fiber cutswith many fiber cuts
Physical LAN/WAN TopologiesPhysical LAN/WAN Topologies
BusBus Used in 10base2 and 10base5 EthernetsUsed in 10base2 and 10base5 Ethernets
StarStar Used in 10baseT EthernetsUsed in 10baseT Ethernets
TreeTree
RingRing
MeshMesh
Networking DevicesNetworking Devices
RepeatersRepeaters Physical layer (L1) devicePhysical layer (L1) device Used to amplify signalsUsed to amplify signals Dumb device makes no decisionsDumb device makes no decisions
HubHub Multiport repeaterMultiport repeater
BridgesBridges Data link layer (L2) deviceData link layer (L2) device Intelligent repeater which answers ARP requests, Intelligent repeater which answers ARP requests,
forwards broadcasts, puts packet on proper segmentforwards broadcasts, puts packet on proper segment Makes decisions based on MAC addressesMakes decisions based on MAC addresses
SwitchSwitch Multiport bridgeMultiport bridge Data link layer (L2) switchData link layer (L2) switch
Basic inexpensive switch that simply bridges Basic inexpensive switch that simply bridges packets based on MAC addressespackets based on MAC addresses
Network layer (L3) switchNetwork layer (L3) switchAdds the ability to make decisions based on IP Adds the ability to make decisions based on IP addressesaddressesIP based packet forwarding and ACLsIP based packet forwarding and ACLsMuch faster than a routerMuch faster than a routerCan prioritize traffic – Quality of Service (QoS)Can prioritize traffic – Quality of Service (QoS)
Transport layer (L4) switchTransport layer (L4) switchAdds the ability to make decisions based on Adds the ability to make decisions based on content like Web addresscontent like Web address
Virtual LANs (VLANs)Virtual LANs (VLANs) Used to virtually segment switched networksUsed to virtually segment switched networks Separates LAN devices into broadcast Separates LAN devices into broadcast
domainsdomains Provides security since packets are not sent Provides security since packets are not sent
to ports not assigned to a particular VLANto ports not assigned to a particular VLAN
RouterRouter Network layer (L3) deviceNetwork layer (L3) device Makes decisions based on IP addressesMakes decisions based on IP addresses Uses a routing table to decide where to send Uses a routing table to decide where to send
packetspacketsRouting tables populated using dynamic routing Routing tables populated using dynamic routing protocols like BGP, RIP, or OSPF or static entriesprotocols like BGP, RIP, or OSPF or static entries
Autonomous System Numbers (ASN) differentiate Autonomous System Numbers (ASN) differentiate between different routing domainsbetween different routing domains
ACLs used to filter packets based on IP ACLs used to filter packets based on IP addresses, source or destination ports, addresses, source or destination ports, protocolprotocol
Homework Project 2Homework Project 2
Locate and review the various existing Locate and review the various existing YSU computer Acceptable Use Policies YSU computer Acceptable Use Policies (AUP)(AUP)
Create a more complete YSU-wide AUP Create a more complete YSU-wide AUP that takes into account all the current that takes into account all the current computer security threatscomputer security threats
Describe how students and faculty can be Describe how students and faculty can be made more aware of the AUPmade more aware of the AUP