Download Chapter 2

FIREWALLS & NETWORK SECURITY with
Intrusion Detection and VPNs, 2nd ed.
2
An Introduction to
Networking
By Whitman, Mattord, & Austin
© 2008 Course Technology
Learning Objectives
Upon completion of this chapter, you should be able to:
 Describe the basic elements of computer-based data
communication
 Know the key entities and organizations behind current
networking standards, as well as the purpose of and
intent behind the more widely used standards
 Explain the nature and intent of the OSI reference model
and list and describe each of the model’s seven layers
 Describe the nature of the Internet and the relationship
between the TCP/IP protocol and the Internet
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 2
Networking Fundamentals
 Fundamental exchange of information: sender
communicates message to receiver over some
medium
 Communication only occurs when recipient is
able to receive, process, and comprehend
message
 One-way flow of information is called a channel
 When recipient becomes a sender, for example
by responding to original sender’s message, this
two-way flow is called a circuit
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 3
Networking Fundamentals (continued)
 Any medium may be subject to interference,
called noise, which occurs in variety of forms
– Attenuation: loss of signal strength as signal
moves across media
– Crosstalk: occurs when one transmission
“bleeds” over to another
– Distortion: unintentional variation of
communication over media
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 4
Networking Fundamentals (continued)
 Any medium may be subject to interference,
called noise, which occurs in variety of forms
(continued)
– Echo: reflection of a signal due to equipment
malfunction or poor design
– Impulse: sudden, short-lived increase in signal
frequency or amplitude, also known as a spike
– Jitter: signal modification caused by
malfunctioning equipment
– White noise: unwanted noise due to signal
coming across medium at multiple frequencies
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 5
Reasons to Network
 Data communications: exchange of messages
across a medium
 Networking: interconnection of groups or
systems with purpose of exchanging information
 Some reasons to build a network:
– To exchange information
– To share scarce or expensive resources
– To allow distributed organizations to act as if
centrally located
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 6
Types of Networks
 Networks can be categorized by:
– Components: peer-to-peer (P2P), server-based,
distributed multi-server
– Size: local area network (LAN), metropolitan area
network (MAN), wide area network (WAN)
– Layout or topology: physical (ring, bus, star,
hierarchy, mesh, hybrid), logical (bus, star)
– Media: guided (wired), unguided (wireless)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 7
Network Standards
 Among the agencies that work on data
communications standards are:
–
–
–
–
–
Internet Society (ISOC)
Internet Assigned Numbers Authority (IANA)
American National Standards Institute (ANSI)
International Telecommunication Union (ITU)
Institute of Electrical and Electronics Engineers
(IEEE)
– Telecommunications Industry Association (TIA)
– International Organization for Standardization
(ISO)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 8
OSI Reference Model and Security
 OSI reference model allocates functions of
network communications into seven distinct
layers, each with its own functions and protocols
 Premise of model is information sent from one
host is translated and encoded through various
layers, from Application layer to Physical layer
 Physical layer initiates transmission to receiver
 Receiver translates and decodes message by
processing information through each layer in
reverse order
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 9
The Physical Layer
 The primary function of the Physical layer is to
place the transmission signal carrying the
message onto the communications media—that
is, to put “bits on a wire”
 The functions of the Physical layer are:
– Establish and terminate the physical and logical
connection to the media
– Manage the flow and communication on the
media
– Embed the message onto the signal carried
across the physical media
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 10
Network Media
 Dominant media types and standards include:
–
–
–
–
–
–
Coaxial cable
Fiber-Optic cable
Twisted-pair wire
Wireless LAN
Bluetooth
Infrared
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 11
Embedding the Message
 Method used to embed message on signal
depends on type of message and type of signal
 Two types of message (or information):
– Analog information: continuously varying source
(such as voice communications)
– Digital information: discrete, between a few
values (such as computer communications)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 12
Embedding the Message (continued)
 Multiplexing combines several circuits to create
high-bandwidth stream to carry multiple signals
long distances
 Three dominant multiplexing methods are:
– Frequency division multiplexing (FDM): combines
voice channels
– Time division multiplexing (TDM): assigns a time
block to each client
– Wave division multiplexing (WDM): uses different
frequencies of light so multiple signals can travel
on same fiber-optic cable
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 13
Managing Communication
 Bit (or signal) flow conducted in several ways:
– Simplex transmissions: flow one way through a
medium
– Half-duplex transmissions: flow either way, but in
only one direction at a time
– Full-duplex transmissions: can flow both ways at
the same time
– Serial transmissions: flow one bit at a time down
a single communications channel
– Parallel transmissions: flow multiple bits at a time
down multiple channels
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 14
Managing Communication (continued)
 Asynchronous (or timing-independent)
– Formulate data flow so each byte or character
has its own start and stop bit
– Used in older modem-based data transfers to
send individual characters between systems
 Synchronous (or timing-dependent)
– Use computer clocking to transmit data in
continuous stream between two systems
– Clock synchronization makes it possible for end
nodes to identify start and end of data flow
– This protocol is much more efficient
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 15
Data Link Layer
 Primary networking support layer
 Referred to as first “subnet” layer because it
provides addressing, packetizing, media access
control, error control, and some flow control for
local network
 In LANs, it handles client-to-client and client-toserver communications
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 16
Data Link Layer (continued)
 DLL is further divided into two sublayers:
– Logical Link Control (LLC) sublayer
• Primarily designed to support multiplexing and
demultiplexing protocols transmitted over MAC
layer
• Also provides flow control and error detection and
retransmission
– Media Access Control (MAC) sublayer
• Designed to manage access to communications
media—in other words, to regulate which clients
are allowed to transmit and when
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 17
DLL Protocols
 Dominant protocol for local area networking is
Ethernet for wired networks and Wi-Fi for
wireless networks
 Other DLL LAN protocols include:
–
–
–
–
–
Token ring
Fiber Distributed Data Interface (FDDI)
Point-to-Point Protocol (PPP)
Point-to-Point Tunneling Protocol (PPTP)
Layer Two Tunneling Protocol (L2TP)
 WANs typically use ATM and frame relay
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 18
Forming Packets and Addressing
 First responsibility of DLL is converting Network
layer packet into DLL frame
 DLL adds not only a header but also a trailer
 When necessary, packet is fragmented into
frames, with corresponding information
embedded into each frame header
 Addressing is accomplished with a number
embedded in network interface card (NIC)
 This MAC address allows packets to be
delivered to an endpoint; typically shown in
hexadecimal format (e.g., 00-00-A3-6A-B2-1A)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 19
Media Access Control
 A primary function of DLL is controlling flow of
traffic—that is, determining which station is
allowed to transmit when
 Two general approaches:
– Control
– Contention
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 20
Media Access Control (continued)
 Control (deterministic)
– Well-regulated network: traffic transmitted in
orderly fashion, maintaining optimal data rate
– Facilitate priority system: key clients or servers
can be polled more frequently than others
 Contention (stochastic)
– Clients listen to determine if channel is free and
then transmit
– Must have mechanisms to deal with collisions
– Collision avoidance vs. collision detection
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 21
Switches and Bridges
 Specific technologies used to connect networks
at Data Link layer
 While hub connects networks at Physical layer,
connecting two networks with hub results in one
large network (or collision domain)
 Connection via Layer 2 switch, capable of
bridging, maintains separate collision domains
 Bridging: process of connecting networks with
DLL protocols while maintaining integrity of
each network, only passing messages that need
to be transmitted between the two
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 22
Network Layer and Packetizing
 Network layer is primary layer for
communications between networks
 Three key functions:
– Packetizing
– Addressing
– Routing
 During packetizing, Network layer takes
segments sent from Transport layer and
organizes them into packets for transmission
across a network
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 23
Addressing
 Network layer uses network-layer address to
uniquely identify destination across multiple
networks
 Typical address consists of the network ID and
the host ID
 In TCP/IP, IP address is network-layer address
 IP address contains source and destination IP
address along with additional packet information
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 24
Addressing (continued)
 Addresses maintained and issued by Internet
Assigned Numbers Authority (IANA)
 In early years, addresses distributed as follows:
– Class A: consists of primary octet (the netid) with
three octets providing host ID portion; allows up
to 16,777,214 hosts on network
– Class B: consists of two octets in netid with two
octets providing 65534 host IDs
– Class C: consists of three octets in netid with one
octet providing 254 host IDs
– Class D and Class E addresses are reserved
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 25
Addressing (continued)
 This address assignment method proves
inefficient
 Internet moving to new version of IP, IPv6,
which uses 128-bit address instead of 32-bit
 Increases available addresses by factor of 2128
 Network Address Translation (NAT): uses
device, like a router, to segregate external
Internet from internal network
 Device maps organizational addresses to
different addresses inside the intranet
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 26
Routing
 Moving Network layer packets across networks
 Routing protocols include static and dynamic
 Internal routing protocols:
– Used inside autonomous system (AS)
– Distance-vector routing protocols and link-state
routing protocols
 External routing protocols:
– Communicate between autonomous systems
– Translate different internal routing protocols
– Border Gateway Protocol (BGP)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 27
Transport Layer
 Primary function of Transport layer is to provide
reliable end-to-end transfer of data between
user applications
 Lower layers focus on networking and
connectivity while upper layers, beginning with
Transport layer, focus on application-specific
services
 Transport layer also responsible for end-to-end
error control, flow control, and several other
functions
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 28
Error Control
 Process of handling problems with transfer
process, which may result in modified or
corrupted segments
 Broken into two components: error detection
and error correction
 Errors are typically single-bit or multiple-bit
 Bit errors are most likely the result of noise
interference
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 29
Error Control (continued)
 Errors detected using one of several schemes:
– Repetition: data transmitted redundantly
– Parity: “check bits” at end of each byte of data
– Redundancy: parity calculated for blocks of data
rather than individual byte (LRC, VRC, CRC)
 Errors typically corrected by retransmission of
damaged segment
 Dominant error correction techniques are
automatic repeat requests (ARQs)
 Three most common ARQs are Stop-And-Wait,
Go-Back-N, and Selective Repeat
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 30
Flow Control
 Purpose is to prevent receiver from being
overwhelmed with segments, preventing
effective processing of each received segment
 Some error correction techniques have built-in
flow control
 Dominant technique is sliding window protocol,
which provides mechanism by which receiver
can specify number of segments (or bytes) it
can receive before sender must wait
 Receiver enlarges or reduces window size as
necessary
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 31
Other Functions of the Transport Layer
 Assignment of ports, which identify the service
requested by a user
 Combination of Network layer address and port
is referred to as a socket
 Tunneling protocols also work at Transport layer
 These protocols work with Data Link layer
protocols to provide secure connections
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 32
Session Layer
 Responsible for establishing, maintaining, and
terminating communications sessions between
two systems
 Regulates whether communications are simplex
(one way only), half-duplex (one way at a time),
or full-duplex (bidirectional)
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 33
Presentation Layer
 Responsible for data translation and encryption
functions
 For example, if one system is using standard
ASCII and another is using EBCDIC, the
Presentation layer performs the translation
 Encryption can also be part of operations
performed at this level
 Presentation layer encapsulates Application
layer messages prior to passing them down to
Transport layer
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 34
Application Layer
 At Application layer, user is provided with a
number of services, most aptly called
application protocols
 TCP/IP protocol suite includes applications such
as e-mail (SMTP and POP), World Wide Web
(HTTP and HTTPS), file transfer (FTP and
SFTP), and others
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 35
The Internet and TCP/IP
 The Internet incorporates millions of small,
independent networks, connected by most of
the major common carriers
 Most services we associate with the Internet are
based on Application layer protocols
 The Internet is a physical set of networks, while
the World Wide Web (WWW) is a set of
applications that run on top of the Internet
 Web uses domain name-based Uniform
Resource Identifiers (URIs), Uniform Resource
Locator (URL) being best-known type
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 36
TCP/IP
 TCP/IP actually suite of protocols used to
facilitate communications across the Internet
 Developed before OSI reference model, it is
similar in concept but different in detail
 TCP/IP model is less formal than OSI reference
model
 Each of the four layers of TCP/IP model
represents a section of one or more layers of
OSI model
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 37
Application Layer
 TCP/IP Application layer consists of utility
protocols that provide value to end user
 Data from users and utilities are passed down to
Transport layer for processing
 Wide variety of Application layer protocols that
support Internet users: SMTP, POP for e-mail,
FTP for data transfer, HTTP for Web content
 Application layers on each host interact directly
with corresponding applications on other hosts
to provide requisite communications support
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 38
Transport Layer
 Responsible for transferring of messages,
including resolution of errors, managing
necessary fragmentation, and control of
message flow, regardless of underlying network
 Connection or connectionless messages
 Connects applications through use of ports
 Lowest layer of TCP/IP stack to offer any form
of reliability
 TCP: connected, reliable protocol
 UDP: connectionless, unreliable protocol
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 39
Internetwork Layer
 Handles moving packets in a single network
 Examples of protocols are X.25 and
ARPANET’s Host/IMP Protocol
 Internet Protocol (IP) performs task of moving
packets from source host to destination host
 IP carries data for many different upper-layer
protocols
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 40
Internetwork Layer (continued)
 Some protocols carried by IP function on top of
IP but perform other Internetwork layer functions
 All routing protocols are also part of Network
layer
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 41
Subnet Layers
 TCP/IP Subnet layers include Data Link and
Physical layers
 TCP/IP relies on whatever native network
subnet layers are present
 For example, if user’s network is Ethernet then
IP packets are encapsulated into Ethernet
frames
 No specification for Data Link layer or Physical
layer
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 42
Chapter Summary
 Fundamental exchange of information: sender
communicates message to receiver over some
medium
 Communication only occurs when recipient is
able to receive, process, and comprehend
message
 Any medium may be subject to interference:
attenuation, crosstalk, distortion, echo, impulse,
jitter, white noise
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 43
Chapter Summary (continued)
 Some reasons to build a network:
– To exchange information
– To share scarce or expensive resources
– To allow distributed organizations to act as if
centrally located
 Networks can be categorized by: components,
size, layout or topology, media
 OSI reference model allocates functions of
network communications into seven distinct
layers, each with its own functions and protocols
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 44
Chapter Summary (continued)
 OSI reference model layers:
– Physical: puts transmissions onto media
– Data Link: primary networking support layer
– Network: primary layer for communications
between networks
– Transport: provides reliable end-to-end transfer
of data between user applications
– Session: establishes, maintains, terminates
communications sessions between two systems
– Presentation: data translation and encryption
– Application: provides application protocols
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 45
Chapter Summary (continued)
 Each of four layers of TCP/IP model represents
a section of one or more layers of OSI model
– Application: consists of utility protocols that
provide value to end user
– Transport: responsible for transferring messages,
regardless of underlying network
– Internetwork: handles moving packets in a single
network
– Subnet: includes Data Link and Physical layers,
relying on whatever native network subnet layers
are present for signal transmission
Firewalls & Network Security, 2nd ed. - Chapter 2
Slide 46