* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PowerPoint File - Regis University: Academic Web Server for Faculty
Survey
Document related concepts
Net neutrality law wikipedia , lookup
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Internet protocol suite wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Transcript
CS 468: Advanced UNIX Class 7 Dr. Jesús Borrego Regis University 1 scis.regis.edu ● [email protected] Topics • IA Lab visit was scheduled for last week; rescheduled for next week • Review of Homework 5 • Networking • Homework 6 • Review for final • Q&A 2 Networking • • • • • • • • 3 Computers connecting to other computers Computers connecting to the Internet Network Topologies Network Devices Internetworking Communicating with Users Data distribution NFS Communication model Source Transmitter Transmission System Communications Infrastructure Receiver Destination 4 OSI Model Application Presentation Session Transport Network Data Link Physical 5 Internet Protocol Stack Application Transport Network/ Internet Data Link Control Physical 6 OSI vs. IP Application Presentation Application Session Transport Network Data Link Physical 7 Transport Network/ Internet Data Link Control Physical Ethernet 100 Mbps Ethernet switch institutional router to institution’s ISP 100 Mbps 1 Gbps 100 Mbps typically server used in companies, universities, etc ▫ 10 Mbps, 100Mbps, 1Gbps, 10Gbps Ethernet ▫ today, end systems typically connect into Ethernet switch 8 Bridges • Connects separate networks ▫ One Ethernet network to another one ▫ “Bridges” two network segments together ▫ Makes it appear as if the two segments were a single one • Wire length is limited due to degradation of signal • Bridges allow extension of physical limitation of wire 9 Routers • Bridges cannot accommodate large networks • Routers connect two or more networks ▫ “Routes” incoming messages to appropriate network • Can be used to connect a LAN to an ISP (Internet Service Provider) • Can be used to link the different networks in the global Internet 10 Gateway • Used to connect remote LANs to a WAN (Wide Area Network) 11 Topologies Typical LAN topologies include: • Bus ▫ Single link for all computers • Ring (Token) ▫ Each computer connected to at least 2 other computers • Star ▫ Central server 12 Internetworking – Packet Switching 100 Mb/s Ethernet A B statistical multiplexing 1.5 Mb/s queue of packets waiting for output link D sequence C E of A & B packets has no fixed timing pattern Time Division Multiplexing (TDM) 13 Internet Address IPv4 – 4 Octets • Class A: 0*.*.*.* (two reserved, all 0’s and all 1’s) • Class B: 10*.*.*.* • Class C: 110*.*.*.* • Class D: 111*.*.*.* • Class E: 1111*.*.*.* Many subnet calculators available online 14 Ports and common services 15 Users in your system • • • • • • • • 16 users – local host users rusers - users on local network who – more info than users rwho – more info than rusers w – more information than who whois – information about major internet sites hostname – displays local host name finger – lists information about a user Finger utility 17 User communication on a network • write – send individual lines to user • talk – interactive split screen two-way chat • wall – send messages to all users on local host • mail – send email messages • mesg – disables incoming messages to your terminal 18 File transfer on network • Rcp (remote copy) – copy files from one host to another • uucp (unix-to-unix copy) – like rcp, copies files between two hosts • ftp (file transfer protocol/program) – copy files between local host and other hosts • Commands for ftp: UPU page 338 19 Distributed access commands • rlogin – provides login to remote servers • rsh – execute shell commands on remote Unix hosts • telnet – executes commands on remote telnet hosts 20 Network File System (NFS) • Public domain specification developed by Sun Microsystems • Allows you to mount several local file systems into a single network file hierarchy • Provides remote mount capability • Uses RPC to mount a file system on remote machine 21 Internet control • ICANN – Internet Corporation for Assigned Names and Numbers – allocates names and domains • ISOC – Internet Society – represents Internet users, technical advisory society • IGF – Internet Governance Forum, global forum established by the United Nations in 2005 23 Network Standards RFC: Request for Comments • RFC 114/959: A File Transfer Protocol • RFC 791: Internet Protocol • RFC 793: Transmission Control Protocol • RFC 1945: Hypertext Transfer Protocol HTTP 1.0 • RFC 2251: Lightweight Directory Access Protocol • RFC 2460: Internet Protocol v6 (IPv6) • RFC 4251: Secure Shell (SSH) Protocol Architecture 24 Internet Protocols 26 Internet Protocols BGP - Border Gateway Protocol FTP - File Transfer Protocol HTTP - Hypertext Transfer Protocol ICMP - Internet Control Message Protocol IGMP - Internet Group Management Protocol IP - Internet Protocol MIME - Multipurpose Internet Mail Extension Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall. 27 Internet Protocols (Cont’d) OSPF – Open Shortest Path First RSVP – Resource ReSerVation Protocol SMTP – Simple Mail Transfer Protocol SNMP – Simple Network Management Protocol TCP – Transmission Control Protocol UDP – User Datagram Protocol Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall. 28 Sample Flow Application Presentation Session Transport Server Network Data Link Physical 31 Data Data Data Data Data Data Data Data Data Application Presentation Data Session Data Server Transport Data Network Data Data Link Data Physical IPv4 32 IPv6 33 Internet Addressing • Media Access Control (MAC): used by hardware • IPv4 and IPv6 used by software to determine source, destination, and component location (NIC, not computers) • Hostnames used by people • Data link layer maps IPs to hardware • Hostnames can map names to IPs 34 Sample subnet calculator Source: http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php 35 CIDR Classless Inter-Domain Routing • Netmasks that do not end in a byte boundary • Each byte has 8 bits • To subnet 128.138.243.0 with 26 bits – not a byte boundary (8, 16, 24), we use the convention 128.138.243.0/26 37 26 bits 6 bits CIDR Calculator Source: http://www.subnet-calculator.com/cidr.php 39 NAT • Private addresses can be used internally by an organization • NAT captures internal addresses and prevents them from exiting the corporate environment • NAT maintains a table of internal versus external addresses to ensure that no internal addresses escape to the global Internet 42 Routing • The process of determining the output path for an incoming packet • Routing tables are maintained in the kernel and also in routers throughout the Internet • If the server does not know where to send it next, it uses the Address Resolution Protocol to determine next action 44 Routing routing algorithm local forwarding table header value 0100 0101 0111 1001 output link 3 2 2 1 value in arriving packet’s header 0111 1 3 2 45 ARP • ARP discovers the hardware address associated with an IP address • If the destination address is not in the same network, ARP determines the next hop router • If address is not known, it send a broadcast message “Does anybody know where X is?” • Response is received and then the protocol uses the response 46 DHCP • Dynamic Host Configuration Protocol (RFC 2131) • When a host connects to a network, it obtains a ‘lease’ on an IP address, gateways, DNS name servers, Syslog hosts, and others. • If the lease is not renewed, it expires 47 DHCP interaction DHCP server: 223.1.2.5 DHCP discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 DHCP offer src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs DHCP request time src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddrr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs DHCP ACK 48 src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs arriving client Security Issues • Default IP forwarding on a server should be disabled to prevent the server to act as a router • ICMP redirect (you should not send packet to me, send to XYZ) can compromise system • Source routing can slip through firewalls ▫ Do not want to accept or forward sourcerouted packets 49 Security Issues (Cont’d) • IP spoofing means changing source or destination in packet header ▫ Receiver may believe source and reply to a malicious server (man-in-the-middle attack) • Host-based firewalls are preferred to clientbased firewalls • VPN – allow remote uses to create ‘tunnels’ to the private network ▫ Requires encryption 50 Virtual Private Network (VPN) • IP spoofing means changing source or destination in packet header ▫ Receiver may believe source and reply to a malicious server (man-in-the-middle attack) • Host-based firewalls are preferred to clientbased firewalls • VPN – allow remote uses to create ‘tunnels’ to the private network ▫ Requires encryption 51 VPN 52 Routing • Routing has different meanings: ▫ Actual forwarding packets ▫ Management of routing tables • Routing consists of determining the ‘next hop’ in the route towards the destination 63 Routing Daemons • Routing daemons collect information from three sources: ▫ Configuration files ▫ Existing routing tables ▫ Routing daemons on other systems • Daemons collect this information to determine optimal route and new routes are added to routing tables 65 Homework 6 (last) 1. What is the difference between a bridge, a router, and a gateway? 2. Describe 3 Internet Protocols and provide examples of where they can be used. 3. What are the differences between ftp and rcp? Which one is better and why? 4. Explain how ICMP redirection can cause vulnerabilities in a network. 5. Using an IP subnet calculator of your choice, answer the questions in E14.3 found in the USAH book. Capture the calculator screen. 68 Review for Final • Same format as Midterm ▫ ▫ ▫ ▫ 2 hour, take home 8 questions Email to [email protected] by midnight 4/26 All material from week 4-7 • Week 8: 2 hour class, 2 hour take home final 69 Questions? 70