* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture3_Networking_..
Survey
Document related concepts
Distributed firewall wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
TCP congestion control wikipedia , lookup
Communication protocol wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
ITP 457 Network Security Networking Technologies I Overview OSI seven layer model Network Protocols TCP OSI model Introduced in 1980 Based on the concept of Protocol Layering Protocol Layering – when 2 computers want to communicate with each other, a series of small software modules on each system would do a “set of tasks” to foster the communication Completely theoretical No one today uses actual implementation of the seven layer model Used for teaching network technologies What is a network protocol? Set of rules for sending and receiving data across a physical network Also consists of software to implement these rules Physical topology lays out the physical devices; logical topology instructs the hardware how to separate the data into packets; protocols handle the translation from software to the logical topology What kinds of tasks? Modules for : Making sure data is formatted properly Taking care of retransmitting lost packets Actually transferring the packet from hop to hop in the network Module = layer Each module has a small refined job to do in the communication Protocol Stack All modules taken together are called “protocol stack” Protocol Stack Each layer on sending machine communicates with the same layer on receiving machine. Lower layers provide services to higher layers Benefit : Layered approach enables us to replace software on one layer while other layers remain the same The OSI Layers Application Layer - The application layer is the OSI layer closest to the end user, and this layer interacts with software applications that implement a communicating component. Telnet , FTP, SMTP, HTTP Also MS Word and Excel Presentation Layer – This layer deals with how data elements will be represented for transmission. EBCDIC, ASCII, MPEG Also SSL, TLS OSI Layers Continued Session Layer- This layer co-ordinates sessions between communicating machines, helping them initiate, maintain and manage them. TCP Ports, NetBIOS, Transport Layer- This layer is used to provide a reliable communication stream between the two systems, potentially including retransmitting lost packets, putting packets in proper order and providing error checking. TCP, UDP OSI Layers Continued Network Layer - This layer is responsible for moving data from one system across a bunch of “routers” to the destination machine, end to end across the network. Data Link Layer- This layer moves data across “one” hop of the network. Routers work here IP, IPSec, ARP, IPX Ethernet, PPP, SLIP, Token Ring Physical Layer – This layer actually transmits the bits across the physical link or cable 10BaseT, 100BaseT, 802.11b/g, DSL An example to explain the seven layers Taken from Lewis Technology: http://www.lewistech.com/rlewis/Resources/J amesBondOSI2.aspx James Bond and the OSI seven Layer Model Situation: James Bond must deliver a confidential message Meets Number One on the 7th floor (Application) Goes to the 6th floor (Presentation) A message is handed to Bond. His mission is to deliver this message to the U.S. Ambassador in London. Bond copies the message into a secret code and destroys the original message. Goes to the 5th floor (Session) Security double checks that bond has the whole message, and puts a seal on the message verifying that it is complete. Bond goes through more security Goes to the 4th Floor (Transport) Here, Bond sees if there are any other messages to deliver to the U.S. Ambassador. Also, if the message is too heavy for Bond to deliver all at once, he can break up the message and hand parts to other Agents to deliver to the Ambassador. Goes to the 3rd Floor (Network) Here, Bond proceeds to look up the U.S. Embassy’s address, and double checks to make sure that the U.S. Ambassador is indeed there. Bond also uses mapquest to plot out his route. Goes to the 2nd Floor (Data Link) Here, Bond puts the message in a special courier pouch with the seal of MI6. He also puts a note inside saying if there are other parts of the message, who the message is from, and for whom the message is intended. Bond gets moving! Goes to the 1st Floor (Physical) Here, Q hands Bond the keys to his Aston Martin to race to the embassy. At the US Embassy: Bond goes through the same process, starting at the 1st floor, then getting to the 7th floor to deliver the message TCP/IP No one uses the OSI protocols Every major computer system ranging from mainframes to the smallest of palmtops support TCP/IP Open Standard – no one controls it Part of Internet Engineering Task Force (IETF) Where does TCP/IP it fit in? TCP/IP adheres to the bottom 4 layers of the OSI model. It views everything above that as the responsibility of the application. Application Application (Web browser,email client, (Web browser,email client, telnet client) telnet client) Transport Layer TCP Transport Layer (TCP) Network Layer (IP) Network Layer (IP) Network Layer (IP) Data Link Layer Data Link Layer Data Link Layer Physical Layer Physical layer System Alice Router Physical Layer System BOB Understanding TCP/IP Developed for academia and research and includes no built-in strong security capabilities Its really a suite of protocols, including TCP – Transmission Control Protocol; Ensures that communications are established and maintained IP – Internet Protocol; Handles software computer addresses ARP – Address Resolution Protocol; Associates IP addresses with MAC addresses RIP – Routing Information Protocol; finds routes in the network Not really good for large networks – for that, use OSPF ICMP – Internet Control Message Protocol; Handles error messages for TCP/IP (ping command) PPP – Point to Point Protocol; dial-up protocol SMTP – Simple Main Transport Protocol; used to send e-mail POP3/IMAP4 – Post Office Protocol v3/Internet Message Advertising Protocol v4; used for receiving e-mail TCP/IP Traditional TCP/IP protocol suite provides no means for ensuring the confidentiality, integrity or authentication of any data transmitted across the network. This means that when you send any packet across the internet, TCP/IP will allow any other user to see or modify your data !!! Traditionally all security capabilities were implemented in the applications. Recent extensions to TCP/IP – IPSec Still fairly new TCP Workhorse of the Internet Some of the applications that use TCP File transfer telnet Email using various protocols Web browsing, using HTTP Each of these applications generates packets and passes them to the TCP/IP stack on the local machine. TCP Ports Header of each TCP packet contains 2 port numbers: a source port and a destination port. Port : logical “little doors” on a system where data can be sent and received. There are 65,535 different TCP Ports on each machine. TCP Port Numbers Well known TCP ports: 20, 21 – FTP ( File Transfer Protocol ) 22 – SSH – ( Secure SHell ) 23 – Telnet 25 – SMTP ( Simple Mail Transfer Protocol ) 53 – DNS ( Domain Name Server ) 80 – HTTP ( Hyper Text Transfer Protocol ) 443 – HTTPS ( HTTP over SSL/TLS ) TCP Port Numbers Continued Well known TCP ports for Applications: 1214 – Kazaa 3074 – Xbox Live 3306 – MySQL 3724 – World of Warcraft 5001 – Slingbox 5050 – Yahoo Messenger 5190 – ICQ and AOL Instant Messenger 6891 through 6901 – MSN Messenger 31337 – BackOrifice TCP Port Communication Server listens on “open” ports Client sends request and connects to an “open” port on server To see which ports are in use on a windows/2000 or Unix system, you can use “netstat –na” Attackers often take an inventory of open ports on a system using various tools!!!! TCP control bits U R G A C K P S H R S T S Y N F I N TCP Control bits URG – Urgent Pointer ACK – used to acknowledge earlier packets PSH – used to flush data through the TCP layer RST – reset function , due to error or interruption SYN – system should synchronize sequence numbers. FIN – There is no more data from sender. Therefore session should be terminated. Handshake TCP communication sessions established using 3-way handshake. SYN , ACK used in handshake Hacker can violate the three way handshake when scanning a target Reference Networking : A Beginner's Guide (Network Professional's Library) by Bruce A. Hallberg Absolute Beginner's Guide to Networking (3rd Edition)