Download physcial_sci_networks_part2

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Zigbee wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Net bias wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Internet protocol suite wikipedia , lookup

IEEE 1355 wikipedia , lookup

Wireless security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Computer network wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript
Physical Sciences in Medicine
IT Networks - Lecture 2
Mark Gleeson
[email protected]
(01) 896 2666
5th May 2009
1
Routing
• Networks are formed of smaller networks
joined together
• The question arises of how you communicate
where you need to cross numerous networks
• We call the selection of the route to use
routing
• Challenges
– Potentially many routes to your destination
– You can get lost – dead ends, loops
– Each packet potentially can take different
route
2
The Scenario
Computer A
Computer B
• Computer A establishes IP address of Computer B
• Computer A creates IP packet with address of
Computer B as destination and its own IP address
as source
• Routers are responsible to direct packet towards
destination
3
The Scenario
Computer A
Computer B
• Best route: Smallest number of hops?
4
The Scenario
Computer A
Computer B
• Best route:
– Fastest round-trip time?
– Highest Bandwidth?
5
Routing Basics
node1 node3
node2 node8
node1 node8
node3 node5
node2 node3
node3 node5
node1 node1
node2 node2
Computer A
Computer B
node3 node3
node1 node6
node2 node5
node1
node1
node2
node2
node3
node3
node1
node1
node2
node2
node3
node3
node3 node7
node1 node3
node1
node1
node1
node1
node2
node2
node2
node2
node3
node3
node3
node3
node2 node4
node3 node5
node1
node1
node2
node2
node3
node3
• Routing Tables
– Creating tables
• Dynamic vs. Static
– Maintaining tables
• Periodic vs. Aperiodic
6
Structure of the Internet
Autonomous Systems
• Autonomous Systems
– e.g. Companies, ISPs, 3rd-level Institutions
7
Autonomous Systems
Stub Network
Transit
Network
Point-to-Point
• Stub network
– Network that does not forward to other network
• Transit network
– Network that forwards traffic between other
networks
• Point-to-point link
8
Yet another Layer ?!?
• Transport Layer – TCP
• Why should you care?
• Applications use TCP as main communication
mechanism
– HTTP
– Remote procedure calls (RPC)
• File Transfer
9
Network Layer vs Transport Layer
Network Layer
Transport Layer
• Communication between • Communication between
two nodes
processes
• Best effort delivery
• Ordered, guaranteed
delivery
• Connection-less
communication
• Connection-oriented
communication
10
Transport Layer
• Process-to-Process Delivery
11
IP Addresses & Port Numbers
• IP Addresses
determine the host
• Port Numbers
determine the
application
12
Communication at Transport Layer
• Comms at
Transport Layer
from port to port
• IP
implementation
multiplexes
depending on
protocol field in
IP header
13
Client-Server Paradigm
Port
Port
14430
Client A
80
Server
Port
Port
14
12420
Client B
14
Problems
•
•
•
•
•
•
•
Connection establishment
Connection termination
Ordered Delivery
Retransmission strategy
Duplication detection
Crash recovery
Flow control
15
Section 4 - Network Hardware
• Connecting hosts and networks require
hardware devices which include..
• Networking and Internetworking Devices
–
–
–
–
–
–
–
Repeaters
Bridges
Hubs
Switches
Routers
Gateways
Brouters
• Modems
• Transmission Media
16
Networking and Internetworking Devices
• These devices can be divided into 3
categories
– Repeaters,
– Bridges,
– Routers and Gateways.
• Repeaters and Bridges are used at the
Networking of hosts
• Routers and Gateways are used for
Internetworking
17
Repeaters and Bridges
• Repeaters
– Operate at the physical layer. They
regenerate signals.
• Bridges
– Operate at the physical and data link layers.
– They are used to divide a network into
segments and can control traffic flow and
are useful for securing the network.
– They can also regenerate signals.
18
What is a Switch
• A layer 2 device – Data Link Layer
• Builds a table of the MAC addresses of devices
attached on each port
• ‘Store and Forward’
–
–
–
–
Switch receives a packet
Verifies it is error free
Looks at its destination MAC
Sends the packet on
• ‘Cut Through’
Photo thanks to Cisco Systems
– Starts to forward packet once it reads the
destination address
– No error checking
• Improved performance
19
What is a Router
• A layer 3 device –
– Works at physical, data link and network layers e.g.
Internet Protocol (IP) level
– Is a bridge between a number of distinct networks
• Example your internal network and the internet beyond
• Range from simple devices
• ADSL router for home users
– To
• Extremely complex enterprise level
• Looks at the destination of each IP packet and
determines where it would be sent on for its next
hop
– Tries to select the best route
20
Connecting Devices and the OSI Model
21
Transmission Media
• Transmission Media Characteristics
– Bandwidth
– Response Time for a request
• Transmission Media Types
–
–
–
–
Twisted Pair
Coaxial cableFiber Optics
Wireless Media – Radio, Microwaves,
Infrared, Lightwave
22
Unshielded Twisted-Pair Cable (UTP)
• Most common type of cable used in computer
networks
• 8 wires forming 4 pairs
• Different qualities
– Cat 3 – for 10Mbps
– Cat 5 - for 100Mbps
– Cat 5e – for 1Gbps
• Most common in current use
– Cat 6 – better for 1Gbps may allow 10Gbps
• Best to future proof to avoid pain later
• Cables of different types look identical
– Cable type is printed on the side
23
Fiber Optics
• An optical transmission system has three components
– The light source
– The transmission medium
– The detector.
• A pulse of light indicates a 1, lack of light indicates a 0.
• The transmission medium is a unidirectional ultra thin fibre
of glass or plastic
• The system would leak light except for the fact that when a
light ray passes from one medium to another it is refracted
(bent). The amount of refraction depends on the properties
of the two media. The aim is to get the angle of incidence
of the light at such a point to make the light refract back
into the medium. In the case of a fibre optic cable this
means the light is trapped within the cable.
• At the centre of the cable is the glass/plastic core which is
surrounded by a glass cladding and then a plastic coating.
24
Transmission Media Performance
Medium
Cost
Speed
Attenuation
EMI
Security
UTP
Low
1-100Mbps
High
High
Low
STP
Moderate 1Mbps-1Gbps
High
Moderate Low
Coax
Moderate 1Mbps-1Gbps
Moderate
Moderate Low
Optical
Fibre
High
Radio
Moderate 1-54Mbps
10Mbps-10Gbps Low
Low
High
Low-High
High
Low
Microwave High
1Mbps- 10Gbps
Variable
High
Moderate
Satellite
High
1Mbps- 10Gbps
Variable
High
Moderate
Cellular
High
9.6-19.2Kbps
Low
Moderate Low
25
Section 6 - Security
• Security Issues
• Virtual Private Networks
• Issues with wireless networks
• Methods of attack
• Risks
26
Security Issues
• Secrecy
– Keeping information out of the hands of
unauthorised users.
• Authentication
– Making sure you are talking to the right
person.
• Data Integrity control
– Making sure the data is correct.
• Security effects each layer in the network
design.
27
No Network Is Secure
• Original Ethernet
– Every host on the bus could see and capture every
transmission made
• Trivial to recover passwords, web pages you viewed
• The physical network itself cannot be considered to be
secure
– Wires can be tapped
• Wireless communications available to all within range
with a suitable receiver
• Need to trade off the strength of security with the
practicality of the measures
– Users when faced with a complex process may attempt to
undermine the system
• Sharing of passwords
• Not logging out
28
Wireless Networks
• Extremely vulnerable to attack
– Anyone with a suitable radio can listen
• IEEE 802.11 originally used a 40 bit WEP key
– Wired Equivalent Privacy
• Shared encryption key by all users of the network
• Later versions supported a 104 bit key
• Proved to be very easy to crack in both versions
• WiFi Protected Access (WPA/WPA2)
– Based on 802.11i standard
– EAP extensible Authentication Protocol
• Authentication framework not a protocol
• Can integrate with existing authentication systems
• 802.1x
29
VPN – Virtual Private Network (1/2)
• Best practice in Network Management is to
heavily restrict access to external users or
to block it totally
– Avoid potential security issues
– Protect from hackers
• What of legitimate users
– People who work at other locations
30
VPN – Virtual Private Network (2/2)
• Not strictly a security solution
• Two implementations
– Connecting you to a remote network
– A network within a network, the VLAN
• Allows you to access resources on another
network as if you where connected directly
• A secure encrypted tunnel between your
computer and others on the same network
• Typically requires a dedicated ‘VPN box’ on the
office end network to provide the service
31
VPN - Connecting you to a remote network
• Ideal for a single user
– Work from home, on the road, other
institution
• User needs VPN client software
– Setup can be complex for users
– Need to implicitly log in to access the
network
• Not transparent
– Potential security risk if users computer is
breeched
• Hacker may have access into network
32
Methods of Attack (1/3)
• Impersonation
– Using someone else’s password or a terminal that is
already logged on.
• Active wire-tapping
– Connecting a device(authorised/unauthorised) to a
communication link to obtain access to data through the
generation of false messages.
• Passive wire-tapping
– Monitoring data coming over a communication link.
• Traffic flow analysis
– Analysing the frequency of data traffic, seeing which data
is encrypted and which is not.
• Eavesdropping
– interception of information
33
Methods of Attack (2/3)
• Replay
– Play back a recording of a communication
• Routing Table modification
– Sending messages to the wrong address or multiple
addresses.
• Audit Trail Information Modification
– To cover up an attack.
• Operational Staff Table Modification
– To change access rights.
• Bogus Frame insert
– Inserting bogus information as a frame.
• Data Portion Modification
– Modify the data portion of a message.
• Viruses
34
Methods of Attack (3/3)
• Sequencing Information Modification
– Change the order of the pieces of information.
• Message Deletion
– Removing the message completely
• Protocol Control Information modification
– To send data to a different location.
• Misuse of resources
– Swamping communication lines – Denial of service
• Interruption of power supply
– Denial of service
• Malicious physical damage
– Denial of service
• Theft
– Parts of computers or entire computers could be stolen.
Confidentiality issues arise.
35
Virtual Local Area Networks (VLAN)
• One physical network can contain many
virtual networks
– Simplifies the network
– Easier to manage and can be altered in
software without recourse to pulling cables
• The 802.1Q draft standard defines Layer 1
and Layer 2 VLAN's
• Switches and Routers tag packets with a
VLAN id (12 bits in length) only
• Each network user sees just one network
36
Virtual Local Area Networks
• Can be organised by
– Port on switch basis – Layer 1
• E.g. Ports E1-E16 + D18 on LAN 1, E17-E32 on LAN 2
• Good at organisation level, e.g. LAN 1 is one
dept/floor
• Bad if users are mobile
– Protocol used – Layer 2
• All IP traffic on LAN x, IPX on LAN y
– By MAC address – Layer 2
• List of MAC addresses in each VLAN maintained
• Good for mobility, plug in anywhere
• Significant administrative overhead to maintain list
37