46
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 2 An Introduction to Networking

FIREWALLS & NETWORK SECURITY with Intrusion Detection …mawelton.people.ysu.edu/CSIS3755/CSIS 3755 - Chapter 2.pdf · Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 2 Learning

Embed Size (px)

Citation preview

FIREWALLS & NETWORK SECURITY with

Intrusion Detection and VPNs, 2nd ed.

Chapter 2 An Introduction to

Networking

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 2

Learning Objectives

Upon completion of this chapter, you should be able to:

Describe the basic elements of computer-based data

communication

Know the key entities and organizations behind current

networking standards, as well as the purpose of and

intent behind the more widely used standards

Explain the nature and intent of the OSI reference model

and list and describe each of the model’s seven layers

Describe the nature of the Internet and the relationship

between the TCP/IP protocol and the Internet

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 3

Networking Fundamentals

Fundamental exchange of information: sender

communicates message to receiver over some

medium

Communication only occurs when recipient is

able to receive, process, and comprehend

message

One-way flow of information is called a channel

When recipient becomes a sender, for example

by responding to original sender’s message, this

two-way flow is called a circuit

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 4

Networking Fundamentals (continued)

Any medium may be subject to interference,

called noise, which occurs in variety of forms

– Attenuation: loss of signal strength as signal

moves across media

– Crosstalk: occurs when one transmission

―bleeds‖ over to another

– Distortion: unintentional variation of

communication over media

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 5

Networking Fundamentals (continued)

Any medium may be subject to interference,

called noise, which occurs in variety of forms

(continued)

– Echo: reflection of a signal due to equipment

malfunction or poor design

– Impulse: sudden, short-lived increase in signal

frequency or amplitude, also known as a spike

– Jitter: signal modification caused by

malfunctioning equipment

– White noise: unwanted noise due to signal

coming across medium at multiple frequencies

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 6

Reasons to Network

Data communications: exchange of messages

across a medium

Networking: interconnection of groups or

systems with purpose of exchanging information

Some reasons to build a network:

– To exchange information

– To share scarce or expensive resources

– To allow distributed organizations to act as if

centrally located

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 7

Types of Networks

Networks can be categorized by:

– Components: peer-to-peer (P2P), server-based,

distributed multi-server

– Size: local area network (LAN), metropolitan area

network (MAN), wide area network (WAN)

– Layout or topology: physical (ring, bus, star,

hierarchy, mesh, hybrid), logical (bus, star)

– Media: guided (wired), unguided (wireless)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 8

Network Standards

Among the agencies that work on data

communications standards are:

– Internet Society (ISOC)

– Internet Assigned Numbers Authority (IANA)

– American National Standards Institute (ANSI)

– International Telecommunication Union (ITU)

– Institute of Electrical and Electronics Engineers

(IEEE)

– Telecommunications Industry Association (TIA)

– International Organization for Standardization

(ISO)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 9

OSI Reference Model and Security

OSI reference model allocates functions of

network communications into seven distinct

layers, each with its own functions and protocols

Premise of model is information sent from one

host is translated and encoded through various

layers, from Application layer to Physical layer

Physical layer initiates transmission to receiver

Receiver translates and decodes message by

processing information through each layer in

reverse order

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 10

The Physical Layer

The primary function of the Physical layer is to

place the transmission signal carrying the

message onto the communications media—that

is, to put ―bits on a wire‖

The functions of the Physical layer are:

– Establish and terminate the physical and logical

connection to the media

– Manage the flow and communication on the

media

– Embed the message onto the signal carried

across the physical media

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 11

Network Media

Dominant media types and standards include:

– Coaxial cable

– Fiber-Optic cable

– Twisted-pair wire

– Wireless LAN

– Bluetooth

– Infrared

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 12

Embedding the Message

Method used to embed message on signal

depends on type of message and type of signal

Two types of message (or information):

– Analog information: continuously varying source

(such as voice communications)

– Digital information: discrete, between a few

values (such as computer communications)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 13

Embedding the Message (continued)

Multiplexing combines several circuits to create

high-bandwidth stream to carry multiple signals

long distances

Three dominant multiplexing methods are:

– Frequency division multiplexing (FDM): combines

voice channels

– Time division multiplexing (TDM): assigns a time

block to each client

– Wave division multiplexing (WDM): uses different

frequencies of light so multiple signals can travel

on same fiber-optic cable

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 14

Managing Communication

Bit (or signal) flow conducted in several ways:

– Simplex transmissions: flow one way through a

medium

– Half-duplex transmissions: flow either way, but in

only one direction at a time

– Full-duplex transmissions: can flow both ways at

the same time

– Serial transmissions: flow one bit at a time down

a single communications channel

– Parallel transmissions: flow multiple bits at a time

down multiple channels

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 15

Managing Communication (continued)

Asynchronous (or timing-independent)

– Formulate data flow so each byte or character

has its own start and stop bit

– Used in older modem-based data transfers to

send individual characters between systems

Synchronous (or timing-dependent)

– Use computer clocking to transmit data in

continuous stream between two systems

– Clock synchronization makes it possible for end

nodes to identify start and end of data flow

– This protocol is much more efficient

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 16

Data Link Layer

Primary networking support layer

Referred to as first ―subnet‖ layer because it

provides addressing, packetizing, media access

control, error control, and some flow control for

local network

In LANs, it handles client-to-client and client-to-

server communications

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 17

Data Link Layer (continued)

DLL is further divided into two sublayers:

– Logical Link Control (LLC) sublayer

• Primarily designed to support multiplexing and

demultiplexing protocols transmitted over MAC

layer

• Also provides flow control and error detection and

retransmission

– Media Access Control (MAC) sublayer

• Designed to manage access to communications

media—in other words, to regulate which clients

are allowed to transmit and when

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 18

DLL Protocols

Dominant protocol for local area networking is

Ethernet for wired networks and Wi-Fi for

wireless networks

Other DLL LAN protocols include:

– Token ring

– Fiber Distributed Data Interface (FDDI)

– Point-to-Point Protocol (PPP)

– Point-to-Point Tunneling Protocol (PPTP)

– Layer Two Tunneling Protocol (L2TP)

WANs typically use ATM and frame relay

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 19

Forming Packets and Addressing

First responsibility of DLL is converting Network

layer packet into DLL frame

DLL adds not only a header but also a trailer

When necessary, packet is fragmented into

frames, with corresponding information

embedded into each frame header

Addressing is accomplished with a number

embedded in network interface card (NIC)

This MAC address allows packets to be

delivered to an endpoint; typically shown in

hexadecimal format (e.g., 00-00-A3-6A-B2-1A)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 20

Media Access Control

A primary function of DLL is controlling flow of

traffic—that is, determining which station is

allowed to transmit when

Two general approaches:

– Control

– Contention

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 21

Media Access Control (continued)

Control (deterministic)

– Well-regulated network: traffic transmitted in

orderly fashion, maintaining optimal data rate

– Facilitate priority system: key clients or servers

can be polled more frequently than others

Contention (stochastic)

– Clients listen to determine if channel is free and

then transmit

– Must have mechanisms to deal with collisions

– Collision avoidance vs. collision detection

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 22

Switches and Bridges

Specific technologies used to connect networks

at Data Link layer

While hub connects networks at Physical layer,

connecting two networks with hub results in one

large network (or collision domain)

Connection via Layer 2 switch, capable of

bridging, maintains separate collision domains

Bridging: process of connecting networks with

DLL protocols while maintaining integrity of

each network, only passing messages that need

to be transmitted between the two

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 23

Network Layer and Packetizing

Network layer is primary layer for

communications between networks

Three key functions:

– Packetizing

– Addressing

– Routing

During packetizing, Network layer takes

segments sent from Transport layer and

organizes them into packets for transmission

across a network

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 24

Addressing

Network layer uses network-layer address to

uniquely identify destination across multiple

networks

Typical address consists of the network ID and

the host ID

In TCP/IP, IP address is network-layer address

IP address contains source and destination IP

address along with additional packet information

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 25

Addressing (continued)

Addresses maintained and issued by Internet

Assigned Numbers Authority (IANA)

In early years, addresses distributed as follows:

– Class A: consists of primary octet (the netid) with

three octets providing host ID portion; allows up

to 16,777,214 hosts on network

– Class B: consists of two octets in netid with two

octets providing 65534 host IDs

– Class C: consists of three octets in netid with one

octet providing 254 host IDs

– Class D and Class E addresses are reserved

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 26

Addressing (continued)

This address assignment method proves

inefficient

Internet moving to new version of IP, IPv6,

which uses 128-bit address instead of 32-bit

Increases available addresses by factor of 2128

Network Address Translation (NAT): uses

device, like a router, to segregate external

Internet from internal network

Device maps organizational addresses to

different addresses inside the intranet

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 27

Routing

Moving Network layer packets across networks

Routing protocols include static and dynamic

Internal routing protocols:

– Used inside autonomous system (AS)

– Distance-vector routing protocols and link-state

routing protocols

External routing protocols:

– Communicate between autonomous systems

– Translate different internal routing protocols

– Border Gateway Protocol (BGP)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 28

Transport Layer

Primary function of Transport layer is to provide

reliable end-to-end transfer of data between

user applications

Lower layers focus on networking and

connectivity while upper layers, beginning with

Transport layer, focus on application-specific

services

Transport layer also responsible for end-to-end

error control, flow control, and several other

functions

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 29

Error Control

Process of handling problems with transfer

process, which may result in modified or

corrupted segments

Broken into two components: error detection

and error correction

Errors are typically single-bit or multiple-bit

Bit errors are most likely the result of noise

interference

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 30

Error Control (continued)

Errors detected using one of several schemes:

– Repetition: data transmitted redundantly

– Parity: ―check bits‖ at end of each byte of data

– Redundancy: parity calculated for blocks of data

rather than individual byte (LRC, VRC, CRC)

Errors typically corrected by retransmission of

damaged segment

Dominant error correction techniques are

automatic repeat requests (ARQs)

Three most common ARQs are Stop-And-Wait,

Go-Back-N, and Selective Repeat

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 31

Flow Control

Purpose is to prevent receiver from being

overwhelmed with segments, preventing

effective processing of each received segment

Some error correction techniques have built-in

flow control

Dominant technique is sliding window protocol,

which provides mechanism by which receiver

can specify number of segments (or bytes) it

can receive before sender must wait

Receiver enlarges or reduces window size as

necessary

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 32

Other Functions of the Transport Layer

Assignment of ports, which identify the service

requested by a user

Combination of Network layer address and port

is referred to as a socket

Tunneling protocols also work at Transport layer

These protocols work with Data Link layer

protocols to provide secure connections

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 33

Session Layer

Responsible for establishing, maintaining, and

terminating communications sessions between

two systems

Regulates whether communications are simplex

(one way only), half-duplex (one way at a time),

or full-duplex (bidirectional)

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 34

Presentation Layer

Responsible for data translation and encryption

functions

For example, if one system is using standard

ASCII and another is using EBCDIC, the

Presentation layer performs the translation

Encryption can also be part of operations

performed at this level

Presentation layer encapsulates Application

layer messages prior to passing them down to

Transport layer

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 35

Application Layer

At Application layer, user is provided with a

number of services, most aptly called

application protocols

TCP/IP protocol suite includes applications such

as e-mail (SMTP and POP), World Wide Web

(HTTP and HTTPS), file transfer (FTP and

SFTP), and others

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 36

The Internet and TCP/IP

The Internet incorporates millions of small,

independent networks, connected by most of

the major common carriers

Most services we associate with the Internet are

based on Application layer protocols

The Internet is a physical set of networks, while

the World Wide Web (WWW) is a set of

applications that run on top of the Internet

Web uses domain name-based Uniform

Resource Identifiers (URIs), Uniform Resource

Locator (URL) being best-known type

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 37

TCP/IP

TCP/IP actually suite of protocols used to

facilitate communications across the Internet

Developed before OSI reference model, it is

similar in concept but different in detail

TCP/IP model is less formal than OSI reference

model

Each of the four layers of TCP/IP model

represents a section of one or more layers of

OSI model

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 38

Application Layer

TCP/IP Application layer consists of utility

protocols that provide value to end user

Data from users and utilities are passed down to

Transport layer for processing

Wide variety of Application layer protocols that

support Internet users: SMTP, POP for e-mail,

FTP for data transfer, HTTP for Web content

Application layers on each host interact directly

with corresponding applications on other hosts

to provide requisite communications support

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 39

Transport Layer

Responsible for transferring of messages,

including resolution of errors, managing

necessary fragmentation, and control of

message flow, regardless of underlying network

Connection or connectionless messages

Connects applications through use of ports

Lowest layer of TCP/IP stack to offer any form

of reliability

TCP: connected, reliable protocol

UDP: connectionless, unreliable protocol

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 40

Internetwork Layer

Handles moving packets in a single network

Examples of protocols are X.25 and

ARPANET’s Host/IMP Protocol

Internet Protocol (IP) performs task of moving

packets from source host to destination host

IP carries data for many different upper-layer

protocols

Internetwork Layer (continued)

Some protocols carried by IP function on top of

IP but perform other Internetwork layer functions

All routing protocols are also part of Network

layer

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 41

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 42

Subnet Layers

TCP/IP Subnet layers include Data Link and

Physical layers

TCP/IP relies on whatever native network

subnet layers are present

For example, if user’s network is Ethernet then

IP packets are encapsulated into Ethernet

frames

No specification for Data Link layer or Physical

layer

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 43

Chapter Summary

Fundamental exchange of information: sender

communicates message to receiver over some

medium

Communication only occurs when recipient is

able to receive, process, and comprehend

message

Any medium may be subject to interference:

attenuation, crosstalk, distortion, echo, impulse,

jitter, white noise

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 44

Chapter Summary (continued)

Some reasons to build a network:

– To exchange information

– To share scarce or expensive resources

– To allow distributed organizations to act as if

centrally located

Networks can be categorized by: components,

size, layout or topology, media

OSI reference model allocates functions of

network communications into seven distinct

layers, each with its own functions and protocols

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 45

Chapter Summary (continued)

OSI reference model layers:

– Physical: puts transmissions onto media

– Data Link: primary networking support layer

– Network: primary layer for communications

between networks

– Transport: provides reliable end-to-end transfer

of data between user applications

– Session: establishes, maintains, terminates

communications sessions between two systems

– Presentation: data translation and encryption

– Application: provides application protocols

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 46

Chapter Summary (continued)

Each of four layers of TCP/IP model represents

a section of one or more layers of OSI model

– Application: consists of utility protocols that

provide value to end user

– Transport: responsible for transferring messages,

regardless of underlying network

– Internetwork: handles moving packets in a single

network

– Subnet: includes Data Link and Physical layers,

relying on whatever native network subnet layers

are present for signal transmission