FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 2 An Introduction to Networking By Whitman, Mattord, & Austin© 2008 Course Technology

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2nd ed.

2An Introduction to

Networking

By Whitman, Mattord, & Austin © 2008 Course Technology

Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 2

Learning Objectives

Upon completion of this chapter, you should be able to: Describe the basic elements of computer-based data

communication Know the key entities and organizations behind current

networking standards, as well as the purpose of and intent behind the more widely used standards

Explain the nature and intent of the OSI reference model and list and describe each of the model’s seven layers

Describe the nature of the Internet and the relationship between the TCP/IP protocol and the Internet


Networking Fundamentals

Fundamental exchange of information: sender communicates message to receiver over some medium

Communication only occurs when recipient is able to receive, process, and comprehend message

One-way flow of information is called a channel When recipient becomes a sender, for example

by responding to original sender’s message, this two-way flow is called a circuit


Networking Fundamentals (continued)

Any medium may be subject to interference, called noise, which occurs in variety of forms– Attenuation: loss of signal strength as signal

moves across media

– Crosstalk: occurs when one transmission “bleeds” over to another

– Distortion: unintentional variation of communication over media


Networking Fundamentals (continued)

Any medium may be subject to interference, called noise, which occurs in variety of forms (continued)– Echo: reflection of a signal due to equipment

malfunction or poor design

– Impulse: sudden, short-lived increase in signal frequency or amplitude, also known as a spike

– Jitter: signal modification caused by malfunctioning equipment

– White noise: unwanted noise due to signal coming across medium at multiple frequencies


Reasons to Network

Data communications: exchange of messages across a medium

Networking: interconnection of groups or systems with purpose of exchanging information

Some reasons to build a network:– To exchange information

– To share scarce or expensive resources

– To allow distributed organizations to act as if centrally located


Types of Networks

Networks can be categorized by:– Components: peer-to-peer (P2P), server-based,

distributed multi-server

– Size: local area network (LAN), metropolitan area network (MAN), wide area network (WAN)

– Layout or topology: physical (ring, bus, star, hierarchy, mesh, hybrid), logical (bus, star)

– Media: guided (wired), unguided (wireless)


OSI Reference Model and Security

OSI reference model allocates functions of network communications into seven distinct layers, each with its own functions and protocols

Premise of model is information sent from one host is translated and encoded through various layers, from Application layer to Physical layer

Physical layer initiates transmission to receiver Receiver translates and decodes message by

processing information through each layer in reverse order


The Physical Layer

The primary function of the Physical layer is to place the transmission signal carrying the message onto the communications media—that is, to put “bits on a wire”

The functions of the Physical layer are:– Establish and terminate the physical and logical

connection to the media

– Manage the flow and communication on the media

– Embed the message onto the signal carried across the physical media


Network Media

Dominant media types and standards include:– Coaxial cable

– Fiber-Optic cable

– Twisted-pair wire

– Wireless LAN

– Bluetooth

– Infrared


Embedding the Message

Method used to embed message on signal depends on type of message and type of signal

Two types of message (or information):– Analog information: continuously varying source

(such as voice communications)

– Digital information: discrete, between a few values (such as computer communications)


Embedding the Message (continued)

Multiplexing combines several circuits to create high-bandwidth stream to carry multiple signals long distances


Managing Communication

Bit (or signal) flow conducted in several ways:– Simplex transmissions: flow one way through a

medium

– Half-duplex transmissions: flow either way, but in only one direction at a time

– Full-duplex transmissions: can flow both ways at the same time

– Serial transmissions: flow one bit at a time down a single communications channel

– Parallel transmissions: flow multiple bits at a time down multiple channels


Data Link Layer

Primary networking support layer Referred to as first “subnet” layer because it

provides addressing, packetizing, media access control, error control, and some flow control for local network

In LANs, it handles client-to-client and client-to-server communications


Data Link Layer (continued)

DLL is further divided into two sublayers:– Logical Link Control (LLC) sublayer

• Primarily designed to support multiplexing and demultiplexing protocols transmitted over MAC layer

• Also provides flow control and error detection and retransmission

– Media Access Control (MAC) sublayer• Designed to manage access to communications

media—in other words, to regulate which clients are allowed to transmit and when


DLL Protocols

Dominant protocol for local area networking is Ethernet for wired networks and Wi-Fi for wireless networks

Other DLL LAN protocols include:– Token ring

– Fiber Distributed Data Interface (FDDI)

– Point-to-Point Protocol (PPP)

– Point-to-Point Tunneling Protocol (PPTP)

– Layer Two Tunneling Protocol (L2TP) WANs typically use ATM and frame relay


Forming Packets and Addressing

First responsibility of DLL is converting Network layer packet into DLL frame

DLL adds not only a header but also a trailer Addressing is accomplished with a number

embedded in network interface card (NIC) This MAC address allows packets to be

delivered to an endpoint; typically shown in hexadecimal format (e.g., 00-00-A3-6A-B2-1A)


Media Access Control

A primary function of DLL is controlling flow of traffic—that is, determining which station is allowed to transmit when

Two general approaches:– Control

– Contention


Media Access Control (continued)

Control (deterministic)– Well-regulated network: traffic transmitted in

orderly fashion, maintaining optimal data rate

– Facilitate priority system: key clients or servers can be polled more frequently than others

Contention (stochastic) CSMA/CD– Clients listen to determine if channel is free and

then transmit

– Must have mechanisms to deal with collisions

– Collision avoidance vs. collision detection


Switches and Bridges

Specific technologies used to connect networks at Data Link layer

While hub connects networks at Physical layer, connecting two networks with hub results in one large network (or collision domain)

Connection via Layer 2 switch, capable of bridging, maintains separate collision domains

Bridging: Filter process of connecting networks with DLL protocols while maintaining integrity of each network, only passing messages that need to be transmitted between the two


Network Layer and Packetizing

Network layer is primary layer for communications between networks

Three key functions:– Packetizing

– Addressing

– Routing During packetizing, Network layer takes

segments sent from Transport layer and organizes them into packets for transmission across a network


Addressing

Network layer uses network-layer address to uniquely identify destination across multiple networks

Typical address consists of the network ID and the host ID

In TCP/IP, IP address is network-layer address IP address contains source and destination IP

address along with additional packet information


Addressing (continued)

Addresses maintained and issued by Internet Assigned Numbers Authority (IANA)

In early years, addresses distributed as follows:– Class A: consists of primary octet (the netid) with

three octets providing host ID portion; allows up to 16,777,214 hosts on network

– Class B: consists of two octets in netid with two octets providing 65534 host IDs

– Class C: consists of three octets in netid with one octet providing 254 host IDs

– Class D and Class E addresses are reserved


Addressing (continued)

This address assignment method proves inefficient

Internet moving to new version of IP, IPv6, which uses 128-bit address instead of 32-bit

Increases available addresses by factor of 2128

Network Address Translation (NAT): uses device, like a router, to segregate external Internet from internal network

Device maps organizational addresses to different addresses inside the intranet


Routing

Moving Network layer packets across networks Routing protocols include static and dynamic Internal routing protocols:

– Used inside autonomous system (AS)

– Distance-vector routing protocols and link-state routing protocols

External routing protocols:– Communicate between autonomous systems

– Translate different internal routing protocols

– Border Gateway Protocol (BGP)


Transport Layer

Primary function of Transport layer is to provide reliable end-to-end transfer of data between user applications

Lower layers focus on networking and connectivity while upper layers, beginning with Transport layer, focus on application-specific services

Transport layer also responsible for end-to-end error control, flow control, and several other functions


Error Control

Process of handling problems with transfer process, which may result in modified or corrupted segments

Broken into two components: error detection and error correction

Errors are typically single-bit or multiple-bit Bit errors are most likely the result of noise

interference


Error Control (continued)

Errors detected using one of several schemes:– Repetition: data transmitted redundantly

– Parity: “check bits” at end of each byte of data

– Redundancy: parity calculated for blocks of data rather than individual byte (LRC, VRC, CRC)

Errors typically corrected by retransmission of damaged segment

Dominant error correction techniques are automatic repeat requests (ARQs)

Three most common ARQs are Stop-And-Wait, Go-Back-N, and Selective Repeat


Flow Control

Purpose is to prevent receiver from being overwhelmed with segments, preventing effective processing of each received segment

Some error correction techniques have built-in flow control

Dominant technique is sliding window protocol, which provides mechanism by which receiver can specify number of segments (or bytes) it can receive before sender must wait

Receiver enlarges or reduces window size as necessary


Other Functions of the Transport Layer

Assignment of ports, which identify the service requested by a user

Combination of Network layer address and port is referred to as a socket

Tunneling protocols also work at Transport layer These protocols work with Data Link layer

protocols to provide secure connections


Session Layer

Responsible for establishing, maintaining, and terminating communications sessions between two systems

Regulates whether communications are simplex (one way only), half-duplex (one way at a time), or full-duplex (bidirectional)


Presentation Layer

Responsible for data translation and encryption functions

For example, if one system is using standard ASCII and another is using EBCDIC, the Presentation layer performs the translation

Encryption can also be part of operations performed at this level

Presentation layer encapsulates Application layer messages prior to passing them down to Transport layer


Application Layer

At Application layer, user is provided with a number of services, most aptly called application protocols

TCP/IP protocol suite includes applications such as e-mail (SMTP and POP), World Wide Web (HTTP and HTTPS), file transfer (FTP and SFTP), and others


The Internet and TCP/IP

The Internet incorporates millions of small, independent networks, connected by most of the major common carriers

Most services we associate with the Internet are based on Application layer protocols

The Internet is a physical set of networks, while the World Wide Web (WWW) is a set of applications that run on top of the Internet

Web uses domain name-based Uniform Resource Identifiers (URIs), Uniform Resource Locator (URL) being best-known type


TCP/IP

TCP/IP actually suite of protocols used to facilitate communications across the Internet

Developed before OSI reference model, it is similar in concept but different in detail

TCP/IP model is less formal than OSI reference model

Each of the four layers of TCP/IP model represents a section of one or more layers of OSI model


Application Layer

TCP/IP Application layer consists of utility protocols that provide value to end user

Data from users and utilities are passed down to Transport layer for processing

Wide variety of Application layer protocols that support Internet users: SMTP, POP for e-mail, FTP for data transfer, HTTP for Web content

Application layers on each host interact directly with corresponding applications on other hosts to provide requisite communications support


Transport Layer

Responsible for transferring of messages, including resolution of errors, managing necessary fragmentation, and control of message flow, regardless of underlying network

Connection or connectionless messages Connects applications through use of ports Lowest layer of TCP/IP stack to offer any form

of reliability TCP: connected, reliable protocol UDP: connectionless, unreliable protocol


Internetwork Layer

Handles moving packets in a single network Examples of protocols are X.25 and

ARPANET’s Host/IMP Protocol Internet Protocol (IP) performs task of moving

packets from source host to destination host IP carries data for many different upper-layer

protocols

Internetwork Layer (continued)

Some protocols carried by IP function on top of IP but perform other Internetwork layer functions

All routing protocols are also part of Network layer



Subnet Layers

TCP/IP Subnet layers include Data Link and Physical layers

TCP/IP relies on whatever native network subnet layers are present

For example, if user’s network is Ethernet then IP packets are encapsulated into Ethernet frames

No specification for Data Link layer or Physical layer


Chapter Summary

Fundamental exchange of information: sender communicates message to receiver over some medium

Communication only occurs when recipient is able to receive, process, and comprehend message

Any medium may be subject to interference: attenuation, crosstalk, distortion, echo, impulse, jitter, white noise


Chapter Summary (continued)

Some reasons to build a network:– To exchange information

– To share scarce or expensive resources

– To allow distributed organizations to act as if centrally located

Networks can be categorized by: components, size, layout or topology, media

OSI reference model allocates functions of network communications into seven distinct layers, each with its own functions and protocols



OSI reference model layers:– Physical: puts transmissions onto media

– Data Link: primary networking support layer

– Network: primary layer for communications between networks

– Transport: provides reliable end-to-end transfer of data between user applications

– Session: establishes, maintains, terminates communications sessions between two systems

– Presentation: data translation and encryption

– Application: provides application protocols



Each of four layers of TCP/IP model represents a section of one or more layers of OSI model– Application: consists of utility protocols that

provide value to end user

– Transport: responsible for transferring messages, regardless of underlying network

– Internetwork: handles moving packets in a single network

– Subnet: includes Data Link and Physical layers, relying on whatever native network subnet layers are present for signal transmission

Documents

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 2 An Introduction to Networking By Whitman, Mattord, & Austin© 2008 Course Technology