1 / 24

IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security. Unit 1 Essential TCP/IP Network Protocols and Applications. Learning Objective. Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking. Key Concepts.

achilles-tocci
Télécharger la présentation

IS3220 Information Technology Infrastructure Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and Applications

  2. Learning Objective Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking

  3. Key Concepts • TCP/IP protocol analysis using NetWitness Investigator • Differentiating clear-text from cipher-text • Essential TCP/IP characteristics • IP networking protocol behavior • Network management tools

  4. EXPLORE: CONCEPTS

  5. TCP/IP Networking and OSI Reference Models

  6. TCP/IP Protocol Suite

  7. The Structure of a Packet

  8. A Packet Moves Through the Protocol Stack

  9. Protocol Analysis Functions of a Protocol Analyzer • Why analyze data packets? • Detect network problems, such as bottlenecks • Detect network intrusions • Check for vulnerabilities • Gather network statistics • What does a protocol analyzer do? • Captures and decodes data packets traveling on a network • Allows you to read and analyze them

  10. NetWitness Investigator • Threat analysis software • Protocol Analyzer • Captures raw packets from wired and wireless interfaces • Analyzes real-time data throughout the seven layers

  11. NetWitness Investigator (cont.) • Filters by Media Access Control (MAC) address, IP address, user, and more • Supports Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) • Gets daily threat intelligence data from the SANS Internet Storm Center • Freely available

  12. Wireshark • Network protocol analyzer • Captures Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other packets • Analyzes real-time and saved data • Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others • Supports IPv4 and IPv6 • Allows Voice over IP (VoIP) analysis • Freely available

  13. EXPLORE: PROCESS

  14. Packet Capture Using NetWitness Investigator

  15. Trace Analysis Using NetWitness Investigator Navigation Search

  16. TCP/IP Transaction Sessions • Connection-oriented • Sender • Breaks data into packets • Attaches packet numbers • Receiver • Acknowledges receipt; lost packets are resent • Reassembles packets in correct order

  17. TCP Three-Way Handshake 1 - SYN 2 - SYN/ACK 3 - ACK Host Server Synchronize (SYN) Acknowledge (ACK)

  18. TCP Connection Termination 1 – ACK/FIN 2 –ACK 3 –ACK/FIN Host Server 4 - ACK Acknowledge (ACK) Finish (FIN)

  19. TCP Connection Reset 1 - SYN 2 –SYN/ACK 3 - RST Host Server Synchronize (SYN) Acknowledge (ACK) Reset (RST)

  20. EXPLORE: CONTEXT

  21. IPv4 Addressing • Assigned to computers for identification on a network • 32-bit address space • Internet routing uses numeric IP addresses • Dotted decimal notation • Example: 192.168.0.10 • IP addresses in packet headers • A packet makes many hops between source and destination

  22. Network Protocol Examination • Normal Packet • Connecting to an FTP server • Port 53 (dns) in UDP • Three-way handshake completes • Packet Showing Evidence of Port Scan • Series of TCP packets, part of three-way handshake • Arrange segments in sequential order by source port • Destination ports also in sequential order • Classic TCP port scan

  23. Clear-Text Vs Encrypted Protocols • Clear-text Protocols • Are human readable • FTP, Telnet, Simple Mail Transfer Protocol (SMTP), HTTP, Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAPv4), Network Basic Input/Output System (NetBIOS), Simple Network Management Protocol (SNMP) • Encrypted Protocols • Are not human readable • Secure Shell (SSH), SSH File Transfer Protocol (SFTP), HTTP Secure (HTTPS)

  24. Summary • TCP/IP protocol analysis using NetWitness Investigator • Differentiating clear-text from cipher-text • Essential TCP/IP characteristics • IP networking protocol behavior • Network management tools

More Related