1 / 43

Advanced Computer Networking Study Notes 2007

Advanced Computer Networking Study Notes 2007. The need for standards. IEEE ‘kite mark’. ISO and IEEE. International Standards Organisation (ISO)

juro
Télécharger la présentation

Advanced Computer Networking Study Notes 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Computer Networking Study Notes 2007

  2. The need for standards

  3. IEEE ‘kite mark’ ISO and IEEE International Standards Organisation (ISO) ISO is a worldwide network of the national standards institutes of 157 countries that oversees the creation of technical standards for anything requiring international agreement. Example: the ISO Open Systems Interconnection Model is a computer networking standard globally recognised by network designers. Institute of Electrical and Electronic Engineers (IEEE) IEEE is the world’s leading professional association for the advancement of technology. They are also a leading developer of standards that underpin many of today’s technologies. Example: IEEE 802.1D defines the standard for MAC addressing and the IEEE also administer the assignment of MAC address blocks to organisations such as NIC manufacturers.

  4. The OSI model layers Allows applications to access network services. FTP, SMTP, and Telnet operate at this layer. (Note: Actual software applications are outwith the scope of this model.) 7 Application Manages data translation, compression encryption and conversion. 6 Presentation 6 Presentation Establishes and maintains communications between applications. 5 Session Transmits data, provides flow control and handles errors. TCP operates at this level making sure that every packet sent is accounted for. 4 Transport Routes data between nodes. This layer handles network or logical addressing via routing protocols. The IP protocol operates here along with routers and gateways. 3 Network Handles physical addressing, packing data into frames, sequencing data frames and performing checksums. It has two sub layers Logical Link Control (LLC) and Media Access Control (MAC). Ethernet standard and hardware such as bridges and NICs operate at this level. 2 Data Link The electrical or mechanical where information is transmitted over the network medium. Hubs, switches, repeaters and cables function at this level. 1 Physical

  5. Mapping TCP/IP layers to OSI layers OSI Model TCP / IP Protocols 7 Application Telnet, FTP, SMTP, POP3, DNS 4 Application 6 Presentation 5 Session 4 Transport 3 Transport TCP, UDP 3 Network 2 Internet IP, ICMP 2 Data Link SLIP, PPP, Ethernet 1 Physical 1 Physical

  6. SMTP SMTP is a simple ASCII-based protocol where one or more recipients of a message are specified (and verified to exist), then the email text is transferred from the client to a mail server. The address of the outgoing mail server would be something like smtp.marrcomputing.co.uk SMTP uses TCP port 25 to open a TCP connection and map to the mail server process that deals with receiving the email message.

  7. POP3 POP stands for Post Office Protocol. Every time you login to your POP mail program, it checks on the mail server for any new mail. It then takes all that new mail off of the server and moves it to your computer so that you can read it. The mail you read is a local copy and once it is on your desktop, it means there is no longer a remote copy in existence (the mail has been deleted from the mail server). The incoming mail server e.g. pop3.marrcomputing.co.uk

  8. Setting up a POP3 email client To setup a POP3 email client you will need: Incoming POP3 server Outgoing SMTP server Username and/or email address Password

  9. IMAP The main alternative is called an IMAP (Internet Mail Access Protocol) client. When you login to your IMAP client, your computer connects with the server and tells the server to open up its mailboxes and check for mail. It then displays the list of mail on the server without removing it and copying it to your computer. If you choose to read a message, the IMAP program on your computer is simply displaying information that exists on the mail server and not locally on your computer. Both the POP and IMAP protocols talk to the same servers and use the same password, but bring the information to your desktop in a different way.

  10. Setting up an IMAP email client To setup a IMAP email client you will need: Incoming IMAP server Outgoing SMTP server Username and/or email address Password

  11. MIME

  12. TCP ports A port is a special number present in the header of a data packet. Ports are typically used to map data to a particular process running on a computer. Example A server used for sending and receiving email may provide both an SMTP and a POP3 service; these will be handled by different server processes, and the port number will be used to determine which data is associated with which process

  13. IP addressing

  14. Binary subnet mask A subnet allows a network’s assigned IP address to be partitioned, or subnetted, into two or more networks. Applying a subnet mask to an IP address splits the address in two parts – an ‘extended network address’ and a host (node) address. Example – Class C address subnetted as Class C network of 2 partitions IP address: 11000000 10101000 00000001 00000000 [192.168. 1 . 0] Subnet mask: 11111111 11111111 11111111 10000000 [255.255.255.128] This means a 25-bit mask will give two subnet addresses: 192.168.1.0with a host address range of 192.168.1.1– 192.168.1.127 and 192.168.1.128 with a host address range of 192.168.1.129 – 192.168.1.255 So, each additional bit used in the subnet mask makes it possible to double the number of subnets that can be created.

  15. Calculating a subnet address A bitwise operation operates on one or two bit patterns at “bit level”. Given the following IP address and subnet mask calculate the address of the associated subnet. IP address 152.199.22.7 Subnet mask 255.255.240.0 Bitwise AND operation In each pair, the result is 1 if the first bit is 1 AND the second bit is 1. Otherwise, the result is zero. Step 1 - Convert to bit masks Step 2 - Perform bitwise operation to identify subnet address Step 3 - Convert back to decimal IP address 10011000 11000111 00010110 00000111 Subnet mask 11111111 11111111 11110000 00000000 Bitwise operation 10011000 11000111 00010000 00000000 Convert to decimal 152.199.16.0 Rules of binary AND 0 + 0 = 0 0 + 1 = 0 1 + 0 = 0 1 + 1 = 1 So the subnet address is 152.199.16.0

  16. Classless Internet Domain Routing (CIDR) The shortage of IP addresses means that ICANN no longer gives out class A, B or C addresses. Many small companies need an Internet domain, but allocating a Class C network (256 host addresses) is wasteful if the company only wants to attach a few machines (email, web, ftp servers etc.) to the Internet. Even larger firms may need a few hundred IP addresses – more than 256, but not very many more. Such a firm would be too big for a Class C, but a bit small for the 65,536 addresses of a Class B network. Therefore ICANN gives IP addresses under a newer method called CIDR or ‘slash x’ networks, where x is the number of bits that ICANN controls. This flexibility means that ICANN can in theory not only define A, B and C Class networks, but it can offer networks with subnet masks in between the A, B and C networks. A slash 27 network address would use the notation 200.100.50.25/27 and some routers nowadays ask for ‘slashes’ rather than a subnet mask.

  17. Classless Internet Domain Routing (CIDR) Example Suppose you want to create a network of 50 computers. Previously ICCAN would have to assign you a Class C network with 256 addresses: IP address 11001000 00110010 00011001 00001001 (200.50.25.17) + Subnet mask 11111111 11111111 1111111100000000 (255.255.255.0) With CIDR: IP address 11001000 00110010 00011001 00001001 (200.50.25.17) + Subnet mask 11111111 11111111 1111111111000000 (255.255.255.192) This gives you 6 bits to play with so 64 host addresses to do with as you like. This would be a slash 26 network as 26 bits are used in the mask. The network address is written as 200.50.25.17/26

  18. Parts of an email message

  19. Sending and receiving email

  20. HTML tags

  21. Requesting a web page

  22. Plugins, Java applets and Active X

  23. Video telephone call

  24. Conventional encryption

  25. Public-key encryption

  26. Internet Architecture security

  27. Smurf What is a Smurf attack? A Smurf attack is a type of denial of service(DOS) attack (named after a popular program that generates the attack) where a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. This results in bandwidth consumption. A large amount of ICMP ECHO requests, with the source address of the victim spoofed, are sent to a broadcast network addresses that acts as an amplifier. Therefore this attack takes advantage of the directed broadcast functionality of a router within a network. A single attacker sending hundreds or thousands of these PING messages per second can fill a victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.

  28. Smurf Example A company has an assigned range of 193.169.0.0 – 193.169.0.255. As the return address of the PING is spoofed to be the address of the attacker's victim, all the hosts reply to the victim's address instead of the real sender's address. The attacker PINGs 193.169.0.255 so the ICMP ECHO packet is broadcast to all the hosts on the network i.e. 193.169.0.1 – 193.169.0.254.

  29. Smurf Preventing a Smurf attack There are some means of preventing Smurf attacks: Configuring border routers and firewalls to filter ICMP ECHO Reply packets will take the load off the system being attacked, though internal machines will not be able to PING external machines (as the replies will not get returned). The directed broadcast facility of a router (amplifier) can be disabled, thereby reducing the amplification effect. Also, a smurf can be stopped from being launched within a network if the network’s router(s) are set to block packets sent from non-internal IP addresses i.e. spoofed IPs.

  30. SYN flood What is a TCP SYN Flood attack? A TCP SYN flood is a network connectivity attack that exploits a vulnerability in the way the TCP protocol establishes a connection via its three-way handshake.

  31. SYN flood • Example • Attacker sends SYN packet from spoofed address • Host sends SYN/ACK packet to spoofed address • Host does not receive ACK from spoofed address and connection remains until timed out These attacks consist of a large number of spoofed TCP connection set-up messages that overload the victim, usually a server. Its TCP/IP stack is not able to handle any further connections and processing queues are completely filled with malicious ‘nonsense’ packets.

  32. SYN flood Preventing a SYN flood attack There are a few things that can be done to protect against SYN flood: Decrease the TCP connection-established timeout period so that the server does not wait as long for the unsent ACK. Increase the length of the connection queue for TCP ports that may be bombarded. Microsoft Windows has a mechanism to detect and start SYN Flood protection. The SYN flooding attack protection feature detects symptoms of SYN flooding and responds by reducing the time the server spends on connection requests that it cannot acknowledge.

  33. DNS attack What is a DNS attack? An attacker can try to convince a target name server to cache a victim’s domain name that resolves to a nonexistent IP address effectively denying that service. Also, can resolve victim’s domain name to attacker’s IP address to collect confidential data. Prevention: upgrade to latest version of BIND

  34. Firewall A firewall protects networked computers from intentional hostile intrusion. It can be a hardware device or a software program running on a secure host computer. Its job is to filter all inbound and outbound traffic routed between two networks to see if it meets certain criteria. If it does the data is allowed through, otherwise it is blocked. Firewalls can filter packets based on source and destination addresses and port numbers and can block data sent by the protocol used e.g. telnet. They may also use a complex rule base that analyse data to determine if it should be allowed through. Network administrators can offer access to specific services to selected LAN users via the firewall.

  35. Firewall rules

  36. Firewall rules

  37. Backup

  38. Bandwidth

  39. Wireless communication IEEE 802.11b Bandwidth of 11 Mbps over 50 – 250 metres at frequency of 2.4 Ghz. Advantages Low cost, good signal range. Disadvantages Slowest speed, supports less users, and devices like mobile phones can interfere with it. IEEE 802.11a Bandwidth of 54 Mbps over 18 – 30 metres at frequency of 5 Ghz. Advantages High speed, more users and less interference. Disadvantages More expensive and weaker signal. IEEE 802.11g Same as 802.11b (successor) but operates at 54 Mbps Advantages Supports more users than 802.11b. Disadvantages More expensive than 802.11b.

  40. Dial-up protocols: SLIP and PPP Serial Line Internet Protocol (SLIP_ is a protocol that enables TCP/IP datagrams to be carried over a serial connection rather than over a network such as Ethernet. It enables home users to connect to the Internet using a modem and a public telephone line to reach their ISP’s server. SLIP requires that an IP address be allocated before each connection is made. Point to Point Protocol (PPP) is a newer alternative to SLIP that is commonly used by ISPs to provide dial-up Internet access. The main difference is that PPP can dynamically obtain an IP address after a connection is made.

  41. Virtual Private Network (VPN) A Virtual Private Network (VPN) is a private network that uses a public network i.e. the Internet to connect remote sites or users together. Instead of using a leased-line it uses virtual connections routed through the Internet from the private network to the remote site or user. VPNs rely on tunnelling as this is the technique that implements the VPN. Tunnelling is the process of placing an entire data packet within another packet and sending it over a network. Advantages are safe and secure data transfer e.g. a packet that uses a private “non-routable” IP address on the network could be sent over the Internet.

  42. VPN protocols: PPTP and L2TP Point to Point Tunnelling Protocol (PPTP) is Microsoft’s tunnelling protocol that works by embedding its data, encrypted separately, into a TCP/IP datagram. Layer 2 – Tunnelling Protocol (L2TP) is a tunnelling protocol that is an extension to PPP protocol and combines the best features of two other tunnelling protocols – PPTP and L2F. It allows the use of multiple tunnels between end points in addition to encryption and authentication (when combined with IPSec)

  43. Berkeley Internet Name Domain (BIND) BIND is a software package that runs the Domain Name System when installed on a server. The software is compatible with a number of Operating Systems including Microsoft and Unix. There are several diagnostic, administrative and monitoring tools and provides resolution services to local clients. It is the most common DNS application in use on domain name servers on the Internet.

More Related