210 likes | 285 Vues
Learn how networking impacts computer security with insights on internet flow, protocol layering, packet switching, and hardware/software systems. 8
E N D
Computer Security Workshops Networking 101
Reasons To Know Networking In Regard to Computer Security • To understand the flow of information on the Internet • To understand the levels of activity in network traffic flow • To understand the basis for vulnerabilities • To understand the basis for security tools and how they work
Base Principle – Packet Switching • Messages broken up into packets • Packets are sent onto network, routed to destination, reassembled • Advantages (compared to circuit switching; e.g. traditional phones) • Better sharing of bandwidth • Greater overall efficiency • Allows more users, no greater delay
Protocol Layering • Protocol: a convention for communication between two agents (aka handshaking) • Motivation: Separation of functionality • Layers take care of particular task re: information • Offer services to next layer in protocol stack • Advantage: modularity • Disadvantages: possible overlap, redundancy of functionality
Protocol Data Units • Layer sends message by building a protocol data unit (PDU) • Take data from layer N, add additional information to meet needs of layer N-1 • PDU handed to next lower layer • Lower layer now has responsibility for message
Internet Protocol Stack • Seven layers in Open Systems Interconnect (OSI) model • 7) Application • 6) Presentation • 5) Session • 4) Transport • 3) Network • 2) Data Link • 1) Physical
General Layer Functions • Segmentation / Reassembly • Breaking large message into standard size chunks • Error Control • How to detect or correct errors • Flow Control • Avoid overwhelming slower systems • Multiplexing • Sharing of lower-level connections • Connection setup • How to establish a virtual communication path
Application Layer (7) • Function: High-Level Application Systems and End-User Processes • Implemented in: Software • PDU: Message • Examples • ftp, http, smtp, telnet, …
Presentation Layer (6) • Function: Provides independence from differences in data representation by formatting and encrypting data • Implemented in Software • Examples: ASCII encoding, NFS, FTP file path/name translation
Session Layer (5) • Function: Establishes, manages and terminates connections between applications • Implemented in software • Examples: SSL, DNS, RPC
Transport Layer (4) • Function/Service: Transport message from one system to another system • Implemented in: Software • PDU: Segment • Two methods • TCP (connection-oriented protocol) • UDP (connectionless protocol)
TCP • TCP=Transmission Control Protocol • Connection-Oriented Service • Guaranteed Delivery of Message • Flow Control • Breaks message into shorter segments • Advantage: More Control • Examples • http, ftp, smtp, telnet
UDP • UDP = User Datagram Protocol • Connection-less Service • No Guaranteed Delivery of Message • No Flow Control / Handshaking • No Overhead For Connection • Continuous Data Stream • Advantage: Faster • Disadvantage: Possible loss of information • Examples • Video, Voice (e.g. phone)
Network Layer (3) • Function/Service: Routing segments from host to host, through intermediate systems • Network Layer receives segment and destination address from Transport Layer • Implemented in: Hardware & Software • PDU: Datagram • Two major parts • IP Protocol: structure of datagram, how end systems (and routers) act on this information • Routing protocols: for transfer from source host to destination host • Examples: IP, IPX
Data Link Layer (2) • Function/Service: Move a datagram from one node to the next in the route • Implemented in: Hardware • PDU: Frame • Examples: • Ethernet, Token Ring, FDDI, Gigabit Ethernet
Physical Layer (1) • Function/Service: Routing physical bits from one network node to adjacent node • Implemented in: Hardware • PDU: Bits • Examples • Optical fiber, Twisted pair wire, Coaxial cable • Voltage levels, signaling
Types of Hardware/Software Systems • End Systems / Hosts • Implement all layers • Routers/Packet Switches • Implement layers 1-3 • Can implement IP protocol • Bridges • Implement layer 1-2 • Hubs • Implement layer 1 only • Essentially repeaters • Firewalls • Packet filtering (operate at layer 3) • Application gateways (operate at layer 7)
Internet Addressing • 32-bit quantity that uniquely identifies internet host • Displayed www.xxx.yyy.zzz • Split into two parts: network and host • E.g. 198.23.168 network (198.23.168.0/24) has 256 possible hosts (last part 0-255) • Certain network segments reserved • Can be used for isolated private networks • 10.0.0.0 – 10.255.255.255; 172.16.0.0 – 172.31.255.255; 192.168.0.0 – 192.168.255.255
Port • Certain system process must respond to a particular application protocol (e.g. ftp, smtp) • Port is the “address” for application communication on system • E.g. Port 80 for http • E.g. Port 25 for smtp • E.g. Port 1521 for Oracle connections • Port List: http://www.iana.org/assignments/port-numbers
Socket • Interface between the application layer and the transport layer • Acts as an API between application and network • Programmer only controls application side, plus a few transport level details • Transport protocol (TCP or UDP) • A few transport parameters (e.g. maximum buffer size)
Additional Information • Internet Engineering Task Force (IETF) • http://www.ietf.org • Primary documents: RFCs • IP: RFC 791 • TCP: RFC 793 • UDP: RFC 768 • Internet Addressing: RFC 900 • OSI Model and Information Security • http://www.giac.org/practical/GSEC/Damon_Reed_GSEC.pdf