1 / 92

IP Networking, Web, & Network Security 101

IP Networking, Web, & Network Security 101. “Building Your Foundation”. Overall Agenda. Introduction Internet & Web basics IP addressing Classes & CIDR Blocks AS Numbers DHCP, BGP, NAT Network Security Encryption Firewalls. Internet & Web Overview.

sylvia-edwards
Télécharger la présentation

IP Networking, Web, & Network Security 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP Networking, Web, & Network Security 101 “Building Your Foundation”

  2. Overall Agenda • Introduction • Internet & Web basics • IP addressing • Classes & CIDR Blocks • AS Numbers • DHCP, BGP, NAT • Network Security • Encryption • Firewalls GTCC

  3. Internet & Web Overview

  4. The Internet & Web: Revolution Or Hype!!! • Is it: • Tulip mania? • Or is it: • A new revolution & scaling of economies (not unlike the railroads in 1835) • Going from local to national to global GTCC

  5. Changing Business Environments • Moving to a digital, information-based economy • More complex & faster-paced • “virtual offices”, “Internet time”, “coopetition”, “disintermediation” • Issues of primary concern to businesses • Improve the supply chain - tighten integration with suppliers • No matter their size - increases efficiency and barriers to competition • Strengthen the demand chain - deepen relationships with customers and creating new distribution channels • Accelerate time-to-market - extend geographic reach without bricks and mortar • Focus on core competencies - reduce costs while increasing levels of service GTCC

  6. What’s Driving All The Excitement • Virtual Private Networks (VPN) • Audio and video conferencing • Business Applications • Entertainment • Collaboration • Commerce • E-mail • Virtual marketing GTCC

  7. Benefits to the Corporation • Increase revenues • Boost sales force productivity • Reduce marketing expense and increase exposure • Increase customer satisfaction, but reduce support costs • Boost overall corporate productivity - everyone on-line GTCC

  8. Internet & Web Basics GTCC

  9. The Internet Past and Present (Great ROI For $25M) • 1969 - ARPANET networking research - the start of the Internet ( first Man on Moon, Nixon Inaugurated, Woodstock in NY and Sesame Street debuts) • 1972 - E-mail( Nixon visits China, Dow hits 1,000, Watergate Scandal unfolds, FedEx and Nike founded) • 1973 - International connections & Ethernet (Godfather II released,Foreman defeats Frazier, Agnew resigns, Ford is new VP, World Trade Center is opened, and Roe V Wade) • 1983- All computers on Arpanet must use TCP/IP. (cell phones make first appearance in Chicago,Australia wins Americas Cup, Michael Jackson releases Thriller) • 1984 DNS introduced (Mac PC introduced, Olympic games in L.A., Reagan reelected, McEnroe wins U.S.open and Wimbledon) • 1986 - NSFNET created (Platoon is Best Picture, Chernobyl explodes, Ivan Boesky pleads guilty to insider trading) • 1990 - Commercialization of the Internet( East and West Germany Unite, Dances with wolves wins best picture, Hubbell telescope placed in Orbit) • 1992 - World Wide Web is introduced ( 1,000,000 computers on Net. John Gotti Convicted, Euro Disney opens, Clinton elected, L.A. Riots). • 1993-INTERNIC formed to register IP and Domain Names (Elvis stamps Debut, Trade center bombed, Schindlers list wins best picture, 51 day standoff in Waco) • 1995-NSFNET turns internet over to private sector & starts Internet II.. The revolution begins (Oklahoma City bombing, O.J. Bronco Chase, Dow hits 5,000. Dean Martin dies. Silence of the Lambs wins Oscar) • Today, growing faster than any sector • In two years Internet access audience greater than number of households with Televisions after 40 years • Future: E-everything GTCC

  10. ARPANet Circa 1977 GTCC

  11. How The Internet Works • Data is passed from one network to another by ISP’s • Traffic is passed by “peering” (cross-connecting) the networks at defined locations - Internet Exchange Points (IXPs) • IXP locations • Network Access Points (NAPs) • Original jump-on points from old NSFNet • PB NAP - San Francisco Bay Area, Ameritech NAP - Chicago, Sprint NAP - New York City (Pensauken, NJ) • Metropolitan Area Exchange (MAE) • Developed by MFS • MAE East - Washington D.C., MAE West - San Francisco Bay Area, MAE-LA, MAE-Dallas, MAE-Chicago • Palo Alto Internet Exchange (PAIX) & NASA • Of the 7,000 plus ISP’s just in North America, only a select handful are large enough to peer, the rest buy transit GTCC

  12. Also, The Internet Is Packet Switched NotCircuit Switched • Circuit Switched Networks: • 23 or 24 simultaneous connections • 56/64 kbps of bandwidth per connection, bandwidth reserved whether used or not • Packet Switched Networks • 200 simultaneous connections possible • 7.7 kbps average per user, total bandwidth shared amongst “n” users • So, a single T-1 with packet data handles 8x the users, costs far less than equivalent circuit switched facilities Packet Switched Circuit Switched GTCC

  13. Public Peering Point So, The Internet Is A Collection Of Large ISP Infrastructures UUNet MCI XO Sprint AOL GTCC

  14. Chicago NAP (AADS) MAE Chicago Palo Alto IX Pacific Bell NAP NASA Sprint NAP MAE West MAE East MAE LA MAE Dallas Public Peering Point Public NAP’s Are Located Around The Country(Network Access Point) GTCC

  15. IXP ISP “A” Network ISP “B” Network ISP “C” Network This Peering Allows Customers Of ISP “A” To Communicate With Customers Of ISP “B” GTCC

  16. Public Peering Locations Are Severely Congested NAPs - given to the private sector from the government So bad that NSF (National Science Foundation) officially cut ties to the Internet May 13th, 1995 Government since has developed Internet II Only select government agencies and research institutions may jump-on Not all IXPs are telco hardened data centers MAE-East is in an underground parking garage Supposedly, 70% of Internet traffic goes through MAE-East But Not All Is Right In Mayberry!!! GTCC

  17. XO AOL PSI Exodus UUnet HKT NTT GX Private Peering Point To Solve The Problem, ISPs Privately Peer! GTCC

  18. XO UUnet Private Peering Has To Be Mutually Advantageous!(Both Parties Have Large Amounts Of Data That Need To Be Transferred Between Each Other) GTCC

  19. AT&T Asia Qwest UUnet UUnet AUCS Teleglobe AADS NAP NYIIX Sprint Digex Exodus IDC C&W PSI Sprint SwissCom Above Level3 New York New York PAIX San Francisco California LINX Exodus London England Chicago Illinois KTHNOC Teleglobe UUnet Stockholm Sweden NASA AMES Palo Alto California AMS-IX AT&T Amsterdam Holland Netscape MAE Frankfurt Mountain View California MAE West Frankfurt Germany BIG ISP.com deCIX AGIS Santa Clara California SFINX PB NAP MAE Paris Paris France PARIX Exodus C&W Sprint AT&T San Jose California Pennsauken New Jersey Qwest Sprint NAP MAE ATM West Dallas Texas Ashburn Virginia AOL Level3 Washington DC UUnet MAE East Los Angeles California Exodus MAE LA AOL MAE ATM Central Level3 MAE ATM East Teleglobe Qwest PSI Sprint Exodus C&W Qwest LA PB NAP UUnet GTCC LAIIX PSI Level3

  20. Vixie Genuity Netcom 4200 UOI France Telecom IBM.IL NAPnet Net NetCO Singtel Telstra Inter Acces OAR ConXioN DRAnet Scruz Alpha Dot Digex @Home Verio OneCall IGN Verio KDD Stanford Teleglobe ESnet Genuity Global Center NetRail IIJ Cerfnet DEC I1 Argonne AT&T Disc CERN MIX IconNet GoodNet CRL ELI IGN AT&T CAIS N IconNet ELI Epoch CET Quza IDT AADS NAP AT&T Asia Qwest UUnet UUnet AUCS Teleglobe NYIIX Sprint Digex Global Center Nuri Exodus ISBEnet FiberNet Road Runner Exodus IDC C&W PSI Sprint SwissCom Above M New York New York Level3 San Francisco California LINX London England Exodus Chicago Illinois HK Tel CP Above Globix NWU PAIX KTHNOC Teleglobe Stockholm Sweden UUnet NASA AMES Data Place Road Runner Palo Alto California AMS-IX A AT&T Amsterdam Holland L Netscape TW MAE Frankfurt Mountain View California B BIG ISP.com K MAE West Frankfurt Germany J deCIX AGIS Santa Clara California SFINX PB NAP MAE Paris C I Paris France H PARIX Exodus C&W Sprint AT&T San Jose California Pennsauken New Jersey G Qwest Sprint NAP BBN HE.net MAE ATM West Dallas Texas Ashburn Virginia F AOL Washington DC Level3 MAE East UUnet Globix NetRail MAE LA Los Angeles California Exodus AOL MAE ATM Central Megs Inet E MAE ATM East Level3 Teleglobe Qwest PSI Sprint Road Runner @home Exodus LA PB NAP C&W Qwest Data Place Voicenet UUnet LAIIX PSI Level3 TW Interpath D AT&T Disc Road Runner Above Voicenet BBN Globix Road Runner Oleane TW Gridnet Cable Inet @Home Erols Globix Global Center Road Runner CAIS Above Digex AT&T Disc Voicenet Global Center IDT KDD DTAG IGN Los Netos Genuity IIJ Epoch GTCC Digex ESnet Above Cerfnet

  21. CRL NAPnet Netcom Scruz Lighting Colt EUnet Net Access LINX LINX LINX LINX LINX LINX LINX LINX IGN ICONnet ConXioN EUnet Wirehub FiberNet TTSG LINX LINX LINX LINX LINX LINX LINX LINX Above Well GoodNet Planet Online Zocalo LINX LINX LINX LINX LINX LINX LINX LINX ESnet NASA AT&T Disc DPnet LINX LINX LINX LINX LINX LINX LINX LINX IDT CERFnet LINX LINX LINX LINX LINX Digex LINX LINX LINX Linkage Erols LINX LINX LINX ELI LINX dGIX dGIX dGIX Brainstorm Nacamar Verio dGIX dGIX dGIX N Data Exchange CAIS A M dGIX dGIX dGIX BIG ISP.com B L IDC Verio dGIX dGIX dGIX C K D J dGIX dGIX dGIX E I AT&T Compu Serve F dGIX dGIX dGIX H G Netcom MIBX AIN Net Konect NetAsset PBI ServInt Surfnet Well Support Net InTouch EUnet GoodNet AGIS DTAG Genuity IIJ Gridnet IGN OneCall Getnet Euronet BBN Verio Erols CRL @Home Data Exchange FiberNet NAPnet NetRail AGIS CERFnet Wirehub Global Center ConXioN UUnet NL Telanor Netnews EuroNet IGN Interpath Nacamar TEN Teleglobe FCI CRL MAI Belnet Singtel NetRail Eunet Sprint Intl’ NASA Netcom Erols ConXion ESnet ConXioN Cabletel France Telecom Epoch IDT ELI Cistron Digex Above Media ways GTCC WireHub ELI Genuity CAIS A2000 Scruz Vixie INS

  22. ISP ISP Smaller ISPs Must Rely On Severely Congested “Public Peering” Locations, Or Transit From A Larger ISP NAP NAP ISP GTCC

  23. AS Numbers:An ISP’s Social Security Number GTCC

  24. AS Numbers - Networks on the Internet • Every network on the Internet has a unique identifier or AS number. • AS = Autonomous System • Without an AS number you cannot tell the world about your content, you cannot announce your routes, you cannot have BGP • Managed and controlled by ARIN • XO is ASN 2828, XO Europe is ASN 5413 • ASN 5413 announces all of AS 2828… • UUNET is ASN 701 • Genuity (BBN) is ASN 1 (they were the first) • etc... GTCC

  25. Where ISP’s are on the Internet. GTCC

  26. San Jose Public Peering New York - MAE-West Public Peering - PB-NAP Chicago - Sprint-NAP - PAIX Public Peering Private Peering Private Peering - AADS - UUnet - UUnet Private Peering - Cable & Wireless - Cable & Wireless - UUnet - Sprint - Sprint - Cable & Wireless - Level (3) - Level (3) - Sprint - Exodus - Exodus - Level (3) - Abovenet - Abovenet - Abovenet - PSInet - PSInet - PSInet - Teleglobe - Qwest - Qwest - Bell Canada - Genuity - Genuity - etc... - @Home - @Home - Global Center - Global Center - KDD - etc. Washington, DC - IDC Public Peering - Hong Kong Tel - MAE-East - etc. - Equinix Private Peering Los Angeles - UUnet Public Peering - Cable & Wireless - MAE LA - Sprint - LA PB-NAP Dallas - Level (3) Private Peering Public Peering - AOL - UUnet - Exodus - MAE ATM - Sprint - Abovenet Private Peering - Level (3) - PSInet - Exodus - UUnet - Qwest - Abovenet - Level (3) - Genuity - PSInet - Genuity - @Home - Qwest - @Home - Global Center - Global Center - etc... - Teleglobe - etc... Example of US Internet Peering Infrastructure To Europe GTCC

  27. Example Of European Internet Peering Infrastructure Stockholm London Public Peering Public Peering - KTHNOC - LINX Private Peering Amsterdam To USA - Infonet Europe Public Peering - Abovenet - AMS-IX - Ebone Paris Frankfurt Public Peering Public Peering - PARIX - deCIX - SFINX GTCC

  28. So, You Want To Be An ISP • You will need: • An AS Number (BGP requires it) • Without you can’t be identified • Get it from ARIN • Public/Private peering or transit relationships • Almost impossible to get peering now days (usually done through acquisition) • DNS, email, web servers, etc. • IP address blocks from ARIN • 24x7 technical & support staff • Solid infrastructure of routers, switches, servers, etc. • And last……….LOTS OF MONEY GTCC

  29. The Internet Is Truly A “Network Of Networks” GTCC

  30. Some Of The Nuts & Bolts GTCC

  31. OSI vs. TCP/IP • Both have been around since the 70’s OSI TCP/IP Application (Layer 7) Application Presentation (Layer 6) Session (Layer 5) Transport (Layer 4) Transmission Control Network (Layer 3) Internet Data Link (Layer 2) Subnet Physical (Layer 1) GTCC

  32. What Is TCP/IP?? • IP: connectionless protocol • Responsible for the sending/routing of IP Datagrams • Analogy: sending a letter • TCP: connection-oriented protocol • Responsible for reliable transport of IP Datagrams • Analogy: placing a phone call GTCC

  33. The IP Protocol • Performs packetization of user data • IP is the hatchet man of the protocol stack- it segments and packets data in Datagrams, but IP has not intelligence • Puts header on datagram and shoots it out. • Datagrams can take various paths/ no assurance of arrival or arriving uncorrupted • Allows nodes to read header and route to next downstream connection. If anything on Network path gets corrupted the Datagram is discarded.No return message saying Datagram did not arrive . This simplicity improves Network efficiency GTCC

  34. The TCP Protocol • Transmission Control Protocol provides the brains to overcome IP • At receiving end it puts data back into its proper sequence and ensures accuracy • At sending end • Puts a byte count header in the Datagram for comparison at receiving end. If Data is corrupted or does not arrive a message is sent back requesting the data again. GTCC

  35. TCP Continued! • TCP also holds all Datagrams (buffers them) until all lost packets are re-sent and able to be assembled in their proper order. • This makes data reception and accuracy the responsibility of the end user and not the Network. TCP orchestrates the connection • The network is only a transport system not a computer processing function GTCC

  36. IP Addressing GTCC

  37. 128 128 1 27 0 64 0 26 32 25 0 0 1 24 16 16 1 8 8 23 4 22 0 0 21 0 0 2 20 1 1 1 Binary Math: The Foundation of IP Addressing • Computers use the binary numbering system (on/off) • 1’s and 0’s or the power of 2 • Number of 1’s/0’s determines number of unique combinations • The longer the string the more unique combinations • But who can remember all those 1’s and 0’s, so here’s an easy way to convert = 153 GTCC

  38. IP Addressing • An IP address is a software-based numeric identifier assigned to each machine on an IP network. • Each Computer is distinguished by this unique IP address. • Combination of 32 ones and zeros • eg. 11100011.00010100.11111001.1010101 identifies one unique computer host GTCC

  39. /24 256 /25 128 /26 64 /27 32 /28 16 /29 8 /30 4 /31 2 IP Addressing Continued • Two methods of IP Addressing • Class based • An IP address is organized into 4 groups of 8bit numbers such as:199.232.255.113 • Classless based • An IP address is organized into one block of 32 bits, counting right to left in decreasing order -------- = -------- GTCC

  40. IP Addresses • IP addresses are made up of network and host addresses- • in 199.232.255.113 the 199.232.255 is the Network address shared by every machine on that network. The .113 is the host address assigned to a particular machine. • IP addresses are difficult to remember so domain names are mapped to each IP address GTCC

  41. IP Addresses Can Be Broken Into Classes • Class A’s, B’s, C’s, D’s, & E’s • But only Class A’s through C’s have really been used. GTCC

  42. Class A addresses • Class A networks- the El grande of IP networks • Only 126 class A addresses are possible. Each Class A network can have in excess of 16 million computers in its individual networks GTCC

  43. Class B addresses • Class B Networks- Can have 65,000 workstations on the network. There are approximately. 65,000 Class B networks GTCC

  44. Class C addresses • Class C Networks- can have 254 workstations on the network. There are several million Class C Networks. GTCC

  45. CIDR Blocks • CIDR- Classless Internet Domain Routing. • With a New Network being connected to internet every 30 minutes the Internet faced two problems : Running out of IP addresses. Running out of capacity in the global routing tables • Because Addresses were only assigned in three classes there was a lot of wasted addresses… IE. If you needed 100 addresses you would be assigned a Class C. But that meant 154 addresses were unused. CIDR solutions- replaces old wasteful practice of assigning class B&C addresses. ALLOWS FOR ARBITRARY SIZED NETWORKS GTCC

  46. MORE CIDR • An ISP can carve out a block of registered IP addresses to specifically meet the needs of each client • CIDR allows a single routing table entry to specify how to route traffic to many individual network addresses. This route aggregation helps control the amount of routing information on the Internets backbone routers. GTCC

  47. CIDR • A CIDR address includes the standard 32-bit IP address and also information on how many bits are used for the network prefix. • In the CIDR address 206.13.01.48/24, the "/24" indicates the first 24 bits are used to identify the unique network leaving the remaining 8 bits to identify the specific hosts… or 256 • So if someone asks for a / 27 they are telling you in geek speak they need 25 or 32 IP addresses 5 GTCC

  48. IP Address & Domain Name Registration • Responsibility for management/distribution of IP addresses handled by 3 Regional Internet Registries (RIR) • ARIN - American Registry for Internet Numbers • RIPE - Reseaux IP Europeens • APNIC - Asia Pacific Network Information Center • ARIN requirements • Must use 50% of IP address allocation immediately • Must use 80% of IP address allocation within 6 months • Must use 100% of IP address allocation by year end • If not, and ISP is audited, customer may have to turn-in all addresses GTCC

  49. North America - Domain Names Are Registered With Network Solutions (And Others) • Used to be called InterNIC • Cooperative effort between the U.S. Government and a private company, Network Solutions (Now Verisign) (www.networksolutions.com) (www.netsol.com) • Currently, about 15 other companies compete with Network Solutions for domain name registration • Management & distribution of domain names • Once the domain name is registered, Network Solutions propagates the name to all the domain name system (DNS) servers on the Internet GTCC

  50. An IP Example!!! • The Internet is divided into addressing Domains • Within a domain detailed information is available about all networks that reside in that domain. Outside the domain, only the network prefix is advertised. This allows a single routing table entry to specify a route to many network addresses 200.25.46.0/20 200.25.0.0/16 one routing table for all these networks and hosts Internet ISP 200.25.16.0/21 200.25.30.0/23 200.25.24.0/22 200.25.30.0/24 200.25.31.0/24 200.25.16.0/24 200.25.17.0/24 200.25.18.0/24 200.25.19.0/24 200.25.20.0/24 200.25.24.0/24 200.25.25.0/24 200.25.26.0/24 Organization A Organization C Organization B GTCC

More Related