Computer Security Computer Security WorkshopsWorkshops

Networking 101Networking 101

Reasons To Know Networking In Reasons To Know Networking In Regard to Computer SecurityRegard to Computer Security

To understand the flow of information on To understand the flow of information on the Internetthe InternetTo understand the levels of activity in To understand the levels of activity in network traffic flownetwork traffic flowTo understand the basis for vulnerabilitiesTo understand the basis for vulnerabilitiesTo understand the basis for security tools To understand the basis for security tools and how they workand how they work

Base Principle – Packet SwitchingBase Principle – Packet Switching

Messages broken up into packetsMessages broken up into packetsPackets are sent onto network, routed to Packets are sent onto network, routed to destination, reassembleddestination, reassembledAdvantages (compared to circuit Advantages (compared to circuit switching; e.g. traditional phones)switching; e.g. traditional phones) Better sharing of bandwidthBetter sharing of bandwidth Greater overall efficiencyGreater overall efficiency Allows more users, no greater delayAllows more users, no greater delay

Protocol LayeringProtocol Layering

Protocol: a convention for communication Protocol: a convention for communication between two agents (aka handshaking)between two agents (aka handshaking)

Motivation: Separation of functionalityMotivation: Separation of functionality Layers take care of particular task re: informationLayers take care of particular task re: information Offer services to next layer in protocol stackOffer services to next layer in protocol stack Advantage: modularityAdvantage: modularity Disadvantages: possible overlap, redundancy of Disadvantages: possible overlap, redundancy of

functionalityfunctionality

Protocol Data UnitsProtocol Data Units

Layer sends message by building a Layer sends message by building a protocol data unit (PDU)protocol data unit (PDU) Take data from layer N, add additional Take data from layer N, add additional

information to meet needs of layer N-1information to meet needs of layer N-1

PDU handed to next lower layerPDU handed to next lower layer

Lower layer now has responsibility for Lower layer now has responsibility for messagemessage

Internet Protocol StackInternet Protocol Stack

Seven layers in Open Systems Interconnect Seven layers in Open Systems Interconnect (OSI) model(OSI) model 7) Application7) Application 6) Presentation6) Presentation 5) Session5) Session 4) Transport4) Transport 3) Network3) Network 2) Data Link2) Data Link 1) Physical1) Physical

General Layer FunctionsGeneral Layer Functions

Segmentation / ReassemblySegmentation / Reassembly Breaking large message into standard size chunksBreaking large message into standard size chunks

Error ControlError Control How to detect or correct errorsHow to detect or correct errors

Flow ControlFlow Control Avoid overwhelming slower systemsAvoid overwhelming slower systems

MultiplexingMultiplexing Sharing of lower-level connectionsSharing of lower-level connections

Connection setupConnection setup How to establish a virtual communication pathHow to establish a virtual communication path

Application Layer (7)Application Layer (7)

Function: High-Level Application Systems Function: High-Level Application Systems and End-User Processesand End-User Processes

Implemented in: SoftwareImplemented in: Software

PDU: MessagePDU: Message

ExamplesExamples ftp, http, smtp, telnet, …ftp, http, smtp, telnet, …

Presentation Layer (6)Presentation Layer (6)

Function: Provides independence from Function: Provides independence from differences in data representation by differences in data representation by formatting and encrypting dataformatting and encrypting data

Implemented in SoftwareImplemented in Software

Examples: ASCII encoding, NFS, FTP file Examples: ASCII encoding, NFS, FTP file path/name translationpath/name translation

Session Layer (5)Session Layer (5)

Function: Establishes, manages and Function: Establishes, manages and terminates connections between terminates connections between applicationsapplications

Implemented in softwareImplemented in software

Examples: SSL, DNS, RPCExamples: SSL, DNS, RPC

Transport Layer (4)Transport Layer (4)

Function/Service: Transport message from Function/Service: Transport message from one system to another system one system to another system

Implemented in: SoftwareImplemented in: Software

PDU: SegmentPDU: Segment

Two methodsTwo methods TCP (connection-oriented protocol)TCP (connection-oriented protocol) UDP (connectionless protocol)UDP (connectionless protocol)

TCPTCP

TCP=Transmission Control ProtocolTCP=Transmission Control ProtocolConnection-Oriented ServiceConnection-Oriented Service Guaranteed Delivery of MessageGuaranteed Delivery of Message Flow ControlFlow Control

Breaks message into shorter segmentsBreaks message into shorter segmentsAdvantage: More ControlAdvantage: More ControlExamplesExamples http, ftp, smtp, telnethttp, ftp, smtp, telnet

UDPUDP

UDP = User Datagram ProtocolUDP = User Datagram ProtocolConnection-less ServiceConnection-less Service No Guaranteed Delivery of MessageNo Guaranteed Delivery of Message No Flow Control / HandshakingNo Flow Control / Handshaking No Overhead For ConnectionNo Overhead For Connection

Continuous Data StreamContinuous Data StreamAdvantage: FasterAdvantage: FasterDisadvantage: Possible loss of informationDisadvantage: Possible loss of informationExamplesExamples Video, Voice (e.g. phone)Video, Voice (e.g. phone)

Network Layer (3)Network Layer (3)

Function/Service: Routing segments from Function/Service: Routing segments from host to host, through intermediate systemshost to host, through intermediate systems Network Layer receives segment and destination Network Layer receives segment and destination

address from Transport Layeraddress from Transport Layer

Implemented in: Hardware & SoftwareImplemented in: Hardware & SoftwarePDU: DatagramPDU: DatagramTwo major partsTwo major parts IP Protocol: structure of datagram, how end IP Protocol: structure of datagram, how end

systems (and routers) act on this informationsystems (and routers) act on this information Routing protocols: for transfer from source host to Routing protocols: for transfer from source host to

destination hostdestination host

Examples: IP, IPXExamples: IP, IPX

Data Link Layer (2)Data Link Layer (2)

Function/Service: Move a datagram from Function/Service: Move a datagram from one node to the next in the routeone node to the next in the route

Implemented in: HardwareImplemented in: Hardware

PDU: FramePDU: Frame

Examples:Examples: Ethernet, Token Ring, FDDI, Gigabit EthernetEthernet, Token Ring, FDDI, Gigabit Ethernet

Physical Layer (1)Physical Layer (1)

Function/Service: Routing physical bits Function/Service: Routing physical bits from one network node to adjacent from one network node to adjacent nodenodeImplemented in: HardwareImplemented in: HardwarePDU: BitsPDU: BitsExamplesExamples Optical fiber, Twisted pair wire, Coaxial Optical fiber, Twisted pair wire, Coaxial

cablecable Voltage levels, signalingVoltage levels, signaling

Types of Hardware/Software Types of Hardware/Software SystemsSystems

End Systems / HostsEnd Systems / Hosts Implement all layersImplement all layers

Routers/Packet SwitchesRouters/Packet Switches Implement layers 1-3Implement layers 1-3 Can implement IP protocolCan implement IP protocol

BridgesBridges Implement layer 1-2Implement layer 1-2

HubsHubs Implement layer 1 onlyImplement layer 1 only Essentially repeatersEssentially repeaters

FirewallsFirewalls Packet filtering (operate at layer 3)Packet filtering (operate at layer 3) Application gateways (operate at layer 7)Application gateways (operate at layer 7)

Internet AddressingInternet Addressing

32-bit quantity that uniquely identifies internet 32-bit quantity that uniquely identifies internet hosthostDisplayed www.xxx.yyy.zzzDisplayed www.xxx.yyy.zzzSplit into two parts: network and hostSplit into two parts: network and host E.g. 198.23.168 network (198.23.168.0/24) has 256 E.g. 198.23.168 network (198.23.168.0/24) has 256

possible hosts (last part 0-255)possible hosts (last part 0-255)

Certain network segments reservedCertain network segments reserved Can be used for isolated private networksCan be used for isolated private networks 10.0.0.0 – 10.255.255.255; 172.16.0.0 – 10.0.0.0 – 10.255.255.255; 172.16.0.0 –

172.31.255.255; 192.168.0.0 – 192.168.255.255172.31.255.255; 192.168.0.0 – 192.168.255.255

PortPort

Certain system process must respond to a Certain system process must respond to a particular application protocol (e.g. ftp, smtp)particular application protocol (e.g. ftp, smtp)Port is the “address” for application Port is the “address” for application communication on systemcommunication on system E.g. Port 80 for httpE.g. Port 80 for http E.g. Port 25 for smtpE.g. Port 25 for smtp E.g. Port 1521 for Oracle connectionsE.g. Port 1521 for Oracle connections

Port List: Port List: http://www.iana.org/assignments/port-numbershttp://www.iana.org/assignments/port-numbers

SocketSocket

Interface between the application layer and the Interface between the application layer and the transport layertransport layer

Acts as an API between application and networkActs as an API between application and network

Programmer only controls application side, plus Programmer only controls application side, plus a few transport level detailsa few transport level details Transport protocol (TCP or UDP)Transport protocol (TCP or UDP) A few transport parameters (e.g. maximum buffer A few transport parameters (e.g. maximum buffer

size)size)

Additional InformationAdditional Information

Internet Engineering Task Force (IETF)Internet Engineering Task Force (IETF) http://www.ietf.orghttp://www.ietf.org Primary documents: RFCsPrimary documents: RFCs

IP: RFC 791IP: RFC 791TCP: RFC 793TCP: RFC 793UDP: RFC 768UDP: RFC 768Internet Addressing: RFC 900Internet Addressing: RFC 900

OSI Model and Information SecurityOSI Model and Information Security http://www.giac.org/practical/GSEC/Damon_Rhttp://www.giac.org/practical/GSEC/Damon_R

eed_GSEC.pdfeed_GSEC.pdf