ISA 3200NETWORK SECURITY Chapter 2: An Introduction to Networking
Learning Objectives
Upon completion of this chapter, you should be able to: Describe the basic elements of computer-based data
communication Know the key entities and organizations behind current
networking standards, as well as the purpose of and intent behind the more widely used standards
Explain the nature and intent of the OSI reference model and list and describe each of the model’s seven layers
Describe the nature of the Internet and the relationship between the TCP/IP protocol and the Internet
2
5/31 and 6/2ISA 3200---Summer 2010
Networking Fundamentals
Fundamental exchange of information: sender communicates message to receiver over some medium
Communication only occurs when recipient is able to receive, process, and comprehend message
One-way flow of information is called a channel
When recipient becomes a sender, for example by responding to original sender’s message, this two-way flow is called a circuit
3
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 4
Networking Fundamentals (continued) 4
Any medium may be subject to interference, called noise, which occurs in variety of forms Attenuation: loss of signal strength as
signal moves across media Crosstalk: occurs when one transmission
“bleeds” over to another Distortion: unintentional variation of
communication over media
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 5
Networking Fundamentals (continued) 5
Any medium may be subject to interference, called noise, which occurs in variety of forms (continued) Echo: reflection of a signal due to equipment
malfunction or poor design Impulse: sudden, short-lived increase in signal
frequency or amplitude, also known as a spike Jitter: signal modification caused by
malfunctioning equipment White noise: unwanted noise due to signal
coming across medium at multiple frequencies
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 6
Reasons to Network 6
Data communications: exchange of messages across a medium
Networking: interconnection of groups or systems with purpose of exchanging information
Some reasons to build a network: To exchange information To share scarce or expensive resources To allow distributed organizations to act as if
centrally located5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 7
Types of Networks 7
Networks can be categorized by: Components: peer-to-peer (P2P), server-
based, distributed multi-server Size: local area network (LAN), metropolitan
area network (MAN), wide area network (WAN)
Layout or topology: physical (ring, bus, star, hierarchy, mesh, hybrid), logical (bus, star)
Media: guided (wired), unguided (wireless)
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 8
Network Standards 8
Among the agencies that work on data communications standards are: Internet Society (ISOC) Internet Assigned Numbers Authority (IANA) American National Standards Institute (ANSI) International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers
(IEEE) Telecommunications Industry Association (TIA) International Organization for Standardization
(ISO)5/31 and 6/2ISA 3200---Summer 2010
Layered Schemes
5/31 and 6/2ISA 3200---Summer 2010
9
Communication is so complex that it is very helpful to modularize the systems involved
The scheme generally used is a layered scheme
Each layer in a communication ‘stack’ handles one aspect of communication over a network
Logical vs. Actual
5/31 and 6/2ISA 3200---Summer 2010
10
A layer operates by Receiving data from a higher layer Sending data to a lower layer
Logically, a layer acts as if it is communicating with the associated layer on a different system
5/31 and 6/2ISA 3200---Summer 2010 11
Layer 1
Layer 2
Layer 3
Host A
Layer 1
Layer 2
Layer 3
Host B
Logical Channels
Hops
5/31 and 6/2ISA 3200---Summer 2010
12
Connecting one network to another Some hosts belong to two or more
networks Communication can move from physical
network to physical network
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 13
OSI Reference Model and Security 13
OSI reference model allocates functions of network communications into seven distinct layers, each with its own functions and protocols
Premise of model is information sent from one host is translated and encoded through various layers, from Application layer to Physical layer
Physical layer initiates transmission to receiver Receiver translates and decodes message by
processing information through each layer in reverse order
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 14
The Physical Layer 14
The primary function of the Physical layer is to place the transmission signal carrying the message onto the communications media—that is, to put “bits on a wire”
The functions of the Physical layer are: Establish and terminate the physical and logical
connection to the media Manage the flow and communication on the
media Embed the message onto the signal carried
across the physical media
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 15
Network Media 15
Dominant media types and standards include: Coaxial cable Fiber-Optic cable Twisted-pair wire Wireless LAN Bluetooth Infrared
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 16
Embedding the Message 16
Method used to embed message on signal depends on type of message and type of signal
Two types of message (or information): Analog information: continuously varying
source (such as voice communications) Digital information: discrete, between a few
values (such as computer communications)
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 17
Embedding the Message (continued) 17
Multiplexing combines several circuits to create high-bandwidth stream to carry multiple signals long distances
Three dominant multiplexing methods are: Frequency division multiplexing (FDM):
combines voice channels Time division multiplexing (TDM): assigns a
time block to each client Wave division multiplexing (WDM): uses
different frequencies of light so multiple signals can travel on same fiber-optic cable
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 18
Managing Communication 18
Bit (or signal) flow conducted in several ways: Simplex transmissions: flow one way through a
medium Half-duplex transmissions: flow either way, but in
only one direction at a time Full-duplex transmissions: can flow both ways at
the same time Serial transmissions: flow one bit at a time down
a single communications channel Parallel transmissions: flow multiple bits at a time
down multiple channels
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 19
Managing Communication (continued) 19
Asynchronous (or timing-independent) Formulate data flow so each byte or character
has its own start and stop bit Used in older modem-based data transfers to
send individual characters between systems Synchronous (or timing-dependent)
Use computer clocking to transmit data in continuous stream between two systems
Clock synchronization makes it possible for end nodes to identify start and end of data flow
This protocol is much more efficient
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 20
Data Link Layer 20
Primary networking support layer Referred to as first “subnet” layer
because it provides addressing, packetizing, media access control, error control, and some flow control for local network
In LANs, it handles client-to-client and client-to-server communications
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 21
Data Link Layer (continued) 21
DLL is further divided into two sublayers: Logical Link Control (LLC) sublayer
Primarily designed to support multiplexing and demultiplexing protocols transmitted over MAC layer
Also provides flow control and error detection and retransmission
Media Access Control (MAC) sublayer Designed to manage access to communications
media—in other words, to regulate which clients are allowed to transmit and when
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 22
DLL Protocols 22
Dominant protocol for local area networking is Ethernet for wired networks and Wi-Fi for wireless networks
Other DLL LAN protocols include: Token ring Fiber Distributed Data Interface (FDDI) Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol (L2TP)
WANs typically use ATM and frame relay5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 23
Forming Packets and Addressing 23
First responsibility of DLL is converting Network layer packet into DLL frame
DLL adds not only a header but also a trailer When necessary, packet is fragmented into
frames, with corresponding information embedded into each frame header
Addressing is accomplished with a number embedded in network interface card (NIC)
This MAC address allows packets to be delivered to an endpoint; typically shown in hexadecimal format (e.g., 00-00-A3-6A-B2-1A)
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 24
Media Access Control 24
A primary function of DLL is controlling flow of traffic—that is, determining which station is allowed to transmit when
Two general approaches: Control Contention
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 25
Media Access Control (continued) 25
Control (deterministic) Well-regulated network: traffic transmitted in
orderly fashion, maintaining optimal data rate Facilitate priority system: key clients or servers
can be polled more frequently than others Contention (stochastic)
Clients listen to determine if channel is free and then transmit
Must have mechanisms to deal with collisions Collision avoidance vs. collision detection
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 26
Switches and Bridges 26
Specific technologies used to connect networks at Data Link layer
While hub connects networks at Physical layer, connecting two networks with hub results in one large network (or collision domain)
Connection via Layer 2 switch, capable of bridging, maintains separate collision domains
Bridging: process of connecting networks with DLL protocols while maintaining integrity of each network, only passing messages that need to be transmitted between the two
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 27
Network Layer and Packetizing 27
Network layer is primary layer for communications between networks
Three key functions: Packetizing Addressing Routing
During packetizing, Network layer takes segments sent from Transport layer and organizes them into packets for transmission across a network
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 28
Addressing 28
Network layer uses network-layer address to uniquely identify destination across multiple networks
Typical address consists of the network ID and the host ID
In TCP/IP, IP address is network-layer address
IP address contains source and destination IP address along with additional packet information
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 29
Addressing (continued) 29
Addresses maintained and issued by Internet Assigned Numbers Authority (IANA)
In early years, addresses distributed as follows: Class A: consists of primary octet (the netid) with
three octets providing host ID portion; allows up to 16,777,214 hosts on network
Class B: consists of two octets in netid with two octets providing 65534 host IDs
Class C: consists of three octets in netid with one octet providing 254 host IDs
Class D and Class E addresses are reserved
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 30
Addressing (continued) 30
This address assignment method proves inefficient
Internet moving to new version of IP, IPv6, which uses 128-bit address instead of 32-bit
Increases available addresses by factor of 2128
Network Address Translation (NAT): uses device, like a router, to segregate external Internet from internal network
Device maps organizational addresses to different addresses inside the intranet
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 31
Routing 31
Moving Network layer packets across networks Routing protocols include static and dynamic Internal routing protocols:
Used inside autonomous system (AS) Distance-vector routing protocols and link-state
routing protocols External routing protocols:
Communicate between autonomous systems Translate different internal routing protocols Border Gateway Protocol (BGP)
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 32
Transport Layer 32
Primary function of Transport layer is to provide reliable end-to-end transfer of data between user applications
Lower layers focus on networking and connectivity while upper layers, beginning with Transport layer, focus on application-specific services
Transport layer also responsible for end-to-end error control, flow control, and several other functions
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 33
Error Control 33
Process of handling problems with transfer process, which may result in modified or corrupted segments
Broken into two components: error detection and error correction
Errors are typically single-bit or multiple-bit
Bit errors are most likely the result of noise interference
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 34
Error Control (continued) 34
Errors detected using one of several schemes: Repetition: data transmitted redundantly Parity: “check bits” at end of each byte of data Redundancy: parity calculated for blocks of data
rather than individual byte (LRC, VRC, CRC) Errors typically corrected by retransmission of
damaged segment Dominant error correction techniques are
automatic repeat requests (ARQs) Three most common ARQs are Stop-And-Wait,
Go-Back-N, and Selective Repeat
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 35
Flow Control 35
Purpose is to prevent receiver from being overwhelmed with segments, preventing effective processing of each received segment
Some error correction techniques have built-in flow control
Dominant technique is sliding window protocol, which provides mechanism by which receiver can specify number of segments (or bytes) it can receive before sender must wait
Receiver enlarges or reduces window size as necessary
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 36
Other Functions of the Transport Layer 36
Assignment of ports, which identify the service requested by a user
Combination of Network layer address and port is referred to as a socket
Tunneling protocols also work at Transport layer
These protocols work with Data Link layer protocols to provide secure connections
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 37
Session Layer 37
Responsible for establishing, maintaining, and terminating communications sessions between two systems
Regulates whether communications are simplex (one way only), half-duplex (one way at a time), or full-duplex (bidirectional)
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 38
Presentation Layer 38
Responsible for data translation and encryption functions
For example, if one system is using standard ASCII and another is using EBCDIC, the Presentation layer performs the translation
Encryption can also be part of operations performed at this level
Presentation layer encapsulates Application layer messages prior to passing them down to Transport layer
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 39
Application Layer 39
At Application layer, user is provided with a number of services, most aptly called application protocols
TCP/IP protocol suite includes applications such as e-mail (SMTP and POP), World Wide Web (HTTP and HTTPS), file transfer (FTP and SFTP), and others
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 40
The Internet and TCP/IP 40
The Internet incorporates millions of small, independent networks, connected by most of the major common carriers
Most services we associate with the Internet are based on Application layer protocols
The Internet is a physical set of networks, while the World Wide Web (WWW) is a set of applications that run on top of the Internet
Web uses domain name-based Uniform Resource Identifiers (URIs), Uniform Resource Locator (URL) being best-known type
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 41
TCP/IP 41
TCP/IP actually suite of protocols used to facilitate communications across the Internet
Developed before OSI reference model, it is similar in concept but different in detail
TCP/IP model is less formal than OSI reference model
Each of the four layers of TCP/IP model represents a section of one or more layers of OSI model
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 42
Application Layer 42
TCP/IP Application layer consists of utility protocols that provide value to end user
Data from users and utilities are passed down to Transport layer for processing
Wide variety of Application layer protocols that support Internet users: SMTP, POP for e-mail, FTP for data transfer, HTTP for Web content
Application layers on each host interact directly with corresponding applications on other hosts to provide requisite communications support
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 43
Transport Layer 43
Responsible for transferring of messages, including resolution of errors, managing necessary fragmentation, and control of message flow, regardless of underlying network
Connection or connectionless messages Connects applications through use of ports Lowest layer of TCP/IP stack to offer any form of
reliability TCP: connected, reliable protocol UDP: connectionless, unreliable protocol
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 44
Internetwork Layer 44
Handles moving packets in a single network
Examples of protocols are X.25 and ARPANET’s Host/IMP Protocol
Internet Protocol (IP) performs task of moving packets from source host to destination host
IP carries data for many different upper-layer protocols
5/31 and 6/2ISA 3200---Summer 2010
Internetwork Layer (continued) 45
Some protocols carried by IP function on top of IP but perform other Internetwork layer functions
All routing protocols are also part of Network layer
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 45
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 46
Subnet Layers 46
TCP/IP Subnet layers include Data Link and Physical layers
TCP/IP relies on whatever native network subnet layers are present
For example, if user’s network is Ethernet then IP packets are encapsulated into Ethernet frames
No specification for Data Link layer or Physical layer
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 47
Chapter Summary 47
Fundamental exchange of information: sender communicates message to receiver over some medium
Communication only occurs when recipient is able to receive, process, and comprehend message
Any medium may be subject to interference: attenuation, crosstalk, distortion, echo, impulse, jitter, white noise
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 48
Chapter Summary (continued) 48
Some reasons to build a network: To exchange information To share scarce or expensive resources To allow distributed organizations to act as if
centrally located Networks can be categorized by: components,
size, layout or topology, media OSI reference model allocates functions of
network communications into seven distinct layers, each with its own functions and protocols
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 49
Chapter Summary (continued) 49
OSI reference model layers: Physical: puts transmissions onto media Data Link: primary networking support layer Network: primary layer for communications
between networks Transport: provides reliable end-to-end transfer
of data between user applications Session: establishes, maintains, terminates
communications sessions between two systems Presentation: data translation and encryption Application: provides application protocols
5/31 and 6/2ISA 3200---Summer 2010
Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 50
Chapter Summary (continued) 50
Each of four layers of TCP/IP model represents a section of one or more layers of OSI model Application: consists of utility protocols that
provide value to end user Transport: responsible for transferring messages,
regardless of underlying network Internetwork: handles moving packets in a single
network Subnet: includes Data Link and Physical layers,
relying on whatever native network subnet layers are present for signal transmission
5/31 and 6/2ISA 3200---Summer 2010
Demo
5/31 and 6/2ISA 3200---Summer 2010
51
ipconfig in Windows ifconfig in Linux/Unix ping nslookup
Demo
5/31 and 6/2ISA 3200---Summer 2010
52
Setting up a shared folder on the host Accessing from Windows
//vmware-host/Shared Folders Accessing from Linux
/mnt/hgfs