This is a module that some teachers will cover while others will not
This module is a refresher on networking concepts, which are important in information security
If your teacher does not cover networking, you might want to cover it yourself, to “get the rust out” of your networking knowledge
Copyright Pearson Prentice-Hall 20092
Copyright Pearson Prentice-Hall 20093
Access Routerwith Built-in
Wireless Access PointFunctionality
PC withWireless
NIC
WirelessCommunication
DSLBroadband
Modem
PC withInternal
NIC
UTP
File Sharing
PrinterSharing
Copyright Pearson Prentice-Hall 20095
OfficeBuilding
WorkgroupSwitch
1
Core Switch
Optical Fiber Cord
Equipment Room
To WANRouter
WorkgroupSwitch
2
WirelessAccess PointWireless Client
Server
UTPTelephone
Wiring
WiredClient
Copyright Pearson Prentice-Hall 20096
FrameRelay
Credit CardAuthorization
BureauDa Kine Island
Headquarters
Branchin State
(60)
ISP 1
FrameRelay
North Shore
Operations
T1
T1
T3
T3
ISP 2
Internet
T3 Leased Line
LeasedLine
LeasedLine
LeasedLine
LeasedLines
LeasedLine
LeasedLine
Copyright Pearson Prentice-Hall 20097
ServerHost
ApplicationApplication
ClientHost
Network Network
AccessLine
AccessLine
Router
Network Network
Network
Network
Copyright Pearson Prentice-Hall 20098
NetworkBrowser
Packet
Router
PacketRouter
Packet
Route
WebserverSoftware
Router
The global Internet has thousands of networks connectedby routers
The global Internet has thousands of networks connectedby routers
Copyright Pearson Prentice-Hall 20099
Frame XPacket
Frame Z
Packet
Router
Router
Switch Switch
Switch Switch
Frame Y Packet
Network X
Network Z
NetworkZ
Packet travels in a differentframe in each network
Packet travels in a differentframe in each network
Copyright Pearson Prentice-Hall 200910
Router
User PC'sInternet Service
Provider
ISP
Internet Backbone(Multiple ISP Carriers)
User PCHost Computer
WebserverHost Computer
ISP
NAP
NAP
NAP
NAP = Network Access Point
Webserver'sInternet Service
Provider
AccessLine
Access Line
ISP
ISP
Copyright Pearson Prentice-Hall 200911
Super Layer Description
Application Communication between application programs on different hosts attached to different networks on an internet.
Internetworking Transmission of packets across an internet. Packets contain application layer messages.
Network Transmission of frames across a network. Frames contain packets.
Copyright Pearson Prentice-Hall 200912
Super Layer TCP/IP OSI Hybrid TCP/IP-OSI
Application Application Application Application
Presentation
Session
Internet Transport Transport Transport
Internet Network Internet
Single Network Subnet Access Data Link Data Link
Physical Physical
Copyright Pearson Prentice-Hall 200913
SwitchedNetwork 1
Data Link
Physical Link Frame
In a single network, a physical link connects adjacent devices.
A data link is the path that a frame takes across a single network.
One data link; three physical links.
Copyright Pearson Prentice-Hall 200914
Server
Router 1
Client PC
Router 2 Router 3
Transport LayerEnd-to-End (Host-to-Host)
TCP Is Connection-Oriented, Reliable
Internet Layer(Usually IP)
Hop-by-Hop (Host-Router or Router-Router)Connectionless, Unreliable
Copyright Pearson Prentice-Hall 200915
Total Length(16 bits)
Identification (16 bits)
Header Checksum (16 bits)Time to Live
(8 bits)
Flags
Protocol (8 bits)1=ICMP, 6=TCP,
17=TCP
Bit 0 Bit 31IP Version 4 Packet
Source IP Address (32 bits)
Fragment Offset (13 bits)
Diff-Serv(8 bits)
HeaderLength(4 bits)
Version(4 bits)
Destination IP Address (32 bits)
Options (if any) Padding
Data Field
0100
Copyright Pearson Prentice-Hall 200916
Source IP Address (128 bits)
Destination IP Address (128 bits)
Next Header or Payload (Data Field)
Version(4 bits)
Value is 6(0110)
Diff-Serv(8 bits)
Flow Label (20 bits)Marks a packet as part of a specific flow
Payload Length (16 bits) Next Header(8 bits)
Name of next header
Hop Limit(8 bits)
Bit 0 Bit 31
Copyright Pearson Prentice-Hall 200917
Source Port Number (16 bits) Destination Port Number (16 bits)
Sequence Number (32 bits)
TCP Checksum (16 bits)
Data Field
Flag fields are 1-bit fields. They include SYN, ACK, FIN, RST, PSH, and URG
Urgent Pointer (16 bits)
Bit 0 Bit 31
Acknowledgement Number (32 bits)
HeaderLength(4 bits)
Reserved(6 bits)
Flag Fields(6 bits)
Window(16 bits)
Options (if any) Padding
Copyright Pearson Prentice-Hall 200918
Source Port Number (16 bits) Destination Port Number (16 bits)
Acknowledgment Number (32 bits)
Sequence Number (32 bits)
TCP Checksum (16 bits)
Window Size(16 bits)
Flag Fields(6 bits)
Reserved(6 bits)
HeaderLength(4 bits)
Urgent Pointer (16 bits)
Copyright Pearson Prentice-Hall 200919
PCTransport Process
WebserverTransport Process
1. SYN (Open)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
Open(3)
3-Way Open
Copyright Pearson Prentice-Hall 200920
PCTransport Process
WebserverTransport Process
1. SYN (Open)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
4. Data = HTTP Request
5. ACK (4)
6. Data = HTTP Response
7. ACK (6)
Open(3)
CarryHTTPReq &Resp(4)
Copyright Pearson Prentice-Hall 200921
PCTransport Process
WebserverTransport Process
8. Data = HTTP Request (Error)CarryHTTPReq &Resp(4)
9. Data = HTTP Request (No ACK so Retransmit)
10. ACK (9)
11. Data = HTTP Response
12. ACK (11)
Error Handling
Copyright Pearson Prentice-Hall 200922
PCTransport Process
WebserverTransport Process
Close(4)
13. FIN (Close)
14. ACK (13)
15. FIN
16. ACK (15)
Note: An ACK may be combined with the next message if the next messageis sent quickly enough
Normal Four-Way Close
Copyright Pearson Prentice-Hall 200923
PCTransport Process
WebserverTransport Process
Close(1)
RST
Abrupt Close
Either side can sendA Reset (RST) Segment
At Any TimeEnds the Session Immediately
Copyright Pearson Prentice-Hall 200924
47ISN
48 49-55 56-64 65 - 85
47 48 49 56 65
48 NA 56 65 86
Data Octets inTCP segment
1 2 3 4 5TCP segment number
Value inSequence Numberfield of segment
Value in Ack. No.field of acknowledgingsegment
Note: ISN = initial sequence number (randomly generated).
Copyright Pearson Prentice-Hall 200925
MultitaskingServer
HTTPApplication
SMTPApplication
FTPApplication
Port80Port
25
Ports20 and
21
Copyright Pearson Prentice-Hall 200926
From: 60.171.18.22:2707To: 1.33.17.13:80
Webserver1.33.17.13
Port 80
Client60.171.18.22
SMTP Server123.30.17.120
Port 25
From: 1.33.17.13:80To: 60.171.18.22:2707
From: 60.171.18.22:4400To: 123.30.17.120:25
Copyright Pearson Prentice-Hall 200927
Source Port Number (16 bits) Destination Port Number (16 bits)
UDP Length (16 bits) UDP Checksum (16 bits)
Data Field
Copyright Pearson Prentice-Hall 200928
RouterHost Unreachable
Error Message
Echo Request(Ping)
EchoReply
IPHeader
ICMPMessage
Copyright Pearson Prentice-Hall 200929
Host Name……Voyager.cba.hawaii.edu…
IP Address……128.171.17.13…
3.DNS Hostdoes table
lookup
1.Client wishes
to sendpackets to
Voyager.cba.hawaii.edu
2. DNS Request Message"The host name is Voyager.cba.hawaii.edu”
4. DNS Response Message“The IP address is 128.171.17.13"
DNS Table
HostVoyager.cba.hawaii.edu128.171.17.13
5.Packets to
128.171.17.13
Copyright Pearson Prentice-Hall 200930
Autonomous System
InternalRouter
BGP Is an Exterior DynamicRouting ProtocolAutonomous System
RIP,OSPF, orEIGRP
RIP,OSPF, orEIGRP
InternalRouter
BorderRouter
BorderRouter
RIP, OSPF, and EIGRPInterior Dynamic Routing Protocols
Copyright Pearson Prentice-Hall 200931
Network ManagementSoftware (Manager)
Network ManagementAgent (Agent)
Managed Device
Simple NetworkManagement Protocol (SNMP)
Command (Get, Set, etc.)
Response
Trap
ManagementInformationBase (MIB)
ManagementInformationBase (MIB)
Application Exploits◦ By taking over applications, hackers gain the
permissions of the exploited program
◦ A multitude of application standards
◦ Consequently, there is a multitude of security issues at the application level
Copyright Pearson Prentice-Hall 200932
Many Applications Need Two Types of Standards◦ One for the transmission of messages, one for the
content of application documents
◦ For the World Wide Web, these are HTTP and HTML, respectively
◦ For transmission, e-mail uses SMTP, POP, and IMAP
◦ For message content, e-mail uses RFC 2822 (all-text), HTML, and MIME
Copyright Pearson Prentice-Hall 200933
FTP and Telnet◦ Have no security
◦ Passwords are transmitted in the clear so can be captured by sniffers
◦ Secure Shell (SSH) can replace both securely
Copyright Pearson Prentice-Hall 200934
Many Other Application Standards Have Security Issues◦ Voice over IP
◦ Service-oriented architecture (SOA); web services
◦ Peer-to-peer applications
Copyright Pearson Prentice-Hall 200935