Transcript Communications and networking

How do Networks work – Really
• The purposes of set of slides is to show networks
really work.
• Most people (including technical people) don’t
know
• Many people have a high level understanding but
still don’t have enough knowledge to solve simple
problems
• By covering these topics now, it makes learning the
higher level aspects of networks easier.
What is a Network?
• A network is a series of computers that are connected
together.
• Each computer on the network can send messages
(information) to any other computer on the network
• These messages can contain requests for data or
services. For example:
• A computer requests data from a database
which resides on another computer
• A computer sends a document through the
network to another computer for printing.
Network Structure
• The following diagram illustrates a network of
computers
File Server
Printer
How do computers communicate on a network?
• Each network interface connector (NIC) has a unique
address. (NOTE: this is NOT an internet address. More
on that later). This address is called the MAC address
• This address is set by the manufacturer of the NIC and
it NEVER changes
• In order for a computer to send a message to another
computer, it must have its address
Address:177231
Address: 376543
Sending messages
• The sending computer constructs a message.
• The message contains:
• The sender’s address
• The receiver’s address
• The data
Address:177231
Address: 376543
Message
Sender: 177231
Receiver: 376543
Data…
Sending the message
• In order for the message to be sent, it must be placed
in a “Packet”
• A packet is the message which can be encoded on the
network medium
• If the message is too large to fit into a single packet,
the message is broken up into several packets and reassembled by the receiver
Address:177231
Address: 376543
Message
Sender: 177231
Receiver: 376543
Data…
Packet
Packet
Packet
Packet
Receiving the message
• Each computer on the network is constantly listening
to the network for messages which are addressed to it
• When it sees packets which contain its address, it
reads those packets off of the network and reassembles the packets into the original message.
Address:177231
Address: 376543
Message
Sender: 177231
Receiver: 376543
Data…
Packet
Packet
Packet
Packet
Replying to the message
• It is often the case that the sender is expecting a
response from the receiver
• In this case, the roles reverse. The receiver constructs
a message and sends it back to the original sender.
Address:177231
Address: 376543
Message
Sender: 376543
Receiver: 177231
Data…
Packet
Packet
Packet
Packet
Network insecurities
• It is at this point that we have our first security problem
• The network medium is shared by everyone
• As messages are sent through the network, there is a
possibility that they can be viewed by computers other
than the intended recipient
• This is called “sniffing”
• There is no way to detect that this is happening
Address:177231
Address: 376543
Message
Sender: 376543
Receiver: 177231
Data…
Packet
Packet
Packet
Packet
Network insecurities
• Another type of insecurity is called “Man in the Middle”
• In this case, the middle computer not only reads the
message but changes it as it goes through the network
• The receiver “thinks” it is getting a message from the
sender. The message is actually hijacked by the middle
man.
• There is no way to detect that this is happening
Address:177231
Address: 376543
Message
Sender: 376543
Receiver: 177231
Data…
PacketX
PacketX
Packet
Packet
Network insecurities – Defence
• Sniffing and Man in the middle are problems because
of the way network hardware worked.
• Packets were sent to ALL computers on the network
(via a hub) and computers would only take messages
that were destined for them.
• New technology (called a switch) only sends the
message to the receiving computer.
Address:177231
Address: 376543
Message
Sender: 376543
Receiver: 177231
Data…
Packet
Packet
Packet
Packet
Network Structure
• What we’ve seen so far are computers which are
connected to the same physical network
• But what about computers which are connected to
different networks?
• This is the basis for what we call the “Internet”
?
A Network of Networks – Gateways and Routers
• Networks are connected together with gateways or
routers
• A gateway is a computer which connects to more than
one network
• A router is a device which connects to more than one
network for the purpose of routing traffic between those
networks
Sending Messages – Between Networks
• Each computer has a MAC address.
• This address is used for sending messages to
computers on the same network.
• A computer’s MAC address is ONLY known on the
network to which it is directly connected
• In order to send a message to a computer on another
network, we need a second address
Internetworking Address – IP address
• To be connected to a network of networks, each
computer needs an Internet address
• This address indicates the computer and the network
to which the computer is connected
• On the Internet, addresses are 32 bits long. They are
represented by 4 decimal numbers separated by a
period
• These are examples of Internet Addresses
136.159.2.1
192.168.215.7
4.27.56.197
Network Addressing Setup
• In this example, each computer has an IP address and
that address indicates which network the computer is
connected to
• Because the gateway is connected to both networks, it
has 2 IP address (one for each connection)
136.159.2.27
Network: 136.159.2
136.159.3.191
136.159.2.1
136.159.3.1
Network: 136.159.3
Sending messages between networks
• When a computer wishes to send a message, it must
know the IP address of the receiver computer.
• Because the IP address includes the network address,
the computer can identify if the receiver is on the same
network as itself.
• If so, it obtains the MAC address of the receiving
computer and sends the message directly to it.
• If the receiver is NOT on the same network, the
computer only has one place to send the message
• To the gateway machine.
• The computer obtains the MAC address of the
gateway and sends the message to it.
The Gateway - Routing
• There are two possibilities for the gateway:
• The receiving computer is connected to a network
that the gateway is connected to. The gateway
obtains the MAC address of the receiver and sends
the message to it.
• The receiving computer is NOT connected to a
network that the gateway is connected to.
• In this case, the gateway has some decisions to
make. Where should it send the message?
Routing
• The Internet is made up of many computers.
• Some are gateways
• Some are just computers which use the services of
the Internet
• Gateways know about other gateways.
• When a gateway receives a message which it doesn’t
know what to do with, it must figure out (based on the
messages destination address) which gateway to
forward the message to. It must choose a gateway
which is one step closer to the receiving computer.
• Every time a message goes through a gateway is
called a “hop”.
The Internet Backbone
• At the core of the Internet is a series of very powerful
machines which make up its “backbone”
• These machines reside in universities, telephone
companies, government agencies, ISPs, etc.
• Packets “hop” through the internet from gateway to
gateway until they reach their destination computer.
• What are the pros and cons of this kind of structure?
The Internet – From a different point of view
• The previous slides have all shown how the Internet
works at the very low level
• There is another perspective of the Internet at a high
level
• This is the level with which most people are familiar
• This higher level is focused on a communication
mechanism called a “Socket”.
Sockets – What are they?
• A socket is like a telephone.
• The sending (source) computer wants to make a
call to the receiving (destination) computer.
• The source knows the IP address of the destination
• The source opens a “Socket” to the destination
• The destination must be “listening” for the
connection.
• The destination can choose to “accept” the
connection or to refuse the connection.
• A socket is a bidirectional communication path
• Messages can be sent in both directions through a
socket.
Ports – What are they?
• Because the destination computer can be listening for
MANY different connections, we need a way to manage
multiple connections to a computer
• This is accomplished with “ports”.
• When a source attempts to establish a socket
connection with the destination, it must specify a “port”
that is trying to connect to.
• The port indicates which services the source is trying
to connect with. Eg:
• www is port 80
• email (smtp) is port 25
Sockets – Making the connection
• To establish a connection between 2 computers on the
Internet, a socket requires 4 pieces of information:
• The IP address of the source
• The IP address of the destination
• The port of the destination
• The port of the source *
• *NOTE: The port of the source computer is chosen at
random by the source
IP Address:136.159.2.27
Port: 13573
IP Address:27.56.31.9
Port: 80
Security Implications
• What are the security implications of this structure?
• If your computer isn’t listening on any ports, then you
are relatively safe.
• Products like zone-alarm notify the user when an
attempt is made to connect to a port on the computer
• Hackers regularly perform “port scans” on possible
target computers
• They attempt to connect to every port
• If a connection is made, they might attempt to
exploit that connection
Viruses/Trojan Horses
• Normally, your computer at home shouldn’t be
listening on any ports.
• However, if your computer gets infected with a virus or
trojan horse, that program may:
• Attempt to notify someone on the outside that your
computer is infected.
• Listen on a port so that someone on the outside
world can connect to your computer.
• What can a hacker do if s/he can connect to your
computer?
• That depends on the program which is listening for
connections from the outside world.
Firewalls
• This is where firewalls come in to play
• A firewall is a device which monitors the connections
being made.
• An administrator figures out ahead of time which
connections (ports) that are to be allowed and which
are to be denied and set up rules
• The firewall filters out any packets which do not
match the rules.
• Some firewalls will notify an administrator via email
or pager if certain kinds of suspicious activity is seen
• Firewalls are very limited in the security that they can
offer
NAT – Network Address Translation
• Many firewall devices offer something called NAT
• The firewall has a valid IP address
• The machines behind the firewall do not
• When an internal machine makes a request to the
Internet, it goes through the firewall
• In doing so, the firewall puts its own address on the
message. The outside world never knows the true
address of the internal machine
• When the reply comes back to the firewall, it forwards
the message to the machine which originally made the
request
• Only the firewall truly knows the address of the
destination computer
NAT and Security
• NAT augments the security provided by firewalls
considerably
• However, they can’t provide ultimate security
• There are still ways in which a machine can be
compromised even it NAT is involved.
• If your machine is infected with a trojan horse or
virus which seeks out a connection (rather than
listens for one), you still have security problems.
• Be sure to keep up your virus scanner up to date