Transcript Document
Computer Security
Workshops
Networking 101
Reasons To Know Networking In
Regard to Computer Security
To understand the flow of information on
the Internet
To understand the levels of activity in
network traffic flow
To understand the basis for vulnerabilities
To understand the basis for security tools
and how they work
Base Principle – Packet Switching
Messages broken up into packets
Packets are sent onto network, routed to
destination, reassembled
Advantages (compared to circuit
switching; e.g. traditional phones)
Better sharing of bandwidth
Greater overall efficiency
Allows more users, no greater delay
Protocol Layering
Protocol: a convention for communication
between two agents (aka handshaking)
Motivation: Separation of functionality
Layers take care of particular task re: information
Offer services to next layer in protocol stack
Advantage: modularity
Disadvantages: possible overlap, redundancy of
functionality
Protocol Data Units
Layer sends message by building a
protocol data unit (PDU)
Take data from layer N, add additional
information to meet needs of layer N-1
PDU handed to next lower layer
Lower layer now has responsibility for
message
Internet Protocol Stack
Seven layers in Open Systems Interconnect
(OSI) model
7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical
General Layer Functions
Segmentation / Reassembly
Breaking large message into standard size chunks
Error Control
How to detect or correct errors
Flow Control
Avoid overwhelming slower systems
Multiplexing
Sharing of lower-level connections
Connection setup
How to establish a virtual communication path
Application Layer (7)
Function: High-Level Application Systems
and End-User Processes
Implemented in: Software
PDU: Message
Examples
ftp, http, smtp, telnet, …
Presentation Layer (6)
Function: Provides independence from
differences in data representation by
formatting and encrypting data
Implemented in Software
Examples: ASCII encoding, NFS, FTP file
path/name translation
Session Layer (5)
Function: Establishes, manages and
terminates connections between
applications
Implemented in software
Examples: SSL, DNS, RPC
Transport Layer (4)
Function/Service: Transport message from
one system to another system
Implemented in: Software
PDU: Segment
Two methods
TCP (connection-oriented protocol)
UDP (connectionless protocol)
TCP
TCP=Transmission Control Protocol
Connection-Oriented Service
Guaranteed Delivery of Message
Flow Control
Breaks message into shorter segments
Advantage: More Control
Examples
http, ftp, smtp, telnet
UDP
UDP = User Datagram Protocol
Connection-less Service
No Guaranteed Delivery of Message
No Flow Control / Handshaking
No Overhead For Connection
Continuous Data Stream
Advantage: Faster
Disadvantage: Possible loss of information
Examples
Video, Voice (e.g. phone)
Network Layer (3)
Function/Service: Routing segments from
host to host, through intermediate systems
Network Layer receives segment and destination
address from Transport Layer
Implemented in: Hardware & Software
PDU: Datagram
Two major parts
IP Protocol: structure of datagram, how end
systems (and routers) act on this information
Routing protocols: for transfer from source host to
destination host
Examples: IP, IPX
Data Link Layer (2)
Function/Service: Move a datagram from
one node to the next in the route
Implemented in: Hardware
PDU: Frame
Examples:
Ethernet, Token Ring, FDDI, Gigabit Ethernet
Physical Layer (1)
Function/Service: Routing physical bits
from one network node to adjacent
node
Implemented in: Hardware
PDU: Bits
Examples
Optical fiber, Twisted pair wire, Coaxial
cable
Voltage levels, signaling
Types of Hardware/Software
Systems
End Systems / Hosts
Implement all layers
Routers/Packet Switches
Implement layers 1-3
Can implement IP protocol
Bridges
Implement layer 1-2
Hubs
Implement layer 1 only
Essentially repeaters
Firewalls
Packet filtering (operate at layer 3)
Application gateways (operate at layer 7)
Internet Addressing
32-bit quantity that uniquely identifies internet
host
Displayed www.xxx.yyy.zzz
Split into two parts: network and host
E.g. 198.23.168 network (198.23.168.0/24) has 256
possible hosts (last part 0-255)
Certain network segments reserved
Can be used for isolated private networks
10.0.0.0 – 10.255.255.255; 172.16.0.0 –
172.31.255.255; 192.168.0.0 – 192.168.255.255
Port
Certain system process must respond to a
particular application protocol (e.g. ftp, smtp)
Port is the “address” for application
communication on system
E.g. Port 80 for http
E.g. Port 25 for smtp
E.g. Port 1521 for Oracle connections
Port List: http://www.iana.org/assignments/portnumbers
Socket
Interface between the application layer and the
transport layer
Acts as an API between application and network
Programmer only controls application side, plus
a few transport level details
Transport protocol (TCP or UDP)
A few transport parameters (e.g. maximum buffer
size)
Additional Information
Internet Engineering Task Force (IETF)
http://www.ietf.org
Primary documents: RFCs
IP: RFC 791
TCP: RFC 793
UDP: RFC 768
Internet Addressing: RFC 900
OSI Model and Information Security
http://www.giac.org/practical/GSEC/Damon_R
eed_GSEC.pdf