Transcript Ethics, Privacy and Computer Forensics

Ethics, Privacy and
Computer Forensics
Chap 14 Network Basics For
Digital Investigation
Overview of Networks





Imagine a long long cord …. These are networks
Computer connected to a network is called host
NIC – network interface card is the primary interface
with a network
Use hubs, routers, etc. to connect networks of
computers
Computers connected to the global internet use a
protocol called TCP/IP



Enable communication of dissimilar networks
Common language of network talk
An IP address is the address of a host on the network just like a
phone number
Overview of Networks
Routers are highly susceptible to attacks
because they are critical to communication
 Firewalls are security devices that block
service and traffic destined to a certain
port
 Network services include Telnet and FTP
 Hosts have logs that details network
transactions and their data and time

Network Technology

Attached Resource Computer Network (ARCNET)






Earliest network technology
Developed by Datapoint Corp in 1970’s
Used active and passive hubs in the topology
Based on token scheme (proprietary)
Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)
Ethernet





Most popular and accepted technology for networking
Each computer has a NIC and it is connected to a central hub,
switch or router
Variable speeds
Uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)
Like people at a dinner party, when two start talking at the same
time, both stop talking and then only one starts talking again
A typical ARCNET configuration.
Network Technology

Fiber Distributed data Interface (FDDI)



Encoding pulses of light
Expensive but fast
Data travel in only one direction
Developed in mid-1980’s
 High Speed backbone connection between distributed
LANs
 Dual Counter Rotating Rings: one primary, one
secondary
 Attach up to 1000 workstations in both directions
 Multiple messages/tokens rotate at the same time

Token Passing
Token circulates on a Ring Topology
Sender acquires free token, attaches message
and sends downstream
 Receiver copies message and acknowledges
same in busy token
 Original sender responsible for taking the
message off the ring and sending a free token
downstream
 Deterministic performance




Good for factories
Can calculate maximum time to get to a unit
An FDDI network with primary and secondary token rings. During normal conditions, only one of the
rings is used and data travels in one direction. When a station or a cable segment fails, the traffic
loops to form a closed ring, moving data in the opposite direction.
Network Technology

Asynchronous Transfer Mode (ATM)
Uses fiber optics and special equipment called ATM
switches
 Gigbts/sec communication rate
 Establishes a connection first
 ATM switch is connected to a large network

Connection-oriented protocol (over virtual paths
and/or channels)
 Backbone Technology; switch-based; fiber based

Wireless




WLAN – uses RF technology
WAP – Wireless Access Point – connects
to wired LAN; acts as a wireless hub
WLAN Adapters – wireless NICs with
antennas
Wireless supports peer-to-peer without
WAPs
IEEE 802.11g
Speeds of 1-54 Mbps
 Uses the 2.4GHz band
 Is backwards compatible with IEEE
802.11b
 Ratified in June of 2003

802.11 Wireless Security Issues
Easy to “listen” for id and password
 Easy to mimic in order to gain access to
the wired Network
 Earliest Protection was WEP – Wired
Equivalent Privacy – which was easy to
crack

WPA
Wi-Fi Protected Access
 Replacement for WEP
 WPA password initiates encryption
 Encryption key changes every packet
 Much harder to crack than WEP
 Does not work in Ad Hoc Mode

Bluetooth
A wireless standard; short range
 Used to connect network appliances,
printers, …
 Low Power; max speed – 1Mbps over 30 foot
area or less
 Operates in the 2.4GHz band and can
interfere with 802.11b
 Connects devices point to point

A WLAN with two access points.
Wireless standards.
Multiple access points with overlapping coverage.
OSI Reference Model
 Provides
useful way to describe and
think about networking
 Breaks networking down into series
of related tasks
 Each aspect is conceptualized as a
layer
 Each task can be handled separately
The OSI Communications Reference
Model
OSI – Open Systems Interconnection
Committee of ISO
 Reference adopted in 1978 (took 6 yrs)
 Resulted in very little actual product
(software)
 Is THE standard for describing networks;
the linqua franca of networking world wide

Understanding Layers
 Layering
helps clarify process of
networking
 Groups related tasks & requirements
 OSI model provides theoretical frame
of reference
 Clarifies
what networks are
 Explains how they work
OSI Reference Model Structure
 Breaks
networked communications
into even layers:
 Application
 Presentation
 Session
 Transport
 Network
 Data
Link
 Physical
OSI Reference Model Structure
Each layer responsible for different aspect
of data exchange
 Each layer puts electronic envelope
around data as it sends it down layers or
removes it as it travels up layers for
delivery
 Each layer of OSI model communicates
and interacts with layers immediately
above and below it

OSI Reference Model Structure
 Interface
boundaries separate layers
 Individual layer communicates only
adjacent layers
 “Peer layers” describes logical or
virtual communication between same
layer on both sending and receiving
computers
Relationships Among
OSI Layers
OSI Reference Model Structure

Date is broken into packets or PDUs as it
moves down stack
 PDU
stands for protocol data unit, packet data
unit, or payload data unit

PDU is self-contained data structure from
one layer to another
 At
sending end, each layer adds special
formatting or addressing to PDU
 At receiving end, each layer reads packet and
strips off information added by corresponding
layer at sending end
Application Layer
 Layer
7 is top layer of OSI reference
model
 Provides general network access
 Includes set of interfaces for
applications to access variety of
networked services such as:
 File
transfer
 E-mail message handling
 Database query processing
 May
also include error recovery
Presentation Layer
Layer 6 handles data formatting and
protocol conversion
 Converts outgoing data to generic
networked format
 Does data encryption and decryption
 Handles character set issues and graphics
commands
 May include data compression
 Includes redirector software that redirects
service requests across network

Session Layer



Layer 5 opens and closes sessions
Performs data and message exchanges
Monitors session identification and security
 Performs
logout



name lookup and user login and
Provides synchronization services on both
ends
Determines which side transmits data, when,
and for how long
Transmits keep-alive messages to keep
connection open during periods of inactivity
Transport Layer
 Layer
4 conveys data from sender to
receiver
 Breaks long data payloads into
chunks called segments
 Includes error checks
 Re-sequences chunks into original
data on receipt
 Handles flow control
Network Layer
Layer 3 addresses messages for delivery
 Translates logical network address into
physical MAC address
 Decides how to route transmissions
 Handles packet switching, data routing,
and congestion control
 Through fragmentation or segmentation,
breaks data segments from Layer 4 into
smaller data packets
 Reassembles data packets on receiving
end

Data Link Layer
Layer 2 creates data frames to send to
Layer 1
 On receiving side, takes raw data from
Layer 1 and packages into data frames

 Data
frame is basic unit for network traffic on
the wire
 See next slide for contents of typical data
frame
Performs Cyclic Redundancy Check (CRC)
to verify data integrity
 Detects errors and discards frames
containing errors

Data Frame
Physical Layer
Layer 1 converts bits into signals for
outgoing messages and signals into bits
for incoming messages
 Manages computer’s interface to medium
 Instructs driver software and network
interface to send data across medium
 Sets timing and interpretation of signals
across medium
 Translates and screens incoming data for
delivery to receiving computer

Actions of Each layer of
OSI Reference Model
OSI in Summary
The Reference Model breaks the
communication process into seven distinct
and independent layers
 Each layer’s functionality is well defined as
is its interface with surrounding layers and
peer layers
 Lower layers service upper layers in
sequence

Network interconnection hardware operates at various layers of the OSI
model.