IM
Uploaded byIsrael Marcus
PPT, PDF279 views

Fundamentals of Networking

The document discusses fundamentals of computer networking, including definitions of key terms like networks, protocols, and packet switching. It explains networking concepts such as the layered OSI model and TCP/IP stacks. Examples of different types of networking devices, protocols, and technologies are provided such as Ethernet, IP addressing, DNS, WiFi, and Bluetooth.

Embed presentation

Download to read offline
Fundamentals of Networking
Definitions  Network: physical connection that allows two computers to communicate Packet: unit of transfer, sequence of bits carried over the network  Protocol: Agreement between two parties as to how information is to be transmitted  Internet Protocol (IP) Used to route messages through routes across globe 32-bit addresses, 16-bit ports
Definitions (cont.)  Layering (separation of tasks) building complex services from simpler ones  End-to-end argument Application-specific properties are best provided by the applications, not the network  Packet vs. Circuit Switching Post card (packet) vs. phone call (circuit) Bandwidth and congestion • Packet - better bandwidth usage, but potentially congested links • Circuit - no congestion, but potentially lower link utilization Failures and reconfiguration • Packet - Failed routed detected and routed around • Circuit - reconfigure entire path if any router fails
Two Ways To Handle Networking  Circuit Switching What you get when you make a phone call Dedicated circuit per call  Packet Switching What you get when you send a bunch of letters Bandwidth consumed only when sending Packets are routed independently
Packet Switching vs. Packet Switching  In a circuit-switched network, a circuit is established between the two devices (like in a telephone system)  In a packet-switched network, blocks of data may take any number of paths as they travel from one device to the other Circuit-switched Packet-switched
6 Layered Architectures  How computers manage complex protocol processing? Break-up design problem into smaller problems → more manageable  Decompose complicated jobs into layers Each has a well defined task Specify well defined protocols to enact  Modular design easy to extend / modify
Layered Architecture Web, e-mail, file transfer, ... Reliable/ordered transmission, QOS, security, compression, ... End-to-end transmission, resource allocation, routing, ... Point-to-point links, LANs, radios, ... Applications Middleware Routing Physical Links usersnetwork
The OSI Model  Open Systems Interconnect (OSI) standard way of understanding conceptual layers of network communication, this is a model, nobody builds systems like this  Each level provides certain functions and guarantees communicates with the same level on remote notes  A message generated at the highest level is passed down the levels, encapsulated by lower levels until it is sent over the wire  On the destination encapsulated message makes its way up the layers until the high-level message reaches its high-level destination
OSI Levels Presentation Transport Network Data Link Physical Application Presentation Transport Network Data Link Physical ApplicationNode A Node B Network Session Session
Network Protocol: the OSI Model Separation of tasks using a hierarchy of data 1. Application Layer (FTP, DNS, SMTP, MIME, POP, TLS) 2. Presentation Layer (HTTP) 3. Session Layer 4. Transport Layer (control, firewall, protection) 5. Network Layer (IP address routing) 6. Data Link Layer (MAC / hardware address) 7. Physical Layer (cabling, wiring)
The Internet Protocol Layers OSI Internet
Internet Protocol Stack HTTP, SMTP, FTP, TELNET, DNS, … TCP, UDP IP Point-to-point links, LANs, radios, ... Application Transport Network Physical usersnetwork
Protocol Stack e-mail client tcpserver process ipserver process ethernet driver/card user X SMTP TCP IP e-mail server tcpserver process Ipserver process ethernet driver/card user Y IEEE 802.3 standard electric signals English
Protocol encapsulation e-mail client tcpserver process ipserver process ethernet driver/card user X e-mail server tcpserver process ipserver process ethernet driver/card user Y“Hello” “Hello” “Hello” “Hello” “Hello”
Air travel Ticket (purchase) Baggage (check) Gates (load) Runway (take off) Passenger Origin Ticket (complain) Baggage (claim) Gates (unload) Runway (landing) Passenger Destination Airplane routing
Bandwidth / Shannon’s Formula  Transmission capacity of a channel using radio frequencies (Wi-Fi) or a carrier wave (ADSL) is given by Shannon’s formula: Capacity = Bandwidth x Log2 (1+S/N) where S/N stands for signal/noise ratio For instance: B = 40 kHz, S/N = 20 dB (factor 100) Capacity = 40’000 x 6.65821 = 266.33 kbps
History of Computer Networks  Networks started in the late 60’s in the US, in military and academic research projects  ARPAnet (Advanced Research Projects Agency Network)  DECnet developed by DEC in the 70’s to link their mini-computers worldwide  Later they became widely used by the financial community for terminals and ATM’s in the 80’s (X.25)  Finally, the Internet, starting in the 90’s using the standard TCP/IP protocol (inherited from the ARPAnet), the World Wide Web, and the hyper-text transfer protocol (http) developed at the CERN in Geneva
Ethernet  A technology for wiring computers and hosts in a LAN (twisted pairs, fiberglass cable) standardized by IEEE 802.3 (physical layer 1)
Devices on the Network  Bridges: connect network segments together; work at the physical and data link layer using the hardware address (broadcast domain, layer 2)  Switches: connect devices on the same physical network segment; work at the data link layer using the hardware address (broadcast domain, layer 2)  Routers: process network packets using the IP-address (layer 3); they set the path for reaching the destination, using routing tables and routing algorithms (they define the boundaries between broadcast domains)  Gateways: connect different networks together (with protocol conversion if necessary); they are the access point to the network where controlling and filtering functions are performed (firewall, mal- ware and spam detection); the Default Gateway is the node connecting to the outside world and may be the device provided by the ISP to home users or, a firewall or, a proxy server
Firewall  A dedicated appliance (or a software running on another computer) which inspects network traffic and denies or permits passage based on a set of rules  Firewalls of the second generation are stateful, meaning that they maintain a record of all connection passing through the firewall (detect Denial-Of-Service attacks)  Firewall often have Network Address Translation functionality (NAT), i.e. they hide from the outside world the IP-address of hosts protected behind
Proxy Server  Services requests to other servers on behalf of its clients  A proxy server that passes all requests and replies unmodified is also called a gateway
Network Protocols Protocol Description Listening Port FTP File Transfer Protocol (used for file downloading) 21 SMTP Simple Mail Transfer Protocol (Internet standard for electronic mail, Exchange) 25 DHCP Dynamic Host Configuration Protocol (used by clients to obtain the network parameters) 67, 68 HTTP Hyper Text Transfer Protocol (request/response standard in the Web) 80 POP3 Post Office Protocol 3 (client server protocol for e-mail, Outlook) 110 LDAP Lightweight Directory Access Protocol (querying and modifying directory services) 389 HTTPS Hyper Text Transfer Protocol Secure (secure socket layer for secure communication) 443 ICAP Internet Content Adaptation Protocol (used for proxy servers and content filtering) 1344
IP Addressing  IP (v4) addresses are divided into 4 groups of 8 bits separated by dots (32 bits), each group has a value between 0 and 28 – 1 = 255  In order to reduce routing requirements, the IP address is also divided into network-prefix, subnet-number and host-number  Sub-netting enables organizations to reduce the number of public (unique) IP-addresses requested for the LAN  Subnets (broadcasting addresses) allow for deploying additional networks without requesting new network numbers  Local routers will use the extended network-prefix while Internet routers will only need to know the network-prefix to route traffic to individual subnets  The extended network-prefix is commonly called subnet-mask for instance: a 24-bits network-prefix is written as 255.255.255.0
CIDR: Classless Inter-Domain Routing  A method of categorizing IP- addresses for efficient use of available IP numbers Prefix Subnet-Mask # of hosts /24 255.255.255.0 256 /25 255.255.255.128 128 /26 255.255.255.192 64 /27 255.255.255.224 32 /28 255.255.255.240 16 /29 255.255.255.248 8 /30 255.255.255.252 4 /31 255.255.255.254 2 /32 255.255.255.255 1
VLAN (Virtual LAN)  Set of computers connected together as if they were attached to the same Broadcasting Domain, regardless of their physical location  A Virtual LAN works like a physical LAN, even the endpoint stations are not located on the same network switch  A Virtual LAN is often associated with a network segment (subnet)
VPN: Virtual Private Network  VPN are used to connect organizations with remote users across multiple locations  VPN’s establish tunnels that allow sensitive data to be protected with encryption as it goes over the Internet  Remote access VPN: for mobile users through dial-up services  LAN-to-LAN VPN: for communication between two different networks  IPsec protocol is used as a secured link (authentication, integrity and confidentiality)
Demilitarized Zone (DMZ)  A non-critical region at the periphery of the LAN (outside the firewall)  Web servers, Mail Relay servers may reside in the DMZ
Domain Name System (DNS)  A fully qualified domain name is composed of a server, an organizational domain, and a top-level domain  Top-level domains are shared across organizations (.com, .org, .net, .gov, .edu, ...)  Top-level domains around the world are defined according to country codes (.il, .uk, .us, .de, .ch, .fr …)
Name to Address Resolution  Forward lookup translates domain names into IP addresses  Reverse lookup does the opposite resolving addresses into names
DNS Servers  DNS Servers are distributed worldwide, but there are 13 Root Servers that are the central repository of all domain names in the World Wide Web, and another 110 (Anycast) with copies across the globe
Use of DNS Servers There are many records kept on DNS servers for instance:  The “A” record keeping the 32-bit IP address of the host  The “MX” record (mail exchange record) keeping a list of mail exchange servers associated with a particular domain  The “TXT” record keeping “Sender Policy Framework” and “Domain Key” information used to identify valid mail from Spam
Wireless 802.11b (Wi-Fi)  Uses radio frequencies (2.4 GHz)  Transmission speed 5.5 Mbps (new 54 Mbps)  WEP (Wired Equivalent Privacy) uses a shared key between the mobile station and the base, but has security loopholes  IEEE 802.11i addresses the WEP weaknesses, uses AES and block cipher to encrypt the wireless communication
Bluetooth  A wireless short-range communication technology of 1 Mbp/s, named after Harald Bluetooth King of Denmark in 900  Used to exchange information between devices such as mobile phones, laptops, printers, digital cameras etc.
The 10 Commandments of Security 1. Know that one line of defense is not enough 2. Understand the exposure and loopholes 3. Understand the technology used in attacks 4. See the “big picture” (network, servers, endpoints) 5. Beware of weak authentication mechanism 6. Remember that security is part of a life cycle 7. Address security breaches from insiders 8. Do not overlook physical security 9. Explain that security means also positive thinking 10. Avoid to many false alarms (false positive)
Requirements → What To Do • One line of defense is not enough → Protect gateway/server/desktop • Understand the exposure → Ask for a second opinion • Understand the technology of attacks → Look for up-to-date information • See the “big picture” → Install Total Protection suites • Beware of weak authentication → Enforce strict passwords rules • Security is part of a life cycle → Renew the licenses on time • Address security breaches from insiders→ Install Device Control, Encryption • Do not overlook physical security → Verify backups, disaster recovery • Security means also positive thinking → Delegate tasks to the users • Avoid too many false alarms → Use powerful algorithms

More Related Content

PPTX
OSI model and TCP/IP model
byRubal Sagwal
 
PPT
Comparison and Contrast between OSI and TCP/IP Model
byConferencias FIST
 
PPTX
TCP/IP Model
byfarhan516
 
PPTX
computer network OSI layer
bySangeetha Rangarajan
 
PDF
Basic ip and networking ver 3 kl
byAzhar Ali
 
PPTX
Internet protocol (ip) ppt
byDulith Kasun
 
PPTX
0 lecture 5 wp wireless protocol
byumardanjumamaiwada
 
PPT
Introduction to Computer Networks
byVenkatesh Iyer
 
OSI model and TCP/IP model
byRubal Sagwal
 
Comparison and Contrast between OSI and TCP/IP Model
byConferencias FIST
 
TCP/IP Model
byfarhan516
 
computer network OSI layer
bySangeetha Rangarajan
 
Basic ip and networking ver 3 kl
byAzhar Ali
 
Internet protocol (ip) ppt
byDulith Kasun
 
0 lecture 5 wp wireless protocol
byumardanjumamaiwada
 
Introduction to Computer Networks
byVenkatesh Iyer
 

What's hot

PPTX
Network protocol structure scope
bySanat Maharjan
 
PPT
03. osi reference-layer
byAkshay Bhardwaj
 
PPTX
OSI Reference Model and TCP/IP (Lecture #3 ET3003 Sem1 2014/2015)
byTutun Juhana
 
DOCX
Report of TCP/IP
byMannu Khani
 
PPT
CCNA Introducing Networks
byDsunte Wilson
 
PPT
Lecture 2 -_understanding_networks_with_presenter_notes
bySerious_SamSoul
 
PPT
Osi , tcp/ip protocol and Addressing
bymarwan aldulaimy
 
PDF
Networking Basics
byCarlo Fonda
 
PPT
Chapter04 -- network protocols
byRaja Waseem Akhtar
 
PPTX
Computer networks
byTej Kiran
 
PPTX
CCNA
byNeelotpal Dey
 
PPTX
Unit 6 : Application Layer
byChandan Gupta Bhagat
 
PPTX
Protocol
byShi Na
 
PPTX
ISO OSI Model (Infosec perspective)
byAJINKYA PATIL
 
PPTX
difference between hub, bridge, switch and router
byAkmal Cikmat
 
PPTX
Fragmentation
byShashwat Shriparv
 
PDF
Computer network (12)
byNYversity
 
PPTX
Network layers
byGermaineGenove
 
PPT
01 pengenalan
byHattori Sidek
 
PPT
OSI model (7 LAYER )
byAAKASH S
 
Network protocol structure scope
bySanat Maharjan
 
03. osi reference-layer
byAkshay Bhardwaj
 
OSI Reference Model and TCP/IP (Lecture #3 ET3003 Sem1 2014/2015)
byTutun Juhana
 
Report of TCP/IP
byMannu Khani
 
CCNA Introducing Networks
byDsunte Wilson
 
Lecture 2 -_understanding_networks_with_presenter_notes
bySerious_SamSoul
 
Osi , tcp/ip protocol and Addressing
bymarwan aldulaimy
 
Networking Basics
byCarlo Fonda
 
Chapter04 -- network protocols
byRaja Waseem Akhtar
 
Computer networks
byTej Kiran
 
CCNA
byNeelotpal Dey
 
Unit 6 : Application Layer
byChandan Gupta Bhagat
 
Protocol
byShi Na
 
ISO OSI Model (Infosec perspective)
byAJINKYA PATIL
 
difference between hub, bridge, switch and router
byAkmal Cikmat
 
Fragmentation
byShashwat Shriparv
 
Computer network (12)
byNYversity
 
Network layers
byGermaineGenove
 
01 pengenalan
byHattori Sidek
 
OSI model (7 LAYER )
byAAKASH S
 

Similar to Fundamentals of Networking

PDF
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
bySam Bowne
 
PDF
4. Communication and Network Security
bySam Bowne
 
PDF
4. Communication and Network Security
bySam Bowne
 
PPT
Network administration and Management
byBry Cunal
 
PPTX
E business 2014 l06
bykchanaka3
 
PPTX
Networking
bypankajkumar3274
 
PDF
Introduction to networking
byMohsen Sarakbi
 
PPT
1 introduction-to-computer-networking
byPriya Manik
 
PPTX
Networking concepts by Sachidananda M H
bySachidananda M H
 
PDF
Dist 03-4
byjesuscried
 
PPTX
Internet
bypacatarpit
 
PDF
Computer networking (nnm)
bynnmaurya
 
PPT
Networking Fundamentals.ppt
byFA20BCS061GHANAKAMAL
 
PPT
Introduction_Network_lecture_ for begginers.ppt
byAdrianaany
 
PPT
Lecture 1 networking & internetworking
byMd. Mashiur Rahman
 
PPTX
Networking
bypankajkumar3274
 
PDF
dist-03-4.pdf
byNwaforobinna2
 
PDF
NETWORK BASICS.pdf
byphilipsKani1
 
PDF
network in details description and example
byyabosa1161
 
PDF
Networking fundamentalsss
byshahinaz Altabbakh
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
bySam Bowne
 
4. Communication and Network Security
bySam Bowne
 
4. Communication and Network Security
bySam Bowne
 
Network administration and Management
byBry Cunal
 
E business 2014 l06
bykchanaka3
 
Networking
bypankajkumar3274
 
Introduction to networking
byMohsen Sarakbi
 
1 introduction-to-computer-networking
byPriya Manik
 
Networking concepts by Sachidananda M H
bySachidananda M H
 
Dist 03-4
byjesuscried
 
Internet
bypacatarpit
 
Computer networking (nnm)
bynnmaurya
 
Networking Fundamentals.ppt
byFA20BCS061GHANAKAMAL
 
Introduction_Network_lecture_ for begginers.ppt
byAdrianaany
 
Lecture 1 networking & internetworking
byMd. Mashiur Rahman
 
Networking
bypankajkumar3274
 
dist-03-4.pdf
byNwaforobinna2
 
NETWORK BASICS.pdf
byphilipsKani1
 
network in details description and example
byyabosa1161
 
Networking fundamentalsss
byshahinaz Altabbakh
 

More from Israel Marcus

PPT
BIM
byIsrael Marcus
 
PDF
2013 Glossary of Financial Terms
byIsrael Marcus
 
PPT
Data Base Fundamentals
byIsrael Marcus
 
PPT
security
byIsrael Marcus
 
PPT
What is NAC
byIsrael Marcus
 
PPT
Firewalls
byIsrael Marcus
 
PDF
Climate and the built environment
byIsrael Marcus
 
PPTX
EnergyPlus
byIsrael Marcus
 
PPTX
sod ha-ibur
byIsrael Marcus
 
PPTX
ארבע ידיעות
byIsrael Marcus
 
PPS
Talmud
byIsrael Marcus
 
PPTX
Flight Basics
byIsrael Marcus
 
PDF
VAROPS
byIsrael Marcus
 
PDF
Value at Risk Mapping
byIsrael Marcus
 
PDF
cours_machines_fluide_compressible
byIsrael Marcus
 
PDF
Capital_adequacy_6
byIsrael Marcus
 
PDF
DeltaPlus
byIsrael Marcus
 
PPT
What is Virtualization
byIsrael Marcus
 
PPTX
The AJDC and North African Jewry (2)
byIsrael Marcus
 
PPT
What is Encryption
byIsrael Marcus
 
BIM
byIsrael Marcus
 
2013 Glossary of Financial Terms
byIsrael Marcus
 
Data Base Fundamentals
byIsrael Marcus
 
security
byIsrael Marcus
 
What is NAC
byIsrael Marcus
 
Firewalls
byIsrael Marcus
 
Climate and the built environment
byIsrael Marcus
 
EnergyPlus
byIsrael Marcus
 
sod ha-ibur
byIsrael Marcus
 
ארבע ידיעות
byIsrael Marcus
 
Talmud
byIsrael Marcus
 
Flight Basics
byIsrael Marcus
 
VAROPS
byIsrael Marcus
 
Value at Risk Mapping
byIsrael Marcus
 
cours_machines_fluide_compressible
byIsrael Marcus
 
Capital_adequacy_6
byIsrael Marcus
 
DeltaPlus
byIsrael Marcus
 
What is Virtualization
byIsrael Marcus
 
The AJDC and North African Jewry (2)
byIsrael Marcus
 
What is Encryption
byIsrael Marcus
 

Fundamentals of Networking

  • 1.
  • 2.
    Definitions  Network: physicalconnection that allows two computers to communicate Packet: unit of transfer, sequence of bits carried over the network  Protocol: Agreement between two parties as to how information is to be transmitted  Internet Protocol (IP) Used to route messages through routes across globe 32-bit addresses, 16-bit ports
  • 3.
    Definitions (cont.)  Layering(separation of tasks) building complex services from simpler ones  End-to-end argument Application-specific properties are best provided by the applications, not the network  Packet vs. Circuit Switching Post card (packet) vs. phone call (circuit) Bandwidth and congestion • Packet - better bandwidth usage, but potentially congested links • Circuit - no congestion, but potentially lower link utilization Failures and reconfiguration • Packet - Failed routed detected and routed around • Circuit - reconfigure entire path if any router fails
  • 4.
    Two Ways ToHandle Networking  Circuit Switching What you get when you make a phone call Dedicated circuit per call  Packet Switching What you get when you send a bunch of letters Bandwidth consumed only when sending Packets are routed independently
  • 5.
    Packet Switching vs.Packet Switching  In a circuit-switched network, a circuit is established between the two devices (like in a telephone system)  In a packet-switched network, blocks of data may take any number of paths as they travel from one device to the other Circuit-switched Packet-switched
  • 6.
    6 Layered Architectures  Howcomputers manage complex protocol processing? Break-up design problem into smaller problems → more manageable  Decompose complicated jobs into layers Each has a well defined task Specify well defined protocols to enact  Modular design easy to extend / modify
  • 7.
    Layered Architecture Web, e-mail,file transfer, ... Reliable/ordered transmission, QOS, security, compression, ... End-to-end transmission, resource allocation, routing, ... Point-to-point links, LANs, radios, ... Applications Middleware Routing Physical Links usersnetwork
  • 8.
    The OSI Model Open Systems Interconnect (OSI) standard way of understanding conceptual layers of network communication, this is a model, nobody builds systems like this  Each level provides certain functions and guarantees communicates with the same level on remote notes  A message generated at the highest level is passed down the levels, encapsulated by lower levels until it is sent over the wire  On the destination encapsulated message makes its way up the layers until the high-level message reaches its high-level destination
  • 9.
  • 10.
    Network Protocol: theOSI Model Separation of tasks using a hierarchy of data 1. Application Layer (FTP, DNS, SMTP, MIME, POP, TLS) 2. Presentation Layer (HTTP) 3. Session Layer 4. Transport Layer (control, firewall, protection) 5. Network Layer (IP address routing) 6. Data Link Layer (MAC / hardware address) 7. Physical Layer (cabling, wiring)
  • 11.
    The Internet ProtocolLayers OSI Internet
  • 12.
    Internet Protocol Stack HTTP,SMTP, FTP, TELNET, DNS, … TCP, UDP IP Point-to-point links, LANs, radios, ... Application Transport Network Physical usersnetwork
  • 13.
    Protocol Stack e-mail client tcpserverprocess ipserver process ethernet driver/card user X SMTP TCP IP e-mail server tcpserver process Ipserver process ethernet driver/card user Y IEEE 802.3 standard electric signals English
  • 14.
    Protocol encapsulation e-mail client tcpserverprocess ipserver process ethernet driver/card user X e-mail server tcpserver process ipserver process ethernet driver/card user Y“Hello” “Hello” “Hello” “Hello” “Hello”
  • 15.
    Air travel Ticket (purchase) Baggage(check) Gates (load) Runway (take off) Passenger Origin Ticket (complain) Baggage (claim) Gates (unload) Runway (landing) Passenger Destination Airplane routing
  • 16.
    Bandwidth / Shannon’sFormula  Transmission capacity of a channel using radio frequencies (Wi-Fi) or a carrier wave (ADSL) is given by Shannon’s formula: Capacity = Bandwidth x Log2 (1+S/N) where S/N stands for signal/noise ratio For instance: B = 40 kHz, S/N = 20 dB (factor 100) Capacity = 40’000 x 6.65821 = 266.33 kbps
  • 17.
    History of ComputerNetworks  Networks started in the late 60’s in the US, in military and academic research projects  ARPAnet (Advanced Research Projects Agency Network)  DECnet developed by DEC in the 70’s to link their mini-computers worldwide  Later they became widely used by the financial community for terminals and ATM’s in the 80’s (X.25)  Finally, the Internet, starting in the 90’s using the standard TCP/IP protocol (inherited from the ARPAnet), the World Wide Web, and the hyper-text transfer protocol (http) developed at the CERN in Geneva
  • 18.
    Ethernet  A technologyfor wiring computers and hosts in a LAN (twisted pairs, fiberglass cable) standardized by IEEE 802.3 (physical layer 1)
  • 19.
    Devices on theNetwork  Bridges: connect network segments together; work at the physical and data link layer using the hardware address (broadcast domain, layer 2)  Switches: connect devices on the same physical network segment; work at the data link layer using the hardware address (broadcast domain, layer 2)  Routers: process network packets using the IP-address (layer 3); they set the path for reaching the destination, using routing tables and routing algorithms (they define the boundaries between broadcast domains)  Gateways: connect different networks together (with protocol conversion if necessary); they are the access point to the network where controlling and filtering functions are performed (firewall, mal- ware and spam detection); the Default Gateway is the node connecting to the outside world and may be the device provided by the ISP to home users or, a firewall or, a proxy server
  • 20.
    Firewall  A dedicatedappliance (or a software running on another computer) which inspects network traffic and denies or permits passage based on a set of rules  Firewalls of the second generation are stateful, meaning that they maintain a record of all connection passing through the firewall (detect Denial-Of-Service attacks)  Firewall often have Network Address Translation functionality (NAT), i.e. they hide from the outside world the IP-address of hosts protected behind
  • 21.
    Proxy Server  Servicesrequests to other servers on behalf of its clients  A proxy server that passes all requests and replies unmodified is also called a gateway
  • 22.
    Network Protocols Protocol DescriptionListening Port FTP File Transfer Protocol (used for file downloading) 21 SMTP Simple Mail Transfer Protocol (Internet standard for electronic mail, Exchange) 25 DHCP Dynamic Host Configuration Protocol (used by clients to obtain the network parameters) 67, 68 HTTP Hyper Text Transfer Protocol (request/response standard in the Web) 80 POP3 Post Office Protocol 3 (client server protocol for e-mail, Outlook) 110 LDAP Lightweight Directory Access Protocol (querying and modifying directory services) 389 HTTPS Hyper Text Transfer Protocol Secure (secure socket layer for secure communication) 443 ICAP Internet Content Adaptation Protocol (used for proxy servers and content filtering) 1344
  • 23.
    IP Addressing  IP(v4) addresses are divided into 4 groups of 8 bits separated by dots (32 bits), each group has a value between 0 and 28 – 1 = 255  In order to reduce routing requirements, the IP address is also divided into network-prefix, subnet-number and host-number  Sub-netting enables organizations to reduce the number of public (unique) IP-addresses requested for the LAN  Subnets (broadcasting addresses) allow for deploying additional networks without requesting new network numbers  Local routers will use the extended network-prefix while Internet routers will only need to know the network-prefix to route traffic to individual subnets  The extended network-prefix is commonly called subnet-mask for instance: a 24-bits network-prefix is written as 255.255.255.0
  • 24.
    CIDR: Classless Inter-DomainRouting  A method of categorizing IP- addresses for efficient use of available IP numbers Prefix Subnet-Mask # of hosts /24 255.255.255.0 256 /25 255.255.255.128 128 /26 255.255.255.192 64 /27 255.255.255.224 32 /28 255.255.255.240 16 /29 255.255.255.248 8 /30 255.255.255.252 4 /31 255.255.255.254 2 /32 255.255.255.255 1
  • 25.
    VLAN (Virtual LAN) Set of computers connected together as if they were attached to the same Broadcasting Domain, regardless of their physical location  A Virtual LAN works like a physical LAN, even the endpoint stations are not located on the same network switch  A Virtual LAN is often associated with a network segment (subnet)
  • 26.
    VPN: Virtual PrivateNetwork  VPN are used to connect organizations with remote users across multiple locations  VPN’s establish tunnels that allow sensitive data to be protected with encryption as it goes over the Internet  Remote access VPN: for mobile users through dial-up services  LAN-to-LAN VPN: for communication between two different networks  IPsec protocol is used as a secured link (authentication, integrity and confidentiality)
  • 28.
    Demilitarized Zone (DMZ) A non-critical region at the periphery of the LAN (outside the firewall)  Web servers, Mail Relay servers may reside in the DMZ
  • 29.
    Domain Name System(DNS)  A fully qualified domain name is composed of a server, an organizational domain, and a top-level domain  Top-level domains are shared across organizations (.com, .org, .net, .gov, .edu, ...)  Top-level domains around the world are defined according to country codes (.il, .uk, .us, .de, .ch, .fr …)
  • 30.
    Name to AddressResolution  Forward lookup translates domain names into IP addresses  Reverse lookup does the opposite resolving addresses into names
  • 31.
    DNS Servers  DNSServers are distributed worldwide, but there are 13 Root Servers that are the central repository of all domain names in the World Wide Web, and another 110 (Anycast) with copies across the globe
  • 32.
    Use of DNSServers There are many records kept on DNS servers for instance:  The “A” record keeping the 32-bit IP address of the host  The “MX” record (mail exchange record) keeping a list of mail exchange servers associated with a particular domain  The “TXT” record keeping “Sender Policy Framework” and “Domain Key” information used to identify valid mail from Spam
  • 33.
    Wireless 802.11b (Wi-Fi) Uses radio frequencies (2.4 GHz)  Transmission speed 5.5 Mbps (new 54 Mbps)  WEP (Wired Equivalent Privacy) uses a shared key between the mobile station and the base, but has security loopholes  IEEE 802.11i addresses the WEP weaknesses, uses AES and block cipher to encrypt the wireless communication
  • 34.
    Bluetooth  A wirelessshort-range communication technology of 1 Mbp/s, named after Harald Bluetooth King of Denmark in 900  Used to exchange information between devices such as mobile phones, laptops, printers, digital cameras etc.
  • 35.
    The 10 Commandmentsof Security 1. Know that one line of defense is not enough 2. Understand the exposure and loopholes 3. Understand the technology used in attacks 4. See the “big picture” (network, servers, endpoints) 5. Beware of weak authentication mechanism 6. Remember that security is part of a life cycle 7. Address security breaches from insiders 8. Do not overlook physical security 9. Explain that security means also positive thinking 10. Avoid to many false alarms (false positive)
  • 36.
    Requirements → WhatTo Do • One line of defense is not enough → Protect gateway/server/desktop • Understand the exposure → Ask for a second opinion • Understand the technology of attacks → Look for up-to-date information • See the “big picture” → Install Total Protection suites • Beware of weak authentication → Enforce strict passwords rules • Security is part of a life cycle → Renew the licenses on time • Address security breaches from insiders→ Install Device Control, Encryption • Do not overlook physical security → Verify backups, disaster recovery • Security means also positive thinking → Delegate tasks to the users • Avoid too many false alarms → Use powerful algorithms

Editor's Notes

  • #14 Peers exchange units meaningful to each end; communicate Uses services of lower layer to avoid complexity