Notes

Outline

Chapter 2 Networking Overview

Figure 2.1 Generic protocol layers move data between systems

OSI Reference Model Layer 7  Application Layer Layer 6 Presentation Layer Layer 5 Session Layer Layer 4 Transport Layer Layer 3 Network Layer Layer 2 Datalink Layer Layer 1 Physical Layer

Figure 2.2 Protocol Layering in TCP/IP

Figure 2.3  Adding headers (and a trailer) to move data through the communications stack and across the network

Understanding TCP/IP

Transmission Control Protocol (TCP)

TCP Port Numbers

Monitoring Ports in Use

TCP Control Bits

TCP 3-Way Handshake

User Datagram Protocol (UDP)

Internet Protocol (IP)

Local Area Networks and Routers

IP Addresses

Network Address Translation (NAT)

Firewalls

Firewall Technologies Traditional packet filters Stateful packet filters Proxy-based firewalls

Traditional Packet Filters Implemented on routers or firewalls Packet forwarding criteria Source IP address Destination IP address Source TCP/UDP port Destination TCP/UDP port TCP code bits eg. SYN, ACK Protocol eg. UDP, TCP Direction eg. Inbound, outbound Network interface

Stateful Packet Filters Keep tracks of each active connection via a state table Monitoring of SYN code bits Content of state table (source & destination  IP address and port# , timeout) Basis of packet forwarding decision State table  rule set ACK packets may be dropped if there was no associated SYN packet in state table May remember outgoing UDP packets to restrict incoming UDP packets to replies More intelligent but slower than traditional packet filters

Proxy-based Firewall Client interacts with proxy Proxy interacts with server on behalf of client Proxy can authenticate users  via userid/password Web, telnet, ftp proxies Can allow or deny application-level functions  eg. ftp put/get Caching capability in web proxies Slower than packet-filter firewalls

Figure 2.18  Proxy-based firewall with application-level controls

Figure 2.19  Using proxy and stateful packet filter firewalls

Personal Firewalls Installed on personal computers Eg. Zone Alarm, Black Ice Filter traffic going in and out of a machine Usually cannot detect viruses or malicious programs

Address Resolution Protocol (ARP) and Vulnerability to Spoofing

Hubs vs. Switches

Security Solutions for Networks Application-Layer Security Secure Sockets Layer (SSL) Internet Protocol Security (IPSec)

Application-Layer Security Tools Pretty Good Privacy (PGP) , Gnu Privacy Guard (GnuPG) used to encrypt and digitally sign files for file transfer and email Secure/Multipurpose Internet Mail Extension (S/MIME) Used to secure email at the application level Supported by email clients such as MS Outlook and Netscape Messenger Secure Shell (SSH) Provides remote access to a command prompt across a secure, encrypted session

Secure Socket Layer (SSL) Specification for providing security to TCP/IP applications at the socket layer. Allows an application to have authenticated, encrypted communications across a network Uses digital certificates to authenticate systems and distribute encryption keys Supports one-way authentication of server to client and two-way authentication Used by web browsers and web servers running HTTPS Layer 7 applications such as ftp and telnet can be modified to support SSL

Figure 2.23 client/server applications modified to support SSL

IP Security (IPSec) Defined in RFCs 2401 to 2412 Runs at IP layer software version 4 & 6 Offers authentication of data source, confidentiality, data integrity, and protection against replays. Comprised of Authentication Header (AH) and Encapsulating Security Payload(ESP), which can be used together or separately Client/server must run compatible versions of IPSec