Notes
Outline
Chapter 2 Networking Overview
Figure 2.1 Generic protocol layers move data between systems
OSI Reference Model
Layer 7  Application Layer
Layer 6 Presentation Layer
Layer 5 Session Layer
Layer 4 Transport Layer
Layer 3 Network Layer
Layer 2 Datalink Layer
Layer 1 Physical Layer
Figure 2.2 Protocol Layering in TCP/IP
Figure 2.3  Adding headers (and a trailer) to move data through the communications stack and across the network
Understanding TCP/IP
Transmission Control Protocol (TCP)
TCP Port Numbers
Monitoring Ports in Use
TCP Control Bits
TCP 3-Way Handshake
User Datagram Protocol (UDP)
Internet Protocol (IP)
Local Area Networks and Routers
IP Addresses
Network Address Translation (NAT)
Firewalls
Firewall Technologies
Traditional packet filters
Stateful packet filters
Proxy-based firewalls
Traditional Packet Filters
Implemented on routers or firewalls
Packet forwarding criteria
Source IP address
Destination IP address
Source TCP/UDP port
Destination TCP/UDP port
TCP code bits eg. SYN, ACK
Protocol eg. UDP, TCP
Direction eg. Inbound, outbound
Network interface
Stateful Packet Filters
Keep tracks of each active connection via a state table
Monitoring of SYN code bits
Content of state table (source & destination  IP address and port# , timeout)
Basis of packet forwarding decision
State table
 rule set
ACK packets may be dropped if there was no associated SYN packet in state table
May remember outgoing UDP packets to restrict incoming UDP packets to replies
More intelligent but slower than traditional packet filters
Proxy-based Firewall
Client interacts with proxy
Proxy interacts with server on behalf of client
Proxy can authenticate users  via userid/password
Web, telnet, ftp proxies
Can allow or deny application-level functions  eg. ftp put/get
Caching capability in web proxies
Slower than packet-filter firewalls
Figure 2.18  Proxy-based firewall with application-level controls
Figure 2.19  Using proxy and stateful packet filter firewalls
Personal Firewalls
Installed on personal computers
Eg. Zone Alarm, Black Ice
Filter traffic going in and out of a machine
Usually cannot detect viruses or malicious programs
Address Resolution Protocol (ARP) and Vulnerability to Spoofing
Hubs vs. Switches
Security Solutions for Networks
Application-Layer Security
Secure Sockets Layer (SSL)
Internet Protocol Security (IPSec)
Application-Layer Security Tools
Pretty Good Privacy (PGP) , Gnu Privacy Guard (GnuPG)
used to encrypt and digitally sign files for file transfer and email
Secure/Multipurpose Internet Mail Extension (S/MIME)
Used to secure email at the application level
Supported by email clients such as MS Outlook and Netscape Messenger
Secure Shell (SSH)
Provides remote access to a command prompt across a secure, encrypted session
Secure Socket Layer (SSL)
Specification for providing security to TCP/IP applications at the socket layer.
Allows an application to have authenticated, encrypted communications across a network
Uses digital certificates to authenticate systems and distribute encryption keys
Supports one-way authentication of server to client and two-way authentication
Used by web browsers and web servers running HTTPS
Layer 7 applications such as ftp and telnet can be modified to support SSL
Figure 2.23 client/server applications modified to support SSL
IP Security (IPSec)
Defined in RFCs 2401 to 2412
Runs at IP layer software version 4 & 6
Offers authentication of data source, confidentiality, data integrity, and protection against replays.
Comprised of Authentication Header (AH) and Encapsulating Security Payload(ESP), which can be used together or separately
Client/server must run compatible versions of IPSec