• No results found

Introduction to Network. Topics

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Introduction to Network. Topics"

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)

Introduction to Network

Security

Security

Chapter 3

The Internet

Dr. Doug Jacobson - Introduction to Network Security - 2009

1

Topics

• The Internet

• Addressing

• Client Server

• Client Server

• Routing

(2)

The Internet

• User’s View

Internet

Dr. Doug Jacobson - Introduction to Network Security - 2009

3

The Internet

Hierarchy

ISP

ISP

ISP ISP

Regional or local ISPs Organizations or local ISPs National, International, and large regional ISPs

(3)

Internet Addressing

• Different address types

• Hardware address spoofing

• IP address Spoofing

• IP address Spoofing

• IP address Space

Dr. Doug Jacobson - Introduction to Network Security - 2009

5

Application

Addressing

(4)

Different

Address

Types

Application A1 on Port P1

TCP

Application A1 on Port P2

TCP Intermediate

System

Intermediate System

User A User B

D1, "Hello"

D1, P2, Hello C1, "Hello"

"Hello"

D1, TCP, Payload C1, Payload

IP - C1

Physical Network HW1

IP -D1 IP - R1 IP - R2

Computer C1 Computer D1 System System The Internet HW2, IP, Payload

Physical Network HW2 Physical Network HW3 Physical Network HW4

HW2, HW1, IP, Payload HW4, HW3, IP, Payload

TCP, C1, Payload

Dr. Doug Jacobson - Introduction to Network Security - 2009

7

Address spoofing

• Who can generate the address?

• Spoofing is the ability to change the

address

address

• Who can “see” (sniff) the traffic?

(5)

IP address Spoofing and Sniffing

Alice John

Computer A

Computer B From: Mary

To: John

Message will get to John

Return message will go

Internet

Computer C

Computer D

Mary From: D

To: A

back to Alice

Dr. Doug Jacobson - Introduction to Network Security - 2009

9

IP Address Space

• In Version 4 the IP address is 32 Bits

• Total IP address space is 4,294,967,296

(6)

IP addresses

• The IP address is written as a four-tuple

where each tuple is in decimal and are

separated by a "." (called a dot). When

separated by a "." (called a dot). When

talking about an address you pronounce

the word dot. So 129.186.5.102 is

pronounced 129 dot 186 dot 5 dot 102

Dr. Doug Jacobson - Introduction to Network Security - 2009

11

IP Addressing

(7)

Machine names

• The format for the machine name is:

– machine.domain Where:

• machine is unique to the domain or subdomain.

• machine is unique to the domain or subdomain.

• and domain is a single domain or a series of

subdomains.

Dr. Doug Jacobson - Introduction to Network Security - 2009

13

Domain Name Conversion

• Now lets look at how we can convert a

machine name into an IP address.

• There are two ways that this conversion can

take place.

take place.

– The first is to use a table on each host which

maintains the mapping between names and IP

addresses. This method required very large

tables and made it hard to update.

– The second, and preferred, method is to use a

nameserver. The nameserver is actually a set of

nameservers each having authority over different

domains and subdomains.

(8)

DNS Model

Root Server

Root Server

Root Server

First Level Server DNS DNS DNS DNS First Level Server DNS

What is the IP address of

vulcan.dougj.net

dougj.net

IP address of

vulcan.dougj.net

Send mail to:

[email protected]

Dr. Doug Jacobson - Introduction to Network Security - 2009

15

Client Server Model

Client A

Application Server

W1

Full name: server.dougj.net IP address:

Listening Port: 80

Application Server W2 Client B Client C Application Server W3 Internet 16 Dr. Doug Jacobson - Introduction to

(9)

Client Server model

Server 1 Server 2

TCP TCP

Client 1 Client 2 open_socket ()

listen(Port A) fd = accept()

open_socket () listen(Port B) fd = accept()

open_socket() connect(IP, Port)

open_soc ket() connect(IP, Port) IP = B

Physical Netw ork

IP = A Physical Netw ork Source IP = A

Dest IP = B

Source Port = Ephemeral Dest Port = A

Source IP = B Dest IP = A

Source Port = A Dest Port = Ephemeral

17 Dr. Doug Jacobson - Introduction to

Network Security - 2009

Client Server Model

Packets from client to server

Source IP

Client’s IP address

Destination IP

Server’s IP address

Source Port

Ephemeral port

Source Port

Ephemeral port

Destination Port

Server’s port number (often well known)

Packets from server to client

Source IP

Server’s IP address

Destination IP

Client’s IP address

Source Port

Server’s port number (often well known)

Destination Port

Ephemeral port

(10)

Multiple

Connections

The Internet Client

A

Web Server

W1 User

1 User

2

Stream A Stream B Stream C

Stream D

Client B

Web Server

W2

User 3

User 4

Stream E

19 Dr. Doug Jacobson - Introduction to

Network Security - 2009

Multiple Connections

Stream

Source IP

Destination IP

Source Port

Destination Port

A

A

W1

Ephemeral A1

80

B

A

W1

Ephemeral A2

80

B

A

W1

Ephemeral A2

80

C

A

W1

Ephemeral A3

80

D

B

W1

Ephemeral B1

80

E

B

W2

Ephemeral B2

80

20 Dr. Doug Jacobson - Introduction to

(11)

Routing

• All hosts and gateways store routing tables

• Each row in the route table contains:

– Destination address or address range

– Next hop for that destination address range

– Next hop for that destination address range

– The physical interface to use for that address

range. (ie: which Ethernet card to use)

Example:

Destination

Next

Interface

129.186.4.0

129.186.5.254

en0

21 Dr. Doug Jacobson - Introduction to

Network Security - 2009

Routing

Network R1 Network Network

R3 R2

R4 Host

Network

Network Network

Host H1

(12)

Dynamic vs Static

• Static

– Tables built at system configuration time.

– Used in small networks or networks with

– Used in small networks or networks with

only one way out

• Dynamic

– Tables are modified based on network

parameters

– Used in larger networks with multiple paths

23 Dr. Doug Jacobson - Introduction to

Network Security - 2009

Routing

Example

24 Dr. Doug Jacobson - Introduction to

References

Download now ( PDF - 12 Page - 109.47 KB )

Related documents

RECORDING VoIP TRAFFIC via PORT MIRRORING

Managed Switch with Port Mirroring Port Mirroring Destination Port Port Mirroring Source Port PSTN trunks WAN/ Internet IP Phones Figure 3?. Recording of calls on the

Improving the physical health of people with mental health problems: Actions for mental health nurses

16 Improving the physical health of people with mental health problems: Actions for mental health nurses Improving the physical health of people with mental health problems:

General Tests, Processes and. Apparatus

curately the amount of sample shown in Table 1, ac- cording to the expected acid value of the sample, in a glass-stoppered, 250-mL flask, add 100mL of a mix- ture of diethyl ether

Medicaid Unit. September 2005

The SSHSP and the PSHSP were developed jointly by the New York State Department of Education (SED) and the New York State Department of Health (DOH) to assist school districts,

CBE Selected-Response Questions Sample items aligned to Economics and Accounting courses. Copyright 2015 Council for Aid to Education

Using the formula for DuPont analysis, determine if Return on Equity (ROE) increased or decreased in 20X3 compared to 20X2, and indicate which of the three major components of ROE

Diffusion of mobile Internet services

7KHDXWKRULVWKHVROHFRQWULEXWRUWRWKLVDUWLFOH 7KH LGHD IRU WKLV DUWLFOH ZDV IRUPHG MRLQWO\ ZLWK 6PXUD 7KH DXWKRU ZDV UHVSRQVLEOH IRU FROOHFWLQJ WKH UHVHDUFK GDWD ZKHUHDV GDWD DQDO\VLV

TechFinancials, Inc. Registered in the British Virgin Islands under Registration Number

Lock-in deeds dated 9 March 2015 have been entered into by the Directors, the Locked-in Shareholders, the Selling Shareholder, Eyal Alon and Eyal Rosenblum with each of

Decontamination of Aflatoxin B1

Aflatoxins are classified into four compounds: aflatoxin B1 (AFB1), aflatoxin B2 (AFB2), aflatoxin G1 (AFG1), and aflatoxin G2 (AFG2), while AFB1 is the most potent carcinogenic