CONFIGURING TCP/IP ADDRESSING AND SECURITY

(1)

CONFIGURING TCP/IP

ADDRESSING AND

SECURITY

Chapter 11

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2

OVERVIEW

• Understand IP addressing

• Manage IP subnetting and subnet masks • Understand IP security terminology

• Manage Internet security features of Windows XP • Configure and troubleshoot Windows Firewall

UNDERSTANDING BINARY NUMBERS

Base 2 number system.

(2)

CONVERTING DECIMAL ADDRESSES TO BINARY

CONVERTING BINARY ADDRESSES TO DECIMAL

(3)

DEFAULT SUBNET MASKS – CLASSFUL ADDRESSING

First two bits determine IP address class. Network bits are 1’s from left to right. Host bits are 0’s from right to left.

IP ADDRESSES 254 65,534 16,777,214 Possible Hosts 2,097,152 16,384 126 Possible Networks 255.255.255.0 255.255.0.0 255.0.0.0 Default subnetmask 24 16 8 Network ID bits 192 - 223 128 - 191 0 - 127 1stbyte (decimal) 110 10 0 1stbit (binary) Class C Class B Class A

IP@ Special Class, Loopback and RFC1918 Reserved Addresses

169.254.0.0 (Automatic Private IP Address) APIPA 192.168.0.0 – 192.168.255.255 Private Class C 172.16.0.0 – 172.31.255.255 Private Class B 10.0.0.0 – 10.255.255.255 Private Class A 127.0.0.0 – 127.255.255.255 Loopback 240 – 255 Experimental Class E 224 – 239 Multicast group Class D

PROBLEMS WITH CLASSFUL ADDRESSES • Wasted addresses

• Class A – Which organization have 1.7 public systems?

• Shortage of address blocks

• Class A has only 126 blocks • Class B has only 16,384 blocks

• Excessive routing table entries

• Class C has 2,097,152 blocks

(4)

SUBNETTING A LARGE NETWORK

RESERVED HOST ADDRESS • Useable number of hosts is 2n_{– 2}

• Host address bits of all zeroes is the network ID

• Example: 192.168.1.0

• Network ID or address of the network • Network ID of host address 192.168.1.25

• Host address bits of all ones is the network broadcast address

• Example:

• 192.168.1.255 is the broadcast address for 192.168.1.0

CLASSLESS INTERDOMAIN ROUTING (CIDR)

(5)

SUPERNETS

SECURING IP COMMUNICATIONS OVERVIEW • Internet threats

• Protective technologies

• Configuring and managing Windows Firewall • Monitoring Internet communications security

INTERNET THREATS • Viruses (the oldest threat) • Worms (the most persistent threat) • Trojan horses

(6)

VIRUSES

• Take advantage of gullible users • Infect document, graphics, and

executable files

• Often include mass-mailing components • Can carry destructive payloads

WORMS • Self-replicating • Network-aware

• Use bugs in programs or systems to spread • Can carry viruses or other payloads

TROJAN HORSES

(7)

SPYWARE

• Has attributes of Trojan horses or worms • Spies on its victim

• Might transmit marketing data or transmit personal data to the spyware author

ZOMBIES - BOTS

• Payload of worm or Trojan horse

• Remotely controlled to attack network targets • Participate in large-scale assaults on public Web

sites

(8)

PROTECTIVE TECHNOLOGIES • Security Center

• Windows Firewall

• Internet Connection Sharing (ICS) • Third-party utilities

SECURITY CENTER

FIREWALL TERMINOLOGY • Packet filtering

• Protocols (ICMP, TCP, UDP) • Ports - Service

(9)

ENABLING WINDOWS FIREWALL

FIREWALL EXCEPTIONS

(10)

MONITORING INTERNET SECURITY • Windows Firewall monitoring • Service logs

• Event logs

WINDOWS FIREWALL ALERTS

(11)

SERVER LOGS

SUMMARY

• IP addresses are 32-bit binary addresses. • The network portion of IP addresses determines

location.

• CIDR allows creation of custom netblocks. • CIDR permits use of variable-length subnet masks. • Windows Firewall blocks unauthorized packets. • Windows Firewall exceptions allow specified traffic to

pass through the firewall.