• No results found

CONFIGURING TCP/IP ADDRESSING AND SECURITY

N/A
N/A
Protected

Academic year: 2021

Share "CONFIGURING TCP/IP ADDRESSING AND SECURITY"

Copied!
11
0
0

Loading.... (view fulltext now)

Full text

(1)

CONFIGURING TCP/IP

ADDRESSING AND

SECURITY

Chapter 11

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2

OVERVIEW

• Understand IP addressing

• Manage IP subnetting and subnet masks • Understand IP security terminology

• Manage Internet security features of Windows XP • Configure and troubleshoot Windows Firewall

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 3

UNDERSTANDING BINARY NUMBERS

Base 2 number system.

(2)

CONVERTING DECIMAL ADDRESSES TO BINARY

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 5

CONVERTING BINARY ADDRESSES TO DECIMAL

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 6

(3)

DEFAULT SUBNET MASKS – CLASSFUL ADDRESSING

First two bits determine IP address class. Network bits are 1’s from left to right. Host bits are 0’s from right to left.

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 8

IP ADDRESSES 254 65,534 16,777,214 Possible Hosts 2,097,152 16,384 126 Possible Networks 255.255.255.0 255.255.0.0 255.0.0.0 Default subnetmask 24 16 8 Network ID bits 192 - 223 128 - 191 0 - 127 1stbyte (decimal) 110 10 0 1stbit (binary) Class C Class B Class A

IP@ Special Class, Loopback and RFC1918 Reserved Addresses

169.254.0.0 (Automatic Private IP Address) APIPA 192.168.0.0 – 192.168.255.255 Private Class C 172.16.0.0 – 172.31.255.255 Private Class B 10.0.0.0 – 10.255.255.255 Private Class A 127.0.0.0 – 127.255.255.255 Loopback 240 – 255 Experimental Class E 224 – 239 Multicast group Class D

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 9

PROBLEMS WITH CLASSFUL ADDRESSES • Wasted addresses

• Class A – Which organization have 1.7 public systems?

• Shortage of address blocks

• Class A has only 126 blocks • Class B has only 16,384 blocks

• Excessive routing table entries

• Class C has 2,097,152 blocks

(4)

SUBNETTING A LARGE NETWORK

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 11

RESERVED HOST ADDRESS • Useable number of hosts is 2n– 2

• Host address bits of all zeroes is the network ID

• Example: 192.168.1.0

• Network ID or address of the network • Network ID of host address 192.168.1.25

• Host address bits of all ones is the network broadcast address

• Example:

• 192.168.1.255 is the broadcast address for 192.168.1.0

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 12

CLASSLESS INTERDOMAIN ROUTING (CIDR)

(5)

SUPERNETS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 14

SECURING IP COMMUNICATIONS OVERVIEW • Internet threats

• Protective technologies

• Configuring and managing Windows Firewall • Monitoring Internet communications security

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 15

INTERNET THREATS • Viruses (the oldest threat) • Worms (the most persistent threat) • Trojan horses

(6)

VIRUSES

• Take advantage of gullible users • Infect document, graphics, and

executable files

• Often include mass-mailing components • Can carry destructive payloads

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 17

WORMS • Self-replicating • Network-aware

• Use bugs in programs or systems to spread • Can carry viruses or other payloads

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 18

TROJAN HORSES

(7)

SPYWARE

• Has attributes of Trojan horses or worms • Spies on its victim

• Might transmit marketing data or transmit personal data to the spyware author

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 20

ZOMBIES - BOTS

• Payload of worm or Trojan horse

• Remotely controlled to attack network targets • Participate in large-scale assaults on public Web

sites

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 21

(8)

PROTECTIVE TECHNOLOGIES • Security Center

• Windows Firewall

• Internet Connection Sharing (ICS) • Third-party utilities

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 23

SECURITY CENTER

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 24

FIREWALL TERMINOLOGY • Packet filtering

• Protocols (ICMP, TCP, UDP) • Ports - Service

(9)

ENABLING WINDOWS FIREWALL

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 26

FIREWALL EXCEPTIONS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 27

(10)

MONITORING INTERNET SECURITY • Windows Firewall monitoring • Service logs

• Event logs

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 29

WINDOWS FIREWALL ALERTS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 30

(11)

SERVER LOGS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 32

SUMMARY

• IP addresses are 32-bit binary addresses. • The network portion of IP addresses determines

location.

• CIDR allows creation of custom netblocks. • CIDR permits use of variable-length subnet masks. • Windows Firewall blocks unauthorized packets. • Windows Firewall exceptions allow specified traffic to

pass through the firewall.

References

Related documents

Windows Operating Systems Security Administration Understanding IPv4 Addressing Overview Performing Bulk Operations with Subnetting and Supernetting Configuring Security

shall be scarified as clause R5 11-1 (iv) and completely broken up so that all cleavage planes are destroyed and fill material will bond properly. Where the old pavement is of

Preparing the Computers for TCP/IP Networking | Configuring Windows 98, and ME for TCP/IP Networking | Verifying TCP/IP Properties | Configuring Windows 2000 or XP for IP Networking

securing Internet Protocol (IP) traffic with Internet Protocol security (IPSec) and certificates; configuring a network access infrastructure by configuring the connections

Module 9: Configuring Server Security Compliance This module explains how to secure a windows infrastructure, configure an audit policy, manage WSUS and plan for a security

High dynamic pressure in the solar wind on 7 –8 March compressed the ionosphere, resulting in an ionopause detection at relatively low altitudes in MARSIS local electron density

To enable the DNSIX audit trail facility, perform the following task in global configuration mode:. Specify Hosts to Receive Audit

To be fully functional, the collaborative control room requires (1) secured computational services that can be scheduled as required, (2) the ability to rapidly compare