Network Security PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an overview of networking concepts, including the OSI model, different types of network cables (UTP), Wi-Fi standards (802.11), network devices like hubs, switches, and routers, and internet protocols. It also contains practice questions on network topics.
Full Transcript
Networks and the Internet ◼ Describe the OSI model ◼ Explain the use of MAC addresses ◼ Identify each of the major protocols used on network communication ◼ Understand the various connection methods and speeds used in networks ◼ Compare and contrast a hub and a switch...
Networks and the Internet ◼ Describe the OSI model ◼ Explain the use of MAC addresses ◼ Identify each of the major protocols used on network communication ◼ Understand the various connection methods and speeds used in networks ◼ Compare and contrast a hub and a switch 1 Objectives (cont.) ◼ Identify what a router is ◼ Understand how data is transmitted ◼ Explain how the Internet works ◼ Use network utilities ◼ Explain the use of firewalls and proxy servers 2 Cable (UTP) Category Specifications Uses 1 Low-speed analog (less than 1MHz) Telephone, doorbell 2 Analog line (less than 10MHz) Telephone 3 Up to 16MHz or 100Mbps (megabits per second) Voice transmissions 4 Up to 20MHz/100Mbps Data lines, Ethernet networks 5 100MHz/100Mbps Most common a few years ago; still widely used 6 1000Mbps (some get 10Gbps) Most common type of network cable 6a 10Gbps High-speed networks 7 10Gbps Very high-speed networks 8 40Gbps Not yet commonly found 3 Wi-Fi 802.11a –This was the first widely used Wi-Fi, it operated at 5 GHz and was relatively slow. 802.11b– This standard operated at 2.4 GHZ and had an indoor range 125 ft. with a bandwidth of 11 mbps (mega-bits per second) 802.11g – There are still many of these wireless networks in operation, but you can no longer purchase new Wi-Fi access points that use 802.11g. This standard includes backward compatibility with 802.11b. 802.11g has indoor range 125 ft. feet and a bandwidth of 54 mbps. 802.11 n – This standard was a tremendous improvement over preceding wireless networks. It obtained a bandwidth of 100 to 140 mbps. It operates at frequencies of 2.4 or 5.0 GHZ, and has an indoor range of up to 230 ft. IEEE 802.11n-2009 – This technology gets bandwidth of up to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz It uses multiple-input multiple-output (MIMO) which uses multiple antennas to coherently resolve more information than possible using a single antenna. IEEE 802.11ac standard approved in January 2014. It has throughput of up to 1gbps with at least 500 mbps. Uses up to 8 MIMO IEEE 802.11ad Wireless Gigabyte Alliance. Supports data transmission rates up to 7 Gbit/s – more than ten times faster than the highest 802.11n rate. OSI Model Open Systems Interconnect model ◼ Seven-layer model created to enable problem isolation ◼ Diagnostic and troubleshooting tool ◼ Each layer supports the layer above and performs a specific function 5 6 Network Basics ◼ A network is two or more connected computers ◼ Connected via a Network Interface Card (NIC) ◼ NIC operates on the physical layer ◼ Uses a RJ 45 connector ◼ Allows the host to connect to the network 7 Network Basics (cont.) ◼ Media Access Control (MAC) addresses ◼ Physical address, as opposed to the IP address ◼ Burned on the NIC in hexadecimal ◼ It is the layer 2 address used for identification within the network 8 Network Basics (cont.) ◼ DNS Servers – Domain Name Server ◼ Translates domain name (URL) to IP address ◼ www.explain.com or 198.203.167.9? ◼ URL – Universal Resource Locator 9 Network Basics – Cabling ◼ 10BASE5 – Thick Ethernet or Thicknet ◼ 10BASE2 – Thin Ethernet, Thinnet ◼ 10BASE-T ◼ 10BASE-F 10 Network Basics – Cabling (cont.) ◼ Fast Ethernet 100BASE-T ◼ Gigabit or 1000-Mb Ethernet 11 Network Basics (cont.) ◼ RJ 45 connects computer to patch panel ◼ A phone jack uses an RJ 11 connection ◼ RJ 45 looks like a phone jack, but larger RJ 45 connector 12 Network Basics (cont.) The hub is the simplest connection device ❑ Creates a simple network ❑ Sends traffic out all ports (no routing or switching) ❑ A layer 1 device 13 Network Basics (cont.) The switch is a smart hub ❑ Sends packets only to the intended host ❑ A layer 2 device 14 Network Basics (cont.) The router is more sophisticated ◼ Limits traffic to the intended network ◼ A layer 3 device 15 Network Basics (cont.) How is data actually transmitted? ❑ A packet is sent. ❑ The packet, or datagram, consists of bytes. ❑ Packet is divided into header and body. 16 Network Basics (cont.) ◼ Packet headers tell where the packet is going. ◼ Network devices read the headers to determine where the packet should be sent. 17 Network Basics (cont.) Protocols ❑ Rules that control network and Internet communication. ❑ Internet Engineering Task Force (IETF) controls these rules. ❑ Different rules for different purposes. 18 Network Basics (cont.) Protocols ❑ Transmission Control Protocol (TCP) is connection-oriented. ❑ Internet Protocol (IP) is connectionless. ◼ Together, they guarantee a successful delivery across the Internet. 19 Network Basics (cont.) Protocols ❑ User Datagram Protocol (UDP) is connectionless. ❑ Internet Control Message Protocol (ICMP) is used to notify devices of trouble on the network. 20 Network Basics (cont.) Port ❑ A connection point ❑ Not physical ports on a computer ❑ Used by protocols to communicate 21 Bluetooth Version Bandwidth & Range 3.0 25 Mbit/s 10 meters (33 ft) 4.0 25 Mbit/s 60 meters (200 ft) 5.0 50 Mbit/s 240 meters (800 ft) 22 ANT+ and NFC ◼ ANT+ is a wireless protocol often used with sensor data such as in bio sensors or excercise applications ◼ NFC or Near Field communication works if the two devices are within 4 cm (1.6 inches) of each other. Operates on globally available unlicensed radio frequency ISM band of 13.56 MHz on ISO/IEC 18000-3 air interface at rates ranging from 106 to 424 kbit/s. NFC is standardized in ECMA-340 and ISO/IEC 18092. Internet ◼ To connect to the Internet, you log on to your Internet Service Provider (ISP). ◼ The ISP connects to another ISP or a backbone provider. ◼ One backbone provider connects to another at a Network Access Point (NAP). 24 Internet (cont.) IP (Internet Protocol) Addresses ❑ Necessary to navigate the Internet ❑ It is a unique identifier, like a Social Security number ❑ Usually in binary form ❑ Consists of four octets separated by decimals 25 Internet (cont.) Public versus Private IP Addresses ❑ Public addresses are routable on the Internet. ❑ Must be leased from an ISP. ❑ Private addresses are not routable on the Internet. 26 Internet (cont.) Network Classes ❑ Each octet in an IP address means something specific. ❑ The first octet defines the class to which the IP belongs. 27 Internet (cont.) Availability of IP addresses ❑ IP addresses are not infinite. ❑ IPv4 will be replaced by IPv6. ❑ A subnet is a portion of a network that shares the same subnet address. ❑ Subnet masks describe what subnet the address belongs to. ❑ Classless Inter Domain Routing (CIDR) is a way to describe the subnet with the IP address. 28 Internet (cont.) IP V6 ❑ 128-bit address ❑ Supports DHCP 29 Internet (cont.) ◼ Uniform Resource Locators (URLs) ❑ The easy way to remember a Web site ❑ Translated by the Domain Name Server (DNS) ❑ Error messages can be sent by the web server 30 Internet (cont.) Error Messages ◼ 100 series messages are informational. ◼ 200s are not seen because they indicate success. ◼ 300s are redirects. ◼ 400s are client errors. ◼ 500s are server errors. 31 Basic Network Utilities ❑ IPConfig ❑ Ping ❑ Tracert ❑ Netstat ❑ NSLookup 32 Basic Network Utilities (cont.) ◼ IPConfig can give you information about your system. ◼ Open the Start menu. ◼ Select Run. ◼ Enter cmd and click OK. ◼ At the CLI prompt, enter ipconfig. ◼ The output looks like Figure 2.4 (next slide). 33 Basic Network Utilities (cont.) IPConfig results Figure 1 34 Basic Network Utilities (cont.) ◼ IPConfig shows your system’s ◼ IP address ◼ Subnet mask ◼ Default gateway 35 Basic Network Utilities (cont.) ◼ IPConfig ❑ Other commands to use ◼ Type ipconfig -? ◼ Other options appear. ◼ The most common is ipconfig/all. 36 FIGURE 2 IPConfig help. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved FIGURE 3 IPConfig /all. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved Basic Network Utilities (cont.) ◼ Ping tells if a system is connected to the network. ❑ It also tells how long it takes for an “echo request” packet to arrive at the destination host. 39 FIGURE 4 Ping. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved Basic Network Utilities (cont.) ◼ Tracert ❑ “Ping deluxe.” ❑ Uses the same syntax as ping. ❑ Shows every “hop” between host and destination address. ❑ Useful tool for technicians and hackers alike. ❑ See Figure 2.8 on the next slide. 41 Basic Network Utilities (cont.) Tracert Figure 5 42 Basic Network Utilities (cont.) ◼ Netstat ❑ Network status ❑ Shows active connections 43 Basic Network Utilities (cont.) netstat Figure 6 44 Basic Network Utilities (cont.) ◼ NsLookup ❑ Connect to NSServer ❑ Execute dns related commands 45 Basic Network Utilities (cont.) nslookup Figure 7 46 DNS Poisoning Run: nslookup Type: ls –d domain_name FIGURE 2.8 arp –a. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved Basic Network Utilities (cont.) ARP ◼ Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses. ◼ -a displays the current ARP cache table. ◼ /g does the same as /a. ◼ /d deletes a specific entry from the ARP cache table. ◼ /s adds a static entry to the ARP cache table. 48 FIGURE 8 arp –a. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved Basic Network Utilities (cont.) Route ◼ The route command is used to view the IP routing table. ◼ Print prints a specific route; for example, print -4 displays the IPv4 routing table. ◼ Add adds a route. ◼ Delete deletes a route. ◼ Change changes a route. ◼ Destination sends a command to a specific computer. 50 FIGURE.9 route print -4. From Computer Security Fundamentals, 4/e by William (Chuck) Easttom II (9780135774779) Copyright © 2020 by Pearson Education, Inc. All rights reserved Other Network Devices ◼ Firewalls ❑ Hardware or software ❑ Filter packets as they enter the network ❑ Deny unacceptable packets ◼ Proxy servers ❑ Disguise the network ❑ Substitute their IP address for that of hosts accessing the Internet 52 Secure Sockets Layer (SSL) and Transport Layer Security (TLS) ◼ One of the most widely ◼ Two implementation used security services choices: ◼ General-purpose service ❑ Provided as part of the implemented as a set of underlying protocol protocols that rely on TCP suite ◼ Subsequently became ❑ Embedded in specific Internet standard RFC packages 8446: Transport Layer Security (TLS) Figure 22.4 SSL/TLS Protocol Stack TLS Concepts TLS Session T L S Connection ◼ An association between a ◼ A transport (in the O S I client and a server layering model definition) ◼ Created by the Handshake that provides a suitable Protocol type of service ◼ Define a set of ◼ Peer-to-peer relationships cryptographic security ◼ Transient parameters ◼ Every connection is ◼ Used to avoid the associated with one expensive negotiation of session new security parameters for each connection Figure 10 TLS Record Protocol Operation Change Cipher Spec Protocol ◼ One of four TLS specific protocols that use the TLS Record Protocol ◼ Is the simplest ◼ Consists of a single message which consists of a single byte with the value 1 ◼ Sole purpose of this message is to cause pending state to be copied into the current state ◼ Hence updating the cipher suite in use Alert Protocol ◼ Conveys T L S-related alerts to peer entity ❑ Alert messages are compressed and encrypted ◼ Each message consists of two bytes: ❑ First byte takes the value warning (1) or fatal (2) to convey the severity of the message ▪ If the level is fatal, T S L immediately terminates the connection ▪ Other connections on the same session may continue, but no new connections on this session may be established ❑ Second byte contains a code that indicates the specific alert Handshake Protocol ◼ Most complex part of TLS ◼ Is used before any application data are transmitted ◼ Allows server and client to: ❑ Authenticate each other ❑ Negotiate encryption and M A C algorithms ❑ Negotiate cryptographic keys to be used ◼ Comprises a series of messages exchanged by client and server ◼ Exchange has four phases Figure 11 Handshake Protocol Action Heartbeat Protocol ◼ A periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system ◼ Typically used to monitor the availability of a protocol entity ◼ Defined in 2012 in RFC 6520 ◼ Runs on top of the TLS Record Protocol ◼ Use is established during Phase 1 of the Handshake Protocol ◼ Each peer indicates whether it supports heartbeats ◼ Serves two purposes: ❑ Assures the sender that the recipient is still alive ❑ Generates activity across the connection during idle periods SSL/TLS Attacks ◼ Four general categories: ❑ Attacks on the Handshake Protocol ❑ Attacks on the record and application data protocols ❑ Attacks on the PKI ❑ Other attacks Figure 12 The Heartbleed Exploit Source: BAE Systems HTTPS (HTTP over SSL) ◼ Combination of HTTP and SSL to implement secure communication between a Web browser and a Web server ◼ Built into all modern Web browsers ❑ Search engines do not support HTTPS ❑ URL addresses begin with https:// ◼ Documented in RFC 2818, HTTP Over TLS ◼ Agent acting as the HTTP client also acts as the TLS client ◼ Closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection IP Security (IPsec) ◼ Various application security mechanisms ❑ S/MIME, Kerberos, SSL/HTTPS ◼ Security concerns cross protocol layers ◼ Would like security implemented by the network for all applications ◼ Authentication and encryption security features included in next-generation IPv6 ◼ Also usable in existing IPv 4 Summary ◼ You should now understand ❑ The structure of networks and the Internet ❑ How networks work ❑ The uses of some network utilities and devices ◼ This chapter is a basic tour of networks; review it before continuing if the material is new to you. 66 Practice Questions 67 Multiple Choice Questions 1. Malek is purchasing cable to use in setting up small office networks. He wants to stock up on commonly used cable. What type of cable do most networks use? A.Net cable B.STP C.Phone cable D.UTP 68 2. You are assigned with attaching connectors to segments of cable. What type of connector is used with network cables? A. RJ-11 B. RJ-85 C. RJ-12 D. RJ-45 69 3. What type of cable is used in most networks? A.Unshielded twisted-pair B.Shielded twisted-pair C.Unshielded untwisted-pair D.Shielded untwisted-pair 70 4. John is trying to simply connect three computers in a small network. He does not need any sort of routing capability and is not concerned about network traffic. What is the simplest device for connecting computers? A.NIC B.Interface C.Hub D.Router 71 5. Sharice is trying to teach a new technician basic networking terms. What should she tell this new technician NIC stands for? A. Network interface card B. Network interaction card C. Network interface connector D. Network interaction connector 72 6. Which of the following is a device used to connect two or more networks? A. Switch B. Router C. Hub D. NIC 73 7. Juan has just installed a new T1 line in a medical office. The front desk receptionist has asked what speed they can expect. A T1 line sends data at what speed? A. 100Mbps B. 1.54Mbps C. 155Mbps D. 56.6Kbps 74 8. How big is a TCP packet header? A.The size depends on the data being sent. B.The size is always 20 bytes. C.The size depends on the protocol being used. D.The size is always 40 bytes. 75 9. What protocol translates web addresses into IP addresses? A.DNS B.TFTP C.DHCP D.SMTP 76 10. What protocol is used to send email, and on what port does it work? A.SMTP, port 110 B.POP3, port 25 C.SMTP, port 25 D.POP3, port 110 77 11. Gunther is setting up encrypted remote communications so that the server administrators can remotely access servers. What protocol is used for remotely logging on to a computer in a secure manner? A. SSH B. HTTP C. Telnet D. SMTP 78 12. Mohammed needs to open a firewall port so that web traffic can be passed through the firewall. What protocol is used for web pages, and on which port does it work? A. HTTP, port 21 B. HTTP, port 80 C. DHCP, port 80 D. DHCP, port 21 79 13. What is the name for the point where the backbones of the Internet connect? A. Connectors B. Routers C. Network access points D. Switches 80 14. You are examining a list of IP addresses. Some are internal, some are external, and some are not valid. Which of the following is not a valid IP address? A.127.0.0.1 B.295.253.254.01 C.31.156.5.2 D.245.200.11.1 81 16. The IP address 127.0.0.1 always refers to your what? A. Nearest router B. ISP C. Self D. Nearest NAP 82