Chapter 2: Network Technologies and Tools PDF
Document Details
Uploaded by Deleted User
Tags
Related
- Computer Networking: A Top-Down Approach 6th Edition PDF
- Computer Networking: A Top-Down Approach PDF
- Introduction to Networks - Chapter 3: Network Protocols & Communication PDF
- Basics Of Computer Networking PDF
- Computer Networking: A Top-Down Approach (7th Edition) PDF
- Network Troubleshooting Tools and Protocols PDF
Summary
This document provides an overview of fundamental networking concepts, devices, and protocols, covering topics including connection-oriented and connectionless protocols, basic networking devices like switches and routers, and various application-level protocols. The document includes details on TCP, UDP, IP, and other essential networking components, and an analysis of how network devices, firewalls, and protocols assist in establishing stable and secure networking communications.
Full Transcript
Chapter 2: Network Technologies and Tools Introduction Basic networking concepts. Basic networking devices. Implementing a secure network. Basic networking concepts Basic Connectivity Protocols TCP (Transmission Control Protocol) UDP (User Datagram Protocol) IP (Interne...
Chapter 2: Network Technologies and Tools Introduction Basic networking concepts. Basic networking devices. Implementing a secure network. Basic networking concepts Basic Connectivity Protocols TCP (Transmission Control Protocol) UDP (User Datagram Protocol) IP (Internet Protocol) ICMP (Internet Control Message Protocol) ARP (Address Resolution Protocol) NDP (Neighbor Discovery Protocol) Basic networking concepts TCP Connection-oriented: guaranteed delivery Three-way handshake SYN SYN/ACK ACK SYN Flood Attack Consumes server resources, creating a Denial of Service (DoS) Basic networking concepts UDP Connectionless No handshake No guarantee of delivery Often used for DoS attacks Basic networking concepts IP Delivers packets to specified computer by IP Address IPv4: 32-bit address 192.168.1.1 IPv6: 128-bit address fe80:0:0:0:462a:60ff:fef6:278a ICMP Ping, Tracert Used in DoS attacks Commuly blocked at firewalls Basic networking concepts ARP Finds MAC address from IP address ARP Poisoning Sends false ARP messages Redirects traffic on a LAN Commonly used for Man-In-The-Middle Attacks Basic networking concepts NDP Replaces ARP for IPv6 Used for address autoconfiguration Can be used for man-in-the-middle and DoS attacks on a LAN Routing Protocols RIP, IGRP, EIGRP, OSPF, BGP, ISIS Basic networking concepts Protocols and use cases Basic networking concepts Application Protocols HTTP (Hypertext Transfer Protocol) HTTPS (HTTP Secure) FTP (File Transfer Protocol) SFTP (Secure FTP) FTPS (FTP Secure) TFTP (Trivial File Transfer Protocol) RDP (Remote Desktop Protocol) SNMP (Simple Network Management Protocol) Basic networking concepts Application Protocols HTTP (Hypertext Transfer Protocol) Normal Web browser traffic Port TCP 80 Not encrypted HTTPS (HTTP Secure) Encrypts traffic Guarantees identity of server Displays padlock in Web browser and HTTPS at start of URL Uses SSL or TLS, port TCP 443 Basic networking concepts Application Protocols FTP (File Transfer Protocol) Upload or download files Data in cleartext, including passwords Ports TCP 20 and TCP 21 SFTP FTP over SSH Port TCP 22 FTPS FTP over SSL or TLS Ports TCP 989 and 990 Basic networking concepts Application Protocols TFTP (Trivial File Transfer Protocol) Uses UDP port 69 No authentication at all Used for IP phone and router firmware updates Many attacks used it Telnet Used to send command lines to remote systems No encryption Port TCP 23 SNMP Monitors and manages network devices like routers, switches, and firewalls Ports UDP 161 Basic networking concepts Application Protocols RDP (Remote Desktop Protocol) Remotely control a Windows computer Service is called "Remote Administration", "Terminal Services", or "Remote Desktop" Port TCP 3389 Also used by Remote Assistance DNS (Domain Name System) Resolves host names Ports UDP 53 and TCP 53 Many security problems, which will be improved by switching to DNSSEC Basic networking concepts Encryption Protocols SSH (Secure Shell) Used to encrypt Telnet Telnet lacks encryption and uses port TCP 23 Also used for Secure Copy Protocol (SCP) Runs on port TCP 22 SSL (Secure Sockets Layer) Can be used to encrypt HTTP traffic, as HTTPS Port TCP 443 Can also secure LDAP as LDAPS Port TCP 636 SSL is old and has security weaknesses Basic networking concepts Encryption Protocols TLS (Transaction Layer Security) Replacement for SSL Runs on the same ports HTTPS on TCP 443 LDAPS on TCP 636 IPSec (Internet Protocol Security) Can be used as a remote access tunneling protocol To encrypt traffic, forming secure connections over the Internet Uses IKE (Internet Key Exchange) over port UDP 500 Basic networking concepts Email Protocols SMTP (Simple Mail Transfer Protocol) Sends mail to other email servers Port TCP 25 POP3 (Post Office Protocol v3) Moves incoming email to your local Inbox in clients like Outlook Port TCP 110 IMAP4 (Internet Message Access Protocol v4) Moves incoming email to your local Inbox in clients like Outlook, or lets you view them on the server Port TCP 143 Basic networking concepts Understanding and Identifying Port Basic networking concepts Understanding and Identifying Port Basic networking concepts Common protocols Basic networking concepts Port Scanners Find open , closed, or filtered ports Nmap Basic networking concepts Comparing Ports and Protocol IDs TCP and UDP use ports There are other protocols that don't use ports, such as : ICMP ESP AH Basic networking devices Basic networking devices Switches Reduces the threat of sniffing attacks Because devices don't get other devices' traffic Can be defeated by flooding with random MAC addresses Switch runs out of RAM for switching table and acts like a hub instead Can also be defeated by ARP poisoning Basic networking devices Switches Put the switch in a locked wiring closet Prevents attacker from accessing: Console port used to manage the switch Monitor port used to sniff all traffic Basic networking devices Switches If wires allow traffic to flow in loops, this can lead to a broadcast storm To prevent this, switches use STP (Spanning Tree Protocol) or RSTP (Rapid Spanning Tree Protocol) Blocks unneeded ports to prevent loops MAC address filtering Basic networking devices Switches STP (Spanning Tree Protocol) If wires allow traffic to flow in loops, this can lead to a broadcast storm To prevent this, switches use STP (Spanning Tree Protocol) or RSTP (Rapid Spanning Tree Protocol) Blocks unneeded ports to prevent loops Included in all switches and on by default Basic networking devices Switches Flood Attack, Flood Guard Basic networking devices Switches Access Control Lists (ACLs) services Basic networking devices Routers Basic networking devices Routers Basic networking devices Firewall Filters traffic, both inbound and outbound Host-based Firewall Protects a single host from intrusion Example: Windows Firewall Network-based Firewall Protects a whole network Basic networking devices Firewall For simple packet-filtering, they are similar to router access lists Uses a deny any, deny any rule at the end for implicit deny Basic networking devices Firewall Basic networking devices Firewall Basic networking devices Firewall Basic networking devices Web Application Firewall Specifically designed to stop SQL Injection and other Web App attacks Implementing a secure network Network Separation Use routers, VLANs, and Firewalls to control traffic flow For example, network segments are separated as: Accounting Administration Student labs Wireless Implementing a secure network Firewall rules Implementing a secure network Firewall rules Implementing a secure network DMZ (Demilitarized Zone) A semi-trusted zone between a private network and the Internet Provides defense in depth for internal network Implementing a secure network Public and Private IPv4 Addresses Public IP addresses are used to send and receive Internet traffic They aren't free, but leased from Internet Service Providers Private addresses can't be used on the Internet, but are free for use on private networks Private Addresses (RFC 1918 ) 10.0.0.1 – 10.255.255.254 172.16.0.1 – 172.21.255.254 192.168.0.1 – 192.168.255.254 Implementing a secure network NAT (Network Address Translation) Implementing a secure network NAT (Network Address Translation) NAT allows many clients to share a single public IP address By also performing PAT (Port Address Translation) Cost savings Hides local IP addresses Provides some protection Users can't run unauthorized servers NAT breaks some network services IPSec and many others Implementing a secure network Proxy servers Clients cannot connect directly to the Internet Requests go to Proxy, which fetches the content (if it's permitted) Caching Proxy If many clients request the same page The proxy only fetches one copy, and distributes it to all the clients Makes network seem faster Implementing a secure network Unified Threat Management Web Security Gateway or UTM Security Appliances Combines many security functions, such as URL filtering Firewall Antivirus Spam-blocking Content filtering Data Loss Prevention (DLP) Implementing a secure network Routing & Switching use cases
