Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists
Interconnecting Networks with TCP/IP
IUT– Network Security Course 1 Network Security Firewalls.
Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.
Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Process-to-Process Delivery:
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
Data Communications and Networks
OSI Model Routing Connection-oriented/Connectionless Network Services.
WXES2106 Network Technology Semester /2005 Chapter 4 TCP/IP CCNA1: Module 9, 10.3 and 11.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 9.
Network Admin Course Plan Accede Institute Of Science & Technology.
Operating Systems Lesson 10. Networking Communications protocol is the set of standard rules for ◦ Data representation ◦ Signaling ◦ Authentication ◦
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control List ACL. Access Control List ACL.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Access Control List (ACL)
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration Access Lists.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
Sem 3 Access Control Lists. Summary of Access Lists Access lists perform serveral functions within a Cisco router, including: ** Implement security /
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
ACCESS CONTROL LIST.
Chapter 3 Managing IP Traffic. Objectives Upon completion of this chapter you will be able to perform the following tasks: Configure IP standard access.
Switching Topic 2 VLANs.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.
Introduction to Linux Firewall
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 Module 10 Routing Fundamentals and Subnets.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
What are the two types of routes used by network administrators? Static Dynamic.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Application Layer Functionality and Protocols Abdul Hadi Alaidi
Instructor Materials Chapter 4: Access Control Lists
FIREWALL configuration in linux
Examcollection VCE Download
Introduction to Networking
Chapter 4: Access Control Lists (ACLs)
I. Basic Network Concepts
Access Control Lists CCNA 2 v3 – Module 11
Process-to-Process Delivery:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Firewalls By conventional definition, a firewall is a partition made
Firewalls Chapter 8.
Presentation transcript:

Computer Networks II By: Ing. Hector M Lugo-Cordero, MS

What is a network? Collection of computers interconnected to share resources A network does not mean Internet access Exposes security issues

OSI Model Layers Physical (repeaters/hubs): signals Data Link (bridges/switches): frame Network (routers/L3switches): packet Transport: segment Session Presentation Application: data

Network Layer Is responsible of two tasks: –Pre-routing: creates optimal routes from one end node to another storing them in a routing table –Post-routing: communicates data through the network using IP Address (Postal Office) Communication pattern –Unicast: one source, one destination –Multicast: one source, multiple destination –Broadcast: one source, all destination

IP Addresses Identify nodes in a network in combination with the subnet mask Is divided into classes, each one has some private ranges –A (1 – 127) Private: 10.x.x.x and 127.x.x.x (localhost) Default subnet mask: /8 Cable Television Networks –B (128 – 191) Private: x.x – x.x Default subnet mask: –C (192 – 223) Private: x.x Default subnet mask: –E (240  ) Reserved for future use

Multicast IP Addresses Class D (224 – 239) – – (Reserved) (OSPF Routers) (OSPF Designated Routers) (RIP Routers) – – (global) – – (local) A widely used multicast protocol is –Protocol Independent Multicasting (PIM) –Uses multicast address

Sub-netting Sub-netting is using host bits to create subnets Increases the number of networks that can exist Good if we want a lot of networks and fewer hosts

Super-netting Super-netting is using network bits to increase the number of hosts Good if we have a single network and need to increase its size to support more hosts Good in combination with vlans Used in our department

Interface Configuration (Cisco) Router (config)# interface Router (config-if)# duplex full Router (config-if)# speed 100 Router (config-if)# ip address Router (config-if)# no shutdown Router (config-if)# no keep-alive

NAT/PAT Network Address Translation Enables address translation from one interface to another –Typically this translation is from private to public for local computers accessing the Internet When overloaded uses one single IP for many computers by changing the source port –Known as Port Address Translation

NAT/PAT Configuration (Cisco) Static: –ip nat source static –ip nat source static network Dynamic: –ip nat pool netmask –ip nat source list pool [overload] The overload command is used to configure PAT Then go to interface and say if it is inside or outside –Router (config-if)# ip nat |

Routing Protocols Routing Information Protocol (RIP) – Open Shortest Path First (OSPF) – and Optimal Link State Routing (OLSR) –Ports 698 and (limited broadcast) Ad hoc On-Demand Distance Vector (AODV) –Used on ZigBees Modules (IEEE )

Routing Configuration (Cisco) Router (config)# router rip Router (config-router)# network Router (config-router)# version 2 Router (config-router)# end Router # show ip route FOR STATIC ROUTE USE: –Router (config)# ip route |

Sub-Interfaces Enable having multiple interfaces on one single router port Useful for interconnecting vlans Physical properties of the interface must be configured in the main interface (e.g. speed, duplex, no shutdown)

Sub-Interfaces Configuration (Cisco) Router (config)# interface fa 0/0.1 Router (config-if)# ip address Router (config-if)# encapsulation dot1Q # Router (config-if)# no shutdown

Router Security Remote login –Set password on all vty interfaces –Some routers allow TELNET as well as SSH remote sessions Firewalls –Control what kind of traffic passes through you network –Access Control Lists (Cisco) 1 – 99 and 1300 – 1999 (standard ACL) 100 – 199 and 2000 – 2699 (extended ACL) 700 – 799 and 1100 – 1199 (MAC ACL) –Iptables (Linksys with Openwrt)

ACL Configuration (Cisco) Standards (can only evaluate source) –Apply it as close to the destination as possible –For a specific host Router (config)# access-list [deny | permit] host [address | hostname] –For a network Router (config)# access-list [deny | permit] [address | hostname] [wildcard] Can be used for specific host –In general Router (config)# access-list [deny | permit] any There is an implicit deny any at the end of all ACLs

ACL Configuration (Cisco) Extended (source and destination) –Apply it as close to the source as possible –For a specific host Router (config)# access-list [deny | permit] [proto] host [address | hostname] [info for destination optional] [lt |gt | eq | neq] –For a network Router (config)# access-list [deny | permit] [proto] [address | hostname] [wildcard] [info for destination optional] [lt |gt | eq | neq] Can be used for specific host –In general Router (config)# access-list [deny | permit] [proto] any [info for destination optional] [lt |gt | eq | neq] There is an implicit deny any at the end of all ACLs

ACL Configuration (Cisco) MAC (evaluates the MAC address) –Apply it in the same network where the node is connected, since mac are local addresses –Router (config)# access-list [deny | permit]

ACL Configuration (Cisco) Applying ACLs Go to the interface and type –Router (config-if)# access-group [in | out] If interface is vty (TELNET) –Router (config-line)# access-class [in | out] Important to know –Applying an ACL that is not created does nothing, all traffic is accepted –Applying an empty ACL blocks everything, remember the implicit deny any

iptables Configuration (Linksys) iptables [-t table] command [match] [target/jump] –-t table is used to specify the table to be configured, if none then filter table is used iptables –P FORWARD DROP –-P flag set the default policy in case no rule is matched

iptables Configuration (Linksys) Commands –-A is for appending a new rule to a chain –-D is for deleting a new rule from a chain –-L list all rules on a chain –-F flushes a specific chain –-N creates a new chain on the specified table –-X removes a chain from a table –-E rename chain –-P set default action for a chain Built in chains –input, output, forward, prerouting, postrouting

iptables Configuration (Linksys) Matches –-p protocol (e.g tcp, udp, icmp) –-s source ip –-d destination ip –-i in interface –-o out interface –-sport source port –-dport destination port –-mac-source source mac

iptables Configuration (Linksys) Jumps/target –-j ACCEPT –-j DROP (it is better to use reject) –-j REJECT -reject-with –icmp-net-unreachable –icmp-host-unreachable, –icmp-port-unreachable –icmp-proto-unreachable –icmp-net-prohibited –icmp-host-prohibited –tcp-reset

iptables Configuration (Linksys) Examples –iptables –F INPUT –iptables –P INPUT ACCEPT –iptables –A INPUT –dport 23 –j REJECT –Blocks all incoming telnet traffic –iptables –A INPUT –s –dport 23 –j ACCEPT –Accepts all incoming telnet traffic from , we should put this first For more on protocols and services –/etc/protocols –/etc/services

Wireless Mesh Networking Configure mesh router in ad-hoc mode Install routing protocol such as OLSR on router Terminal nodes should be in ad-hoc mode as well

Wireless Mesh Networking In Linux may also use: sudo iwconfig eth1 mode ad-hoc RouterPC

IPv6 New IP family with more ip addresses –128 bits instead of 32 –Hex notation instead of decimal notation –Travels using ip tunnels –Router (config-if) # ipv6 … Does not require MAC layer header –IPv6 link local address is derived from MAC address Step 1Step 2

OSPFv3 OSPF version for the IPv6 family Is configured inside of the interface –Router (config-if)# ipv6 ospf area Need to configure another ip routing protocol (e.g. ospf, rip) Need to activate ipv6 routing in global configuration mode –Router (config)# ipv6 unicast-routing

Transport Layer Ensures connectivity between two end nodes independent of their route Uses ports (doors) to keep connectivity Two protocols are widely used –User Datagram Protocol (UDP) –Transport Control Protocol (TCP)

Transport Protocols UDP uses datagram connection to send information faster but does not guarantee delivery and end node has to put segments in order TCP uses virtual circuit ensuring that all segments arrive at destination and in order, however it takes more time. Uses triple handshake

Protocols Implementation Stop and wait protocol –Wait for an ACK before sending the next packet –Slow procedure Window protocol –Send a sequence of frames and if retransmission is made retransmit from ACK number forward –Does not retransmit frames with id less than ACK number –More common type of transport protocol (e.g. TCP)

Port Forwarding Transport layer technique that involves transferring segments from one port to another so that the other port deals with it –Ex. Pass from port 80 (http) to 21 (ftp)

Port Numbers FTP TCP 20, 21 SSH TCP 22 TELNET TCP 23 SMTP TCP 25 DNS UDP 53 DHCP UDP 67, 68 TFTP UDP 69 HTTP TCP 80 MYSQL TCP 3306 RTP UDP 5004 RTCP UDP 5005 VoIP UDP ≥ 1024 IPTV UDP ≥ 1024 Online Games UDP ≥ 1024

Applications Session Layer is in charge of scheduling in a multi-user computer who utilizes the network Presentation Layer is in charge of formatting the data depending on the application (JPG, MP3, DOC, etc) Application Layer is in charge of providing interaction with users

Dynamic Host Configuration Protocol (DHCP) Is able to pass multiple parameters to nodes –IP Address –Subnet Mask –Default Gateway –DNS Servers, etc.

File Transfer Protocol (FTP) Application protocol for downloading files Uses two TCP ports –20 for establishing connection –21 for downloading the file itself It has a faster but less reliable version for UDP called TFTP (Trival FTP) –Uses port 69

Domain Name Service (DNS) Translates computer names to ip addresses Makes networks, websites and servers/hosts easier to remember Uses UDP port 53

Telecommunications Network (Telnet) vs Secure Shell (SSH) Both enable remote control of a machine Telnet is not secure –telnet rumad.uprm.edu –tcp port 23 Secure shell uses encryption to send data –ssh rumad.uprm.edu? –tcp port 22

Packet Sniffer A network tool that allows a network administrator to monitor what kind of traffic is passing through the network Can sniff through different interfaces and log the results Can apply filters to the packets Can analyze packets by layers

Ping A network tool to test connectivity with a remote host (all the way up to the application layer) Should be the first thing to be checked (after the power and cable of course) Can be used for a denial of service attack Some routers have extended ping

Traceroute A network tool that allows the administrator to see hop by hop how to reach a destination and know where the connectivity is being lost

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.