Telecommunications & Network Security Part 1

Open System Interconnect Model OSI OSI Application (7) Presentation (6) Session (5) Transport (4) Network (3) Data link (2) Physical (1) TCP/IP TCP/IPApplicationHost-to-HostInternet Network Access

Application Layer (Layer 7) Protocols (standard rules) that support applications are defines at this layer Simple Mail Transport Protocol (SMTP) Post Office Protocol 3 (POP3) Hypertext Transfer Protocol (HTTP) File Transfer Protocol (FTP) Telnet Trivial File Transfer Protocol (TFTP)

Layers 6-5 Presentation Layer (6) Representation standards defined at this layer (GIF, JPEG, ASCII, EBCDIC, compression, encryption) Representation standards defined at this layer (GIF, JPEG, ASCII, EBCDIC, compression, encryption) Format conversions occur at this layer Format conversions occur at this layer Session Layer (5) Sessions between computers coordinated at this layer (Connection establishment, data transfer, connection release) Sessions between computers coordinated at this layer (Connection establishment, data transfer, connection release) Simplex – one direction communication Half-duplex – communication in both directions, one at a time Full-duplex – communication in both directions simultaneously Secure Sockets Layer (SSL), Remote Procedure Call (RPC), Structured Query Language (SQL) work at this layer Secure Sockets Layer (SSL), Remote Procedure Call (RPC), Structured Query Language (SQL) work at this layer

Transport Layer (Layer 4) End to end communication protocols occur at this layer Error detection and correction, flow control, packet retransmission occur at this layer Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Sequenced Packet Exchange (SPX)

Network Layer (Layer 3) Responsible for delivering packets from end to end Does not insure packets are delivered Routers work at this layer Internetworking Protocol (IP) Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP)

Data Link Layer (Layer 2) Responsible for point to point delivery of packets Defines format of data frame Hubs and switches work at this layer Ethernet, Gigabit Ethernet (IEEE 802.3) Token Ring (IEEE 802.5) Asynchronous Transfer Mode (ATM) Point-to-Point Protocol (PPP) Integrated Services Digital Network (ISDN) Address Resolution Protocol (ARP)

Physical Layer (Layer 1) Defines how bits are converted to voltages or sounds Defines signal to noise ratios for various types of cables, laser wavelength use for fiber optic cable

TCP/IP – Structure Terminology Data (L5-7, application layer) meant to be sent across a TCP/IP network is called a message. Message is passed to transport layer (L4), TCP or UDP header added, and now is called a segment. Network layer (L3) adds routing and addressing to message. Packet is now called a datagram. Data link layer (L2) adds header and trailer, now called frame. At every point, the data can be called a packet.

IP Addresses Current IP addresses are IPv4, 32 bits Called dotted quad notation Called dotted quad notation Contain a network and host number Contain a network and host number x.x.x.x, x = x.x.x.x, x = Was traditionally divided into classes (class A, class B, class C) and subnets indicated by the netmask Was traditionally divided into classes (class A, class B, class C) and subnets indicated by the netmask Classless Inter-Domain Routing (CIDR) notation has replaced classed notation. Classless Inter-Domain Routing (CIDR) notation has replaced classed notation. Refers to how many bits make up the network portion of the address Class C = /24 (254 usable hosts) /27 = 1/8 of a Class C (30 usable hosts) Future Internet2 addressing will be IPv6, 128 bits, and includes built in security and QOS

LAN Technology Local Area Network media addresses needs of small distances. Wide Area Network (WAN) media addresses needs of large distances. WANs are always formed when LANs are connected by routers.

LAN Terminology Unicast Packet is sent from one station to another Packet is sent from one station to anotherMulticast Packet is sent from one station to several specific stations Packet is sent from one station to several specific stationsBroadcast Packet is sent from one station to all other computers on a segment, regardless of collision domain Packet is sent from one station to all other computers on a segment, regardless of collision domainSegment Division in a network, separated by a router Division in a network, separated by a router

TCP/IP – TCP Protocol Connection oriented protocol Ensures delivery of packets using packet acknowledgement and retransmission Ensures sequencing of packets Provides flow and congestion control Provides error detection and correction High overhead, high reliability

TCP packets include code bits in header URG – Urgent Pointer URG – Urgent Pointer ACK – Acknowledgement of earlier transmission ACK – Acknowledgement of earlier transmission PSH – Push Function, used to flush data PSH – Push Function, used to flush data RST – Indicates connection should be reset RST – Indicates connection should be reset SYN – Indicates system should sync sequence number for session, packet must include Initial Sequence Number (ISN) SYN – Indicates system should sync sequence number for session, packet must include Initial Sequence Number (ISN) FIN – Indicate session is finished and should be torn down FIN – Indicate session is finished and should be torn down Normal session begins with 3 way handshake

3-Way Handshake System A Port 1234 System B Port 80 SYN with ISN A ACK ISN A & SYN with ISN B ACK ISN B Communication Session

TCP is port oriented to separate multiple TCP sessions Source computer includes source IP address and random port number (>1023) Destination includes destination IP address and well known port number (generally <1024) well known port numberwell known port number Protocols using TCP include FTP (port 21), SMTP (port 25), POP3 (port 110), HTTP (port 80)

TCP/IP – UDP Protocol Connectionless, best-effort No packet sequencing No flow or congestion control No acknowledgment of packets Used when reliability is not important, such as streaming audio or video Much lower overhead Much harder for firewalls to police and control

ARP Address Resolution Protocol All network cards have a Media Access Control (MAC) address Unique 24 bit number made up of manufacturer code and serial number Unique 24 bit number made up of manufacturer code and serial number Used to create cross-reference between MAC addresses and IP addresses at data link layer (L2) Station sends out an ARP broadcast containing an IP address, only the match responds Responses have a lifetime and are refreshed after expiration ARP Table Poisoning attacks used to reroute traffic

ICMP Internet Control Message Protocol Basic network layer (L3) messenger protocol Low priority Ping Test communication between two stations Test communication between two stationsTraceroute Traces each hop between two stations Traces each hop between two stations

Ethernet 10 Mbps 10base2, uses thin coaxial cable 10base2, uses thin coaxial cable 10base5, uses thick coaxial cable 10base5, uses thick coaxial cable 10base-T, uses category 3 or greater unshielded twisted pair (UTP) cable 10base-T, uses category 3 or greater unshielded twisted pair (UTP) cable 100 Mbps, Fast Ethernet 100base-TX, uses cat 5 or greater UTP 100base-TX, uses cat 5 or greater UTP 1000 Mbps (1 Gbps), Gigabit Ethernet 1000base-T, uses cat 5e or 7 UTP (depending on manufacturer) 1000base-T, uses cat 5e or 7 UTP (depending on manufacturer) 1000base-SX, uses fiber optic cable 1000base-SX, uses fiber optic cable

Uses CSMA/CD cable access method Carrier Sense Multiple Access with Collision Detection Carrier Sense Multiple Access with Collision Detection Monitors carrier activity on wire, transmits during absence of carrier Monitors carrier activity on wire, transmits during absence of carrier If two stations simultaneously transmit, collision occurs If two stations simultaneously transmit, collision occurs In case of collision, both stations stop transmitting for a random amount of time In case of collision, both stations stop transmitting for a random amount of time Although some collisions are normal, high levels are detrimental to performance Although some collisions are normal, high levels are detrimental to performance Collisions are controlled by creating collision domains using bridges, switches, routers Collisions are controlled by creating collision domains using bridges, switches, routers Collision domains also limit sniffer usage Collision domains also limit sniffer usage

Other LAN Technologies Token Ring 4 – 17 Mbps 4 – 17 Mbps Similar to 10baseT Ethernet Similar to 10baseT Ethernet Fiber Distributed Data Interface (FDDI) 100 Mbps over fiber optic cable 100 Mbps over fiber optic cable Works over 2 counter rotating rings for fault tolerance Works over 2 counter rotating rings for fault toleranceATM Primarily a WAN technology, but is sometimes used in LANs Primarily a WAN technology, but is sometimes used in LANs Can guarantee specific bandwidth to users Can guarantee specific bandwidth to users Speeds up to 2.5 Gbps Speeds up to 2.5 Gbps

Cable Types Coaxial Unshielded or Shielded Twisted Pair Noise – interference caused by electrical devices Noise – interference caused by electrical devices Attenuation – loss of signal over distance Attenuation – loss of signal over distance Crosstalk – signal on one wire spills to other Crosstalk – signal on one wire spills to other Fiber Optic Cable Considered most secure as it can not be easily tapped Considered most secure as it can not be easily tapped Attenuation is a problem over very long distances or with many fiber cuts Attenuation is a problem over very long distances or with many fiber cuts

Physical LAN/WAN Topologies Bus Used in 10base2 and 10base5 Ethernets Used in 10base2 and 10base5 EthernetsStar Used in 10baseT Ethernets Used in 10baseT EthernetsTreeRingMesh

Networking Devices Repeaters Physical layer (L1) device Physical layer (L1) device Used to amplify signals Used to amplify signals Dumb device makes no decisions Dumb device makes no decisionsHub Multiport repeater Multiport repeaterBridges Data link layer (L2) device Data link layer (L2) device Intelligent repeater which answers ARP requests, forwards broadcasts, puts packet on proper segment Intelligent repeater which answers ARP requests, forwards broadcasts, puts packet on proper segment Makes decisions based on MAC addresses Makes decisions based on MAC addresses

Switch Multiport bridge Multiport bridge Data link layer (L2) switch Data link layer (L2) switch Basic inexpensive switch that simply bridges packets based on MAC addresses Network layer (L3) switch Network layer (L3) switch Adds the ability to make decisions based on IP addresses IP based packet forwarding and ACLs Much faster than a router Can prioritize traffic – Quality of Service (QoS) Transport layer (L4) switch Transport layer (L4) switch Adds the ability to make decisions based on content like Web address

Virtual LANs (VLANs) Used to virtually segment switched networks Used to virtually segment switched networks Separates LAN devices into broadcast domains Separates LAN devices into broadcast domains Provides security since packets are not sent to ports not assigned to a particular VLAN Provides security since packets are not sent to ports not assigned to a particular VLAN

Router Network layer (L3) device Network layer (L3) device Makes decisions based on IP addresses Makes decisions based on IP addresses Uses a routing table to decide where to send packets Uses a routing table to decide where to send packets Routing tables populated using dynamic routing protocols like BGP, RIP, or OSPF or static entries Autonomous System Numbers (ASN) differentiate between different routing domains ACLs used to filter packets based on IP addresses, source or destination ports, protocol ACLs used to filter packets based on IP addresses, source or destination ports, protocol

Homework Project 2 Locate and review the various existing YSU computer Acceptable Use Policies (AUP) Create a more complete YSU-wide AUP that takes into account all the current computer security threats Describe how students and faculty can be made more aware of the AUP