Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP.

Published byBennett Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP."— Presentation transcript:

1 Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP

2 Internet Security - Farkas2 Reading Assignment Reading: R. Oppliger, Internet and Intranet Security, Artech House, Google Book, http://books.google.com/books/about/Internet_and_Intranet_S ecurity.html?id=vtyowiyW9BkC, Chapter 2 http://books.google.com/books/about/Internet_and_Intranet_S ecurity.html?id=vtyowiyW9BkC Recommended Reading: CISCO: TCP/IP Technology, http://www.cisco.com/en/US/tech/tk365/technologies_white_ paper09186a008014f8a9.shtml http://www.cisco.com/en/US/tech/tk365/technologies_white_ paper09186a008014f8a9.shtml

3 Internet Security - Farkas3 Before the Internet Isolated, local packet-switching networks – only nodes on the same network could communicate Each network was autonomous – different services – different interfaces – different protocols

4 Internet Security - Farkas4 Before the Internet (cont.) ARPANET: sponsored by Defense Advanced Research Projects Agency (DARPA): 1969: interconnected 4 hosts 1970: host-to-host protocol: Network Control Protocol (NCP) 1972: first application: e-mail Univ. of California at LA (UCLA) Stanford Research Institute (SRI) Univ. of California at Santa Barbara (UCSB) Univ. of Utah

5 Internet Security - Farkas5 Internet Connect Existing Networks: ARPANET, Packet Radio, and Packet Satellite NCP not sufficient  Develop new protocol 1970s: Transmission Control Protocol (Kahn and Vinton) – Based on packet switching technology – Good for file transfer and remote terminal access Divide TCP into 2 protocols – Internet Protocol (IP): addressing and forwarding of packets – Transmission Control Protocol (TCP): sophisticated services, e.g., flow control, recovery 1980: TCP/IP adopted as a DoD standard 1983: ARPANET protocol officially changed from NCP to TCP/IP 1985: Existing Internet technology 1995: U.S. Federal Networking Council (FNC) defines the term Internet

6 Internet Security - Farkas6 Goals (Clark’88) Connect existing networks 1. Survivability 2. Support multiple types of services 3. Must accommodate a variety of networks 4. Allow distributed management 5. Allow host attachment with a low level of effort 6. Be cost effective 7. Allow resource accountability

7 Internet Security - Farkas7 Internet Challenge Interconnected networks differ (protocols, interfaces, services, etc.) Possibilities: 1. Reengineer and develop one global packet switching network standard: not economically feasible 2. Have every host implement the protocols of every network it wants to communicate with: too complex, very high engineering cost 3. Add an extra layer: internetworking layer Hosts: one higher-level protocol Network connecting use the same protocol Interface between the new protocol and network

8 Internet Security - Farkas8 Layering Organize a network system into logically distinct entities – the service provided by one entity is based only on the service provided by the lower level entity

9 Internet Security - Farkas9 Without Layering Each application has to be implemented for every network technology! SMTP FTPHTTP Coaxial cable Fiber optic Application Transmission Media

10 Internet Security - Farkas10 With Layering Intermediate layer provides a unique abstraction for various network technologies SMTP FTP Coaxial cable Fiber optic Application Transmission Media HTTP Intermediate layer

11 Internet Security - Farkas11 Layering Advantages – Modularity – protocols easier to manage and maintain – Abstract functionality –lower layers can be changed without affecting the upper layers – Reuse – upper layers can reuse the functionality provided by lower layers Disadvantages – Information hiding – inefficient implementations

12 Internet Security - Farkas12 ISO OSI Reference Model ISO – International Standard Organization OSI – Open System Interconnection Goal: a general open standard – allow vendors to enter the market by using their own implementation and protocols

13 Internet Security - Farkas13 OSI Model Concepts Service – says what a layer does Interface – says how to access the service Protocol – says how is the service implemented – a set of rules and formats that govern the communication between two peers

14 Internet Security - Farkas14 TCP/IP Protocol Stack Application Layer Transport Layer Internetwork Layer Network Access Layer Each layer interacts with neighboring layers above and below Each layer can be defined independently Complexity of the networking is hidden from the application

15 Internet Security - Farkas15 OSI vs. TCP/IP OSI: conceptually define: service, interface, protocol Internet: provide a successful implementation Application Presentation Session Transport Network Datalink Physical Internet Host-to- network Transport Application IP LAN Packet radio TCPUDP TelnetFTPDNS

16 Internet Security - Farkas16 Network Access Layer Responsible for packet transmission on the physical media Transmission between two devices that are physically connected The goal of the physical layer is to move information across one “hop” For example: Ethernet, token ring, Asynchronous Transfer Mode (ATM)

17 Internet Security - Farkas17 Internetwork Layer Provides connectionless and unreliable service Routing (routers): determine the path a path has to traverse to reach its destination Defines addressing mechanism – Hosts should conform to the addressing mechanism

18 Internet Security - Farkas18 IP Addresses IP provides logical address space and a corresponding addressing schema IP address is a globally unique or private number associated with a host network interface Every system which will send packets directly out across the Internet must have a unique IP address IP addresses are based on where the hosts are connected IP addresses are controlled by a single organization - address ranges are assigned They are running out of space!

19 Internet Security - Farkas19 Routing Protocols Enable routing decisions to be made Manage and periodically update routing tables, stored at each router Router : “which way” to send the packet Protocol types: Reachability Distance vector

20 Internet Security - Farkas20 The Domain Name System Each system connected to the Internet also has one or more logical addresses. Unlike IP addresses, the domain address have no routing information - they are organized based on administrative units There are no limitations on the mapping from domain addresses to IP addresses

21 Internet Security - Farkas21 Domain Name Resolution Domain Name Resolution: looking up a logical name and finding a physical IP address There is a hierarchy of domain name servers Each client system uses one domain name server which in turn queries up and down the hierarchy to find the address If your server does not know the address, it goes up the hierarchy possibly to the top and works its way back down

22 Internet Security - Farkas22 Transport Layer Provides services to the application layer Services: – Connection-oriented or connectionless transport – Reliable or unreliable transport – Security (authenticity, confidentiality, integrity) Application has to choose the services it requires from the transport layer Limitations of combinations, e.g., connectionless and reliable transport is invalid

23 Internet Security - Farkas23 Application Layer Provides services for an application to send and recieve data over the network, e.g., telnet (port 23), mail (port 25), finger (port 79) Interface to the transport layer – Operating system dependent – Socket interface

24 Internet Security - Farkas24 Communication Between Layers Transport layer Network layer Data Link layer Network layer Data Link layer Network layer Data Link layer Network layer Transport layer Application layer Application Data Transport payload Network Payload Data Link Payload Host ARouter Host B

25 Internet Security - Farkas25 Security -- At What Level? Secure traffic at various levels in the network Where to implement security? -- Depends on the security requirements of the application and the user Basic services that need to be implemented: Key management Confidentiality Nonrepudiation Integrity/authentication Authorization

26 Internet Security - Farkas26 Network Access Layer Security Dedicated link between hosts/routers  hardware devices for encryption Advantages: – Speed Disadvantages: – Not scaleable – Works well only on dedicates links – Two hardware devices need to be physically connected

27 Internet Security - Farkas27 Internetwork Layer Security IP Security (IPSec) Advantages: – Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure – Ability to build VPN and intranet Disadvantages: – Difficult to handle low granularity security, e.g., nonrepudation, user-based security,

28 Internet Security - Farkas28 Transport Layer Security Advantages: – Does not require enhancement to each application Disadvantages: – Difficult to obtain user context – Implemented on an end system – Protocol specific  implemented for each protocol

29 Internet Security - Farkas29 Transport Layer Security Advantages: – Does not require enhancement to each application Disadvantages: – Obtaining user context gets complicated – Protocol specific --> need to duplicated for each transport protocol – Need to maintain context for connection (not currently implemented for UDP)

30 Internet Security - Farkas30 Application Layer Security Advantages: – Executing in the context of the user --> easy access to user’s credentials – Complete access to data --> easier to ensure nonrepudation – Application can be extended to provide security (do not depend on the operating system) – Application understand data --> fine tune security Disadvantages: – Implemented in end hosts – Security mechanisms have to be implemented for each application --> –expensive –greated probability of making mistake

31 Internet Security - Farkas31 Application Example E-mail client using PGP Extended capabilities – Ability to look up public keys of the users – Ability to provide securiy services such as encryption/decrytion, nonrepudation, and authentication for e-mail messages

Download ppt "Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP."

Similar presentations

COS 461 Fall 1997 Networks and Protocols u networks and protocols –definitions –motivation –history u protocol hierarchy –reasons for layering –quick tour.

COS 461 Fall 1997 Networks and Protocols u networks and protocols –definitions –motivation –history u protocol hierarchy –reasons for layering –quick tour.
4123702 Data Communications System By Ajarn Preecha Pangsuban.

Data Communications System By Ajarn Preecha Pangsuban.
Chapter 5: TCP/IP and OSI Business Data Communications, 5e.

Chapter 5: TCP/IP and OSI Business Data Communications, 5e.
Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 2 – Protocol Architecture, TCP/IP, and Internet-Based.

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 2 – Protocol Architecture, TCP/IP, and Internet-Based.
1 William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.

1 William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.
Protocols and the TCP/IP Suite Chapter 4 (Stallings Book)

Protocols and the TCP/IP Suite Chapter 4 (Stallings Book)
CS 268: Lecture 2 (Layering & End-to-End Arguments)

CS 268: Lecture 2 (Layering & End-to-End Arguments)
Semester 1 2008-2009Copyright USM EEE442 Computer Networks Introduction: Protocols En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex, UK)

Semester Copyright USM EEE442 Computer Networks Introduction: Protocols En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex, UK)
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
EE 122: Layering and the Internet Architecture Kevin Lai September 4, 2002.

EE 122: Layering and the Internet Architecture Kevin Lai September 4, 2002.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.

Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.

Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.

William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.
Introduction© Dr. Ayman Abdel-Hamid, CS4254 Spring 20061 CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer Science.

Introduction© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer Science.
COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
OIS Model TCP/IP Model.

OIS Model TCP/IP Model.
Chapter 5: TCP/IP and OSI Business Data Communications, 6e.

Chapter 5: TCP/IP and OSI Business Data Communications, 6e.

Similar presentations

Ads by Google