Networking Basics and Network Security



Similar documents
Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Ethernet. Ethernet. Network Devices

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Computer Networks/DV2 Lab

Technical Support Information Belkin internal use only

Security Type of attacks Firewalls Protocols Packet filter

21.4 Network Address Translation (NAT) NAT concept

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

Firewall Firewall August, 2003

Overview. Packet filter

Linux MDS Firewall Supplement

CMPT 471 Networking II

Advanced Higher Computing. Computer Networks. Homework Sheets

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

CS5008: Internet Computing

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Post-Class Quiz: Telecommunication & Network Security Domain

Chapter 11 Cloud Application Development

Multi-Homing Dual WAN Firewall Router

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Chapter 1 Personal Computer Hardware hours

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Proxy Server, Network Address Translator, Firewall. Proxy Server

The OSI and TCP/IP Models. Lesson 2

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Overview of TCP/IP. TCP/IP and Internet

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

allow all such packets? While outgoing communications request information from a

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Internet infrastructure. Prof. dr. ir. André Mariën

How do I get to

FIREWALLS & CBAC. philip.heimer@hh.se

EXPLORER. TFT Filter CONFIGURATION

COMPUTER NETWORK TECHNOLOGY (300)

Firewalls. Ahmad Almulhem March 10, 2012

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Overview. Firewall Security. Perimeter Security Devices. Routers

Focus on Security. Keeping the bad guys out

Stateful Inspection Technology

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

How To Use A Network Over The Internet (Networking) With A Network (Netware) And A Network On A Computer (Network)

Fig : Packet Filtering

Firewalls. Chien-Chung Shen

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Linux Network Security

Gigabit SSL VPN Security Router

Gigabit Content Security Router

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Copyright 2006 Comcast Communications, Inc. All Rights Reserved.

Protocols. Packets. What's in an IP packet

Virtual Private Networks

Overview of Computer Networks

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Computer Networks/DV2 Lab

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Protecting and controlling Virtual LANs by Linux router-firewall

Firewalls. Chapter 3

Basic Network Configuration

Chapter 8 Security Pt 2

ΕΠΛ 674: Εργαστήριο 5 Firewalls

CompTIA Network+ (Exam N10-005)

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

Data Communication Networks and Converged Networks

SSVP SIP School VoIP Professional Certification

Networks. Connecting Computers. Measures for connection speed. Ethernet. Collision detection. Ethernet protocol

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

8. Firewall Design & Implementation

12. Firewalls Content

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Network Configuration Settings

... Lecture 10. Network Security I. Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

7. Firewall - Concept

Fundamentals of the Internet 2009/ Explain meaning the following networking terminologies:

Communications and Networking

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

Solution of Exercise Sheet 5

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Firewalls, IDS and IPS

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

home networking series Advanced manual - HOME NETWORKING

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

Transcription:

Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired: Ethernet, t USB, Wireless: Bluetooth, WLAN, Logic Connection Networking Software (OS) Network Applications WWW, E-Mail, Telnet, Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Web-Browser, FTP HTML, ASCII HTTP, SMTP TCP, UDP, SPX IP, IPX IEEE 802.3, 802.11 Cables, Radio 1

Benefits from layering A simple Example Each layer uses the services provided by the next lower one and provides services to the next one Users don t see the lower layers Programmers can rely on well defined interfaces Improved interoperability Frederic Sumaye Translator Office Swahili Translated Text Conversation English Telegrams Megawati Sukarnoputri Indonesia Translator Translated Text Office Physical Layer (1) Data Link Layer (2) Bit- / Baudrate Mechanical Dimensions Electrical Specification Functional Specification Protocol (Handshaking, etc.) Examples: ISDN, Ethernet, Token-Ring, Wireless-LAN Error-Recognition and -Recovery Flow Control Commonly used: Shared Media -> Collision Detection necessary Ethernet: CSMA/CD ATM, GSM: assigned Timeslots 2

Network Layer (3) Main Task: Routing Packets Routing Requirements: simple, robust, stable, fair, optimal Internet (IPv4 / IPv6): globally unique addresses AppleTalk / SMB (Windows): addresses only valid in a local scope Transport Layer (4) Connected or connection-less Services UDP: User Datagram Protocol very simple, connection-less protocol no flow-control, packets can be lost TCP: Transmission Control Protocol reliable, connection oriented protocol flow-control, supports QoS Session Layer (5) Presentation Layer (6) Not implemented in TCP/IP Networks Standards d for Presentation ti Layer are well defined: ASCII, HTML, PNG, No automatic conversion! Gateways: UNIVIS-DB Access via Web, Internet to X.400 Mail Relays, The Network is hidden Automatic Address resolution No routing, etc. visible Comfortable Application Layer (7) 3

Overview ISO 7-Layer Model Networking Hardware Physical Layer: Repeater, Hub simple electrical l amplifier Data Link Layer: Bridge, Switch separates collision domains Network Layer: Router, Layer 3 Switch forwarding between different networks Higher Layers: Gateways (Software) Internet Protocols (1) Internet Protocols (2) IP: Internet Protocol Routing-Information: ToS-Flags, Protocol-ID, Header-Checksum, Addresses ICMP: Internet Control Message Protocol Ping, Traceroute UDP: User Datagram Protocol Connection-Less Protocol Ports, Data-Length and Checksum TCP: Transmission Control Protocol Ports (widely used for many services in upper layers) Connection-Based Protocol Sequence- and Acknowledge- Numbers Connection establishment: 3-Way Handshake CRC-Checksum (like UDP) 4

Network Security (Problems) No Security Mechanisms implemented in TCP/IP (IPv4) Problems: Traffic can be observed (Passwords, Credit Cards, ) manipulated (Bank Transfers, ) faked (DoS Attacks, ) Server Programs are vulnerable! Enhancing Network Security Cryptographic Protocol Extensions (HTTPS, SSH, ) Inhibit Data-Manipulation and -Observation Protocol dependant Can t prevent DoS-Attacks Can t protect vulnerable Servers Network-Infrastructure is vulnerable! Firewalls Protect Servers against Hackers Allow / disallow traffic based on simple rules (Addresses, Protocol, Ports, ) Example: Web-Server Incoming: only on Port 80 Outgoing: only responses Detect typical Attacks Simple Firewall: Packet Filters Filter Rules only match IP-Addresses, Protocol and TCP/UDP-PortsPorts FTP: big holes in Firewall necessary! Hackers can still find hidden Servers Example (Linux): iptables -A INPUT -p tcp --destination-port!80 -j DROP 5

Better: Stateful Inspection TCP: Connection-based Protocol Recognize Packets belonging to an established Connection Can allow FTP-Session from Server to Client Machine UDP: no Connections but Sessions Can allow DNS-responses but disallow malicious packets ( spoofing ) DMZ : Demilitarized Zone Internet Absolutely insecure! Private Network: Incoming: not allowed Outgoing: Masquerading DMZ : NAT Incoming: only selected services (Web, Mail, ) Outgoing: limited (DNS) Masquerading Only 4 Billion IPv4 addresses available Clients usually don t need official IPs Address translation Internal: private addresses (defined in RFC1918) External: one official address Table for open connections Automatically hides private network Outgoing traffic appears to come from one computer. NAT : Network Address Translation Mapping of one IP address to another without the sender noticing. E.g.: Gateway accepts packets for web server in DMZ and forwards them internally. Response appears to come from the original destination address. Forwarding of packets on specific ports possible (e.g. port 80 for www). Other packets are discarded. 6

VPN : Virtual Private Networks The Main Points Again... Clients connect to an internal network ( intranet ) through the Internet. Sessions are authenticated. Traffic is usually encrypted. Comfortable for the user: Access to internal servers as if he was in his office Works with all IP based services. Certificates are used for authentication and encryption. Networking Basics ISO/OSI Model Internet Protocols: IPv4 / IPv6 UDP: Connection-less TCP: Connection-based TCP Connection establishment Network Security Security Risks Protocol Dependant Solutions Firewalls: Packet Filter Stateful Inspection DMZ, Masquerading, NAT, VPN 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information