FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 2 An Introduction to Networking

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 2 An Introduction to Networking

Learning Objectives Upon completion of this chapter, you should be able to: Describe the basic elements of computer-based data communication Know the key entities and organizations behind current networking standards, as well as the purpose of and intent behind the more widely used standards Explain the nature and intent of the OSI reference model and list and describe each of the model s seven layers Describe the nature of the Internet and the relationship between the TCP/IP protocol and the Internet Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 2

Networking Fundamentals Fundamental exchange of information: sender communicates message to receiver over some medium Communication only occurs when recipient is able to receive, process, and comprehend message One-way flow of information is called a channel When recipient becomes a sender, for example by responding to original sender s message, this two-way flow is called a circuit Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 3

Networking Fundamentals (continued) Any medium may be subject to interference, called noise, which occurs in variety of forms Attenuation: loss of signal strength as signal moves across media Crosstalk: occurs when one transmission bleeds over to another Distortion: unintentional variation of communication over media Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 4

Networking Fundamentals (continued) Any medium may be subject to interference, called noise, which occurs in variety of forms (continued) Echo: reflection of a signal due to equipment malfunction or poor design Impulse: sudden, short-lived increase in signal frequency or amplitude, also known as a spike Jitter: signal modification caused by malfunctioning equipment White noise: unwanted noise due to signal coming across medium at multiple frequencies Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 5

Reasons to Network Data communications: exchange of messages across a medium Networking: interconnection of groups or systems with purpose of exchanging information Some reasons to build a network: To exchange information To share scarce or expensive resources To allow distributed organizations to act as if centrally located Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 6

Types of Networks Networks can be categorized by: Components: peer-to-peer (P2P), server-based, distributed multi-server Size: local area network (LAN), metropolitan area network (MAN), wide area network (WAN) Layout or topology: physical (ring, bus, star, hierarchy, mesh, hybrid), logical (bus, star) Media: guided (wired), unguided (wireless) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 7

Network Standards Among the agencies that work on data communications standards are: Internet Society (ISOC) Internet Assigned Numbers Authority (IANA) American National Standards Institute (ANSI) International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) Telecommunications Industry Association (TIA) International Organization for Standardization (ISO) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 8

OSI Reference Model and Security OSI reference model allocates functions of network communications into seven distinct layers, each with its own functions and protocols Premise of model is information sent from one host is translated and encoded through various layers, from Application layer to Physical layer Physical layer initiates transmission to receiver Receiver translates and decodes message by processing information through each layer in reverse order Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 9

The Physical Layer The primary function of the Physical layer is to place the transmission signal carrying the message onto the communications media that is, to put bits on a wire The functions of the Physical layer are: Establish and terminate the physical and logical connection to the media Manage the flow and communication on the media Embed the message onto the signal carried across the physical media Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 10

Network Media Dominant media types and standards include: Coaxial cable Fiber-Optic cable Twisted-pair wire Wireless LAN Bluetooth Infrared Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 11

Embedding the Message Method used to embed message on signal depends on type of message and type of signal Two types of message (or information): Analog information: continuously varying source (such as voice communications) Digital information: discrete, between a few values (such as computer communications) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 12

Embedding the Message (continued) Multiplexing combines several circuits to create high-bandwidth stream to carry multiple signals long distances Three dominant multiplexing methods are: Frequency division multiplexing (FDM): combines voice channels Time division multiplexing (TDM): assigns a time block to each client Wave division multiplexing (WDM): uses different frequencies of light so multiple signals can travel on same fiber-optic cable Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 13

Managing Communication Bit (or signal) flow conducted in several ways: Simplex transmissions: flow one way through a medium Half-duplex transmissions: flow either way, but in only one direction at a time Full-duplex transmissions: can flow both ways at the same time Serial transmissions: flow one bit at a time down a single communications channel Parallel transmissions: flow multiple bits at a time down multiple channels Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 14

Managing Communication (continued) Asynchronous (or timing-independent) Formulate data flow so each byte or character has its own start and stop bit Used in older modem-based data transfers to send individual characters between systems Synchronous (or timing-dependent) Use computer clocking to transmit data in continuous stream between two systems Clock synchronization makes it possible for end nodes to identify start and end of data flow This protocol is much more efficient Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 15

Data Link Layer Primary networking support layer Referred to as first subnet layer because it provides addressing, packetizing, media access control, error control, and some flow control for local network In LANs, it handles client-to-client and client-toserver communications Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 16

Data Link Layer (continued) DLL is further divided into two sublayers: Logical Link Control (LLC) sublayer Primarily designed to support multiplexing and demultiplexing protocols transmitted over MAC layer Also provides flow control and error detection and retransmission Media Access Control (MAC) sublayer Designed to manage access to communications media in other words, to regulate which clients are allowed to transmit and when Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 17

DLL Protocols Dominant protocol for local area networking is Ethernet for wired networks and Wi-Fi for wireless networks Other DLL LAN protocols include: Token ring Fiber Distributed Data Interface (FDDI) Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol (L2TP) WANs typically use ATM and frame relay Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 18

Forming Packets and Addressing First responsibility of DLL is converting Network layer packet into DLL frame DLL adds not only a header but also a trailer When necessary, packet is fragmented into frames, with corresponding information embedded into each frame header Addressing is accomplished with a number embedded in network interface card (NIC) This MAC address allows packets to be delivered to an endpoint; typically shown in hexadecimal format (e.g., 00-00-A3-6A-B2-1A) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 19

Media Access Control A primary function of DLL is controlling flow of traffic that is, determining which station is allowed to transmit when Two general approaches: Control Contention Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 20

Media Access Control (continued) Control (deterministic) Well-regulated network: traffic transmitted in orderly fashion, maintaining optimal data rate Facilitate priority system: key clients or servers can be polled more frequently than others Contention (stochastic) Clients listen to determine if channel is free and then transmit Must have mechanisms to deal with collisions Collision avoidance vs. collision detection Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 21

Switches and Bridges Specific technologies used to connect networks at Data Link layer While hub connects networks at Physical layer, connecting two networks with hub results in one large network (or collision domain) Connection via Layer 2 switch, capable of bridging, maintains separate collision domains Bridging: process of connecting networks with DLL protocols while maintaining integrity of each network, only passing messages that need to be transmitted between the two Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 22

Network Layer and Packetizing Network layer is primary layer for communications between networks Three key functions: Packetizing Addressing Routing During packetizing, Network layer takes segments sent from Transport layer and organizes them into packets for transmission across a network Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 23

Addressing Network layer uses network-layer address to uniquely identify destination across multiple networks Typical address consists of the network ID and the host ID In TCP/IP, IP address is network-layer address IP address contains source and destination IP address along with additional packet information Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 24

Addressing (continued) Addresses maintained and issued by Internet Assigned Numbers Authority (IANA) In early years, addresses distributed as follows: Class A: consists of primary octet (the netid) with three octets providing host ID portion; allows up to 16,777,214 hosts on network Class B: consists of two octets in netid with two octets providing 65534 host IDs Class C: consists of three octets in netid with one octet providing 254 host IDs Class D and Class E addresses are reserved Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 25

Addressing (continued) This address assignment method proves inefficient Internet moving to new version of IP, IPv6, which uses 128-bit address instead of 32-bit Increases available addresses by factor of 2 128 Network Address Translation (NAT): uses device, like a router, to segregate external Internet from internal network Device maps organizational addresses to different addresses inside the intranet Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 26

Routing Moving Network layer packets across networks Routing protocols include static and dynamic Internal routing protocols: Used inside autonomous system (AS) Distance-vector routing protocols and link-state routing protocols External routing protocols: Communicate between autonomous systems Translate different internal routing protocols Border Gateway Protocol (BGP) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 27

Transport Layer Primary function of Transport layer is to provide reliable end-to-end transfer of data between user applications Lower layers focus on networking and connectivity while upper layers, beginning with Transport layer, focus on application-specific services Transport layer also responsible for end-to-end error control, flow control, and several other functions Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 28

Error Control Process of handling problems with transfer process, which may result in modified or corrupted segments Broken into two components: error detection and error correction Errors are typically single-bit or multiple-bit Bit errors are most likely the result of noise interference Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 29

Error Control (continued) Errors detected using one of several schemes: Repetition: data transmitted redundantly Parity: check bits at end of each byte of data Redundancy: parity calculated for blocks of data rather than individual byte (LRC, VRC, CRC) Errors typically corrected by retransmission of damaged segment Dominant error correction techniques are automatic repeat requests (ARQs) Three most common ARQs are Stop-And-Wait, Go-Back-N, and Selective Repeat Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 30

Flow Control Purpose is to prevent receiver from being overwhelmed with segments, preventing effective processing of each received segment Some error correction techniques have built-in flow control Dominant technique is sliding window protocol, which provides mechanism by which receiver can specify number of segments (or bytes) it can receive before sender must wait Receiver enlarges or reduces window size as necessary Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 31

Other Functions of the Transport Layer Assignment of ports, which identify the service requested by a user Combination of Network layer address and port is referred to as a socket Tunneling protocols also work at Transport layer These protocols work with Data Link layer protocols to provide secure connections Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 32

Session Layer Responsible for establishing, maintaining, and terminating communications sessions between two systems Regulates whether communications are simplex (one way only), half-duplex (one way at a time), or full-duplex (bidirectional) Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 33

Presentation Layer Responsible for data translation and encryption functions For example, if one system is using standard ASCII and another is using EBCDIC, the Presentation layer performs the translation Encryption can also be part of operations performed at this level Presentation layer encapsulates Application layer messages prior to passing them down to Transport layer Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 34

Application Layer At Application layer, user is provided with a number of services, most aptly called application protocols TCP/IP protocol suite includes applications such as e-mail (SMTP and POP), World Wide Web (HTTP and HTTPS), file transfer (FTP and SFTP), and others Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 35

The Internet and TCP/IP The Internet incorporates millions of small, independent networks, connected by most of the major common carriers Most services we associate with the Internet are based on Application layer protocols The Internet is a physical set of networks, while the World Wide Web (WWW) is a set of applications that run on top of the Internet Web uses domain name-based Uniform Resource Identifiers (URIs), Uniform Resource Locator (URL) being best-known type Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 36

TCP/IP TCP/IP actually suite of protocols used to facilitate communications across the Internet Developed before OSI reference model, it is similar in concept but different in detail TCP/IP model is less formal than OSI reference model Each of the four layers of TCP/IP model represents a section of one or more layers of OSI model Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 37

Application Layer TCP/IP Application layer consists of utility protocols that provide value to end user Data from users and utilities are passed down to Transport layer for processing Wide variety of Application layer protocols that support Internet users: SMTP, POP for e-mail, FTP for data transfer, HTTP for Web content Application layers on each host interact directly with corresponding applications on other hosts to provide requisite communications support Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 38

Transport Layer Responsible for transferring of messages, including resolution of errors, managing necessary fragmentation, and control of message flow, regardless of underlying network Connection or connectionless messages Connects applications through use of ports Lowest layer of TCP/IP stack to offer any form of reliability TCP: connected, reliable protocol UDP: connectionless, unreliable protocol Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 39

Internetwork Layer Handles moving packets in a single network Examples of protocols are X.25 and ARPANET s Host/IMP Protocol Internet Protocol (IP) performs task of moving packets from source host to destination host IP carries data for many different upper-layer protocols Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 40

Internetwork Layer (continued) Some protocols carried by IP function on top of IP but perform other Internetwork layer functions All routing protocols are also part of Network layer Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 41

Subnet Layers TCP/IP Subnet layers include Data Link and Physical layers TCP/IP relies on whatever native network subnet layers are present For example, if user s network is Ethernet then IP packets are encapsulated into Ethernet frames No specification for Data Link layer or Physical layer Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 42

Chapter Summary Fundamental exchange of information: sender communicates message to receiver over some medium Communication only occurs when recipient is able to receive, process, and comprehend message Any medium may be subject to interference: attenuation, crosstalk, distortion, echo, impulse, jitter, white noise Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 43

Chapter Summary (continued) Some reasons to build a network: To exchange information To share scarce or expensive resources To allow distributed organizations to act as if centrally located Networks can be categorized by: components, size, layout or topology, media OSI reference model allocates functions of network communications into seven distinct layers, each with its own functions and protocols Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 44

Chapter Summary (continued) OSI reference model layers: Physical: puts transmissions onto media Data Link: primary networking support layer Network: primary layer for communications between networks Transport: provides reliable end-to-end transfer of data between user applications Session: establishes, maintains, terminates communications sessions between two systems Presentation: data translation and encryption Application: provides application protocols Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 45

Chapter Summary (continued) Each of four layers of TCP/IP model represents a section of one or more layers of OSI model Application: consists of utility protocols that provide value to end user Transport: responsible for transferring messages, regardless of underlying network Internetwork: handles moving packets in a single network Subnet: includes Data Link and Physical layers, relying on whatever native network subnet layers are present for signal transmission Firewalls & Network Security, 2nd ed. - Chapter 2 Slide 46