1 Chapter 11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2 OVERVIEW Understand IP addressing Manage IP subnetting and subnet masks Understand IP security terminology Manage Internet security features of Windows XP Configure and troubleshoot Windows Firewall Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 3 UNDERSTANDING BINARY NUMBERS Base 2 number system. Bit (1 = On; 0 = Off), Byte, Nibble, Octet. Kilo = 1024; Mega, Giga, Terra. 1
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 4 CONVERTING DECIMAL ADDRESSES TO BINARY Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 5 CONVERTING BINARY ADDRESSES TO DECIMAL Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 6 USING CALCULATOR TO CONVERT NUMBERS 2
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 7 DEFAULT SUBNET MASKS CLASSFUL ADDRESSING First two bits determine IP address class. Network bits are 1 s from left to right. Host bits are 0 s from right to left. Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 8 IP ADDRESSES Class A Class B Class C 1 st bit (binary) 0 10 110 1 st byte (decimal) 0-127 128-191 192-223 Network ID bits 8 16 24 Default subnetmask 255.0.0.0 255.255.0.0 255.255.255.0 Possible Networks 126 16,384 2,097,152 Possible Hosts 16,777,214 65,534 254 IP@ Special Class, Loopback and RFC1918 Reserved Addresses Class D Class E Loopback Private Class A Private Class B Private Class C APIPA 224 239 Multicast group 240 255 Experimental 127.0.0.0 127.255.255.255 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 169.254.0.0 (Automatic Private IP Address) Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 9 PROBLEMS WITH CLASSFUL ADDRESSES Wasted addresses Class A Which organization have 1.7 public systems? Shortage of address blocks Class A has only 126 blocks Class B has only 16,384 blocks Excessive routing table entries Class C has 2,097,152 blocks Organizations need multiple Class C blocks - causing routing table proliferation 3
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 10 SUBNETTING A LARGE NETWORK Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 11 RESERVED HOST ADDRESS Useable number of hosts is 2 n 2 Host address bits of all zeroes is the network ID Example: 192.168.1.0 Network ID or address of the network Network ID of host address 192.168.1.25 Host address bits of all ones is the network broadcast address Example: 192.168.1.255 is the broadcast address for 192.168.1.0 Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 12 CLASSLESS INTERDOMAIN ROUTING (CIDR) CIDR notation: IP address/network bits 4
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 13 SUPERNETS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 14 SECURING IP COMMUNICATIONS OVERVIEW Internet threats Protective technologies Configuring and managing Windows Firewall Monitoring Internet communications security Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 15 INTERNET THREATS Viruses (the oldest threat) Worms (the most persistent threat) Trojan horses Spyware Zombies - Bots Direct hacking 5
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 16 VIRUSES Take advantage of gullible users Infect document, graphics, and executable files Often include mass-mailing components Can carry destructive payloads Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 17 WORMS Self-replicating Network-aware Use bugs in programs or systems to spread Can carry viruses or other payloads Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 18 TROJAN HORSES Usually e-mailed or downloaded Appear to be a useful program or game Carry payload or back door application 6
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 19 SPYWARE Has attributes of Trojan horses or worms Spies on its victim Might transmit marketing data or transmit personal data to the spyware author Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 20 ZOMBIES - BOTS Payload of worm or Trojan horse Remotely controlled to attack network targets Participate in large-scale assaults on public Web sites Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 21 DIRECT HACKING Relatively low incidence Hardest form of attack to defeat 7
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 22 PROTECTIVE TECHNOLOGIES Security Center Windows Firewall Internet Connection Sharing (ICS) Third-party utilities Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 23 SECURITY CENTER Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 24 FIREWALL TERMINOLOGY Packet filtering Protocols (ICMP, TCP, UDP) Ports - Service Stateful packet filtering Exceptions (packet filter rules) Allowed/Permitted traffic Rejected/Blocked/Denied traffic Logging 8
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 25 ENABLING WINDOWS FIREWALL Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 26 FIREWALL EXCEPTIONS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 27 ADVANCED WINDOWS FIREWALL SETTINGS 9
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 28 MONITORING INTERNET SECURITY Windows Firewall monitoring Service logs Event logs Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 29 WINDOWS FIREWALL ALERTS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 30 WINDOWS FIREWALL LOGS 10
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 31 SERVER LOGS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 32 SUMMARY IP addresses are 32-bit binary addresses. The network portion of IP addresses determines location. CIDR allows creation of custom netblocks. CIDR permits use of variable-length subnet masks. Windows Firewall blocks unauthorized packets. Windows Firewall exceptions allow specified traffic to pass through the firewall. Alerts and logs warn of attempted attacks. 11