History of Internet – ARPANET – primary purpose was to deliver packets – availability
Why need OSI model?
Compatibility
Modular approach
For instance, moving from IPv4 to IPv6 only needed updates to Network layer
Physical – BITS
- Electrical signals or light
- Network Interface Cards
- Cable
Data Link Layer – Frames
- Ethernet
- MAC Hardware address
Network – Datagram
- Logical IP addressing
- Move between different networks
- Fragmentation
- IP, IPSEC, ICMP
- All routing protocols – RIP, OSPF, BGP
- No guarantee delivery
- Best route to get to destination – Availability
Transport – Packets or Segments
- End to End transport
- UDP – send and pray –
- Live streaming
- TCP – guaranteed delivery – 3 way handshake
- SYN, ACK, FIN, RST
- SPX from Novell
Session
- Conversations between hosts
- Creates, monitors, tears down sessions
- NetBios, RPC, SOCKS, SCP
Presentation
- Format
- What character set? ASCII, EBCIDIC
- Video Format
- Compresssion
- Encryption
Application
- Common services that provide entry point for hackers
- Applications use this layer to get service
- HTTP, SMTP, FTP, DHCP, DNS
- APIs
Socket – IP Address + Port Number
MAC Address –
- 48 Bits
- First 24 Bits OUI – Vendor ID
- Globally Unique, can be spoofed
ARP – maps IP address to MAC address
- Times out after 8 -10 minutes, adjustable
- Gratuitous ARP – a reply to which no request has been made
- Potential indicator of offensive activity
RIP
- Only looks at fewest number of links, does not count bandwidth
- Updates routes every 30 seconds
- Maximum of 15 hops
- Version 2 is Good for Small Networks
OSPF
- Mose widely used in Enterprise Networks
- Link State Algorithm
- Builds topology
- Only sends changes
- Quick convergence
- Needs CPU horsepower
BGP
- Internet routing protocol
- Autonomous Systems – AS Numbers
ICMP
- PING
- traceroute
- Network congestion, downed link
- Typically dropped at firewalls
- Netmask request
IPv6
- Enabled in all MS systems since 7
- Could be dual active in your computer NOW
- Makes NAT no longer necessary
- Builtin – QOS, IPSEC,
- 128 bit address
DNS
- Worldwide distributed Database
- UDP 53 for queries
- TCP 53 for Zone Transfers
IPv4
CIDR | Hosts | First Octet | Binary | Reserved | |
Class A | /8 | 16777214 | 1-126 | 0000001-01111110 | 10.0.0.0/8 |
Class B | /16 | 65534 | 128-191 | 10000000-10111111 | 172.16-172.31 |
Class C | /24 | 254 | 192-223 | 11000000-11011111 | 192.168.0.0 /16 |
Total Address Space – 4,294,967,296 | |||||
Local Loopback 127.0.0.1 |
IPv6 sample address – 2001:0db8:1234:0001:0001:0000:0000:0001
- Partial Abbreviation – 2001:0db8:1234:1:1:0:0:1
- Full Abbreviation – 2001:db8:1234:1:1::1
- Binary Equivalent – 0010 0000 0000 0001 0000 1101 1011 1000 0001 0010 0011 0100 0000 0000 0000 0001 0000 0000 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000
IPv6 – 128 bit addressing = 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.
SCADA –
ModBus, Fieldbus – built for uptime and control
Could be tunneled over IP network
Multiplexing
- Frequency Division – Example is an FM Radio
Repeater
- Does not recondition the signal
- Amplifies the signal – good traffic as well as ‘noise’
Hub
- Multiport Repeater
- Amplify Signal
- Concentrator
- Half duplex
Routers
- Deterministic Routing, Predetermined Routes
- Predictable
- Secure
- Can add ACLs for a level of Security
- Hardening
Switches
- Spanning Tree
- MAC Security
- Port Security
- Disable Unused Ports
- 802.1x
- DHCP Snooping
- Dynamic Arp Inspection
Firewall
- NAT – Network Address Translation
- PAT – Port Address Translation
- VPN – Virtual Private Network
- UTM – Unified Threat Management
- Packet Filter
- Does not understand state
- Filters based on Address or Port
- Does not detect protocol anomalies
- Does not detect out of order packets
- Does not detect IP fragmentation
- Does not detect IP Spoofing
- Stateful (SPI)
- Monitor state of connections ( Initiated, Established, Termination)
- Web Application (WAF)
- Focused on web type attacks
- SQL injections, XSS
Proxy
- Application
- Operates at Application Layer
- Understands protocols
- Understands Syntax
- Circuit
- SOCKS
- Limited number of applications
Cabling Considerations
- Distance Issues
- Attenuation – Degradation
- Crosstalk – EMI – Increased Twists per inch minimize
- Noise – Signal to Noise Ratio
- Sensitivity
- Interference
Fiber Optic
- Immune to EMI
- Long Distance – rated in miles versus feet
- High Speed
- Hard to tap
- Can use LEDs or Diode Lasers
- Multimode – 50-125 Microns, Shorter distance
- Single Mode – 9 micron, greater bandwidth and distance
- Lowest cost SECURE cable
Network Topology
Circuit Switched
- Fixed path through network
- Predictable traffic flow, bandwidth, latency
- Phone System, POTS
Packet Switched
- Router decides which path is best to take
- Variable traffic flow, bandwidth, latency
- TCP/IP works this way
Switched Virtual Circuit – SVC – on Demand
Permanent Virtual Circuit – PVC – permanent route
CSMA – Carrier Sense Multiple Access –
Only one station can talk at a time
CSMA/CD – Collision Detection – Wired Networks – collisions will exist in non-switched networks
CSMA/CA – Collision Avoidance – Wireless – requires authorization from Access Point to transmit
MPLS
- Find destination router
- Find a path to the router
- Router will apply a ‘label’ to the path
- Allows control of path taken
- Speed, scalability, traffic engineering
ISDN
- Bearer Channel – data -“B” channel
- Delta Channel – management – “D” channel
- BRI – Basic Rate Interface – 2 x 64Kb, 1 16kb
- PRI – Primary Rate Interface – 23 x 64k
- Mostly Obsolete
DSL Fast Ethernet over POTS
Cable Modem – Fast Ethernet over Cable
- Security Standard – DOCSIS