Domain 4 – Network

History of Internet – ARPANET – primary purpose was to deliver packets – availability

Why need OSI model?

Compatibility

Modular approach

For instance, moving from IPv4 to IPv6 only needed updates to Network layer

Physical – BITS

  • Electrical signals or light
  • Network Interface Cards
  • Cable

Data Link Layer – Frames

  • Ethernet
  • MAC Hardware address

Network – Datagram

  • Logical IP addressing
  • Move between different networks
  • Fragmentation
  • IP, IPSEC, ICMP
  • All routing protocols – RIP, OSPF, BGP
  • No guarantee delivery
  • Best route to get to destination – Availability

Transport – Packets or Segments

  • End to End transport
  • UDP – send and pray –
    • Live streaming
  • TCP – guaranteed delivery – 3 way handshake
    • SYN, ACK, FIN, RST
  • SPX from Novell

Session

  • Conversations between hosts
  • Creates, monitors, tears down sessions
  • NetBios, RPC, SOCKS, SCP

Presentation

  • Format
  • What character set?  ASCII, EBCIDIC
  • Video Format
  • Compresssion
  • Encryption

Application

  • Common services that provide entry point for hackers
  • Applications use this layer to get service
  • HTTP, SMTP, FTP, DHCP, DNS
  • APIs

Socket – IP Address + Port Number

MAC Address –

  • 48 Bits
  • First 24 Bits OUI – Vendor ID
  • Globally Unique, can be spoofed

ARP – maps IP address to MAC address

  • Times out after 8 -10 minutes, adjustable
  • Gratuitous ARP – a reply to which no request has been made
    • Potential indicator of offensive activity

RIP

  • Only looks at fewest number of links, does not count bandwidth
  • Updates routes every 30 seconds
  • Maximum of 15 hops
  • Version 2 is Good for Small Networks

OSPF

  • Mose widely used in Enterprise Networks
  • Link State Algorithm
    • Builds topology
    • Only sends changes
    • Quick convergence
    • Needs CPU horsepower

BGP

  • Internet routing protocol
  • Autonomous Systems – AS Numbers

ICMP

  • PING
  • traceroute
  • Network congestion, downed link
  • Typically dropped at firewalls
  • Netmask request

IPv6

  • Enabled in all MS systems since 7
  • Could be dual active in your computer NOW
  • Makes NAT no longer necessary
  • Builtin – QOS, IPSEC,
  • 128 bit address

DNS

  • Worldwide distributed Database
  • UDP 53 for queries
  • TCP 53 for Zone Transfers

IPv4

CIDR Hosts First Octet Binary Reserved
Class A /8 16777214 1-126 0000001-01111110 10.0.0.0/8
Class B /16 65534 128-191 10000000-10111111 172.16-172.31
Class C /24 254 192-223 11000000-11011111 192.168.0.0 /16
Total Address Space – 4,294,967,296
Local Loopback 127.0.0.1

IPv6 sample address – 2001:0db8:1234:0001:0001:0000:0000:0001

  • Partial Abbreviation – 2001:0db8:1234:1:1:0:0:1
  • Full Abbreviation – 2001:db8:1234:1:1::1
  • Binary Equivalent – 0010 0000 0000 0001 0000 1101 1011 1000 0001 0010 0011 0100 0000 0000 0000 0001 0000 0000 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000

IPv6 – 128 bit addressing = 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.

SCADA

ModBus, Fieldbus – built for uptime and control

Could be tunneled over IP network

Multiplexing

  • Frequency Division – Example is an FM Radio

Repeater

  • Does not recondition the signal
  • Amplifies the signal – good traffic as well as ‘noise’

Hub

  • Multiport Repeater
  • Amplify Signal
  • Concentrator
  • Half duplex

Routers

  • Deterministic Routing, Predetermined Routes
    • Predictable
    • Secure
  • Can add ACLs for a level of Security
  • Hardening

Switches

  • Spanning Tree
  • MAC Security
  • Port Security
    • Disable Unused Ports
    • 802.1x
  • DHCP Snooping
  • Dynamic Arp Inspection

Firewall

  • NAT – Network Address Translation
  • PAT – Port Address Translation
  • VPN – Virtual Private Network
  • UTM – Unified Threat Management
  • Packet Filter
    • Does not understand state
    • Filters based on Address or Port
    • Does not detect protocol anomalies
    • Does not detect out of order packets
    • Does not detect IP fragmentation
    • Does not detect IP Spoofing
  • Stateful (SPI)
    • Monitor state of connections ( Initiated, Established, Termination)
  • Web Application (WAF)
    • Focused on web type attacks
    • SQL injections, XSS

Proxy

  • Application
    • Operates at Application Layer
    • Understands protocols
    • Understands Syntax
  • Circuit
    • SOCKS
    • Limited number of applications

Cabling Considerations

  • Distance Issues
    • Attenuation – Degradation
    • Crosstalk – EMI – Increased Twists per inch minimize
    • Noise – Signal to Noise Ratio
  • Sensitivity
  • Interference

Fiber Optic

  • Immune to EMI
  • Long Distance – rated in miles versus feet
  • High Speed
  • Hard to tap
  • Can use LEDs or Diode Lasers
  • Multimode – 50-125 Microns, Shorter distance
  • Single Mode – 9 micron, greater bandwidth and distance
  • Lowest cost SECURE cable

Network Topology

Circuit Switched

  • Fixed path through network
  • Predictable traffic flow, bandwidth, latency
  • Phone System, POTS

Packet Switched

  • Router decides which path is best to take
  • Variable traffic flow, bandwidth, latency
  • TCP/IP works this way

Switched Virtual Circuit – SVC – on Demand

Permanent Virtual Circuit – PVC – permanent route

CSMA – Carrier Sense Multiple Access –

Only one station can talk at a time

CSMA/CD – Collision Detection – Wired Networks – collisions will exist in non-switched networks

CSMA/CA – Collision Avoidance – Wireless – requires authorization from Access Point to transmit

MPLS

  • Find destination router
  • Find a path to the router
  • Router will apply a ‘label’ to the path
  • Allows control of path taken
  • Speed, scalability, traffic engineering

ISDN

  • Bearer Channel – data -“B” channel
  • Delta Channel – management  – “D” channel
  • BRI – Basic Rate Interface – 2 x 64Kb, 1 16kb
  • PRI – Primary Rate Interface – 23 x 64k
  • Mostly Obsolete

DSL   Fast Ethernet over POTS

Cable Modem – Fast Ethernet over Cable

  • Security Standard – DOCSIS