1 IT Networks - Lecture 2 Mark Gleeson [email protected] (01) 896 2666 5th May 2009 Physical Sciences in Medicine.

1

IT Networks - Lecture 2

Mark [email protected]

(01) 896 2666

5th May 2009

Physical Sciences in Medicine

2

Routing

• Networks are formed of smaller networks joined together

• The question arises of how you communicate where you need to cross numerous networks

• We call the selection of the route to use routing

• Challenges– Potentially many routes to your destination– You can get lost – dead ends, loops– Each packet potentially can take different

route

3

The Scenario

• Computer A establishes IP address of Computer B• Computer A creates IP packet with address of

Computer B as destination and its own IP address as source

• Routers are responsible to direct packet towards destination

Computer A Computer B

4

The Scenario

• Best route: Smallest number of hops?

Computer A Computer B

5

The Scenario

• Best route: – Fastest round-trip time?– Highest Bandwidth?

Computer A Computer B

6

Routing Basics

• Routing Tables– Creating tables

• Dynamic vs. Static– Maintaining tables

• Periodic vs. Aperiodic

Computer A Computer Bnode1

node2

node3

node1

node2

node3

node1

node2

node3

node6

node5

node7

node1

node2

node3

node8

node3

node5

node1

node2

node3

node3

node8

node5

node1

node2

node3

node3

node4

node5

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

7

Structure of the Internet

• Autonomous Systems– e.g. Companies, ISPs, 3rd-level

Institutions

Autonomous Systems

8

Autonomous Systems

• Stub network– Network that does not forward to other network

• Transit network– Network that forwards traffic between other

networks• Point-to-point link

Stub NetworkTransit

Network Point-to-Point

9

Yet another Layer ?!?

• Transport Layer – TCP • Why should you care?• Applications use TCP as main

communication mechanism– HTTP– Remote procedure calls (RPC)

• File Transfer

10

Network Layer vs Transport Layer

Network Layer Transport Layer

•Communication between two nodes

•Communication between processes

•Best effort delivery •Ordered, guaranteed delivery

•Connection-less communication

•Connection-oriented communication

11

Transport Layer

• Process-to-Process Delivery

12

IP Addresses & Port Numbers

• IP Addresses determine the host

• Port Numbers determine the application

13

Communication at Transport Layer

• Comms at Transport Layer from port to port

• IP implementation multiplexes depending on protocol field in IP header

14

Client-Server Paradigm

Server

Port

80

Port

14430

Port

12420

Client A

Client B

Port

14

15

Problems

• Connection establishment• Connection termination• Ordered Delivery• Retransmission strategy• Duplication detection• Crash recovery• Flow control

16

Section 4 - Network Hardware

• Connecting hosts and networks require hardware devices which include..

• Networking and Internetworking Devices– Repeaters– Bridges– Hubs– Switches– Routers– Gateways– Brouters

• Modems• Transmission Media

17

Networking and Internetworking Devices• These devices can be divided into 3

categories – Repeaters, – Bridges, – Routers and Gateways.

• Repeaters and Bridges are used at the Networking of hosts

• Routers and Gateways are used for Internetworking

18

Repeaters and Bridges

• Repeaters– Operate at the physical layer. They

regenerate signals. • Bridges

– Operate at the physical and data link layers.

– They are used to divide a network into segments and can control traffic flow and are useful for securing the network.

– They can also regenerate signals.

19

What is a Switch

• A layer 2 device – Data Link Layer• Builds a table of the MAC addresses of devices

attached on each port• ‘Store and Forward’

– Switch receives a packet– Verifies it is error free– Looks at its destination MAC– Sends the packet on

• ‘Cut Through’– Starts to forward packet once it reads the

destination address– No error checking

• Improved performance

Photo thanks to Cisco Systems

20

What is a Router

• A layer 3 device – – Works at physical, data link and network layers

e.g. Internet Protocol (IP) level– Is a bridge between a number of distinct networks

• Example your internal network and the internet beyond

• Range from simple devices• ADSL router for home users

– To• Extremely complex enterprise level

• Looks at the destination of each IP packet and determines where it would be sent on for its next hop– Tries to select the best route

21

Connecting Devices and the OSI Model

22

Transmission Media

• Transmission Media Characteristics– Bandwidth– Response Time for a request

• Transmission Media Types– Twisted Pair– Coaxial cable- – Fiber Optics– Wireless Media – Radio, Microwaves,

Infrared, Lightwave

23

Unshielded Twisted-Pair Cable (UTP)• Most common type of cable used in computer

networks• 8 wires forming 4 pairs• Different qualities

– Cat 3 – for 10Mbps– Cat 5 - for 100Mbps– Cat 5e – for 1Gbps

• Most common in current use– Cat 6 – better for 1Gbps may allow 10Gbps

• Best to future proof to avoid pain later• Cables of different types look identical

– Cable type is printed on the side

24

Fiber Optics

• An optical transmission system has three components– The light source– The transmission medium – The detector.

• A pulse of light indicates a 1, lack of light indicates a 0. • The transmission medium is a unidirectional ultra thin fibre

of glass or plastic• The system would leak light except for the fact that when

a light ray passes from one medium to another it is refracted (bent). The amount of refraction depends on the properties of the two media. The aim is to get the angle of incidence of the light at such a point to make the light refract back into the medium. In the case of a fibre optic cable this means the light is trapped within the cable.

• At the centre of the cable is the glass/plastic core which is surrounded by a glass cladding and then a plastic coating.

25

Transmission Media Performance

Medium Cost Speed Attenuation EMI Security

UTP Low 1-100Mbps High High Low

STP Moderate 1Mbps-1Gbps High Moderate Low

Coax Moderate 1Mbps-1Gbps Moderate Moderate Low

Optical Fibre

High 10Mbps-10Gbps Low Low High

Radio Moderate 1-54Mbps Low-High High Low

Microwave High 1Mbps- 10Gbps Variable High Moderate

Satellite High 1Mbps- 10Gbps Variable High Moderate

Cellular High 9.6-19.2Kbps Low Moderate Low

26

Section 6 - Security

• Security Issues

• Virtual Private Networks

• Issues with wireless networks

• Methods of attack

• Risks

27

Security Issues

• Secrecy– Keeping information out of the hands of

unauthorised users.• Authentication

– Making sure you are talking to the right person.

• Data Integrity control– Making sure the data is correct.

• Security effects each layer in the network design.

28

No Network Is Secure

• Original Ethernet– Every host on the bus could see and capture every

transmission made• Trivial to recover passwords, web pages you viewed

• The physical network itself cannot be considered to be secure– Wires can be tapped

• Wireless communications available to all within range with a suitable receiver

• Need to trade off the strength of security with the practicality of the measures– Users when faced with a complex process may attempt

to undermine the system• Sharing of passwords• Not logging out

29

Wireless Networks

• Extremely vulnerable to attack– Anyone with a suitable radio can listen

• IEEE 802.11 originally used a 40 bit WEP key– Wired Equivalent Privacy

• Shared encryption key by all users of the network• Later versions supported a 104 bit key• Proved to be very easy to crack in both versions

• WiFi Protected Access (WPA/WPA2) – Based on 802.11i standard– EAP extensible Authentication Protocol

• Authentication framework not a protocol• Can integrate with existing authentication systems• 802.1x

30

VPN – Virtual Private Network (1/2)• Best practice in Network Management

is to heavily restrict access to external users or to block it totally– Avoid potential security issues– Protect from hackers

• What of legitimate users– People who work at other locations

31

VPN – Virtual Private Network (2/2)• Not strictly a security solution• Two implementations

– Connecting you to a remote network– A network within a network, the VLAN

• Allows you to access resources on another network as if you where connected directly

• A secure encrypted tunnel between your computer and others on the same network

• Typically requires a dedicated ‘VPN box’ on the office end network to provide the service

32

VPN - Connecting you to a remote network

• Ideal for a single user– Work from home, on the road, other

institution• User needs VPN client software

– Setup can be complex for users– Need to implicitly log in to access the

network• Not transparent

– Potential security risk if users computer is breeched• Hacker may have access into network

33

Methods of Attack (1/3)

• Impersonation– Using someone else’s password or a terminal that is

already logged on.• Active wire-tapping

– Connecting a device(authorised/unauthorised) to a communication link to obtain access to data through the generation of false messages.

• Passive wire-tapping– Monitoring data coming over a communication link.

• Traffic flow analysis– Analysing the frequency of data traffic, seeing which

data is encrypted and which is not.• Eavesdropping

– interception of information

34

Methods of Attack (2/3)

• Replay– Play back a recording of a communication

• Routing Table modification – Sending messages to the wrong address or multiple

addresses.• Audit Trail Information Modification

– To cover up an attack.• Operational Staff Table Modification

– To change access rights.• Bogus Frame insert

– Inserting bogus information as a frame.• Data Portion Modification

– Modify the data portion of a message.• Viruses

35

Methods of Attack (3/3)

• Sequencing Information Modification – Change the order of the pieces of information.

• Message Deletion – Removing the message completely

• Protocol Control Information modification – To send data to a different location.

• Misuse of resources – Swamping communication lines – Denial of service

• Interruption of power supply – Denial of service

• Malicious physical damage – Denial of service

• Theft– Parts of computers or entire computers could be stolen.

Confidentiality issues arise.

36

Virtual Local Area Networks(VLAN)• One physical network can contain many

virtual networks– Simplifies the network– Easier to manage and can be altered in

software without recourse to pulling cables

• The 802.1Q draft standard defines Layer 1 and Layer 2 VLAN's

• Switches and Routers tag packets with a VLAN id (12 bits in length) only

• Each network user sees just one network

37

Virtual Local Area Networks

• Can be organised by– Port on switch basis – Layer 1

• E.g. Ports E1-E16 + D18 on LAN 1, E17-E32 on LAN 2

• Good at organisation level, e.g. LAN 1 is one dept/floor

• Bad if users are mobile– Protocol used – Layer 2

• All IP traffic on LAN x, IPX on LAN y– By MAC address – Layer 2

• List of MAC addresses in each VLAN maintained• Good for mobility, plug in anywhere• Significant administrative overhead to maintain list