1 IT Networks - Lecture 2 Mark Gleeson [email protected] (01) 896 2666 5th May 2009 Physical Sciences in Medicine
Dec 19, 2015
1
IT Networks - Lecture 2
Mark [email protected]
(01) 896 2666
5th May 2009
Physical Sciences in Medicine
2
Routing
• Networks are formed of smaller networks joined together
• The question arises of how you communicate where you need to cross numerous networks
• We call the selection of the route to use routing
• Challenges– Potentially many routes to your destination– You can get lost – dead ends, loops– Each packet potentially can take different
route
3
The Scenario
• Computer A establishes IP address of Computer B• Computer A creates IP packet with address of
Computer B as destination and its own IP address as source
• Routers are responsible to direct packet towards destination
Computer A Computer B
4
The Scenario
• Best route: Smallest number of hops?
Computer A Computer B
5
The Scenario
• Best route: – Fastest round-trip time?– Highest Bandwidth?
Computer A Computer B
6
Routing Basics
• Routing Tables– Creating tables
• Dynamic vs. Static– Maintaining tables
• Periodic vs. Aperiodic
Computer A Computer Bnode1
node2
node3
node1
node2
node3
node1
node2
node3
node6
node5
node7
node1
node2
node3
node8
node3
node5
node1
node2
node3
node3
node8
node5
node1
node2
node3
node3
node4
node5
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
node1
node2
node3
7
Structure of the Internet
• Autonomous Systems– e.g. Companies, ISPs, 3rd-level
Institutions
Autonomous Systems
8
Autonomous Systems
• Stub network– Network that does not forward to other network
• Transit network– Network that forwards traffic between other
networks• Point-to-point link
Stub NetworkTransit
Network Point-to-Point
9
Yet another Layer ?!?
• Transport Layer – TCP • Why should you care?• Applications use TCP as main
communication mechanism– HTTP– Remote procedure calls (RPC)
• File Transfer
10
Network Layer vs Transport Layer
Network Layer Transport Layer
•Communication between two nodes
•Communication between processes
•Best effort delivery •Ordered, guaranteed delivery
•Connection-less communication
•Connection-oriented communication
12
IP Addresses & Port Numbers
• IP Addresses determine the host
• Port Numbers determine the application
13
Communication at Transport Layer
• Comms at Transport Layer from port to port
• IP implementation multiplexes depending on protocol field in IP header
14
Client-Server Paradigm
Server
Port
80
Port
14430
Port
12420
Client A
Client B
Port
14
15
Problems
• Connection establishment• Connection termination• Ordered Delivery• Retransmission strategy• Duplication detection• Crash recovery• Flow control
16
Section 4 - Network Hardware
• Connecting hosts and networks require hardware devices which include..
• Networking and Internetworking Devices– Repeaters– Bridges– Hubs– Switches– Routers– Gateways– Brouters
• Modems• Transmission Media
17
Networking and Internetworking Devices• These devices can be divided into 3
categories – Repeaters, – Bridges, – Routers and Gateways.
• Repeaters and Bridges are used at the Networking of hosts
• Routers and Gateways are used for Internetworking
18
Repeaters and Bridges
• Repeaters– Operate at the physical layer. They
regenerate signals. • Bridges
– Operate at the physical and data link layers.
– They are used to divide a network into segments and can control traffic flow and are useful for securing the network.
– They can also regenerate signals.
19
What is a Switch
• A layer 2 device – Data Link Layer• Builds a table of the MAC addresses of devices
attached on each port• ‘Store and Forward’
– Switch receives a packet– Verifies it is error free– Looks at its destination MAC– Sends the packet on
• ‘Cut Through’– Starts to forward packet once it reads the
destination address– No error checking
• Improved performance
Photo thanks to Cisco Systems
20
What is a Router
• A layer 3 device – – Works at physical, data link and network layers
e.g. Internet Protocol (IP) level– Is a bridge between a number of distinct networks
• Example your internal network and the internet beyond
• Range from simple devices• ADSL router for home users
– To• Extremely complex enterprise level
• Looks at the destination of each IP packet and determines where it would be sent on for its next hop– Tries to select the best route
22
Transmission Media
• Transmission Media Characteristics– Bandwidth– Response Time for a request
• Transmission Media Types– Twisted Pair– Coaxial cable- – Fiber Optics– Wireless Media – Radio, Microwaves,
Infrared, Lightwave
23
Unshielded Twisted-Pair Cable (UTP)• Most common type of cable used in computer
networks• 8 wires forming 4 pairs• Different qualities
– Cat 3 – for 10Mbps– Cat 5 - for 100Mbps– Cat 5e – for 1Gbps
• Most common in current use– Cat 6 – better for 1Gbps may allow 10Gbps
• Best to future proof to avoid pain later• Cables of different types look identical
– Cable type is printed on the side
24
Fiber Optics
• An optical transmission system has three components– The light source– The transmission medium – The detector.
• A pulse of light indicates a 1, lack of light indicates a 0. • The transmission medium is a unidirectional ultra thin fibre
of glass or plastic• The system would leak light except for the fact that when
a light ray passes from one medium to another it is refracted (bent). The amount of refraction depends on the properties of the two media. The aim is to get the angle of incidence of the light at such a point to make the light refract back into the medium. In the case of a fibre optic cable this means the light is trapped within the cable.
• At the centre of the cable is the glass/plastic core which is surrounded by a glass cladding and then a plastic coating.
25
Transmission Media Performance
Medium Cost Speed Attenuation EMI Security
UTP Low 1-100Mbps High High Low
STP Moderate 1Mbps-1Gbps High Moderate Low
Coax Moderate 1Mbps-1Gbps Moderate Moderate Low
Optical Fibre
High 10Mbps-10Gbps Low Low High
Radio Moderate 1-54Mbps Low-High High Low
Microwave High 1Mbps- 10Gbps Variable High Moderate
Satellite High 1Mbps- 10Gbps Variable High Moderate
Cellular High 9.6-19.2Kbps Low Moderate Low
26
Section 6 - Security
• Security Issues
• Virtual Private Networks
• Issues with wireless networks
• Methods of attack
• Risks
27
Security Issues
• Secrecy– Keeping information out of the hands of
unauthorised users.• Authentication
– Making sure you are talking to the right person.
• Data Integrity control– Making sure the data is correct.
• Security effects each layer in the network design.
28
No Network Is Secure
• Original Ethernet– Every host on the bus could see and capture every
transmission made• Trivial to recover passwords, web pages you viewed
• The physical network itself cannot be considered to be secure– Wires can be tapped
• Wireless communications available to all within range with a suitable receiver
• Need to trade off the strength of security with the practicality of the measures– Users when faced with a complex process may attempt
to undermine the system• Sharing of passwords• Not logging out
29
Wireless Networks
• Extremely vulnerable to attack– Anyone with a suitable radio can listen
• IEEE 802.11 originally used a 40 bit WEP key– Wired Equivalent Privacy
• Shared encryption key by all users of the network• Later versions supported a 104 bit key• Proved to be very easy to crack in both versions
• WiFi Protected Access (WPA/WPA2) – Based on 802.11i standard– EAP extensible Authentication Protocol
• Authentication framework not a protocol• Can integrate with existing authentication systems• 802.1x
30
VPN – Virtual Private Network (1/2)• Best practice in Network Management
is to heavily restrict access to external users or to block it totally– Avoid potential security issues– Protect from hackers
• What of legitimate users– People who work at other locations
31
VPN – Virtual Private Network (2/2)• Not strictly a security solution• Two implementations
– Connecting you to a remote network– A network within a network, the VLAN
• Allows you to access resources on another network as if you where connected directly
• A secure encrypted tunnel between your computer and others on the same network
• Typically requires a dedicated ‘VPN box’ on the office end network to provide the service
32
VPN - Connecting you to a remote network
• Ideal for a single user– Work from home, on the road, other
institution• User needs VPN client software
– Setup can be complex for users– Need to implicitly log in to access the
network• Not transparent
– Potential security risk if users computer is breeched• Hacker may have access into network
33
Methods of Attack (1/3)
• Impersonation– Using someone else’s password or a terminal that is
already logged on.• Active wire-tapping
– Connecting a device(authorised/unauthorised) to a communication link to obtain access to data through the generation of false messages.
• Passive wire-tapping– Monitoring data coming over a communication link.
• Traffic flow analysis– Analysing the frequency of data traffic, seeing which
data is encrypted and which is not.• Eavesdropping
– interception of information
34
Methods of Attack (2/3)
• Replay– Play back a recording of a communication
• Routing Table modification – Sending messages to the wrong address or multiple
addresses.• Audit Trail Information Modification
– To cover up an attack.• Operational Staff Table Modification
– To change access rights.• Bogus Frame insert
– Inserting bogus information as a frame.• Data Portion Modification
– Modify the data portion of a message.• Viruses
35
Methods of Attack (3/3)
• Sequencing Information Modification – Change the order of the pieces of information.
• Message Deletion – Removing the message completely
• Protocol Control Information modification – To send data to a different location.
• Misuse of resources – Swamping communication lines – Denial of service
• Interruption of power supply – Denial of service
• Malicious physical damage – Denial of service
• Theft– Parts of computers or entire computers could be stolen.
Confidentiality issues arise.
36
Virtual Local Area Networks(VLAN)• One physical network can contain many
virtual networks– Simplifies the network– Easier to manage and can be altered in
software without recourse to pulling cables
• The 802.1Q draft standard defines Layer 1 and Layer 2 VLAN's
• Switches and Routers tag packets with a VLAN id (12 bits in length) only
• Each network user sees just one network
37
Virtual Local Area Networks
• Can be organised by– Port on switch basis – Layer 1
• E.g. Ports E1-E16 + D18 on LAN 1, E17-E32 on LAN 2
• Good at organisation level, e.g. LAN 1 is one dept/floor
• Bad if users are mobile– Protocol used – Layer 2
• All IP traffic on LAN x, IPX on LAN y– By MAC address – Layer 2
• List of MAC addresses in each VLAN maintained• Good for mobility, plug in anywhere• Significant administrative overhead to maintain list