CS 5950/6030 Network Security Class 24 (W, 10/26/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Examples of App Protocols using TCP/IP: SMTP (e-mail) / HTTP (web pages) / FTP (file transfer) /
Telnet (remote terminal connection)
Examples of App Protocols using UDP/IP: SNMP (network mngmt) / Syslog (entering log records)
/ Time (synchronizing network device time)
17
Protocols (13)
Network addressing scheme Address – unique identifier for a single point in the
network WAN addressing must be more standardized than
LAN addressing LAN addressing:
Each node has unique address E.g. = address of its NIC (network interface card)
Network admin may choose arbitrary addresses WAN addressing:
Most common: Internet addr. scheme – IP addresses 32 bits: four 8-bit groups In decimal: g1.g2.g3.g4 wher gi [0, 255]
E.g.: 141.218.143.10 User-friendly representation
E.g.: cs.wmich.edu (for 141.218.143.10)
18
Protocols (14)
Parsing IP addresses From right to left Rightmost part, known as top-level domain
E.g., .com, .edu, .net, .org,. gov, E.g., .us, .in, .pl Top-level domain controlled by Internet
Registrars IRs also control 2nd-level domains (e.g., wmich in
wmich.edu) IRs maintain tables of 2nd-level domains within
„their” top-level domains
Finding a service on Internet – e.g., cs.wmich.edu Host looking for a service queries one of tables at
IRs for wmich.edu Host finds numerical IP address for wmich.edu Using this IP address, host queries wmich.edu to get
from its table numerical address for cs.wmich.edu
19
Protocols (15)
Dissemination of routing information Each host knows all other hosts directly connected
to it Directly-connected => distance = 1 hop
Each host passes information about its directly connected hosts to all its neighbors
Example – Fig. 7-2 p.366 System 1 (S1) informs S2 that S1 is 1 hop away
from Clients A, B, and C S2 notifies S3 that S2 is 2 hops away from A, B, C S3 notifes S2 that S3 is 1 hop away from D, E
and S4 S2 notifies S1 that S2 is 2 hops away from D, E
and S4 Etc., etc.
20
e. Types of networks LANs
Small - < 100 users / within 3 km Locally controlled – by a single organization Physically protected – no public access to its nodes Limited scope – supports a single group, dept, project, etc.
WANs Single control of the whole network Covers wide area – even the whole globe Physically exposed – use public communication media
Internetworks (Internets) Internetwork = network of networks A.k.a. internet (lower case „i”) Most popular, largest internet: the Internet (upper case „I”!)
Internet Society controls (loosely) the Internet – basic rules
Internet is: federation / enormous / heterogeneous / exposed
21
f. Topologies Topology can affect security Topologies:
Common bus – Fig.7-11a Convenient for LAN All msgs accessible to every node
Star / Hub – Fig.7-11b Central „traffic controller” (TC) node
TC can easily monitor all traffic TC can defeat covert channels
Msg read only by TC and destination Unique path between any 2 nodes
Ring – Fig.7-11c All msgs accessible to many node
All between source S and destination D on one of the 2 paths between S and D
No central control Natural fault tolerance – 2 paths between any S-D pair
22
g. Distributed systems Distributed system = system in which computation is
spread across ≥ 2 computers Uses multiple, independent, physically separated
computers Computers connected directly / via network
Types of DS include: Client-server systems
Clients request services from servers Peer-to-peer systems
Collection of equals – each is a client and a server
Note:Servers usually protect themselves fr. hostile clientsClients should also protect themselves – fr. rogue servers
23
h. APIs API (Application Programming Interface) = definition
of interfaces to modules / systems Facilitate component reuse Facilitate using remote services
GSSAPI (Generic Security Services API) = template for many kinds of security services that a routine could provide
Template independent of mechanisms, implementation, etc.
Callers need credentials to use GSSAPI routines
CAPI (Cryptographic API) = Microsoft API for cryptographic services
Independent of implementation, etc.
24
i. Advantages of computing networks
Networks advantages include: Resource sharing
For efficient use of common resources Afffordability of devices that individual users could not
afford Workload distribution
Can shift workload to less occupied machines Increased reliability
„Natural” fault tolerance due to redundancy of most of network resources