BOOTP Packet Format - Texas Tech University

BOOTP Packet Format - Texas Tech University

Telecommunications & Network Security Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett 1 Presentation Overview C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture IP addressing & Routing TCP Applications IPv6

2 C.I.A. Confidentiality: The opposite of disclosure Elements used to insure: Security Protocols, authentication services, encryption services Integrity: The opposite of Alteration Elements used to insure: Firewalls, Communications Security Management, Intrusion Detection Services Availability: The opposite of destruction / denial Fault Tolerance, Acceptable system performance, Reliable administration and network security 3 Protocols & the Layered Network: Intro

Protocol: A standard set of rules that determine how computers talk Describes the format a message must take Enables multi-platform computers to communicate The Layered Architecture Concept Data passes down through the layers to get out, and up to get in Reasons for use: to clarify functionality, to break down complexity, to enable interoperability, easier troubleshooting 4 TCP/IP The lingua franca of the Internet. 5 ISOs Open Systems Interconnect (OSI) Reference Model

Protocol Layering Series of small modules Well defined interfaces, hidden inner processes Process modules can be replaced Lower layers provide services to higher layers Protocol Stack: modules taken together Each layer communicates with its pair on the other machine 6 The OSI Model Sender Receiver

Application Application The path messages take Presentation Presentation Session Session Transport Transport Network Network Datalink Datalink Across Network

Physical Physical 7 OSI Layers Communication partners, QoS identified Semantics , encryption compression (gateways) Application Presentation Establishes, manages, terminates sessions Session Sequencing, flow/error control, name/address resolution Routing, network addresses (routers) Transport MAC address, low level error control (bridges )

Datalink Encoding/decoding digital bits, interface card Physical Network 8 TCP/IP Application Application Transport Layer Transport Layer Transport Layer Network

Layer Network Layer Network Layer Network Layer Network Layer Network Layer Alice Router Bob 9 TCP/IP: The Protocols and the OSI

Model Application Presentation Session Transport TELNET FTP SMTP DNS SNMP DHCP RIP RTP RTCP Transmission Control Protocol User Datagram

Protocol OSPF ICMP IGMP Internet Protocol Network ARP Datalink Physical Ethernet Token Bus Token Ring FDDI 10 Data Encapsulation by Layer Data

Application TCP Header Datagram TCP Network Packet Data Link Frame Destination Opens envelopes layer-by-layer 11 Transmission Control Protocol (TCP)

Traditional TCP/IP Security: None No authenticity, confidentiality, or integrity Implemented & expanding: IPSec Workhorse of the internet FTP, telnet, ssh, email, http, etc. The protocol responsible for the reliable transmission and reception of data. Unreliable service is provided by UDP. Transport layer protocol. Can run multiple applications using the same transport. Multiplex through port numbers 12 TCP Fields Source port Destination port Sequence number Acknowledgment number Window

Data offset Reserved Checksum U R P A C K P S H R S T Options S Y N

F I N Urgent pointer Padding data 13 TCP Connection Establishment Alice to Bob: SYN with Initial Sequence Number-a Bob to Alice: ACK ISN-a with ISN-b Alice to Bob: ISN-b

Connection Established 14 User Datagram Protocol (UDP) Connectionless Does not retransmit lost packets Does not order packets Inherently unreliable Mainly tasks where speed is essential Streaming audio and video DNS

Source Port Destination Port Message Length Checksum Data 15 ICMP: network plumber Message Type Type # Purpose Echo Reply 0 Ping response system is alive

Destination Unreachable 3 No route, protocol, or port closed Source Quench 4 Slow down transmission Redirect 5 Reroute traffic Echo 8 Ping Time Exceeded

11 TTL exceeded packet dropped Parameter Problem 12 Bad header Timestamp 13 Time sent and requested Timestamp return 14 Time request reply Information request 15

Hosts asks: What network am I on Information Reply 16 Information Response 16 Ports Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port". PORT Source port Destination port Logical connection Priviledged unprivileged ports USE

17 Quote of the Day 20 File Transfer Data 21 File Transfer Control 22 SSH 23 Telnet 25 SMTP 43

Whois (tcp & udp) 666 Doom 17 Network Address Translation (NAT) Illegal Addresses Unroutable addresses: Limited address space in IP V4 NAT maps bad to valid addresses Mapping to single external address One-to-One mapping Dynamically allocated addresses Router 18

Logical Structure of the Internet Protocol Suite HTTP TELNET FTP TFTP DNS SNMP User Datagram Protocol Transmission Control Protocol Connectionless Connection Oriented IP (ICMP,IGMP)

Internet Addressing ARP RARP Physical Layer 19 Address Resolution Protocol (ARP) Maps IP addresses to MAC addresses When host initializes on local network: ARP broadcast : IP and MAC address If duplicate IP address, TCP/IP fails to initialize Address Resolution Process on Local Network Is IP address on local network? ARP cache ARP request ARP reply ARP cache update on both machines 20 ARP Operation

Here is my MAC address Give me the MAC address of station ARP Request ARP Response Accepted B Not me Request Ignored C Not me Request Ignored Thats me 21 Address Resolution on Remote Network IP address determined to be remote ARP resolves the address of each router on the way Router uses ARP to forward packet Router Network A Network B 22 Reverse Address Resolution Protocol (RARP) Give me my IP address

RARP Response Not me Not me RARP Request Diskless Workstation B RARP Response Accepted Request Ignored C

RARP Server Request Ignored Same packet type used as ARP Only works on local subnets Used for diskless workstations 23 23 The Internet Protocol (IP) IPs main function is to provide for the interconnection of subnetworks to form an internet in order to pass data. The functions provided by IP are: Addressing Routing Fragmentation of datagrams 24

Host Name Resolution Standard Resolution Checks local name Local HOSTS file DNS server Windows NT Specific Resolution NetBIOS cache WINS server b-node broadcasts LMHOSTS file (NetBIOS name) 25 Routing Packets

Process of moving a packet from one network to another toward its destination RIP, OSPF, BGP Dynamic routing Static routing Source routing 26 Static Routing Tables

Every host maintains a routing table Use the route command in Linux and Windows Each row (or entry) in the routing table has the following columns: (1) destination address and (2) mask (3) gateway [i.e., the IP address of the hosts gateway/router] (4) interface [i.e., the IP address of a host interface] (5) metric [indicates the cost of the route, smaller is better] When the host wants to send a packet to a destination, it looks in the routing table to find out how Each OS handles routing somewhat differently 27 LAN Technologies Ethernet: CSMA/CD, occasionally heavy traffic, BUS topology ARCnet: token passing, STAR topology

Token Ring: active monitor, IBM, RING topology FDDI: token passing, fast, long distance, predictable, expensive Media & Vulnerabilities Attenuation, Crosstalk, Noise Coax: cable failure & length limits Twisted Pair (Cat 1-7): bending cable, crosstalk, Noise Fiber-Optic: cost, high level of expertise required to install Wireless: later 28 Coaxial Cable Two types ThinNet (10Base2) 10 Mbps, 30 nodes per segment, max 180 meters ThickNet (10Base5) 10 Mbps, 100 nodes per segment, max 500 meters

LAN Backbone Insecure Coax is easy to splice 29 Twisted Pair Copper Cable Copper wire Twist reduces EMI Classified by transmission rates Cat3, Cat5, Cat5e, Cat6 30 Fiber-Optic Cable

Glass core with plastic shielding Small, light, fragile, and expensive Very fast transmission rate Can transmit data very far Immune to interference Hard to splice 31 Security Concerns Easy to insert a node or splice into network Most attacks involve eavesdropping or sniffing Physical security War driving 32

Network Topologies BUS Ethernet RING Unidirectional FDDI, Token Ring STAR Logical BUS tends to be implemented as physical Star TREE Basically a complicated BUS topology MESH Multiple computer to computer connections 33

Hubs & Switches Hub: broadcasts information received on one interface to all other physical interfaces Switch: does not broadcast Uses MAC address to determine correct interface 34 Unswitched Devices Dumb Devices (forward all packets) Layer 1 = Hub, Repeater Technically, a hub passes signals without regenerating them

Layer 2 = Bridge Connects different types of LANs (e.g., Ethernet and ATM, but not Token Ring if youre lucky) Intelligent Devices (decide whether to forward packets) Layer 3 = Router Use routing table to make decisions Improved performance and security Layer 2/3 =Bridge/Router 35 Switches

Layer 2 = data link layer (MAC address) = + over hubs/repeaters Systems only see traffic they are supposed to see Unswitched versus switched (full duplex) 10 and 100 mb Ethernet = 40% of bandwidth versus 95%+ (no collisions) Layer 3 = network layer (IP address) = + over routers Routers moved to periphery Virtual LANs (VLANs) become viable Layer 4 = transport layer (TCP/UDP/ICMP headers) = + over L3 Firewall functionality (i.e., packet filtering) Significantly more expensive Layer 5 = session layer and above (URLs) = + over L4 for clusters Application proxy functionality (but MUCH faster than proxies) Special function, cutting-edge = significant specific performance gains 1999/2000: researchers (from IBM & Lucent) designed a layer 5 switch as front-end to a load-balanced 3-node cluster running AIX and Apache: 220% performance increase due to content partitioning 600% performance increase due to SSL session reuse

36 Firewalls Control the flow of traffic between networks Internal, External, Server, Client Firewalls Traditional Packet filters Stateful Packet filters Proxy-based Firewalls 37 Traditional Packet Filters Analyses each packet to determine drop or pass SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface

Very limited view of traffic Action Source Destination Protocol SrcPort Dest Port Codebits Allow Inside Outside TCP Any

80 Any Allow Outside Inside TCP 80 >1023 ACK Deny All All All

All All All 38 Stateful Packet Filters Adds memory of previous packets to traditional packet filters When packet part of initial connection (SYN) it is remembered Other packets analyzed according to previous connections 39 Proxy-based (Application) Firewalls Focus on application to application

Can approve: By user By application By source or destination Mom calls, wife answers, etc. 40 Firewall Architectures Packet-Filtering Routers Oldest type, sits between trusted & untrusted networks Screened-Host Firewalls Between a trusted network host and untrusted network

Dual-Homed Host Firewalls Two nics, ip forwarding, NAT translation Screened-Subnet Firewalls Two screening routers on each side of bastion host DMZ 41 Security Encryption: Symmetric vs Asymmetric, hash codes Application Layer PGP, GnuPG, S/MIME, SSH Session Layer: Secure Socket Layer (SSL) Digital certificates to authenticate systems and distribute

encryption keys Transport Layer Security (TLS) Network-IP Layer Security (IPSec) AH: digital signatures ESP: confidentiality, authentication of data source, integrity 42 IPSec Authentication Header (AH) Next Header Payload Length Reserved Security Parameters Index (SPI) Sequence Number Field Authentication Data (variable number of 32 bit Words) 43

IPSec : Encapsulating Security Payload (ESP) Security Parameters Index (SPI) Sequence Number Field Opaque Data, variable Length Padding Pad Length Next Header Authentication Data 44 Introduction to the TCP/IP Standard Applications DHCPProvides for management

of IP parameters. TELNETProvides remote terminal emulation. FTPProvides a file transfer protocol. TFTPProvides for a simple file transfer protocol. SSH-Encrypted remote terminal & file transfer SMTPProvides a mail service. DNSProvides for a name service. 45 DHCP Operation DHCP Server B DHCP Server A DHCP Client DHCP Discover FFFFFF

DHCP A Offer (IP addr) DHCP B Offer (IP addr) DHCP Request (A) DHCP A ACK 46 TELNET TELNET server Host TELNET server TELNET client 47 File Transfer Protocol (FTP) Host Storage

Client (TFTP uses UDP) 48 Simple Mail Transfer Protocol (SMTP) Basic RFCs 821, 822, 974. Very fast and capable of delivery guarantee depending on client & server. Primary protocols are used for todays email. SMTPoperates over TCP, used primarily as send protocol POPoperates over TCP, basic receive protocol IMAP-allows remote storage Exchange-calendar, contacts, storage, news http-web interface Problems: Phishing, viruses, no built in protects for stupidity Client software glitches 49 Post Office Protocol (POP)

SMTP is set up to send and receive mail by hosts that are up full time. No rules for those hosts that are intermittent on the LAN POP emulates you as a host on the network. It receives SMTP mail for you to retrieve later POP accounts are set up for you by an ISP or your company. POP retrieves your mail and downloads it to your personal computer when you sign on to your POP account. 50 POP Operation POP Server POP Client TCP port 110 connection attempt Send authentication Retrieve all messages

Send QUIT command Session closed Read messages locally POP3 server ready reply Wait for authentication Process authentication and if okay, enter transaction state Lock mailbox for user. Assign messages numbers Send messages Delete (possibly) messages Quit received Perform update on mailbox 51 SMTP, DNS, and POP Topology Your PC Your ISP Retrieve mail Send mail

POP Server mnaugle user1 user2 DNS SMTP POP3/SMTP root DNS Internet Remote ISP DNS send mail Joes PC SMTP joe Retrieve mail POP Server

52 IPv6 IPv6 features: 128 bit address space 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses ARP not used, Neighbor Discovery Protocol" IPv6 addressing: Unicast: A one-to-one IP transfer

Multicast: A one-to-many-but-not-all transfer Anycast: A one-to-many-but-not-all (nearest in group) No broadcast 53 References RFCs: 1180 - A TCP/IP tutorial, 1812 - IP Version 4 Routers 1122 - Requirements for Internet Hosts -- Communication Layers 1123 Requirements for Internet Hosts -- Application & Support 826 Address Resolution Protocol, 791 IP addressing, 950 Subnetting, 1700 Assigned Numbers TCP/IP 24/7 (ISBN: 0782125093)

MCSE TCP/IP for Dummies : Cameron Brandon Illustrated TCP/IP : Matthew Naugle 54

Recently Viewed Presentations

  • The Earth in three dimensions - Universiteit Utrecht

    The Earth in three dimensions - Universiteit Utrecht

    The Earth in three dimensions From seismology to composition and temperature Interpretation: ratios Direct inversion Probabilistic tomography The Earth in three dimensions From seismology to composition and temperature Interpretation: ratios Direct inversion Probabilistic tomography Is this the only model compatible...
  • The One Minute Preceptor - University of Nevada, Reno School ...

    The One Minute Preceptor - University of Nevada, Reno School ...

    The One Minute Preceptor Video. Please click the link below to watcha 2-minute video of the One Minute Preceptor in action: This brief video features Dr. Ivan Lopez, Director, Renown Institute for . Neurosciences; Professor . and . Chair, Department...
  • Descriptive Writing - Academic Computer Center

    Descriptive Writing - Academic Computer Center

    Descriptive Writing Using the Paintings of Winslow Homer Watson and the Shark John Singleton Copley, Watson and the Shark, 1778. National Gallery of Art, Ferdinand Lammot Belin Fund 1963.6.1 Sample Paragraph Wenhua Tian 2007 Watson and the Shark Watson and...
  • 2013 Tax Changes - NCACC

    2013 Tax Changes - NCACC

    The FUTA tax credit was reduced by 0.3% for 2012; and will be reduced by an additional 0.3% for 2013. Those reductions mean the effective FUTA tax rate for NC employers for 2013 will be 1.2%, or $84 per employee....
  • L'avenir du système de santé Québécois

    L'avenir du système de santé Québécois

    Sa pierre d'assise est un système de cliniques de première ligne Une dizaine de médecins omnipraticiens qui travaillent en collaboration avec des infirmières Responsables d'une population donnée Financés par capitation (incluant des incitatifs de qualité et de performance) Offrant des...
  • How to Write Your Introduction Paragraph Introduction Paragraph

    How to Write Your Introduction Paragraph Introduction Paragraph

    The daughter of Zeus, Athena is the goddess of wisdom, just wars, and architecture. She is the best all-around Greek mythology character because she is very wise, a great tactician, and she only helps fight justified wars. Hook (Thought-provokingquestion)
  • Faculty of Education - University of Kalyani

    Faculty of Education - University of Kalyani

    Different types of research in Social Science. Basic, Applied, and Action. Qualitative, Quantitative, and Mixed ... K.K. Philosophical Foundations of Education. Bhattacharayya, D. Education and Philosophy ... CHARUKALA BHAVANUNIVERSITY OF KALYANIDEPARTMENT OF VISUAL ARTS Syllabus for Open Course ...
  • Joyce DuVall Green Valley High School Henderson, NV

    Joyce DuVall Green Valley High School Henderson, NV

    Step 1: Write it as you would a regular long division problem. The x+2 is the divisor and the x2+3x-1 is the dividend. x x x x + - 2 1 1 x x x + + - 2 3...