Basics of Networks and Network Security Flashcards
The Internet Protocol Suite (TCP/IP)
Application: Interface to the applications.
The application layer provides applications with standardized data exchange. Its protocols include the Hypertext Transfer Protocol (HTTP) to HTTPS.
Transport: Host-to-Host delivery of data. Reassembles segments into messages and passes them to the application layer.
TCP handles communications between hosts and provides flow control, multiplexing and reliability. The transport protocols include (TCP) and User Datagram Protocol (UDP).
(Network)/Internet: Routing the data to the correct destination.
The network layer protocols are the IP and the Internet Control Message Protocol (ICMP), which is used for error reporting.
Data Link: Interface to the physical devices. Transfer data from the network layer from one device to another on the same network.
The protocols in this layer include Ethernet for local area networks (LANs) and the Address Resolution Protocol (ARP).
Data Link Layer: Ethernet
§ Ethernet is the most popular protocol for the Data Link Layer - de facto standard for Local Area Networks (LANs)
§ Solves problem of addressing with same LAN
- each ethernet frame specifies sender and receiver
§ Every client has a unique identifier/address
- Media/Medium Access Control (MAC) address
Ethernet: Hubs and Switches
- Hub: replicate all incoming frames to all ports (broadcast)
- Switch: learn MAC address(es) per switch port (unicast)
(also supports broadcast (via ff:ff:ff:ff:ff:ff), just sends incoming frame to all connected devices)
Ethernet: Virtual LANs (VLAN)
§ VLAN separate single physical LAN into multiple logical/virtual LANs
- overloads type and payload of Ethernet frame
Wireless LAN Concepts
§ Base Station: also referred to as Access Point - all clients connect to Base Station
§ Service Set Identifier (SSID)
- factually the name of the wireless network
§ Basic Service Set Identifier (BSSID)
- unique address of base station, commonly MAC address
§ Channel
- frequency at which to transmit data over the air
- 13 (overlapping) channels in 2.4GHz range, 23 non-overlapping in 5GHz range
Announcing SSIDs
§ APs frequently announce their presence using so-called beacons
- Contains network identifier (SSID), support modes, channel which is used
- If encryption modes are used, these are also announced
WPA2: Handshake
- AP(Base Station) : STA(client station):
Message includes the MAC address of the AP and a nonce (Anonce) - STA : AP:
The STA generates its own nonce (Snonce) and uses both nonces and both MAC addresses, plus the PSK, to generate a PTK(pairwise transient key). The STA then sends a message containing its MAC address and Snonce, enabling the AP to generate the same PTK. This message includes a message integrity code (MIC)^2(Message Integrity Code).
The key used with the MIC is KCK(Key Confirmation Key). - AP : STA:
The AP is now able to generate the PTK. The AP then sends a message to the STA, containing the same information as in the first message, but this time including a MIC - STA : AP:
This is merely an acknowledgment message, again protected by a MIC.
WPA2: Message Integrity Check (MIC)
§ MAC has a different meaning in Wi-Fi, therefore MIC is used - technically, it is a MAC
§ Agreed upon PTK is actually combination of multiple keys
- 16 bytes Key Confirmation Key (KCK): used for MIC
- 16 bytes Key Encryption Key (KEK): used for Group Temporal Key transmission (used for broadcast communication)
- 16 bytes Temporal Key (TK): Key actually used to encrypt data
- 16 bytes additional material for MIC
Mapping of IP address to MAC address: ARP
§ We typically use IP addresses when sending packets to a host
§ Solution: Address Resolution Protocol (ARP)
- allows to dynamically detect MAC address for given IP address
- Messages sent via broadcast to all connected devices
• ARP Request: Who has IP 1.2.3.4? Tell 1.2.3.5
• ARP Response: 1.2.3.4 is at 00:12:34:56:78:9A
Getting IP addresses: DHCP
§ Dynamic Host Configuration Protocol (DHCP)
- hosts request network configuration (e.g., IP and gateway) from DHCP server
• DHCP DISCOVER broadcast over Ethernet
- DHCP server is central entity that hands out IP configuration
§ IPs are only leased for a certain time
- allows for non-used IPs to be re-allocated
- clients therefore regularly REQUEST same IP again
IPv4 header format
§ Version: 4 for IPv4, 6 for IPv6
§ IHL: IP header length
§ Total length: Number of bytes (incl. header)
§ Fragmentation: Info on how packet is split
§ Time-to-Live: Time a packet should survive
§ Protocol: Protocol of IP payload
§ Header Checksum
§ Source/Destination
Maximum size of an IP payload?
What is the maximum payload that fits into an IPv4 packet?
65515 (slightly less than 2^16-1)
=> Total length has up to 16 bits, so packet can be up to 2^(16) − 1b, minus 20b for the header
IPv4 Original Addressing
- Class A network (24 bit hosts): 16,777,216 IPs in a network
- Class B network (16 bit hosts): 65,536 IPs in a network
- Class C network (8 bit hosts): 256 IPs in a network
Classless Inter-Domain Routing (CIDR)
- Dynamic size of network part, no fixed classes (or ranges)
• Netmask indicates how many bits belong to the network
Name the Network ID for the /14 network which contains the IP address 134.96.225.205.
134.96.0.0/14, 134.96.0.0 - 134.99.255.255
How many usable IP addresses for clients does the network with the netmask 255.255.224.0 contain?
8190 (2^13 − 2) [Network address, broadcast address]
How many hosts are inside the
a network identified by /21?
2^11 = 2,048
Since /21 refers to the fact that the first 21 bits of the IP identify the network, we have 11 bits left to address hosts in that network.
Internet/Network Layer: Routing
Routing is the process of transmitting packets from a source to a destination elsewhere (mostly between different networks)
Router accepts incoming packets forwards them to(wards) the destination on outgoing links
Routing Tables
§ Each router knows its neighbors
- In addition, knows which neighbor is best fit to forward packet to others routers (stored in routing tables)
Path Vector Routing
§ Routers keep track of path to use to reach destination
- Sequence of Autonomous Systems to traverse (ASes)
- Next hop to reach the destination
§ Routers advertise their networks for neighbors
- “I am AS 123 and responsible for prefixes C and F.”
- Neighboring routers forward announcements, prepend their own AS Number (ASN) to the path
BGP
Border Gateway Protocol
- Scales very well for large number of routers
- Allows to model politics
iBGP (internal) for routing within AS
eBGP (external) for routing between ASes
ICMP Usage: Tracerouting
Find the route a packet traverses
- Send packets to destination with increasing TTLs (starting at 1)
- Routers on the path drop packet and send ICMP Time Exceeded when TTL=0 (using their IP as source)
IPSec: Authentication Header (AH)
§ Next protocol indicates higher-layer protocol to be used
§ Payload length indicates length of AH
§ Sequence number allows for packet replay detection
§ Integrity Check Value (ICV) of variable length (depends on the agreed upon algorithm used for HMAC)
IPSec: Tunnel Mode vs. Transport Mode
§ IPSec ESP can be run in two operation modes - AH as well, but AH is deprecated
§ Transport Mode: only encrypts and authenticates payload
- Used for endpoint-to-endpoint connections.
Orig IP Header; ESP Header; Orig IP Payload(encrypted); ESP Auth/ICV
§Tunnel Mode: encapsulates original packet into new IP packet (encrypts and authenticates entire IP packet)
New IP Header; ESP Header; Orig IP Header(encrypted); Orig IP Payload(encrypted); ESP Auth/ICV
Transport Layer: Ports
- Processes bind to a port
- Segments sent to this port are passed to the process bound to it
- Ports are included in addressing scheme
**
§ Services usually have well-defined ports - e.g., HTTP runs on port 80, HTTPS on port 443, DNS 53, DHCP 67 and 68 (more on that later)
- ports < 1024 are reserved and privileged
§ “Outgoing” ports are usually randomly assigned by the OS
Multiplexing: Network Address Translation (NAT)
=> shortage of IPs and non-routable private networks
Solution: Network Address Translation (NAT)
- Router translates client source IPs to its external IP
- Router keeps track of source/dest. IP/port mappings