D4: Communications & Network Security Flashcards
Communications and Network Security - Main Topics
OSI Model : Open Systems Interconnections Model
OSI Reference Model Network Protocols Network Connectivity Devices Threats to Network Security Firewalls Wireless Communication
OSI Model: Definition & Significance
In a company, you had all of these devices using their own computing protocols e.g. TCP/IP, Novelle, Apple Call - this requires translation between it all. The OSI protocol solves this
OSI Protocol: standards-based, open source protocol
- TCPIP - became the common protocol because it offered standardization, which is so significant
Promotes interoperability between vendors Enables standardization Describes encapsulation (packaging) of data to enable it to get from point A to point B
MUST KNOW OSI MODEL FOR THIS EXAM
- know each layer, number of each layer, what happens in each layer, the concept of encapsulation
PDU: data in whatever packaging there is
- at the top 3 layers is just called data
- at the transport layer data is a segment
- network layer becomes a packet
- datalink data becomes frame
- physical layer data becomes bits
‘do some people fear birthdays’
Potential Test Questions:
- at what layer does XYZ device work?
- across which layers does XYZ device work?
- many devices don’t fit in one box
OSI Layers
All People Seem to Need Dominoes Pizza >
People Don’t Need to See Paula Abdul <
Application: data/protocol data unit (PDU) / data stream
Presentation: data
Session: data
Transport: segment/TCP protocols/datagram UDP
Network: packet
Datalink: frame
Physical: bits
OSI Model - Layer 1
- bottom > up
Physical Layer is concerned with physical connectivity and sending electric signals over a medium
All hardware devices have a point of connection, therefore at least partially have a layer 1 element
‘Dumb Devices’ - they don’t do anything to data
- Hubs, Cables, Connectors, Network Cards
A router would technically be at layer three, but it would also be at from level 1 to whatever top layer is
Threats to Physical Layer: theft, unauthorized access, vandalism, sniffing, interference, data emanation (radiation?), pipes, humidity
OSI Model - Layer 2
- bottom > up
Data Link Layer: the only layer of the OSI model with 2 sublayers
- Logical Link Control (LLC): error detection
- Media Access Control (MAC): physical
CSMA/CD Carrier Sense Multiple Access with Collision Detection (IEEE standard) 802.3 Ethernet
- detecting collisions, and expects to have collisions
- in ethernet connections
CSMA/CA Carrier Sense Multiple Access with Collision Detection (IEEE standard) 802.11 Wireless
- avoiding collisions
- used in wireless devices
Token Passing: 24 bit control frame passed around the network environment with the purpose of determining which system can transmit data. There is only one token and since a system can’t communicate without the token, there are no collisions.
- dated but does still exist
- bring a microphone, and pass it in a circle and wait for your turn. Eliminates chance of collisions
- between POS devices
MAC Address
Unique identifier for every single network card on the planet - SHOULD be the case
48 bit address - first 24 for manufacturer, and last 24 for individual card itself
nothing about MAC address that would indicate your location
MAC address shouldn’t change but can change or be spoofed
A MAC address doesn’t have info in it to locate you
- not good for global addressing, but really good for local addressing
- once the packet get’s close to your local router, the MAC can be used to find you
ARP: Address Resolution Protocol????
- takes a known IP address and learns an unknown MAC address
Once the packet is close, the system sends out an ARP broadcast, system sends the MAC and picks it up off the network
Ethernet
Carrier Sense Multiple Access with Collision Avoidance
Used by ethernet
Contention (or collision based)
Multiple systems can access the network, but data will collide
Collisions will slow things down
Ethernet requires the resolution of an IP address to a MAC address
ARP
ARP: Address Resolution Protocol????
- takes a known IP address and learns an unknown MAC address
- once a host on the local network learns the destination IP and is local, that host sends out a broadcast with the IP, and the system of that IP returns the MAC address
Once the system learns the recipient MAC address, the system will cache it and store it locally
- the downside to this, is that its trusting old information
- cache poisoning: system mapped an IP to a specific MAC address, an attacker can switch out their MAC address, or ARP, so the message comes to their host
- anything with cache can be subject to poisoning, like web or DNS cache
What layer does it function? 2
Across which layers? 2 & 3
ARP poisoning would happen at layer 2
Unsolicited ARP replies are malicious, a lot of OS’s block it. Firewalls block it but also should see where the origin of the reply (smart firewall)
Switch
By default, switches operate at layer 2
Uses MAC addresses to direct traffic
Isolates traffic into collision domains
Does NOT isolate broadcasts natively
A HUB will not provide any isolate or traffic control, so every system on the hub is colliding
- if a sniffer is plugged into a hub,
Router
OSI Model - Layer 3 Network
Routers isolate traffic into broadcast domains and use IP addressing to direct traffic and segment out the network but still allow the different subnets to talk
Sales people’s broadcast away from the HR’s broadcast - different bandwidth, different security mechanisms
Production device routers are very expensive on a port by post basis
- when you have a lot of ports, you’ll only get one router at a time ???????
VLAN
VLAN = separate broadcast domains via a switch
Routers are expensive, so isolate the broadcast domain via a switch HOWEVER this is a native function on a switch - so some switches may not support VLAN (but most probably do)
- To get a broadcast isolation on a switch, a VLAN is necessary
A Layer 2 switch, even with a VLAN, doesn’t truly understand Layer 3 IP addressing
- you can a VLAN on a layer 2 switch, but you can’t have a VLAN layer 2 to talk to a VLAN layer 1, because the switch doesn’t understand where VLAN 1 is. It doesn’t work with IPs, it works with MAC addresses.
A Layer 3 switch is necessary for inter-VLAN Communication
- layer 3 VLAN can do IP address routing, determine traffic etc. it ALMOST replaces a router, but the difference is that it doesn’t allow to get off the local network
Routers shifted their role from being internal devices, to boundary devices
Layer 3 Protocols
All protocols that start with the letter “I” except IMAP (which is a layer 7 mail protocol)
IP ICMP: IP 'helpers' like ping IGMP: Internet group Message Protocol IGRP IPSEC IKE ISAKMP
Internet Control Messaging Protocol: ICMP
Protocol used by most echoing capabilities; ping, traceroute, path-ping
ICMP is filled with holes, very weak and no inherent security and often without security mechanism.
Heavily used in DDoS attacks
Ping attacks = Layer 3 attacks that overwhelm the system
Ping Flood: send an overwhelming amount of ICMP echo request packets, that you can’t respond
Ping of Death: sends a lot of ping packets
SMURF: Uses a spoofed source address (Target) and directed broadcasts to launch a DDos
- send a ping request, spoofed as someone safe as the source address, and send it to everyone on the broadcast
- you should NEVER allow a broadcast from outside of the network, to come into inside of your network (directed broadcast) there is NO good reason for this to happen so it should be blocked!
- everyone knows how exploited ICMP is, so everyone blocks them from the firewall
- fraggle is the same thing but uses UDP (layer 4) but this is sometimes needed from the outside, so cannot block at the firewall level. so instead of blocking it all together, you can look for it misbehaving, like flooding
Loki Attack: information is being hidden behind or within the ICMP headers, which is not the function of ICMP headers. Data being placed there may avoid being detected by tools that don’t look for data there
User Datagram Protocol (UDP) - Layer 4
- connectionless
- unreliable
- no handshaking
- desirable when “real time” transfer is essential
- media streaming, gaming, live time chat, etc.
- FTP (file transfer protocol) used TCP; much more reliable
- TFTP (trivial file transfer protocol) uses UDP for speed
Session - Layer 5
Layer 5 (Session) - responsible for establishing a connection between two applications (either on the same computer or two different computers)
Will see SQL, RPC, session hijacking, session-based info being stored on a local host
Dialogue control
Release connection
Services
- session management
- dialog management
- activity management
- synchronization
Protocol
- connection-oriented
- common protocols
- ISO 8327 (OSI)
- APPC (IBM)
- DNA Session Control
Layer 6 - Presentation
Present the data in a format that all computers can understand
This is the only layer of OSI that does not have any protocols
- concerned with encryption, compression and formatting
- making sure data is presented in a universal format
- file level encryption
- removing redundancy from files
Layer 7 - Application
This defines a protocol (way of sending data) that two different programs or applications understand.
- HTTP, HTTPS, FTP, TFTP, SMPTP, SNMP, etc.
- Application proxies
- Non-repudiation
- Certificates
- Integration with Directory Services
- Time Awareness
Intelligent devices - can be integrated with other applications, services can understand content of messages e.g. mail filter that can block mail with ‘free offer’ takes a lot of intelligence because it has to check the content and make decisions based on the content
Non Repudiation: digital signing, public private key pair, stop users from using without digital signatures, stop users fr5om looking at gaming websites after 5pm
Protocols that users interact with!
Email: SMTP, POP, IMAP,
Web Browser: HTTP, HTTPS
EXAM TIP: if you don’t know where a protocol lives, stick it in layer 7