Domain 3 – Telecom and Network Security Flashcards
DSL
Digital Subscriber Line
ISDN
Integrated Services Digital Network
PAP
Password Authentication Protocol – clear text
CHAP
Challenge Handshake Authentication Protocol – protects password
Remote User Management
- Justification of remote access
- Support Issues
- Hardware and software distribution
Intrusion Detection…
- Notification
* Remediation
CIRT
Computer Incident Response Team CIRT Performs • Analysis of event • Response to incident • Escalation path procedures • Resolution – post implementation follow up
Network Based IDS
Commonly reside on a discrete network segment and monitor the traffic on that network segment.
Host Based IDS
Use small programs, which reside on a host computer. Detect inappropriate activity only on the host computer, not the network segment.
Knowledge Based IDS
Signature based Pros: Low false alarms Alarms Standardized Cons: Resource Intensive New or unique attacks not found
Behavioral Based IDS
Statistical Anomaly Pros : Dynamically adapts Not as operating system specific Cons: High False Alarm rates User activity may not be static enough to implement
CIRT – (CERT)
Computer Incident Response Team Responsibilities: • Manage the company’s response to events that pose a risk • Coordinating information • Mitigating risk, minimize interruptions • Assembling technical response teams • Management of logs • Management of resolution
Network Availability
- RAID – Redundant Array of Inexpensive Disks
- Back Up Concepts
- Manage single points of failure
RAID
Redundant Array of Inexpensive Disks
• Fault tolerance against server crashes
• Secondary – improve system performance
• Striping – Caching and distributing on multiple disks
• RAID employs the technique of striping, which involves partitioning each drive’s storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.
• Hardware and software implementation
FRDS+
- Protect from disk failure – can reconstruct disks by automatically hot swapping while server is running
- Includes environmental
- FRDS+ adds hazard warnings
RAID Advisory Board
• Three types – Failure Resistant Disk Systems (FRDS) - the only current standard, Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
• FRDS: provides the ability to reconstruct the contents of a failed disk onto a replacement disk.
• Enables the continuous monitoring of these parts and the alerting of their failure
FRDS+
RAID 0 (STRIPPING)
- Creates one large disk by using multiple disks – striping
- No redundancy
- No fault tolerance (1 fail = all fail)
- Read/Write performance is increased
RAID 1 (MIRRORING)
- Mirroring
- Duplicates data on other disks (usually one to one ratio)
- Expensive (doubles cost of storage)
RAID 2 (HAMMING CODE PARITY)
- Multiple disks
- Parity information created using a hamming code
- Can be used in 39 disk array 32 Data and 7 recovery
- Not used, replaced by more flexible levels
RAID 3 (BYTE LEVEL PARITY) RAID 4 (BLOCK LEVEL PARITY)
- RAID 3 – Byte level
- RAID 4 – Block level
- Stripe across multiple drives
- Parity information on a parity drive
- Provides redundancy
- Can affect performance with single parity drive
RAID 5 (INTERLEAVE PARITY)
- Most popular
- Stripes data and parity information across all drives
- Uses interleave parity
- Reads and writes performed concurrently
- Usually 3-5 drives. If one drive fails, can reconstruct the failed drive by using the information from the other 2.
RAID 7 (SINGLE VIRTUAL DISK)
- Functions as a single virtual disk
- Usually software over Level 5 hardware
- Enables the drive array to continue to operate if any disk or any path to any disk fails.
RAID Summary
0 – Striping 1 – Mirroring 2 – Hamming code parity 3 – Byte level parity 4 – Block level parity 5 – Interleave parity 7 – Single Virtual Disk
Redundant Servers
- Primary Server mirrors to secondary server
- Fail-over or rollover to secondary in the event of a failure
- Server fault tolerance can be warm or hot
Server Cluster
- Group of independent servers managed as a single system
- Load Balancing
- Improves performance
- “Server Farm”
- Microsoft Cluster Server
Full Back Up
every file
Incremental Backup
- Only files that have been changed or added recently
- Only files with their archive bit set are backed up.
- This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed.
- Restore = last full backup plus each incremental
Differential Backup
- Only files that have changed since the last backup
- All files to the full backup (additive)
- Restore = full backup plus the last differential
Types of Tape Backup
- DAT – Digital Audio Tape
- QIC – Quarter Inch Cartridge – Small and slow
- 8mm Tape – Superceded by DLT
- DLT – Digital Linear Tape – 4mm tape – large and fast
Other media
CD – permanent backups, longer shelf life than tape
ZIP – JAZZ – Common
Tape Array – 32 to 63 Tape Array using RAID technology
HSM – Hierarchical. Provides a continuous on-line backup by using optical or tape ‘jukeboxes’, similar to WORMs.
Common Backup Problems
- Slow transfer of data to backup
- Retrieval time to restore
- Off hour processing and monitoring
- Server disk space expands over time
- Loss of data between last back up
- Physical security of tapes
Single Points of Failure Cabling Failures
Coaxial:
many workstations or servers attached to the same segment of cable, which creates a single point of failure if it is broken (similar to cable TV cabling). Exceeding cable length is a source of failure.
Single Points of Failure Cabling Failures
Twisted Pair: (CAT3 and CAT 5)
The difference between the two has to do with the tightness the copper wires are wound. Tightness determines its resistance to interference. CAT3 is older. Cable length is a common failure
Single Points of Failure Cabling Failures
Fiber Optic
Immune to EMI. Longer usable length (upto 2kms). Drawback is costs.
Technology Failures
Ethernet
- Most Popular
* Extremely resistance to failure, especially in a star-wired config.
Technology Failures
Token Ring
- Since token is passed by every station on the ring
* NIC set at wrong speed or in error state can bring the network down
Technology Failures
FDDI – Fiber Distributed Data Interface
- Dual rings fault tolerance (if first ring fails, the secondary ring begins working)
- Sometimes uses second ring for improved performance
Technology Failures
Leased Lines
T1 and ISDN – go with multiple vendors to reduce failures
Technology Failures
Frame Relay
- Public switched WAN
- Highly Fault Tolerant
- Bad segment diverts packets
- Can use multiple vendors for high availability
Other Single Points of Failure
- Can be any device where all traffic goes through a single device - Router, firewall, hub, switch
- Power failure – surges, spikes – install UPS
Note: Trivial File Transfer Protocol (TFTP)
is good tool for router configuration
Classes of Network Abuse
Class A
unauthorized access through circumvention of security access controls. Masquerading, logon abuse (primarily internal attacks)
Classes of Network Abuse
Class B
non-business use of systems
Classes of Network Abuse
Class C
Eavesdropping
• Active: Tampering with a transmission to create a covert signaling channel or probing the network
• Passive: Covertly monitoring or listening to transmissions that is unauthorized.
• Covert Channel: using a hidden unauthorized communication
• Tapping: refers to the physical interception of a transmission medium (like splicing of cable).
Classes of Network Abuse
Class D
Denial of Service Saturation of network services
Classes of Network Abuse
Class E
Network Intrusion – penetration (externally)
• Spoofing – A spoofing attack involves nothing more than forging one’s source address. It is the act of using one machine to impersonate another.
• Piggy Backing – attack using another users connection
• Back Door – attack via dial up or external connection
Classes of Network Abuse
Class F
Probing
• Gives an intruder a road map of the network for DoS attack
• Gives a list of available services
• Traffic analysis via ‘sniffers’ which scans the host for available services
o Like a telephone wiretap allows the FBI to listen in on other people’s conversations, a “sniffing” program lets someone listen in on computer conversations.
• Tools: Telnet (manual), vulnerability scanners (automatic).
Common DoS Attacks
- Filling hard drive space with email attachments
- Sending a message that resets a targets host subnet mask causing routing disruption
- Using up all of the target’s resources to accept network connections
Buffer Overflow Attack
- When a process receives much more data than expected.
- Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
PING
Packet Internet Groper – uses ICMP – Internet Control Message Protocol
PING of Death
Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang.
SYN Attack
- Attacks the buffer space during a Transmission Control Protocol (TCP)
- Attacker floods the target system’s ‘in-process’ queue with connection requests causing the system to time-out.
Teardrop Attack
- Modifying the length of the fragmentation fields in the IP Packet
- When a machine receives this attack, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous blue screen of death. Becomes confuse and crashes.
Smurf Attack
• (Source Site) Sends spoofed network request to large network (bounce site) all machines respond to the (target site). IP broadcast addressing.
Fraggle Attack
• The “smurf” attack’s cousin is called “fraggle”, which uses UDP echo packets in the same fashion as the ICMP echo packet.
Session Hijacking Attacks :
IP Spoofing
IP spoofing is used to convince a system that it is communicating with a known entity that gives an intruder access. IP spoofing involves altering the packet at the TCP level. The attacker sends a packet with an IP source address of a known, trusted source. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
Session Hijacking Attacks
TCP Sequence number
tricks the target in believing that it’s connected to a trusted host and then hijacks the session by predicting the target’s choice of an initial TCP Sequence number. Then it’s used to launch various other attacks on other hosts.
Salami Attack
A series of minor computer crimes that are part of a larger crime.
Rainbow Series
- Redbook – TNI - Trusted Network Interpretation
- Time and technological changes lessen the relevancy of the TNI to contemporary networking.
- Deals with technical issues outside the scope of the Orange Book wrt to networks
- Redbook interprets the Orange Book
- Orange Book – Trusted Computer Security Evaluation Criteria
TNI Evaluation Classes
D – Minimal protection C – Discretionary protection C1 – Discretionary Security Protection C2 – Controlled Access protection B – Mandatory B1 – Labeled Security B2 – Structured B3- Security Domains
Protocols
is a standard set of rules that determines how computers communicate with each other across networks despite their differences (PC, UNIC, Mac..)
Layered architecture
shows how communication should take place
• Clarify the general functions of a communication process
• To break down complex networking processes into more manageable sublayers
• Using industry-standard interfaces enables interoperability
• To change the features of one layer without changing all of the code in every layer
• Easier troubleshooting
Layer 7
Application Security: Confidentiality, authentication, data integrity, non-repudiation
Technology: gateways
Protocols: FTP, SMB, TELNET, TFTP, SMTP, HTTP, NNTP, CDP, GOPHER, SNMP, NDS, AFP, SAP, NCP, SET n Responsible for all application-to-application communications. User information maintained at this layer is user data.
Layer 6
Presentation Security: confidentiality, authentication, encryption
Technology: gateway
Protocols: ASCII, EBCDIC, POSTSCRIPT, JPEG, MPEG, GIF n Responsible for the formatting of the data so that it is suitable for presentation. Responsible for character conversion (ASCII/EBCDIC), Encryption/Decryption, Compression, and Virtual Terminal Emulation. User information maintained at this layer is called messages.
Layer 5
Session Security: None
Technology: gateways
Protocols: Remote Procedure Calls (RPC) and SQL, RADIUS, DNS, ASP n Responsible for the setup of the links, maintaining of the link, and the link tear-down between applications.
Layer 4
Transport Security: Confidentiality, authentication, integrity
Technology: gateways
Protocols: TCP, UDP, SSL, SSH-2, SPX, NetBios, ATP n Responsible for the guaranteed delivery of user information. It is also responsible for error detection, correction, and flow control. User information at this layer is called datagrams.
Layer 3
Network Security: confidentiality, authentication, data integrity
Technology: virtual circuits (ATM), routers
Protocols: IP, IPX, ICMP, OSPF, IGRP, EIGRP, RIP, BOOTP, DHCP, ISIS, ZIP, DDP, X.25 n Responsible for the routing of user data from one node to another through the network including the path selection. Logical addresses are used at this layer. User information maintained at this layer is called packets.
Layer 2
Data Link Security: confidentiality,
Technology: bridges, switch
Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex A, Annex D, HDLC, BPDU, LAPD, ISL, MAC, Ethernet, Token Ring, FDDI n Responsible for the physical addressing of the network via MAC addresses. Ther are two sublevels to the Data-Link layer. MAC and LLC. The Data-Link layer has error detection, frame ordering, and flow control. User information maintained at this layer is called frames.
Layer 1
Physical Security: confidentiality
Technology: ISDN, Hubs, Repeaters, Cables
Protocols: 10BaseT, 100BaseT, 1000BaseT, 10Base2, 10Base5, OC-3, OC-12, DS1, DS3, E1, E3, ATM, BRI, PRI, X.23 n Responsible for the physical transmission of the binary digits through the physical medium. This layer includes things such as the physical cables, interfaces, and data rate specifications. User information maintained at this layer is called bits (the 1s and 0s).
Data encapsulation
is the process in which information from one packet is wrapped around or attached to the data of another packet. In OSI model each layer encapsulates the layer immediately above it.
OSI Layers
- Process down the stack and up the stack
* Each layer communicates with corresponding layer through the stack.
OSI Security - 6 Security Services.
A security service is a collection of security mechanisms, files, and procedures that help protect the network. • Logging and monitoring • Authentication • Access control • Data confidentiality • Data integrity • Non-repudiation
OSI Security - 8 Security Mechanisms.
A security mechanism is a control that is implemented in order to provide the 6 basic security services. • Encipherment • Digital signature • Access Control • Data Integrity • Authentication • Traffic Padding • Routing Control • Notarization
TCP
Transmission Control Protocol
• Connection Oriented
• Sequenced Packets
• Acknowledgment is sent back for received packets
• If no acknowledgement then packet is resent
• Packets are re-sequenced
• Manageable data flow is maintained
UDP
User Datagram Protocol • Best effort • Doesn’t care about sequence order • Connectionless • Less overhead and faster than TCP
IP – Internet Protocol
- All hosts on a network have an IP address
- Each data packet is assigned the IP address of the sender and receiver
It provides an ‘unreliable datagram service’. Provides:
• No guarantees that the packet will be delivered
• No guarantee that the packet will be delivered only once
• No guarantee that it will be delivered in the order which it was sent
ARP – Address Resolution Protocol
- Use the IP Address to get the MAC Address
- MAC address is 48 bit
- IP address is 32 bit
- Only broadcast to network first time, otherwise stores IP and MAC info in table
RARP – Reverse Address Resolution Protocol
- Use the MAC Address to get the IP Address
* RARP Server tells diskless machines IP Address
ICMP – Internet Control Message Protocol
- Management Protocol and messaging service provider for IP.
- Sends messages between network devices regarding the health of the network.
- Ping is ICMP packet
- Ping checks if a host is up and operational
Telnet
Terminal Emulation (No File Transfer)
NFS
Network File Sharing
SMTP
Simple Mail Transfer Protocol
Internet Protocol
Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission. First defined by RFC 821 in 1982
LDP
Line Printer Daemon – with LPR enables print spooling
SNMP
Simple Network Management Protocol
• Provides for the collection of network information by polling the devices on the network from a management station.
• Sends SNMP traps (notification) to MIBS Management Information Bases
MIBS
Management Information Bases
Sends SNMP traps (notification) to MIBS Management Information Bases
Bootstrap (BootP) protocol
Diskless boot up. BootP server hears the request and looks up the client’s MAC address in its BootP file. It’s an internet layer protocol.
SET – Secure Electronic Transaction
• Originated by Visa and MasterCard
• Being overtaken by SSL
At the Application Layer (OSI Model)
SHTTP - Secure HTTP
• Early standard for encrypting HTTP documents
• Also being overtaken by SSL
At the Transport Layer (OSI Model)
SSL
Secure Socket Layer
• Contains SSL record protocol and SSL Handshake Protocol
• Uses symmetric encryption and public key for authentication
• MAC – Message Authentication Code for Integrity
At the Transport Layer (OSI Model)
SKIP
Simple Key Management for Internet Protocol
Similar to SSL – no prior communication required
Packet Filtering Firewall - First Generation
- Screening Router
- Operates at Network and Transport level
- Examines Source and Destination IP Address
- Can deny based on ACLs
- Can specify Port
Application Level Firewall - Second Generation
- Proxy Server
- Copies each packet from one network to the other
- Masks the origin of the data
- Operates at layer 7 (Application Layer)
- Reduces Network performance since it has do analyze each packet and decide what to do with it.
- Also Called Application Layer Gateway
Stateful Inspection Firewalls – Third Generation
- Packets Analyzed at all OSI layers
- Queued at the network level
- Faster than Application level Gateway
Dynamic Packet Filtering Firewalls – Fourth Generation
- Allows modification of security rules
- Mostly used for UDP
- Remembers all of the UDP packets that have crossed the network’s perimeter, and it decides whether to enable packets to pass through the firewall.
Kernel Proxy – Fifth Generation
- Runs in NT Kernel
* Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.
Packet Filtering Routers:
- Sits between trusted and untrusted networks
- Uses ACLs
- ACLs can be manually intensive to maintain
- Lacks strong user authentication
- ACLs can degrade performance
- Minimal Auditing
Screened Host Firewall
- Employs packet filtering and Bastion Host
- Provides network layer (packet filtering) and
- application layer (proxy) services
- Penetration requires getting by external router
- (packet filtering) and Bastion Host (proxy).
Dual Homed Host Firewall
- Contains two NICs
- One connected to the local “trusted” network
- One connected to the external “untrusted” network
- Blocks or filters traffic between the two.
- IP forwarding is disabled
Screened Subnet Firewall
- One of the most secure
- Two packet filtering routers and a Bastion Host
- Provides network layer (packet filtering) and
- application layer (proxy) services
- Provides DMZ
- Complex configuration
SOCKS Server
- Circuit level proxy server
- Requires SOCKS client on all machines
- Used to manage outbound Internet access
- IT Overhead intensive
NAT
Network Address Translation
3 Private IP Address Ranges.
Global Nonroutable Addresses
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
• Class A addresses are for large networks with many devices. 1-127
• Class B addresses are for medium-sized networks. 128-191
• Class C addresses are for small networks (fewer than 256 devices). 192-223
• Class D addresses are multicast addresses.
Virtual Private Networks
• Secure connection between two nodes using secret encapsulation method.
• Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
Tunnel can be created by the following three methods:
• Installing software or agents on client or network gateway.
• Implementing user or node authentication systems.
• Implementing key and certificate exchange systems.
PPTP – Point-to-Point Tunneling Protocol
VPN Protocol Standards
- Works at the Data Link Layer
- Single point to point connection from client to server
- Common with asynchronous connections with NT and Win 95
L2TP - Layer 2 Tunneling Protocol
VPN Protocol Standards
• Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F)
• Multiple protocols can be encapsulated within the L2TP
• Single point to point connection from client to server
• Common with Dial up VPNs
IPSec
VPN Protocol Standards
- Operates at the network layer
- Allows multiple and simultaneous tunnels
- Encrypt and authenticate IP data
- Focuses more on Network to Network Connectivity
VPN Devices
IPSec Compatible
Installed on a networks perimeter and encrypt traffic between the two
Because IPSec only work with IP
Operate at Network Layer
Two Modes:
• Tunnel Mode – entire packet is encrypted and encases in IPSec packet
• Transport Mode – Only datagram is encrypted leaving IP address visible.
Datagram: A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination.
VPN Devices
Non-IPSec Compatible
• Common non-IPSec compatible include SOCKS, PPTP and SSH
• SOCKS is not traditional VPN protocol but is robust and operates at Application Layer.
PTP implemented in Win95 and NT
• Multiprotocol and uses PAP and CHAP user authentication.
• Compresses Data
• End-to-End encryption
Secure Shell SSH-2
• Not strictly VPN but can be used as one with Terminal Session
Firewall Based VPNs
- Frequently available with Third Generation (Stateful Inspection) Firewalls
- Operate at the Application layer
- Performance degradation is often a problem
Data Network Types:
- Local Area Network (LAN)
- Wide Area Network (WAN)
- Internet, Intranet, and Extranet
Local Area Networks – LAN
• Discrete network for limited geographical area like a building or a single floor
• Two most popular LANs are:
CAN - Campus Area Network – connects multiple buildings with each other over switched backbone
MAN – Metropolitan Area Network – LAN over a city wide metropolitan area.
• Both CAN and MAN can have a connection to WAN
Wide Area Networks - WAN
- Network of sub networks that interconnect LANs over large geographic areas.
- WAN is basically everything outside of LAN
Internet
- The Internet is a WAN originally funded by the DOD
* Uses TCP/IP
Intranet
- Internet like logical network that uses a companies internal physical network structure
- More security and control than Internet
- Uses Internet tools like browsers.
Extranet
- Extranet can be accessed by users outside of the company, (i.e. vendors and partners) but not the general public.
- Includes some type of authentication or encryption
Asynchronous vs. Synchronous Communications
- Asynchronous is basis of modems and dial up remote access. Must operate at same speed.
- Start and stop bits mark the beginning and the end of each transfer.
- Synchronous is very high speed, governed by electronic clock timing signals.
LAN Cabling Types:
Twisted Pair Cable
- Relatively slow speed
- Two insulated wires can be shielded (STP) or unshielded (UTP)
- UTP is a four-pair medium comes in several categories
- UTP can be easily tapped by eavesdroppers than the other cable types.
- Category based on how tightly wound the wires are, tighter the wind the higher the rating and resistance to interference.
- Cat 1 UTP– was used for telephone lines not good for data.
- Cat 2 UTP – up to 4 MBps
- Cat 3 UTP – Used for 10BaseT networks up to 10 MBps
- Cat 4 UTP – Used in Token Ring Networks up to 16 MBps
- Cat 5 UTP - Current UTP standard for new installations up to 100 MBps
- Cat 6 UTP – up to 155 MBps
- Cat 7 UTP – up to 1 GBps
LAN Cabling Types:
Coaxial Cable
- Hollow outer conductor surrounds inner wire conductor. Currently two types in LANs
- 50-ohm Cable for digital signaling
- 75-ohm Cable for analog signaling and high speed digital signaling
- Coax is more expensive but is more resistant to Electromagnetic Interference (EMI).
- Used rarely except in Broadband communications
- Comes in two types:
- Thinnet – (RG58)
- Thicknet – (RG8 or RG11)
- Two common types of coaxial transmission methods:
- Baseband – The cable carries a single channel
- Broadband – cable carries several channels such as data, voice, audio, and video
LAN Cabling Types:
Fiber Optic Cable
- Conducts modulated light transmission
- Light waves are faster and travel greater distances
- Difficult to tap
- Resistant to EMI
- Usually connects backbones in larger networks
- Can be used to connect workstations to the network.
- Expensive to install and to terminate.
LAN Transmission Protocols:
- Rules for communication between computers on a LAN
* Formatting of the data frame, the timing and sequencing of packet delivery, and resolution of error states.
Carrier Sense Multiple Access (CSMA)
LAN Transmission Protocols:
- Foundation of Ethernet Protocol.
- Workstation continuously monitors the line waiting until it thinks it is free.
- If the workstation doesn’t receive an acknowledgement from the destination to which it sent the packet, it assumes a collision has occurred and it resends the packet.
- Persistent Carrier Sense - Unless receives acknowledgement it will resend.
- Nonpersistent Carrier Sense – waits random amount of time and resends.
CSMA/CA
LAN Transmission Protocols:
Carrier Sense Multiple Access Collision Avoidance – Workstations connected to two coax cables, one to send and one to receive data.
CSMA/CD
LAN Transmission Protocols:
Carrier Sense Multiple Access Collision Detection – Ethernet
If the host detects another signal while transmitting it will send a jam signal causing all nodes to stop sending data. Nodes wait to resend. Designed to avoid collisions.
Polling
LAN Transmission Protocols:
a primary workstation polls another at a predetermined time to determine if it has data to transmit. Primary must give permission to others to transmit.
Token passing
LAN Transmission Protocols:
- Token Ring and FDDI and ARCnet
- Cannot transmit without the token
- Each station can hold token for maximum predetermined amount of time
LAN Transmission Methods
refer to the way packets are sent on the network
• Unicast – from single source to single destination
• Multicast - source copied and sent to multiple destinations
• Broadcast - source copied and sent to all nodes on the network
LAN Topologies Five common topologies:
defines the manner in which the network devices are organized to facilitate communications.
LAN Topologies Five common topologies:
Bus
- All transmissions travel full length of the cable and received by all other stations.
- Single point of failure in the cable.
- If one of the links between any of the computers is broken, the network is down.
- Primarily Ethernet.
- These networks were originally designed to work with more sporadic traffic.
LAN Topologies Five common topologies:
Ring
- Unidirectional transmission links form closed loop.
- Token Ring and FDDI.
- Similar to the Star topology, however there’s a device called a Multistation Access Unit (MAU).
- MAU works the same as a hub, but with Token Ring networks instead of Ethernet networks.
- These networks were originally designed to serve large, bandwidth-consuming applications.
Star
LAN Topologies Five common topologies:
- Nodes connected to a central LAN or a junction box called a hub or a concentrator at the center of the network.
- Ads: reliability
- Ring and Bus often use Star as physical connection.
Tree
LAN Topologies Five common topologies:
branches can have multiple nodes.
Mesh
LAN Topologies Five common topologies:
all nodes connected to every other node.
Ethernet – 802.3
LAN Media Access Methods (Physical and Data Link Layers): control the use of a network.
• Ethernet – uses CSMA/CD – Designed for sporadic traffic
• Ethernet defines a bus topology with three different cabling standards
Thinnet – 10Base2 – coax with segments up to 185 meters.
Thicknet – 10BaseS – coax with segments up to 500 meters.
UTP – Unshielded Twisted Pair – all devices connected to a hub or switch 10BaseT 10 Mbps, 100BaseT 100 Mbps and 1000BaseT 1 GBps
ARCnet – 802.5
LAN Media Access Methods (Physical and Data Link Layers): control the use of a network.
- Early LAN technologies
* Uses token passing in a Star topology on coax cable.
Token Ring
LAN Media Access Methods (Physical and Data Link Layers): control the use of a network.
- Second to Ethernet
- All end stations connected to a Multistation Access Unit (MSAU)
- One station is designated as the Active Monitor
- If a transmitting station fails, the Active monitor will remove the token and generate a new one.
Fiber Distributed Data Interface – FDDI
LAN Media Access Methods (Physical and Data Link Layers): control the use of a network.
- Dual token ring LAN at 100 MBps on Fiber
- Dual counter rotating rings only one active at a time
- Operates over long distances with minimal interference
- Predictable delays, deterministic
- Permits several tokens to be present at a time
- Expensive and requires expertise
- Copper Distributed Data Interface (CDDI) – can be used with UTP cable but subject to interference and length issues associated with Copper.
Repeaters
LAN Devices
amplify signal, no added intelligence, no filtering – Physical Layer (1)
Hubs
LAN Devices
used to connect multiple LAN devices, no added intelligence – Physical Layer (1)
Bridges –
LAN Devices
Amplify signal, add some intelligence. A bridge forwards the data to all other network segments if the Media Access Control (MAC) or hardware address of the destination computer is not on the local network segment. Automatically forwards all broadcast traffic. Does not use IP address because IP is contained in the Network Layer (3) – Data Link Layer (2)
Switches
LAN Devices
Will only send data to the port where the destination MAC address is, not to all ports. Primarily operate at the Data Link Layer (2), although extremely fast layer 3 devices combining switching and routing are being used.
Routers
LAN Devices
router opens packet and looks at either the MAC or IP address only forwards to the network that it is destined. Operates at Network Layer (3)
Gateways
LAN Devices
primarily software, can be multi-protocol, can examine entire packet.
Asynchronous Transfer Mode (ATM) Switches
LAN Devices
Used in WANs and CANs. Use cell relay technology.
LAN Extenders
LAN Devices
remote access multi layer switch connected to host router, filters based on MAC address or Network Layer protocol, not capable of firewalling.
Private Circuit Technologies
WAN Technologies
Evolved before packet switching networks. Dedicated analog or digital point-to-point connection. Serial Line Internet Protocol (SLIP), Point-to Point protocol (PPP), ISDN, xDSL.
• Dedicated Line – indefinitely and continuously reserve for transmissions.
• Leased Line – Type of dedicated line leased from carrier.
Private Circuit Technologies
WAN Technologies
Types and Speeds of Leased Lines:
• Digital Signal Level 0 – DS-0 – single channel at 64KBps on a T1
• Digital Signal Level 1 – DS-1 – 1.544 MBps in US on a T1 and 2.108 MBps in Europe on a E1
• Digital Signal Level 3 – DS-3 – 44.736 MBps on a T3
- T1 – Transmits DS-1 data at 1.544 MBps on telephone switching network
- T3 – Transmits DS-3 data at 44.736 MBps on telephone switching network
- E1 – predominately used in Europe carries data at 2.108 MBps
- E3 - predominately used in Europe carries data at 34.368 MBps
SLIP - Serial Line Internet Protocol
WAN Technologies
developed in 1984 to support TCP/IP over low speed serial interfaces. Using Windows NT RAS, NT computers can use TCP/IP and SLIP to communicate to remote hosts.
PPP - Point-to Point protocol
WAN Technologies
over dial up and dedicated links, includes login, password, and error correction. Operates at the Data Link Layer (2) and uses CHAP and PAP.
ISDN
WAN Technologies
Integrated Services Digital Network - integration of digital telephony and data transport. Digitization of the telephone network, allowing voice, data, etc. Overtaken by DSL.
xDSL
WAN Technologies
Digital Subscriber Line – uses existing twisted pair telephone lines.
n ADSL – Asymmetric Digital Subscriber Line more bandwidth downstream from 1.5 to 9 MBps with upstream 16 to 640 KBps. ADSL works at 18,000 feet lengths, theoretical and 14,400 practical over single copper twisted pair.
n SDSL - Single-line (Symmetric) Digital Subscriber Line provides from 144 KBps up to 1.544 MBps both down and up, depending on distance, over single copper twisted pair, works at 10,000 feet lengths.
n HDSL – High-Rate Digital Subscriber Line - 1.544 MBps both down and up over two copper twisted pair. Provides T1 speeds. Can do 2.048 MBps on three copper twisted pair.
n VDSL – Very-high Rate Digital Subscriber Line – 13-52 MBps down and 1.5 MB to 2.3
MBps upstream over single copper twisted pair operating range 1,000 – 4,500 feet
Circuit Switched
Circuit Switched vs. Packet Switched
WAN Technologies
- Defined as a switching system in which a physical circuit path must exist for the duration of the transmission
- Physical permanent connections from one point to another
- Older technology than Packet Switching
- Phone companies use this a lot
Packet Switched
Circuit Switched vs. Packet Switched
WAN Technologies
- Create virtual circuits used as needed and reduce cost.
- Defined as a switching system where nodes share bandwidth by sending small packets.
- Each packet sent to the next destination by the router.
- Packets reassembled based on original sequence
Packet Switching Technologies
X.25, Link Access Procedure Balance (LABP), Frame Relay, Switched Multimegabit Data Service (SMDS), Asynchronous Transfer Mode (ATM), Voice over IP (VoIP)
X.25
Packet Switching Technologies
- First packet switching network
- Supports Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs)
- Designed to operate effectively regardless of the type of systems connected to
- Currently much more predominant overseas than in the US
Link Access Procedure Balance (LAPB)
Packet Switching Technologies
- Designed for use with X.25
- Defines frame types
- Can retransmit, exchange and detect out of sequence frames or missing frames.
Frame Relay
Packet Switching Technologies
- High performance WAN protocol
- Operates at Physical and Data Link Layers (1 and 2)
- Originally designed for ISDN
- Replaces X.25 and LAPB
- Simple and fast, no error correcting
- Supports Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs)
- Not available everywhere
Switched Multimegabit Data Service (SMDS)
Packet Switching Technologies
- High Speed over public switched networks
* Connectionless bandwidth on demand
Asynchronous Transfer Mode (ATM)
Packet Switching Technologies
- High bandwidth, low delay
- Uses switching and multiplexing
- Uses 53 byte fixed size cells instead of frames
- Can allocate bandwidth on demand
- Taking place of FDDI in Campus Backbone
Voice Over IP
Packet Switching Technologies
- Combines media types (voice, video, data, audio) into one IP packet
- Provides benefits in cost, performance and interoperability
- Very new but far reaching potential
Synchronous Data Link Control (SDLC)
Other Important WAN Protocols
- Uses polling access method for mainframes
- Based on dedicated leased line
- Evolved into HDLC and LAPB
- Operates at Data Link Layer (2)
High-Level Data Link Control (HDLC)
Other Important WAN Protocols
- Derived from SDLC
- Specifies data encapsulation method on synchronous serial links
- Operates at Data Link Layer (2)
High Speed Serial Interface
Other Important WAN Protocols
- Defines the electrical and physical interfaces to be used by DTE/DCE
- Operates and the Physical Layer (1)
Routers
WAN Devices
router opens packet and looks at either the MAC or IP address only forwards to the network that it is destined. Operates at Network Layer (3)
Multiplexors
WAN Devices
MUX enables more than one signal to be sent out over one physical circuit
WAN Switches
WAN Devices
multi-port network devices operate at the Data Link Layer (2). Typically switch Frame Relay, X.25 and SMDS
Access Servers
WAN Devices
provides dial in and dial out access connections to a network. Typically asynchronous.
Modems
WAN Devices
interprets digital and analog signals, transmits over voice grade telephone lines.
Channel Service Unit (CSU)/Data Service Unit (DSU)
used to terminate the physical interface on a DTE device such as a terminal.
Remote Access Technologies
Provide remote user (employee, vendor, partner) access into the network while maintaining C.I.A. (Confidentiality, Integrity, Availability)
Benefits of Remote Access:
Remote Access Technologies
- Providing employees flexible work styles, Telecommuting
- Building efficient ties with vendors, partners, suppliers and employees.
- Reducing costs by replacing dedicated network lines
Asynchronous Dial up Access
Remote Access Technologies
- How most people access Internet
* Use existing public switched phone network to access ISP
ISDN - Integrated Services Digital Network
Remote Access Technologies
- Carries voice, data over telephone networks
- Two Interface Types
- BRI – Basic Rate Interface composed of two B channels and one D Channel
- PRI – Primary Rate Interface composed of a single 64 KBps D channel plus 23(T1) or 30 (E1) channels
xDSL
Remote Access Technologies
Digital Subscriber Line
• Uses existing twisted pair telephone lines.
Cable Modems
Remote Access Technologies
- High speed access from the cable company
- Users share the Coax connection
- Throughput varies depending on number of users
- Considered insecure because local segment is not filtered or firewalled (Says Who?)
Wireless Technology
Remote Access Technologies
- Fastest Growing area of connectivity
- Encryption is being developed
- 802.11a – 5 Ghz wireless - very soon
- 802.11b – 2.4 Ghz currently most popular up to 11 MBps
- 802.11g – 2.4 Ghz but faster than 802.11b
- WEP – Wired Equivalency Protocol – up to 128-bit WEP
- WAP - Wireless Access Point
- SSID – Service Set Identifier – Network Name
- Use encryption, VPN, treat as external connection, directional antenna
Restricted Address
Secure Remote Access Methods:
- Filtering by source IP address
* Node authentication not user authentication
Caller ID
Secure Remote Access Methods:
- Caller ID checks incoming number against approved list
- Very commonly used, hard to defeat
- Hard to administer for traveling users
Call Back
Secure Remote Access Methods:
- Caller supplies password or identifier and hangs up
- System dials back number listed for the user
- Hard to administer for traveling users
Remote Identification and Authentication
Secure Remote Access Methods:
- Verify who is remotely communication.
- Identification - Who
- Authentication – Verify and Trust
Password Authentication Protocol (PAP)
Remote Node Security Protocols:
- Remote security protocol. Provides Identification and Authentication.
- Uses static replayable password for authentication (now considered weak)
- Does not encrypt the User ID or Password
Challenge Handshake Protocol (CHAP)
Remote Node Security Protocols:
- Next evolution of PAP uses stronger authentication
- Nonreplayable Challenge/Response
- Verifies Identity of the node
- Often used to enable network-to-network communication
- Commonly used by remote access servers and xDSL, ISDN, and cable modems
Remote Access Authentication Systems:
- TACACS – Terminal Access Controller Access Control System (TCP)
- TACACS+ – includes the use of two factor authentication
- RADIUS – Remote Access Dial-In User Service (UDP)
TACACS – Terminal Access Controller Access Control System
Remote Access Authentication Systems:
- Provides remote authentication and related services
- User password administered in a central database rather than in individual routers
- TACACS enabled network device prompts for user name and static password
- TACACS enabled network device queries TACACA server to verify password
- Does not support prompting for password change or use of dynamic tokens
TACACS+ Terminal Access Controller Access Control System Plus
Remote Access Authentication Systems:
- Proprietary CISCO enhancement
- Two factor Authentication
- User can change password
- Ability to use secure tokens
- Better Audit Trails
RADIUS – Remote Access Dial-In User Service
Remote Access Authentication Systems:
• Offers similar benefits to TACACS+
• Often used as a stepping stone to TACACS+
• Radius Server contains dynamic password and network service access information (Network ACLS)
• Radius is a fully open protocol, can be customized for almost any security system
• Can be used with Kerberos and provides CHAP remote node authentication
Except does not work with:
• Apple Talk Remote Access Resolution Protocol
• NetBios Frame Protocol Control Protocol
• Netware Asynchronous Services Interface
• X.25 PAD Connection
Does not provide two-way authentication and is not used for router-to-router authentication.
