ISOC and SSL Flashcards
Responsibilities of IETF
Applications Area, Internet Area, Network Management, OSI integration, Routing area, Security Area, Transport and service area
IETF
Internet Engineering Task Force
IANA
Internet Assigned Number Authority
Responsibilities of IANA
Coordinate assigned values of protocol parameters, Type codes, Protocol numbers, Port numbers, Internet addresses and Standards
IRTF
Internet Research Task Force
Responsibilities of IRTF
End to End research, Autonomous networks, Electronic libraries, Internet Architecture, Electronic Communities, Resource discovery
TCPIP Architecture Design
Layered design, makes it easier for future developments.
3 Levels of TCPIP Architecture
Connectionless Oriented Delivery (IP, Network Layer). Transport Layer Services (using IP). Highest Level is Application layer service
IETF RFC791 IPV4
Routing layer diagram of the TCP IP suite. IP frame header contains routing info and control info associated with datagram delivery.
IPv6 / IPnG
Increases address size from 32bits to 128 to support more levels of addressing. Adds scalability of multicast addresses.
Anycast address
sends a packet to a group of nodes. added with ipv6.
Advantages of IPv6
Efficient Formatting, Less Stringent Limits, Greater Flexibility. Support for extensions in headers.
TCPIP Addressing Scheme (IPv4)
Nodes connected to IP network. 32 bit addresses. IP contains NetID and HostID.
TCPIP Address Classes
IP Address spaces are divided into fixed length structures called address classes.
Class A
First bit of IP is 0. From 1.0.0.0 to 126.0.0.0
Class B
First two bits of IP are 1 0. From 127.0.0.0 to 191.255.0.0
Class C
First 3 bits are 1 1 0. 3 Bits for address class, 21 for network, 8 for host.
Class D
first 4 bits are 1 1 1 0. Multicast address not a specific network. ex. Video Conferencing
Class E
first 4 bits are 1 1 1 1. Special Reserved address. Doesn’t refer to specific networks. No numbers currently assigned in this range.
Subnetting
Provides a way to extend network portion of IP beyond allocated bits. Uses a mask to host address to access subnetworks.
Subnetting Overhead
Allocated bits for host identification
Using Subnet Mask on IP
identifies network and node parts of address. Network bits represented by 1 and node by 0. Doing logical AND between these gives network address.
Default Subnet Masks
Class A - 255.0.0.0
Class B - 255.255.0.0
Class C - 255.255.255.0
ex use C for smaller groups
Limit of nodes part of address in subnet
196 nodes instead of 254 since subnetting has better traffic isolation and security
CIDR
Classless interdomain Routing. Invented to keep from running out of IPs. Classful system was wasteful. Extends classful system, allocating only the amount of space needed
Subnet Mask Notation in CIDR
Reduced. Listed as the number of 1s that start the mask.
SSL
Secure Sockets Layer Protocol. Universally accepted over WWW for authenticated and encrypted communication between client and server.
Transport Layer Security
TLS, based on SSL. IETF standard
Where does the SSL protocol run
Above TCP/IP but below high level protocols such as HTTP, IMAP.
SSL uses TCP on behalf of higher protocols to allow:
SSL enabled server to auth SLL enabled client
Client Auth to server
Encrypted connection between both parties
SSL Protocol addresses concerns:
SSL Server authentication
SSL client authentication
Encrypted SSL connection
SSL Server authentication
Can use standard techniques of public key cryptography to check server certificate and public IP is valid and certified.
SSL client authentication
Allows server to confirm user’s identity, using the same techniques for server authentication
Encrypted SSL connection
Requires all info sent between client and server to be encrypted by sending and decrypted by receiving software.
SSL Sub protocols
SSL Record And SSL Handshake
SSL Record
Defines format to transmit data
SSL Handshake
Uses record to exchange series of messages between SSL server and client connection
SSL exchange of messages is designed to facilitate the following:
Authenticate server to client
Allow client and server to select cyptographic algorithms
Authenticate client to server
Use public key encryption and generate shared secret
Establish an SSL connection
Ciphers used with SSL
DES (Data Encryption Standard)
DSA (Data signature algorithm)
KEA (Key exchange method)
MD5 (Message Digest Algorithm)
SHA-1
Most commonly used SSL Cipher
RSA key exchange
Key exchange algorithms
govern how server and client determine symmetric keys they will both use during session.
Cipher suites with RSA key exchange
Triple DES, RC4, RC2, DES, all support encryption and authentication
What key encryption does SSL protocol use
a mix of public and symmetric key encryption
SSL begins session with
Handshake. Allow server to authenticate and cooperate with client for encryption.
SSL Handshake Process
Go check the notes for this
Client encrypts premaster secret with
servers public key
What can decrypt premaster secret?
private key that corresponds to it.
Client Authentication cyptography
client encrypts random data with its private key. Public key in clients certificate can correctly validate the signature only if private key was used.
VLAN
Group of isolated devices on a LAN. Subgroup of LAN and segregation of data. Can be addressed by MAC address of TCP.
IP orientation
connectionless oriented
TCP orientation
connection oriented
