Networks Flashcards
Operating Systems Role
Manage the computer’s resources
Memory management
Scheduling
Access Controls
Characteristics of Network Topologies
# of connections # of “hops” Addition of new nodes Fairness Collisions and points of failure
Protocol defined parameters
Type of error checking
Data compression method
Mechanisms to signal reception of a transmission
DNS Port
53
Static Routing
Static: entries entered once and not updated
Routing Information Protocol (RIP):
entire tables shared on a periodic basis. Not very efficient or secure.
Open Shortest Path First (OSPF):
Table maintained to determine what the shortest path is to specific destinations. Tremendous overhead.
Border Gateway Protocol (BGP):
Peer routers (neighbors) exchange routing information. Entire table initially loaded but subsequent changes limited to updates.
ICMP performs the following controls:
- Flow Control
- Detecting unreachable destinations
- Redirecting routes
- Checking remote hosts (e.g. ping)
Types of DOS attacks
Flooding – sending more data than the target can process
Crashing – sending data, often malformed, designed to disable the system or service
Distributed – using multiple hosts in a coordinated attack effort against a target system.
IPv4 vs. IPv6
scalability:IPv6 uses 128bit address space. Address length is 4 times longer than IPv4.
security:IPv6 basic specification includes security. It includes packet encryption (ESP:Encapsulated Security Payload) and source authentication (AH:Authentication Header). [confidentiality and authentication]
real-time:To support real-time traffic such as video conference, IPv6 has “Flow Label”. Using flow label, routers can know which end-to-end flow a packet belongs to, and then find out the packet which belongs to real-time traffic. [needed to allow for prioritization of traffic]
autoconfiguration:IPv6 basic specification includes address autoconfiguration. So, even a novice user can connect their machine to network.
specification optimization:IPv6 keeps good parts and discards old and useless parts of IPv4.
Two major modes of IPSec
Tunnel: encrypts both the data and header portions of the packet.
Transport: encrypts the data portion of the packet.
provides authenticity guarantee for packets, by attaching strong crypto checksum to packets. If you receive a packet with AH and the checksum operation was successful, you can be sure about two things :
The packet was originated by the expected peer. The packet was not generated by an impersonator.
The packet was not modified in transit.
IPSec Authentication Header (AH)
provides confidentiality guarantee for packets, by encrypting packets with encryption algorithms. If you receive a packet with ESP and successfully decrypted it, you can be sure that the packet was not wiretapped in the middle.
Encapsulating Security Payload (ESP):
ESP provides encryption service to the packets. However, encryption tends to negatively impact compression on the wire. IPcomp provides a way to compress packets before encryption by ESP (Of course, you can use IPcomp alone if you wish to).
IP payload compression (IPcomp):
