Chapter 10 - Networks and Telecommunications
The OSI Reference Model layers are as follows: **MUST KNOW THE LAYERS AND THE PROTOCOLS
Layers 6,7 are software Layers 3,4,5 are operating systems like windows 10 Layer 1,2 are physical devices, physical hardware. Application Layer(7)—This layer is responsible for interacting with end users. (USER INTERFACE!) The Application Layer includes all programs on a computer that interact with the network. For example, your email software is included, since it must transmit and receive messages over the network. A simple game like Solitaire doesn't fit here because it does not require the network in order to operate. Uses HTTP / HTTPS for communications with web browser. Presentation Layer(6)—This layer is responsible for the coding of data. The Presentation Layer includes file formats and character representations. From a security perspective, encryption generally takes place at the Presentation Layer. Session Layer(5)—Process-to-process communication. This layer is responsible for maintaining communication sessions between computers. The Session Layer creates, maintains, and disconnects communications that take place between processes over the network. Uses TCP which is a rule of communication for your operating system. Transport Layer(4)—This layer is responsible for breaking data into packets and properly transmitting it over the network. Flow control and error checking take place at the Transport Layer. Uses TCP which is a rule of communication for your operating system. Network Layer(3)—This layer is responsible for the logical implementation of the network.(ROUTING data to destinations, down wire A/B, WAN Delivery) One very important feature of the Network Layer, covered later in this chapter, is logical addressing. In TCP/IP networking, logical addressing takes the familiar form of IP addresses. Uses TCP/IP and IPsec (IP address) which is the rules of communication for your operating system. TCP/IP Are the rules the operating systems obey when communicating on the internet. IPsec is a protocol with security in it. IP Address is logical and can change. You can assign an IP address to your computer. Data Link Layer(2)—(Physical addressing, its in your computer physically on the network card. It's the hardware address that indicates the stops on the journey to your destination.) This layer is responsible for transmitting information on computers connected to the same local area network (LAN). The Data Link Layer uses Media Access Control (MAC) addresses. MAC Addresses are physical, static, and will not change. Device manufacturers assign each hardware device a unique MAC address. Uses ethernet, which is with an open party line. You listen to the wire and if its free you transmit, if not you wait. It's the rule of communication through a wire. Physical Layer(1)—(Signaling, electricity going through the wire) This layer is responsible for the physical operation of the network. The Physical Layer must translate the binary ones and zeros of computer language into the language of the transport medium. In the case of copper network cables, it must translate computer data into electrical pulses. In the case of fiber optics, it must translate the data into bursts of light.
Firewall
A firewall controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. You can place a firewall between an internal network and the outside world or within the internal network to control access to particular corporate assets by only authorized users. Firewalls are critical elements of net-working security, but they are just that: elements. Firewalls will not solve all security problems, but they do add a much-needed deterrent. FIGURE 10-8 shows the role of a firewall in a network. It separates private networks from the Internet. It also separates different private networks from each other. In this section, you will look at the different types of firewalls and the roles they play in the network topology. Firewalls are powerful tools in securing networks. Since each firewall is configured using rules, they provide the most common way to implement rule-based management. Rule-based management is simply managing the security of a network by defining rules of what is acceptable and what is not. ALSO Access Control Lists. An access control list simply defines a rule to handle traffic from one or more hosts using a specific protocol and one or more ports. firewalls can filter traffic based on ports, often simply called port security. Packet Filtering: The rules to allow or deny based on IP addresses/hardware addresses. Stateful inspection: A rule that can deny/allow traffic. Is this packet part of a legitimate ongoing communication?
Router
A router is a device that connects two or more networks and selectively interchanges packets of data between them. A router connects a LAN to a WAN by examining network addresses to decide where to send each packet. Router routes traffic based on the IP addresses. Border routers—A border router is subject to direct attack from an outside source. When you configure any router, you should determine whether it is the only point of defense or if it is one part of a multilayered defense. Internal routers—An internal router can also provide enhanced features to your internal networks. Internal routers can help keep subnet traffic separate. They can keep traffic out of a subnet and keep traffic in a subnet. Routers can use network address translation (NAT) and packet filtering to improve security.
Subnet
All hosts that share the same network address are part of a subnet. A subnet is a partition of a network based on IP addresses. Since IPv6 addresses are so much larger than IPv4, IPv6 uses a completely different notation.
VPN
Allows a secure private connection over a public network, using an encrypted 'tunnel'. For example, a remote computer can securely connect to a LAN, as though it were physically connected. Data must be encrypted and must have firewalls to allow/deny traffic, allow traffic from the specific source and deny all else. That is a VPN. The three major VPN technologies in use today are as follows •Point-to-Point Tunneling Protocol (PPTP)—The Point-to-Point Tunneling Protocol (PPTP) was once the predominant VPN protocol. For many years, almost all VPNs used PPTP. It is easy to set up on client computers because most operating systems include PPTP support. •Secure Sockets Layer (SSL)—The Secure Sockets Layer encrypts web communications, and many VPNs use SSL to provide encrypted communication. Users connect to an SSL-protected webpage and log on. Their web browser then downloads soft-ware that connects them to the VPN. This requires no advance configuration of the system. For this reason, SSL VPNs are quickly growing in popularity. •IPSec—Internet Protocol Security (IPSec) is a suite of protocols designed to connect sites securely. Although some IPSec VPNs are available for end users, they often require the installation of third-party software on the user's system and are not popular. Many organizations use IPSec to connect one site to another securely over the Internet. The required IPSec VPN functionality is built into many routers and firewalls, allowing for easy configuration.
Gateway
Computer which acts as a bridge between a local area network and the Internet.
Tunneling
Encapsulating a packet with a header and sending it through a public system. The public system can only see that header that was added and cannot see the payload. That is tunneling. Designed for point-to-point transmission.
Encapsulation
Have payload and a header and as you go down the layers of the OSI model (the web browser, hardware, operating system) the payload is having headers added to it. They provide information for communication and routing. These headers will have something called a port number. The port number identifies the application it goes through. Ex: port 80 means going through the web browser. The IP address indicates if we are at the ultimate location. And you have your hardware address. These payloads and headers are given specific names, know segment, packet, and frame. Segment deals with the transport layer, sending/ acknowledgement(you got what you received) Packet you are dealing with the IP Address for routing and ultimate destination. Frame: Electrical charges and the next hop, what's the next hardware address that we are going to. As your payload is passed through these layers the headers are being added when it arrives at its destination.
Dual-homed hosts
Have two interfaces, two wires connecting that computer to a network. Instead of connecting your computer with one wire you connect it with two wires. One wire could be for input(what it sent to computer) and one for output(what is sent from computer) helps with traffic.
IPV4 Address
IPv4 addresses are four-byte (32-bit) addresses that uniquely identify every device on the network. With an explosion in the number of network devices during the end of the last century, it was clear that IPv4 did not allow for unique addresses for each device. That's one of the reasons IPv6 was developed. IPv6 addresses are 128 bits long and can provide far more unique device addresses than the older standard. In addition, IPv6 contains many additional features and is more secure. Adopting it is slow, however, and IPv4 is still the most common IP addressing technique in use today
honeypot
It's a decoy server that looks and acts like your webserver but it is not your web server, it is a decoy. Used to lure hackers in and monitor them. Place it inside your critical system so it looks like it's a critical system and they will fall for it. The honeypot is another layer of defense after your 2nd firewall. Put it in subnet C or B.
MAC Address VS IP Address
MAC addresses identify network cards, while IP addresses identify specific computers within a network (your IP address may change depending on what network you are using, but your MAC address for your network card will not change)
NAT & Proxy Servers
Network Address Translation: Those internal network IP Address can be translated into other external IP addresses that go out into the world. Translating internal IP address to external. Proxy servers: Servers that act on behalf of another computer. You cannot see that computer, you just see the proxy server. (Ex: Webserver exists, so you create a proxy server that acts on behalf of it. So no one will see the webserver).
Network Access Control
Network access control (NAC) systems enable you to add more security requirements before allowing a device to connect to your network. They perform two major tasks: authentication and posture checking. Although NAC is a new technology, it is growing in popularity. Many organizations now deploy NAC for both internal users and guests using their network. NAC works on wired and wireless networks.
Screened Subnet
Often it's not possible to block all traffic into your network. If you host a public website or your own email server, you need to allow inbound connections on a limited basis. The screened subnet firewall topology, shown in FIGURE 10-10, is the best approach for this type of requirement. The firewall has three network cards. Two are set up identically to a border firewall, with one connected to the Internet and another connected to the private network. The third card connects to a special network known as the screened subnet or demilitarized zone (DMZ).
Switches
Switches are a much better alternative to hubs. A switch performs the same basic function as a hub: connecting multiple systems to the network. However, switches have one major added feature: They can perform intelligent filtering. Switches will route things based on hardware addresses, a switch will determine which wire to go down, because that wire contains the hardware address we need to go to. Switches "know" the MAC address of the system connected to each port. When they receive a packet on the net-work, they look at the destination MAC address and send the packet only to the port where the destination system resides. This simple feature provides a huge performance benefit. Switches are now inexpensive and have greatly improved performance. That's why almost every modern network uses switches to connect systems. Generally speaking, only small networks still use hubs.
TCP/IP is Insecure
TCP SYN attack: Webserver makes connection with webserver and sits idle, if you get all those in idle, no legitimate user can get in. (DoS attack) IP Spoofing: Forging IP Addresses Sequence guessing: Sent email in 5 parts, receive part 3 of 5 parts, part 1 of 5 parts, suddenly u receive part 8 of parts and it messes up the sequence of the parts payload since its only out of 5 parts. Connection hijacking: re-routing communications TCP/IP has no health checks, no method to check the settings of the system to check everything is OK. TCP Also was not designed for authentication initially even for passwords, so everything is sent in clear text in the initial version with no encryption.
DMZ
The DMZ is a semiprivate network used to host services that the public can access. Users have limited access from the Internet to systems in the DMZ to access these services. A secure network does not allow direct access from the Internet to the private network. Let outside world in but thats a far as they go. Subnet can be a dmz.
WEP vs WPA vs WPA2
WEP Is compromised. WPA2 is the newest version of WPA. It is used for wireless.(WIFI/WLAN) MEMORIZE 802.11i this is the hardware standard for wireless technology. It uses AES encryption to protect data on networks.
The Main Types of Networks
Wide Area Networks
Internet Control Message Protocol (ICMP)
is a management and control protocol for IP. ICMP delivers messages between hosts about the health of the network. Two ICMP tools are ping and traceroute. The ping command sends a single packet to a target IP address called an ICMP echo request. This packet is equivalent to asking the question "Are you there?" The computer on the other end can either answer the request "Yes" with an ICMP echo reply packet or ignore the request. Attackers sometimes use the ping command to identify targets for a future attack. Because of this potential vulnerability, many system administrators configure their computers to ignore all ping requests. Attackers can use ICMP to create a denial of service attack against a network. This type of attack is known as a Smurf attack, named after one of the first programs to implement it. It works by sending spoofed ICMP echo request packets to a broadcast address on a net-work, hoping that the hosts on that network will all respond. If the attacker sends enough replies, it is possible to bring down a T1 from a dialup connection attack.
Telephony
is the field of technology that includes the development and deployment of services to support all electronic communications. (VOIP)
border firewall
sits at the boundary between the corporate site and the external Internet. The border firewall is the most basic approach. Border firewalls simply separate the protected network from the Internet, as shown in FIGURE 10-9. A border firewall normally sits behind the router and receives all communications passing from the router into the private network. It also receives all communications passing from the private network to the Internet. Border firewalls normally use either packet filtering or stateful inspection.
TCP/IP(Transmission Control Protocol/Internet Protocol):
A protocol is a set of rules that govern the format of messages that computers exchange. A network protocol governs how networking equipment interacts to deliver data across the network. These protocols manage the transfer of data from a server to an endpoint device from the beginning of the data transfer to the end. In this section, you will learn about the protocols that make up TCP/IP and the basics of TCP/IP networking. TCP/IP is actually a suite of protocols that operate at both the Network and Transport layers of the OSI Reference Model. It governs all activity across the Internet and through most corporate Networks and Telecommunications and home networks. The U.S. Department of Defense developed TCP/IP to provide a highly reliable and fault-tolerant network infrastructure. Reliability, not security, was the focus. This suite of protocols has many different responsibilities. FTP: File Transfer Protocol: Moving files from one file to another computer. Telnet: Allowed you to access a mainframe computer through the internet. Your home computer becomes a terminal for the mainframe. HTTPS: Rules of communication for your webpages. DNS: Converting URL to IP Addresses SNMP/DHCP/NST managing network protocols/internet DHCP: Assigning IP Addresses
Wireless Access Point (WAP)
A wireless access point (WAP) is the connection between a wired and wireless network. WAPs are radios, sending and receiving networking information over the air between wire-less devices and the wired network. Anyone within radio range of a wireless access point can communicate with it and attempt to connect to the network. You must use strong encryption. In the early days of wireless networking, the indus-try developed a standard called Wired Equivalent Privacy (WEP), which provided basic encryption. WEP relies on the RC4 encryption algorithm created by Ron Rivest for RSA
Hubs
Are physical simple network devices. Broadcasts to everyone anything its connected to. No routing involved. They contain a number of plugs (or ports) where you can connect Ethernet cables for different network systems. When the hub receives a packet on any port, it automatically retransmits that packet to all the other ports. In this way, every system connected to the hub can hear everything that every other system communicates on the network. This makes the job of the hub quite simple. The simple nature of a hub is also its major disadvantage. A hub creates a lot of network congestion by retransmitting everything it hears. In the last section, you learned how old- fashioned Ethernet networks had every system connected to the same wire. When you use a hub to connect systems, you get the same result. Every system communicates with every other system on the network, making it difficult for a single system to get a packet in edgewise. This causes network congestion and reduces the speed of the network for everyone using it.
Open Systems Interconnection (OSI) Reference Model
Is a template for building and using a network and its resources. The OSI Reference Model is a theoretical model of networking with interchangeable layers. The beauty of it is that you can design technology for any one of the layers without worrying about how the other layers work. You merely need to make sure that each layer knows how to talk to the layers above and below it. Application Layer—This layer is responsible for interacting with end users. The Application Layer includes all programs on a computer that interact with the network. For example, your email software is included, since it must transmit and receive messages over the network. A simple game like Solitaire doesn't fit here because it does not require the network in order to operate. Presentation Layer—This layer is responsible for the coding of data. The Presentation Layer includes file formats and character representations. From a security perspective, encryption generally takes place at the Presentation Layer. Session Layer—This layer is responsible for maintaining communication sessions between computers. The Session Layer creates, maintains, and disconnects communications that take place between processes over the network. Transport Layer—This layer is responsible for breaking data into packets and properly transmitting it over the network. Flow control and error checking take place at the Transport Layer.