Networks and Communication security chapter 5
Two types of devices used at Layer 2 (Data link layer):
-Bridges -Switches
Routers
-most widely used devices operating at layer 3 -Used today to mostly connect LANs to WANs
Unbound (wireless or mobile)
-parts of electromagnetic spectrum can be used as a media -Use of particular part of frequency spectrum is typically managed by governments to avoid interference between different users.
Network-related application programs
Application layer
Error detection
Data Link Layer
Physical characteristics of media
Physical Layer
Disadvantages of a star include
The central connection device is a single point of failure if it is not redundant.
Layer 3 threats
Threats can exploit protocol or network vulnerabilities by means of: Routing (RIP) attacks ICMP attacks Ping flooding Smurf attacks IP address spoofing Packet sniffing
Fibre Channel over Ethernet (FCoE) provides
a single Layer 2 environment to manage
IPsec relies
heavily on the PKI and can use any number of key exchange protocols such as: -Internet Key exchange (IKE) or IKEv2 -Kerberized Internet Negotiation of keys (KINK) -Internet Security Association Key Management protocol (ISAKMP) -DNS key exchange support ISPECKEY records
Bounded Media
physical layer
standardized presentation of data
presentation layer
TCP Ports
-20/21 File Transfer Protocol (FTP) -22 Secure Shell (SSH) -23 Telnet -25 or 587 SMTP -37 time -53 Domain Name service -80 Hyper Transfer Protocol (HTTP) -162 SNMP Trap -179 Border Gateway Protocol -443 HTTP-secure
UDP ports
-37 time -69 Trivial File Transfer Protocol (TFTP) -161 Simple Network Management Protocol (SNMP) -53 Domain Name service -162 SNMP Trap -443 HTTP-secure
Layer 4 of the TCP model maps to which layer(s) on the OSI model?
-Application -Presentation -Session
Routing Protocols classified into three groups
-Based on their purpose -Behavior -Operation
There are two primary transmission types for cell phones
-Code-division multiple access (CDMA) -Global System for Mobile Communication (GSM)
The Presentation layer can be composed of two sublayers:
-Common application service element (CASE) -Specific application service elements (SASE)
Address Resolution Protocol (ARP)
-IPv4 use it to translate or map a device-level address into something that can be used to uniquely route traffic to and from that device or entity. -maps the logical (IP) address on the network to the physical MAC address on the device access known as ARPing.
Session Protocols are defined by a variety of standard
-ISO-SP -L2F -X.225 -IEEE 802.1x
Many protocols use the routing infrastructure but do not directly contribute to its operation. Two of these see everyday use in virtually all IP networks
-Internet control Message Protocol (ICMP) -Internet Group Management Protocol (IGMP)
Layer 2 Threats
-Mac address spoofing or cloning -MAC flooding -VLAN hopping -Broadcast storms -Reconnaissance probes can be use MAC sniffing
OSI layer 3: The Network Layer Two primary purposes:
-Managing the logical addressing for networks -Forward packets to the correct logical network
data link layer is divided into two sublayer
-Media Access Control -Logical Link control
Telecommunication for internet Access
-Modems -Digital Subscriber lines (DSL) -Cable modem -Broadband over powerline (BPL)
Layer 7 Countermeasures
-Monitor and block access to suspicious or hazardous sites -Block known or suspected bots -Implement stronger access control -Perform deep inspection of application traffic -Migrate to more secure applications protection -Migrate to zero trust architecture
most easily exploited SNMP vulnerability
-Network management systems -Management information base -Managed devices -Agents
There are several different approaches to authenticating that provide a wide range of security:
-Password Authentication Protocol (PAP) -Challenge Handshake Authentication Protocol (CHAP) -Extensible Authentication Protocol (EAP) -Protected Extensible Authentication Protocol (PEAP)
Two general approaches to: avoid near-simultaneous transmission from interfering with each other:
-Polling protocols -Contention-Based protocol
Categories of standards that define protocols for specific purposes:
-Primary function -Compression -Formatting
Transmission control Protocol (TCP)
-Provides connection-oriented data management and reliable data transfer. -Establishes the connection through a three-way handshake; the connection is then used for data exchange.
Countermeasures include
-Replace weak password authentication protocols -Migrate to strong identity management and access control. -Use PKI -Verify DNS is correctly configured. -Active monitoring and alarm of session layer. -More robust IDS, IPS
Layer 6 countermeasures
-Replace/upgrade apps using weak authentication or protection - Deep inspection of application traffic for: -signs of attack -Policy violations
Advantages of token rings include
-Rings use tokens; thus, one can predict the maximum time that a node must wait before it can transmit (i.e., the network is deterministic). -Rings can be used as a network backbone.
Layer 7 threats
-SQL Injection -Encryption downgrade attempts -Rogue DHCP service, DNS poisoning, LDAP injection or other attacks on address and name resolution services -SNMP abuse -HTTP floods, DDoS, parameter tampering or malformed input attacks on applications and web pages. -Cross-site scripting attacks, session hijacks, malware.
Layer 3 countermeasures
-Securing ICMP -Proper router configuration -Better packet filtering and inspection -Use router access control lists more effectively -Proper VLAN configuration -Layer 2 intrusion detection / prevention -Move toward zero trust architecture -Mircosegmentation of LANs
Forms of transmission
-Unicast -Broadcast -Multicast -Anycast -Geocast
The only device that truly operates at the Presentation Layer is a gateway
-Used to connect two or more systems that are operating with different protocols. -These can be Layer 6 protocols, IPv4 to IPv6 addressing conversion or other functions.
implementing probabilistic networks have been widely adopted:
-carrier sense multiple access with collision Detection (CSMA/CD) -Carrier Sense Multiple Access with collision Avoidance (CSMA/CA)
User Datagram Protocol (UDP)
-connectionless protocol- sends communications with no expectation of acknowledgement -Useful in low-bandwidth environments or when retransmission is performed as part of a service. -Useful for attacks because there is no state for routers or firewalls to observe and monitor.
Layer 6 Threats
-exploiting vulnerabilities in cross-layer protocols -Injecting SQL queries -Attempts to downgrade session encryption to a lower, more easily broken type -Path traversal attacks
Simple Network Management Protocol (SNMP)
-is designed to manage network infrastructure. -allows the manager to retrieve "get" values of variables from the agent, as well as "set" variables. Such variables, defined in a device-specific management information base (MIB), could be routing table statistics or performance-monitoring information -also supports the use of agents (software installed on a managed device), which can send alert messages (such as traps) to the management station when specific conditions are met. Systems running too hot, for example, might indicate a maintenance issue or a processing overload; each might require different management actions for different reasons.
Layer 5 threats
-session hijack, man-in-the-middle (MITM) -ARP, DNS and poisoning of local hosts files -SSH downgrade attempt -Man-in-the-browser (MITB): Trojans in browser helpers, add-ons or other software.
Routing Protocols
-several routing protocols have been standardized through the RFC process to communicate routing information -These routing protocols help break large networks into autonomous systems (ASNs)
well-known ports
0-1023
registered ports
1024-49151
Dynamic or private ports
49152-65535
Disadvantages of buses include
A bus failure can leave the entire network inoperable, because a bus stems from only one interconnecting wiring, cabling or backplane.
Advantages of buses include
Adding a node to the bus is easy. A node failure will not likely affect the rest of the network.
Virtual Local Area Network (VLAN)
Allows use of switches to create software-based LAN segments, which can segregate or consolidate traffic across multiple switch ports
Label switching router (LSR)
An MPLS node capable of forwarding native Layer 3 packets.
Layer 1 Threats
At the physical layer, threat actors need to enter into the physical space or immediate vicinity of the physical media itself. countering these threat requires a combination of passive actions and ongoing monitoring and assessment.
MPLS edge node:
Connects an MPLS domain with a node that is outside of the domain, either because it does not use MPLS and/or because it is in a different domain.
OSI Layer 6 - Presentation Layer
Created to consolidate the design of protocols and services that connect dissimilar hosts for data sharing. -takes formatted information from the sending system and reformats it, so it can be understood by the receiving host.
Global System for Mobile Communication (GSM)
Each call is transformed into digital data that is given a channel and a time slot. Customer information, including telephone number, is kept on a subscriber identity module (SIM) that is removable from one phone to another in GSM provisioned phones. To be considered GSM, a carrier must accept any GSM-compliant phone.
Code-division multiple access (CDMA)
Every call's data is encoded with a unique key, and the calls are all transmitted at once. CDMA carriers use network-based allowed lists to verify their subscribers. Phones can only be switched with the carrier's permission, and a carrier doesn't have to accept any phone onto its network.
Disadvantages of a mesh include
Expensive because of the enormous number of required cables.
What hardware functions at the Physical Layer?
Hub
Satellite Network
Just as satellites orbiting earth provide necessary links for telephone and television service, they can also provide links for broadband. Satellite broadband is another form of wireless broadband and is also useful for serving remote or sparsely populated areas. Downstream and upstream speeds for satellite broadband depend on several factors, including the provider and service package purchased, the consumer's line of sight to the orbiting satellite, and the weather. Service can be disrupted in extreme weather conditions, and the communication latencies and packet loss are generally greater than other forms of broadband
These are primary components of an MPLS network
MPLS edge node Label switching router (LSR) Label switch path
management of connections
Network layer
These are the primary components of SNMP
Network management systems Management information base Managed devices Agents
WiMAX (Broadband Wireless Access IEEE 802.16)
One well-known example of wireless broadband is WiMAX. Although WiMAX can potentially deliver data rates of more than 30Mbps, providers offer average data rates of 6Mbps and often deliver less, making the service significantly slower than hard-wired broadband. The advent of other wireless technology that includes emerging 5G specifications and Long Term Evolution (LTE) replaced much of the effort put into developing WiMAX solutions. This technology is heavily used outside the U.S. and in industries such as aviation where establishing a physical infrastructure is difficult or cost prohibitive.
Wi-Fi (Wireless LAN IEEE 802.11x)
Primarily associated with computer networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless local-area network either public or private. A Wi-Fi network consists of a wireless connection to a wireless access point (WAP) that is normally connected to a wired network.
Advantages of a mesh include
Provides a high level of redundancy.
layer 5 session layer
Provides a logical persistent connection between peer hosts
OSI Layer 4: The transport Layer
Provides two mechanisms to confirm delivery of packets from the sending host to the receiving host: -Transmission Control Protocol (TCP) -User Datagram Protocol (UDP)
Advantages of a star include
Requires fewer cables than full or partial mesh. Easy to deploy and nodes can be easily added or removed.
Management of sessions between applications
Session Layer
Disadvantages of token rings include
Simple rings have a single point of failure. If one node fails (that is, if one node's network interface fails), the entire ring fails. Some rings, such as Fiber Distributed Data Interface (FDDI), use dual rings for failover.
Border Gateway Protocol (BGP)
The most important and widely used path-vector protocols, is an exterior routing protocol and relies on proper configuration to properly advertise routes. Misconfigured peers may redirect traffic in unintended ways, opening the possibility of traffic monitoring or denial of service.
Label switch path
The path through one or more LSRs at one level of the hierarchy followed by packets in a forwarding equivalence class (FEC).
Hypertext Transfer Protocol (HTTP)
The requesting endpoint sends an HTTP request for a resource to be sent back to the endpoint; that request needs to be resolvable into a destination IP address, a branch in a file directory on that system and a filename. Other parameters can be passed along with the request. The system that receives the request will attempt to locate the resource, validate that the requesting system has the right authorization to read that resource and then initiate a reply that starts to transfer the data contained in that resource. The requesting application (the browser or user-facing program) then must do what is necessary to make proper use of that resource
These topographical forms include
Token ring Bus Star or tree Mesh
The advantages of Multiprotocol Label Switching (MPLS) are significant.
Traffic-engineering: The protocol provides much more control to network operators to determine where and how traffic is routed on their networks, improving capacity management, service prioritization and minimizing traffic congestion. Multiservice networks: MPLS can support a variety of data transport services, as well as IP routing, across the same packet-switched network infrastructure. Network resiliency: Capabilities like MPLS Fast Reroute provide the ability to reroute traffic to meet QoS requirements for certain types of traffic. Despite these advantages, many organizations are choosing software-defined wide area networks (SD-WAN) as an alternative to MPLS because of the potential cost advantages.
Transport Layer protocols can be informally grouped by their purpose or function into the following basic categories:
Transport (TCP, UDP) Names and directory services (DNS,LDAP) Network operational support and management (NTP, DHCP) Web page operation (HTTP,HTTPS) Email (POP,IMAP,SMTP) Administrative and miscellaneous (FTP,SSH,Telnet)
Reliable data delivery
Transport layer
Point-to-Point Protocol (PPP) provides
a standard method for transporting multiprotocol datagrams over point-to-point links
Remote Procedure Call (RPC)
allows for the executing of objects across multiple hosts. RPC client executes a service request, which sends a set of instructions to an application residing on a different host on the network.
Link-State Protocols
can determine the most efficient path by knowing the connecting speed, congestion of the link, availability of the link and the total hops to determine what might be the best path. A longer hop count could be the shortest path if all other measurements are superior to a path with a shorter hop count. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on topography of the internet constructed by each node. Each router sends that portion of the routing table (keeps track of routes to particular network destinations) that describes the state of its own links, and it also sends the complete routing structure (topography).
The transport layer
delivers end-to-end services through segments transmitted in a stream of data and controls streams of data to relieve congestion through elements that include quality of services
Packet-switched networks
encapsulate each part of a communications activity into one or more packets, which is a bundle containing the data payload and the addressing and routing information needed by the connection fabric to deliver the packets to the designated recipient. There are no circuits and no dedicated use of links (with the exception of the one that connects each node to the mesh itself). Most computer information systems use packet-switched technologies as their communications and connectivity methods.
Open Shortest Path First (OSPF)
in its three versions (defined in RFC 1131) works at the Network Layer. As such, OSPF can be used in area border routers (ABRs), which can segment an AS into areas or in autonomous system border routers (ASBRs) that support the routing management between two (or more) autonomous systems.
Dynamic Host Configuration Protocol (DHCP)
is a client/server application designed to assign IP addresses from a pool of pre-allotted addresses on a DHCP server (see figure). The specification established in RFC 2131 requires the client transmit a DHCP Discover packet broadcast on UDP port 67 requesting an address. The DHCP server for that network responds on UDP port 68 giving the client an available address to use from a previously configured zone of addresses. If a DHCP server doesn't respond in a predetermined time, then the DHCP client self-assigns an IP address in the 169.254.x.x range (known as APIPA or Automatic Private IP Addressing) based upon IPv4 Link-Local Addresses based upon RFC 3927. Originally developed for IPv4 networks, DHCPv6 is a similar tool for addressing IPv6 networks.
Path Vector Protocols
is a network routing protocol, which maintains the path information that gets updated dynamically. Each router accumulates the cost of a particular path and validates that the paths are loop-free, before advertising its known paths through an update to its peers.
Cellular Network
is a radio network distributed over land areas called cells, each served by at least one fixed-location transceiver known as a cell site or base station as represented in the figure. In a cellular network, each cell characteristically uses a distinct set of radio frequencies from all their immediate neighboring cells to avoid any interference. When joined together, these cells provide radio coverage over a wide geographic area. This enables many portable transceivers (e.g., mobile phones, pagers, etc.) to communicate with each other and with fixed transceivers and telephones anywhere in the network via base stations, even if some of the transceivers are moving through more than one cell during transmission.
Multiprotocol Label Switching (MPLS)
is a wide area networking protocol designed to increase WAN efficiency. Operating across both Layers 2 and 3 of the OSI model, this link-state routing protocol calculates the optimal path when communications between devices is initiated and informs its peers of the "label" for that route. Future communications use the label (without further lookups to determine the optimal path) to move the traffic. Once the packets reach the destination router, the label is removed and the packet is delivered via normal IP routing.
Star or Tree topology
is based on a single switch to which every device connects. Instead of propagating the data to every device like a bus topology does, the switch directly passes data between ports. The switch can also be connected to other switches, creating a tree. A switch failure is the single point of failure for this topology.
A bus topology
is made up of a single backbone cable to which each node is connected. A node sends data both up and down the backbone cable. Signals do not pass through each node on a bus; the node samples the signals that are flowing by and determines which ones to listen or respond to. As a result, bus structures can tolerate a device failure or a device being powered down. Some bus structures can even tolerate a "hot swap" of a device, allowing the device to be unplugged and a replacement plugged in without interrupting ongoing bus activity. The cabling or backplane interconnections, which each bus device is plugged into or connected to, however, remain a single point of failure. Depending upon the bus technology being used, if the cabling or backplane is damaged, in general, the bus ceases to operate correctly.
OSI layer 3: The Network Layer
is responsible for moving packets between hosts (devices) on the network.
Bluetooth (Wireless Personal Area Network IEEE 802.15)
is standardized within the IEEE 802.15 Working Group for Wireless Specialty Networks (WSNs) that formed in 1999 as IEEE 802.15.1-2002. Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs) and has been integrated into many types of business and consumer devices.
A mesh network
is used when high availability is required. Each device is connected to multiple other devices, thereby avoiding a single point of failure. Wired or fiber-based mesh designs are quite common in high-performance server clusters, computing systems and storage networks. These are shown on the left in the figure. Most wireless networks actually create a mesh network, shown on the right in that figure. On the smaller scale, an airport terminal may have multiple wireless access points providing coverage of the same ticketing lobby or gate area; on the larger scale, mobile phone systems are built with mesh networks. Both demonstrate the scalability, enhanced reliability and serviceability that mesh networks can provide.
Point-to-Point Protocol over Ethernet (PPPoE) allows
multipoint Ethernet networks to create virtual point-to-point connections
Routing Information Protocol (RIP)
ow in its third version. RIP uses hop counts as the basis of computing the shortest route between two endpoint routers. RIPv3 (sometimes referred to as RIPng or next generation) is not in widespread use, but it may still be encountered in older systems. is a standard for exchange of routing information among gateways and hosts and is most useful as an "interior gateway protocol." It uses distance vector algorithms to determine the direction and distance to any link in the internetwork. If there are multiple paths to a destination, RIP selects the path with the fewest hops. However, because hop count is the only routing metric used by RIP, it does not necessarily select the fastest path to a destination.
Intermediate System to Intermediate System
protocol primarily works at the Data Link Layer of the TCP and OSI protocol stacks.
OSI Layer 7: The Application Layer
provides the largest attack surface of all the layers due to the diversity of applications that take advantage of protocol stack. HTTP and HTTPS protocol help mobile code and executable content move between servers and clients. support the function of applications that run on a system
Lightweight Directory Access Protocol (LDAP)
represented in the figure, uses a hierarchical tree structure for directory entries. Evolving from the earlier X.500 directory service standard, LDAP entries support the Distinguished Name (DN) and Relative Distinguished Name (RDN) concepts to uniquely identify resources -typically runs over non-secured network connections using TCP port 389 for communications. If advanced security is required, version 3 of the LDAP protocol uses the TLS protocol to encrypt communications.
Circuit-switched networks
select a path through the mesh to connect all of the nodes required for a given communications session or call. This path, called a circuit, is set up at the start of the session by selecting elements of the connection fabric for the exclusive use of the nodes on that call. The circuit is taken down at the end of the call (session), and the connection fabric elements are made available for other calls.
The presentation layer implementation
to send this transaction from one bank to another requires that fields are sent in an agreed order, with each field having an agreed format specifying the internal formatting and the display.
Token Ring (IEEE 802.5)
was adapted with some modification by the IEEE as IEEE 802.5. Despite the architecture's name, token ring uses a point-to-point-to-point connection with loopback approach, which ends up with the nodes being physically arranged as if in a star pattern around the ring. In contrast to a bus topology, each network interface device on the ring — that is, its media access unit (MAU) device — must be active for the network to function. If a device fails or is shut down but its MAU remains active, the network can wrap that port by having that MAU just pass traffic on without interacting with it. But if the MAU fails or is shut down, traffic cannot flow past it and the ring ceases to function. The logical topography, however, is a ring. Each device receives data from its upstream neighbor and transmits to its downstream neighbor. Token ring uses ring passing which is a special frame, called a token, to mediate which device may transmit on the local area network (LAN). To transmit, a device must possess the token
