EE579T/2 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 2: Networks and Protocols Prof. Richard A. Stanley

Spring 2001© 2000, 2001, Richard A. Stanley

WPI EE579T/2 #1

EE579TNetwork Security

2: Networks and Protocols

Prof. Richard A. Stanley


WPI EE579T/2 #2

Course Web Page Works!

• Outside WPI: ece.wpi.edu/www/httpdocs/courses/ee579t

• From inside WPI network: \\ece-www\www\courses\ee579t

• Slides will be posted to the page before class, barring any unfortunate problems


WPI EE579T/2 #3

Overview of Tonight’s Class

• Review last week’s lesson

• Look at network security in the news

• Networks and protocols


WPI EE579T/2 #4

Last Week...

• Computer security is the bedrock on which network security rests

• Policy is essential: if you don’t know where you are going, you can’t get there

• This is a hard problem, lacking many formal proofs as its foundation

• Absolute security does not exist!


WPI EE579T/2 #5

Once more...

• Computer security deals with making a single computer secure– We’ll talk about what “secure” means later– This has been the focus of most formal research

• Network security deals with securing a group of interconnected computers– Which is what nearly all computers now are– Critically important issue


WPI EE579T/2 #6

Network Security Last Week-1

• Travelocity.com exposes tens of thousands of customer records on their web server

• Vandalized web pages up to 5,800 in 2000, vs. 3,800 in 1999.– Growing sophistication of attacks– Leave-behind code creates zombies on call

• OpenHack III


WPI EE579T/2 #7

Network Security Last Week- 2

• Hacktivism: teenager part of worldwide attempt to “take down the Internet”

• Numerous web site defacement attacks– President of Bulgaria– Coordinated attacks on government sites in

U.S., U.K., Australia

• New version of the Melissa virus attacks Macs, needs new fix


WPI EE579T/2 #8

Network Security Last Week- 3

• Experienced systems administrator puts newest server on-line.– Three days later, server taken over by intruder– Reason: failure to keep patches current

• “Mafiaboy” pleads guilty to conducting DoS attacks against eBay, Yahoo, Amazon, Dell, others

• Microsoft web sites inaccessible


WPI EE579T/2 #9

Networks• A network is an interconnected group of

communicating devices.• Two primary network types

– Circuit-switched (connection oriented)– Packet-switched (connectionless)

• Span– WAN, MAN, LAN– So what?


WPI EE579T/2 #10

Star Topology


WPI EE579T/2 #11

Buss Topology

Buss


WPI EE579T/2 #12

Ring Topology


WPI EE579T/2 #13

Two Network Technologies

• Token ring– Users remain silent until they receive token– Pioneered by IBM, not widely used

• Ethernet– Carrier-sense, multiple access/collision detect– Binary exponential backoff on collision sense– This is a radio network!– Most widely used architecture today


WPI EE579T/2 #14

Ethernet Overview

• Often defined by wiring type– Thicknet (10Base5)– Thinnet (10Base2)– Twisted pair (10BaseT)– Fiber (10BaseFL)

• Architecture (usually)– Physical star– Logical buss


WPI EE579T/2 #15

Ethernet Misconceptions

• The faster the network speed, the faster I can work

• “Just hook it up and go”

• All ethernets are created equal

• IEEE 802.3 = Ethernet

• Ethernet maps to the internet


WPI EE579T/2 #16

CSMA/CD Throughput

Throughput

Users

Signaling speed

~40%


WPI EE579T/2 #17

Ethernet Frame


WPI EE579T/2 #18

Ethernet Addresses

• 48 bits long

• Address space managed by the IEEE

• Usually fixed in hardware at time of manufacture

• Hardware must recognize at least it’s own physical address and the network multicast address, and possibly alternate addresses


WPI EE579T/2 #19

Other Network Technologies

• Fiber-Distributed Data Interconnect (FDDI)– Self-healing, 100 Mbps dual ring

• Synchronous Optical Network (SONET)

• Asynchronous Transfer Mode (ATM)– Can operate at gigabit speeds, 53 byte packets


WPI EE579T/2 #20

The ARPANET

• Father of the Internet

• Began as an attempt to conduct research to ensure continuity of communications after nuclear war, so– Connectionless– Assured delivery– Self-reconfiguring (sort of)


WPI EE579T/2 #21

Internet Properties

• Universal interconnection

• Universal communications service, platform-independent

• No mandated interconnection topology– Connecting a new network should not mean

connection to centralized site or direct connection to all existing networks

• Universal set of machine identifiers


WPI EE579T/2 #22

Internet Architecture

Net 1 R Net 2


WPI EE579T/2 #23

Extended Internetworking

Net 1 R Net 2

Net 3R


WPI EE579T/2 #24

Key Concepts

• Networks are interconnected by routers or gateways

• Routers route a packet using the destination network address, not the destination host address

• All networks are equal


WPI EE579T/2 #25

Some Terms

• TCP = transmission control protocol

• IP = internet protocol

• These protocols have become widely used outside the formally-defined internet

• They have some serious flaws, but they work– Think of RS-232 as an analogy


WPI EE579T/2 #26

IP Addressing


WPI EE579T/2 #27

Class Discrimination

• Address space is 32 bits long– Therefore, at most 232 possible addresses (or

4,294,967,296 in decimal notation)

• Easy to extract netid from address

• There is not a one-to-one correspondence between IP addresses and physical devices– Consider the router

• Address with hostid=0 refers to network


WPI EE579T/2 #28

IP Addressing Weaknesses

• If a host moves to another network, its IP address must change

• If a network grows beyond its class size (B or C), it must get a new address of the next larger size

• Because routing is by IP address, the path taken by packets to a multiple-addressed host depends on the address used


WPI EE579T/2 #29

IP Address Presentation

• Usually done in dotted decimal, e.g.,

• What class of network address is this?

10000000 00001010 00000010 00011110

is usually written as

128.10.2.30


WPI EE579T/2 #30

Address Limits

Class Lowest Address Highest Address A 0.1.0.0 126.0.0.0 B 128.0.0.0 191.255.0.0 C 192.0.1.0 223.255.255.0 D 224.0.0.0 239.255.255.255 E 240.0.0.0 247.255.255.255


WPI EE579T/2 #31

Special Purpose Addresses• 0.0.0.0 Addresses current host

• 255.255.255.255 Addresses hosts on current network

• Host bits zero Identifies a network

• Host bits one Addresses hosts on addressed network

• Network bits zero Addresses specific host on current network


WPI EE579T/2 #32

Reserved Addresses

• First Quad=127 is used for loopback– Traffic doesn’t leave the computer– Routed to the IP input queue– Usually see 127.0.0.1

• Unregistered addresses– Class A 10.0.0.0 thru 10.255.255.255– Class B 172.16.0.0 thru 172.31.255.255– Class C 192.168.0.0 thru 198.168.255.255


WPI EE579T/2 #33

Ports and Sockets

• Ports are associated with services, e.g., – Port 53 is usually the domain name service

(DNS)– Port 80 is usually the hypertext transfer

protocol service

• A socket is the combination of an IP address and a port, e.g. 192.168.2.45:80


WPI EE579T/2 #34

Address Registration

• Internet Assigned Number Authority (IANA) has ultimate control, sets policy

• Internet Network Information Center (INTERNIC) provides addresses to organizations that have joined the internet

• Only essential to register addresses that appear on the global network, but registration is preferred


WPI EE579T/2 #35

Routing


WPI EE579T/2 #36

Protocols

• A protocol is simply an agreed-upon exchange of information required to perform a given task

• Networks utilize protocols to accomplish all the important tasks they perform

• Layered protocols are common


WPI EE579T/2 #37

How Does It All Work?

• ARP maps internet to physical addresses

• RARP determines IP address at startup

• IP provides connectionless datagram delivery

• ICMP handles error and control messages

• UDP defines user datagrams

• TCP provides reliable stream transport


WPI EE579T/2 #38

ISO Protocol Model

TCP/IP


WPI EE579T/2 #39

Protocol Layering

• Refers to a protocol running on top of another protocol

• Layered protocols are designed so that layer n at the destination receives exactly the same object sent by layer n at the source


WPI EE579T/2 #40

How Protocol Layering Works


WPI EE579T/2 #41

Protocol Layering & Internet


WPI EE579T/2 #42

Important Boundaries


WPI EE579T/2 #43

TCP

• Assumes little about underlying network

• Reliable delivery characteristics:– Stream orientation– Virtual circuit connection– Buffered transfer– Unstructured stream– Full duplex connection


WPI EE579T/2 #44

Positive Acknowledgement


WPI EE579T/2 #45

Positive Acknowledgement With Lost Packet


WPI EE579T/2 #46

Sliding Window


WPI EE579T/2 #47

Positive ACK With Sliding Window


WPI EE579T/2 #48

TCP

• A communications protocol, NOT a piece of software

• Provides– Data format– Data acknowledgement for reliable transfer– How to distinguish multiple destinations– How to set up and break down a session

• Very complex


WPI EE579T/2 #49

Conceptual TCP Layering


WPI EE579T/2 #50

Round Trip Delays


WPI EE579T/2 #51

Delays: So What?

• How do you slide the window?

• How do you back off on collision detect?

• How do you respond to congestion?

• …etc.


WPI EE579T/2 #52

Establishing TCP Session


WPI EE579T/2 #53

Ending TCP Session


WPI EE579T/2 #54

TCP State Machine


WPI EE579T/2 #55

Other Network Protocols

• NetBIOS

• NetBUI

• IPX

• X.25

• ATM

• Message: TCP/IP is not the only show in town


WPI EE579T/2 #56

Summary• Networks come in two sorts: circuit-

switched and packet-switched; most computer networks are the latter

• Sophisticated protocols are required for network communications

• Internetworking is key to modern networks

• TCP/IP is the dominant protocol, but not the only one


WPI EE579T/2 #57

Homework - 1

1. What is the single greatest advantage of having the IP checksum cover only the datagram header and not the data? What is the disadvantage?

2. Exactly how many class A, B, and C networks can exist? How many hosts can a network in each class have?


WPI EE579T/2 #58

Homework - 2

3. How many IP addresses would be needed to assign a unique network number to every home in the U.S.A.? Is the address space sufficient?

4. What is the chief difference between the IP addressing scheme and the North American Numbering Plan used for telephone numbers?


WPI EE579T/2 #59

Homework - 3

5. Complete routing tables for all routers shown on slide 35.

6. Can you think of any security issues, hardware or software, that arise from what you have studied so far?


WPI EE579T/2 #60

Assignment for Next Week

• Read course text, Chapters 4 and 5 • Next week’s topic: Topology and Firewall

Security

Documents

EE579T/2 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 2: Networks and Protocols Prof. Richard A. Stanley