Network Design, Common Network Terminology and Security Implications

Information Security 365/765, Fall, 2016Course Instructor, Nicholas Davis

Lecture 8, Telecommunications and Network Security

Telecommunications andTelecommunications andNetwork Security OverviewNetwork Security Overview• TCP/IP and other protocols• LAN, WAN, MAN, intranet,

extranet• Cable types and data

transmission types• Network devices and services• Communications security

management05/01/23 UNIVERSITY OF WISCONSIN 2

IP – Internet ProtocolIP – Internet ProtocolHow the Internet TalksHow the Internet Talks

A protocol (means of communication) which provides a means for routing data to its destinationThink of it this way:Data packet = contents of a postal letterIP address = an addressed envelopeNetwork = the postal system

05/01/23 UNIVERSITY OF WISCONSIN 3

TCP and UDPTCP and UDPTwo Major Protocols For Two Major Protocols For

Transmission Over IPTransmission Over IP


Reliabaility TCPReliabaility TCPTCP is connection-oriented protocol. When a file or message send it will get delivered unless connections fails. If connection lost, the server will request the lost part. There is no corruption while transferring a message.


Reliability UDPReliability UDPUDP is connectionless protocol. When you a send a data or message, you don't know if it'll get there, it could get lost on the way. There may be corruption while transferring a message.


Ordered Delivery TCPOrdered Delivery TCPOrdered: If you send two messages along a connection, one after the other, you know the first message will get there first. You don't have to worry about data arriving in the wrong order


No Ordered Delivery UDPNo Ordered Delivery UDPIf you send two messages out, you don't know what order they'll arrive in


TCP is a HeavyweightTCP is a HeavyweightProtocolProtocol

Heavyweight: - when the low level parts of the TCP "stream" arrive in the wrong order, resend requests have to be sent, and all the out of sequence parts have to be put back together, so requires a bit of work to piece together


UDP is a Lightweight UDP is a Lightweight ProtocolProtocolLightweight: No ordering of

messages, no tracking connections, etc. It's just fire and forget! This means it's a lot quicker, and the network card / OS have to do very little work to translate the data back from the packets.


What is Your Opinion ofWhat is Your Opinion ofWhen to Use TCP vs. UDP?When to Use TCP vs. UDP?TCP is typically slower than UDPUDP is typically less reliable than TCP


The TCP HandshakeThe TCP Handshake


Every Node on an IP Every Node on an IP NetworkNetwork

Has an IP AddressHas an IP AddressIn IPv4 there are five classes of IP addresses A-EClass A = Very large networksClass B = Medium to large size networksClass C = Small networksClass D = Reserved for multicastingClass E = Experimental and educational use05/01/23 UNIVERSITY OF WISCONSIN 13

The 5 Types of PhysicalThe 5 Types of PhysicalNetwork TopologiesNetwork Topologies

• Bus• Ring• Star• Tree• Mesh


Bus TopologyBus TopologyBus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.


Ring TopologyIn a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.


Star TopologyMany home networks use the star topology. A star network features a central connection point called a "hub node" that may be a network hub , switch or router . Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)


Tree TopologyTree TopologyCorporate NetworksCorporate Networks

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the root of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.


Mesh TopologyMesh TopologyThe Larger InternetThe Larger Internet

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing.


Summary ofSummary ofNetwork TopologiesNetwork Topologies

Topologies remain an important part of network design theory. You can probably build a home or small business computer network without understanding the difference between a bus design and a star design. However, each type of topology has security implications.


Network CablingNetwork CablingCoaxial CableCoaxial Cable

Coaxial cable, or coax (pronounced 'ko.æks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket.


Network CablingNetwork CablingTwisted PairTwisted Pair

Twisted pair cabling is a type of wiring in which two conductors of a single circuit are twisted together for the purposes of canceling out electromagnetic interference from external sources; for instance, electromagnetic radiation from unshielded twisted pair cables, and crosstalk between neighboring pairs.


Network CablingNetwork CablingFiber OpticFiber Optic

A technology that uses glass (or plastic) threads (fibers) to transmit data. A fiber optic cable consists of a bundle of glass threads, each of which is capable of transmitting messages modulated onto light waves. Fiber optics has several advantages over traditional metal communications lines:


For Better Security UseFor Better Security UseCoaxial Cable or Fiber Coaxial Cable or Fiber

OpticsOpticsSignal leakage from twisted pair cables makes them vulnerable to snooping of the data traffic


Beware of Signal Beware of Signal AttenuationAttenuation

(loss of signal over distance)(loss of signal over distance)


Assigning An IP AddressAssigning An IP AddressDHCPDHCP

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. DHCP assigns an IP address when a system is started, for example, your cable modem at home uses DHCP


Assigning an IP AddressAssigning an IP AddressStaticStatic

If you feel the need to always know what your IP address is then you need a Static IP address, because it is constant. Static IP addresses are used on servers making it easy for all computers to contact them, since they will know what the address of the server is


Different Types of Network Different Types of Network DevicesDevices

RepeatersBridgesRoutersSwitches


RepeaterRepeaterIn telecommunications, a repeater is an electronic device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances.


BridgeBridgeA network bridge is a network device that connects multiple network segments.


RouterRouterA router is a networking device, commonly specialized hardware, that forwards data packets between computer networks.


Network SwitchNetwork SwitchA network switch (sometimes known as a switching hub) is a computer networking device that is used to connect devices together on a computer network, by using a form of packet switching to forward data to the destination device.


Network GatewayNetwork GatewayIn computer networking, a gateway is a node (a router) on a TCP/IPnetwork that serves as an access point to another network. A default gateway is the node on the computer network that the network software uses when an IP address does not match any other routes in the routing table.


FirewallFirewallIn computing, a firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.

Firewalls were once considered sufficient, but not anymore? Let’s talk inside threats!05/01/23 UNIVERSITY OF WISCONSIN 34

The Trickery of a HoneypotThe Trickery of a HoneypotA honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.

Looks like a vulnerable device, but is actually there to observe and collect potential attack related data

You can learn a lot from a Honeypot05/01/23 UNIVERSITY OF WISCONSIN 35

Network SegmentationNetwork SegmentationReduced congestion: Improved performance is achieved because on a segmented network there are fewer hosts per subnetwork, thus minimizing local trafficImproved security: Broadcasts will be contained to local network. Internal network structure will not be visible from outsideContaining network problems: Limiting the effect of local failures on other parts of network


DNS DNS Domain Naming ServiceDomain Naming Service

The DNS translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.

DNS implements a distributed database to store this name and address information for all public hosts on the Internet. DNS assumes IP addresses do not change (are statically assigned rather than dynamically assigned).05/01/23 UNIVERSITY OF WISCONSIN 37

DNS PoisoningDNS PoisoningDNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).


Directory ServicesDirectory ServicesDirectory services are software programs that link directly into core databases to manage the identities and security of users on a network. They are crucial to many medium and large organizations.


NATNATNetwork Address Network Address

TranslationTranslationNAT (Network Address Translation or Network Address Translator) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network.


The Corporate IntranetThe Corporate Intraneta local or restricted communications network, especially a private network created using World Wide Web software.


The Corporate ExtranetThe Corporate ExtranetAn intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the Internet securely.


The LANThe LANA local area network (LAN) is a computer network that interconnects computers within a limited area such as a home, school, computer laboratory, or office building, using network media.


The MANThe MANA Metropolitan Area Network (MAN) is a large computer network that spans a metropolitan area or campus. Its geographic scope falls between a WAN and LAN. MANs provide Internet connectivity for LANs in a metropolitan region, and connect them to wider area networks like the Internet.


The WANThe WANA wide area network (WAN) is a computer network that spans a relatively large geographical area and consists of two or more interconnected LANs and MANs


Quality of ServiceQuality of ServiceQOSQOS

Quality of service (QoS) is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.Three levels of QOS are:Best Effort – We tryDifferentiated Service – We elevate above best effortGuaranteed Service – Has priority over all


Mobile Phone SecurityMobile Phone Security• Mobile base station impersonation• Mobile phone cloning• Encrypted over wireless portion, as well as

backhaul. What is backhaul? Backhaul is the wired portion of the network, connected to the cell phone tower, to route data to its source

• Access to Internet, bypassing corporate firewalls

• Malware threats worse than on a regular computer

• Ability to access camera is a threat05/01/23 UNIVERSITY OF WISCONSIN 47

Wireless Best PracticesWireless Best Practices• Protect your network with

password and encryption• Change default SSID (name of

network)• Disable broadcast SSID (name of

network)• Place the Access Point at the

center of the building to avoid external access

• Configure the Access Point to only allow known MAC (hardware) addresses into the network
