Networking and Basics

What is Networking?
Networking is connecting devices together to commutate with each other, so they can share data, files, and computing resources

Networking happens all around us to our PCs, to ATMs, cell phones, and much more

We will focus on computer networking in this.

Types of Network Topologies

Star:

Mesh:

Most Common Network Devices

Hub (Layer 1)

Switch (Layer 2)

Router (Layer 3)

Wireless Access Point (Layer 2 or 3)

Types of Networks
LAN Local Area Network

WAN - Wide Area Network

WLAN Wireless Local Area Network

LAN Local Area Network

LAN:- It is a group of computers and associated devices
that share a common communications line or wireless link and typically share the resources of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that are shared in common by multiple computer users.

A local area network may serve as few as two or three users (for example, in a home network) or many as thousands of users.

Large LAN Structure

Small LAN Structure

WAN Wide Area Network

WAN:- It are used to connect LANs and other types of networks
together, so that users and computers in one location can
communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet service providers, provide connections

from an organization's LAN to the Internet. WANs are often built

using leased lines. Technology of WAN:- WAN is connected to different networks

through hubs and routers.

A LAN is connected to a WAN via router but on the other side a hub is present.

WLAN Wireless Local Area Network

A wireless local area network (WLAN) links devices via a wireless distribution method (typically spreadspectrum or OFDM) and usually provides a connection through an access point to the wider internet. This gives users the mobility to move around within a local coverage area and still be connected to the network.

Wireless LANs have become popular in the home due to ease of installation and the increasing popularity of laptop computers. Public businesses such as coffee shops and malls have begun to offer wireless access to their customers, sometimes for free. Large wireless network projects are being put up in many major cities.

TCP, IP, UDP

TCP:- TCP is known as a connection-oriented protocol,
which means that a connection is established and maintained until such time as the message or messages to be exchanged

by the application programs at each end have been

exchanged. TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at

the other end. In the Open Systems Interconnection (OSI)

communication model, TCP is in layer 4, the Transport Layer.

IP:- IP (Internet Protocol) is the primary network protocol

used on the Internet, developed in the 1970s. On the Internet
and many other networks, IP is often used together with the Transport Control Protocol (TCP) and referred to interchangeably as TCP/IP.

TCP,IP & UDP (Contd)

UDP:- UDP (User Datagram Protocol) is a simple OSI
transport layer protocol for client/server network applications based on Internet Protocol (IP). UDP is the main alternative to TCP and one of the oldest network protocols in existence, introduced in 1980. UDP is often used in videoconferencing applications or computer games specially tuned for real-time performance. To achieve higher performance, the protocol allows individual packets to be dropped (with no retries) and UDP packets to be received in a different order than they were sent as dictated by the application.

ADDRESSING
Definition: A network address serves as a unique identifier for a computer on a network. When set up correctly, computers can determine the addresses of other computers on the network and use these addresses to send messages to each other. One of the best known form of network addressing is the Internet Protocol (IP) address. IP addresses consist of four bytes (32 bits) that uniquely identify all computers on the public Internet. Another popular form of address is the Media Access Control (MAC) address. MAC addresses are six bytes (48 bits) that manufacturers of network adapters burn into their products to uniquely identify them.

TYPES OF ADDRESSING
There are two types of addressing:
(1)- Hardware (MAC) (2)- Software (IP) (1) Hardware Address: In computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sub-layer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address. There are three numbering spaces, managed by the Institute of Electrical and Electronics Engineers (IEEE), which are in common use for formulating a MAC address: Exp.= 28-4c-98-f6-50-a8

TYPES OF ADDRESSING (Contd)

(2) Software Address
Software address is known as IP address. An Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network, that uses the Internet Protocol for communication between its nodes. An IP address serves two principal functions: host or network interface identification and location addressing.

Static vs. Dynamic IP

A static IP address is an address that does not change over time unless changed manually. It is used when you need the IP address or network location to remain the same consistently. A good example of this is for a web server. If you go to www.google.com you are really going to the IP address of 66.102.7.99.

TYPES OF ADDRESSING (Contd)

If this were to change suddenly you would not be able to get to Google unless you knew the new IP address or until Google updated their DNS records. A Dynamic IP address is an address that keeps on changing. It is mostly used when having a consistent IP address is not necessary. An example of this would be the IP address your ISP (internet service provider) assigns you when you log on to the internet. You must have an IP address to surf the web but once you disconnect you loose that address. Then the next time you sign on you are assigned a new one. This is done using DHCP.

Classes of IP Address
There are Five Classes in IP Addresses Classes Ranges Subnet mask (1) Class A 0 to 126 255.0.0.0 (2) Class B 128 to 191 255.255.0.0 (3) Class C 192 to 223 255.255.255.0 (4) Class D 224 to 239 X (5) Class E 240 to 255 X

Client Server Relationship

CLIENT:- In computing, a client is a system that accesses a (remote) service on another computer by some kind of network. The term was first applied to devices that were not capable of running their own stand-alone programs, but could interact with remote computers via a network. These dumb terminals were clients of the time-sharing mainframe computer

SERVER:- In information technology, a server is a computer program that provides services to other computer programs (and their users) in the same or other computers.

Domain Name A name that identifies one or more IP addresses. For example, the domain name microsoft.com represents about a dozen IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.pcwebopedia.com/index.html, the domain name is pcwebopedia.com. Every domain name has a suffix that indicates which top level domain (TLD) it belongs to. There are only a limited number of such domains. For example: gov - Government agencies edu - Educational institutions org - Organizations (nonprofit) mil - Military com - commercial business net - Network organizations ca - Canada th - Thailand

DNS
DNS:- Domain Name System (DNS) is a database system
that translates a computer's fully qualified domain name into an IP address. Networked computers use IP addresses to locate and connect to each other, but IP addresses can be difficult for people to remember. For example, on the web, it's much easier to remember the domain name www.innobuzz.in than it is to remember its corresponding IP address (216.18.197.164). DNS allows you to connect to another networked computer or remote service by using its user-friendly domain name rather than its numerical IP address

DHCP:-Dynamic Host Configuration Protocol (DHCP) is a

network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.

INTRANET & INTERNET

INTRANET:- An intranet is a private network that is contained
within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an intranet includes connections through one or more gateway computers to the outside Internet. The main purpose of an intranet is to share company information and computing resources among employees. An intranet can also be used to facilitate working in groups and for teleconferences.

INTERNET:- The Internet, sometimes called simply "the Net," is a worldwide system of computer networks - a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). It was conceived by the Advanced Research Projects Agency (ARPA) of the U.S. government in 1969 and was first known as the ARPANET.

INTRANET & INTERNET (Cont)

Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide. Physically, the Internet uses a portion of the total resources of the currently existing public telecommunication networks. Technically, what distinguishes the Internet is its use of a set of protocols called TCP/IP (for Transmission Control Protocol/Internet Protocol). The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail.

Network Protocols: Overview

Serial Line Internet Protocol

Introduced in 1980 and functions in the data link layer Offered a way to send IP datagrams over serial connections Provides dial-up access to Internet and LANs Preferred way for encapsulating IP packets due to less overhead Appends slip end character to datagram thus distinguishing the same
Limitations: No method for detection or correction of error in transmission Doesnt support encryption of data or authentication of connection

Point-to-Point Protocol
Introduced in 1994 and functions in the data link layer Creates the session between the user system and the ISP for transferring IP packets over a serial link Encapsulates packets in HDLC based frames Broad framing mechanism as compared to the single END character in SLIP Supports encryption of data and authentication of connection

Internet Protocol
Introduced in 1970 and functions in the network layer Data-oriented protocol used by source and destination hosts for communicating data across a packetswitched internetwork Features:
Provides universally defined addresses Allows transmission that is independent of any lower level protocol Connectionless and unreliable protocol Doesnt use acknowledgement after delivery

Internet Protocol: Attacks and Countermeasures

Attacks: Source Routing An attacker can pick any source IP address desired if weak source

routing is present Routing Information Protocol Attacks Used to propagate routing information on local networks so easy for attacker to route active host Exterior Gateway Protocol Attacks Easy for the attacker to impersonate a second exterior gateway for the same autonomous system Countermeasures: Reject pre-authorized connections if source routing information was present Use paranoid gateway that can block any form of host spoofing Authenticate RIP packets in the absence of economical public-key signature schemes

Address Resolution Protocol

Introduced in 1982 and functions in the network layer Dynamic resolution protocol, used for finding hosts Ethernet address from its IP address Encodes the IP address of the recipient in a broadcast message For correlation of addresses, two basic methods used are: Direct Mapping

Converts layer three addresses to layer

two addresses Dynamic Resolution Resolves layer three addresses into layer two addresses when only layer three address is known

Address Resolution Protocol: Vulnerabilities and Security Measures

Vulnerabilities Absence of authentication enables the attacker to forge ARP requests Stateless protocol enables sending replies without corresponding ARP request Vulnerable to ARP spoofing and Man-in-the-Middle attacks Security Measures Use DHCP to stop spoofed IP conflicts Firewall should be configured to block ARP Run a batch file with static ARP entries

Reverse Address Resolution Protocol

Introduced in 1984 and functions in the network layer Protocol used to obtain the IP address from the given Ethernet address Features:
Solves the bootstrapping problem

Backward use of ARP

Limitations:
Manual configuration of each clients MAC address on the central server

Non-IP protocol that cannot be handled with TCP/IP stack present on client computer

Internet Group Management Protocol

Introduced in 1990 and functions in the network layer Used to manage the multicast group in TCP/IP network Features of three versions:
IGMP Version 0 Supports the allocation of temporary group addresses between IP hosts and their immediate neighbor multicast agents IGMP Version 1 Supports the creation of transient groups IGMP Version 2

Supports group membership termination for quick report to routing protocol Message Types: Host Membership Report Host Membership Query Leave Group

Internet Control Message Protocol

Introduced in 1995 and functions in the network layer Allows devices to send error and control messages ICMP Messages:

Error Message Gives feedback to the source about the

occurred error Informational Message

Allows the user to exchange information, implement IP related features and perform testing Limitation: Delivery of message is not assured if encapsulated directly within a single IP datagram

Internet Control Message Protocol: Attacks and Security Measures ICMP Attacks:
Redirect Message Attacks Subnet Mask Reply Attacks Denial of Service Attacks

Security Measures:
Restrict route changes to the specified location to prevent redirect attacks Check the reply packet only at suitable time to block the subnet mask attacks Authentication mechanism9

Transmission Control Protocol

Introduced in 1970 and functions in the transport layer Byte-stream connection oriented protocol providing reliable delivery Features and Functions:
Supports acknowledgement of received data by sliding window acknowledgement system Automatic retransmission of lost or unacknowledged data Provides addressing and multiplexing of data Establishes, manages and terminates the connection Offers reliability and transmission quality service Provides flow control and congestion management

User Datagram Protocol

Introduced in 1980 and functions in the transport layer Connectionless protocol used by applications that stress on fast rather than reliable delivery of datagrams Applications:
Used for streaming audio and video, videoconferencing Trivial File Transfer Protocol, Simple Network Management Protocol and online games

Disadvantages:
Doesnt support acknowledgement for received data or retransmission of lost messages Doesnt offer flow control and congestion management

TCP, UDP: Attacks and Countermeasures

Transmission Control Protocol
TCP Sequence Number Prediction Attack
Constructs a TCP packet sequence without server response so allowing hacker to spoof a trusted host on a local network

Countermeasures

Randomize the increment in number Good logging and alerting mechanisms

User Datagram Protocol

Attack
Easy to spoof UDP packets than TCP packets, as there are no handshakes or sequence numbers

Countermeasures
Applications that are using UDP should make their own arrangements for authentication

File Transfer Protocol

Introduced in 1971 and functions in the application layer

Protocol used to exchange files over the Internet and uses TCP for transfer
Features: Promotes sharing of files

Supports indirect or implicit use of remote computers

Reliable and efficient transfer of data Disadvantages:

Hard to filter the active mode FTP traffic on client side

More overhead since more number of commands are needed to start the transfer

Trivial File Transfer Protocol

Introduced in 1980 and functions in the application layer Protocol used to exchange files over Internet and uses UDP for transfer Preferred in situations where fast and simple transfer of small files are necessary Disadvantages compared to FTP: Limited command set only for sending and receiving files

No authentication or encryption mechanism Allows only simple ASCII or binary file transfer

FTP, TFTP: Vulnerabilities

FTP Vulnerabilities: Directory Traversal Allows remote attackers to escape the FTP root and read arbitrary files Buffer Overflow Allows remote attackers to gain root privileges

SITE EXEC Command Attack

Allows remote attackers to execute arbitrary commands via the SITE EXEC command Vulnerability FTP Server

Allows local and remote attackers to cause a core dump in the root directory possibly with world-readable permissions TFTP Vulnerabilities: TFTP Vulnerability Allows access to files outside the restricted directory by Linux implementations of TFTP

TELNET
Introduced in 1971 and functions in the application layer TCP based client-server protocol used on Internet and LAN connections Features: Offers user oriented command line login sessions between hosts on the Internet Allows user for remote login by opening connection to remote server Major Concepts Of Foundation:

Network Virtual Terminal (NVT) used for universal communication by all devices Avoids incompatibilities between devices by providing common base representation Symmetric operation for client and server

Simple Mail Transfer Protocol

Introduced in 1981 and functions in the application layer Text-based protocol that defines one or more recipients for transferring the text messages SMTP uses MIME to encode binary text and multimedia files for transfer Features: Defines the message format and Message Transfer Agent (MTA) that stores and forwards the mail Direct transfer of users mail to the server that can handle the mail using Domain Name Service Acts as a push protocol by restricting users to pull messages from remote server

TELNET, SMTP: Vulnerabilities

TELecommunication NETwork: Vulnerability Allows an attacker to bypass the normal system libraries and gain root access Guessable Passwords

A Unix account has a guessable password Simple Mail Transfer Protocol: Vulnerability Allows remote attackers to execute arbitrary code via a malicious DNS response message Security Issues Use a firewall to block incoming TCP protocol network traffic Block TCP protocol network traffic on Windows Server 2000 because it handles Domain Name System (DNS) lookups

Network News Transfer Protocol

Introduced in 1986 and functions in the application layer Protocol used to connect Usenet group on the Internet and carry Usenet traffic over TCP/IP Functions: Propagates messages between NNTP servers Allows NNTP clients to post and read articles Handles both inter-server and clientserver communication using NNTP command set

Network News Transfer Protocol: Vulnerability and Countermeasures

NNTP Vulnerability: Allows remote attackers to execute arbitrary code via XPAT patterns that are related to improper length validation Countermeasures: Enable advanced TCP/IP filtering on systems that support NNTP Block the affected ports by using IPSec on the affected systems Remove or disable NNTP if there is no need for it

Simple Network Management Protocol

Introduced in 1987 and functions in the application layer
Protocol used to communicate management information between network management stations and managed devices

Components:
Master Agents Responds to SNMP requests made by a management station

Subagents
Implements the information and management functionality Management Stations

Receives requests for management operations on behalf of administrator

Simple Network Management Protocol: Security Issues And Models

Security Issues MIB objects contain critical information about network devices Community strings are passed in clear text in messages, easily sniffed and provides weak authentication Security Models Party Based Security Model A logical entity called party specifies a particular authentication protocol and privacy protocol User Based Security Model

Provides the security based on access rights of a user of the machine View Based Access Control Model
Well control for accessing objects on a device

Hyper Text Transfer Protocol

Introduced in 1990 and functions in the application layer Communication protocol used to establish a connection with a Web server and transmit HTML pages to the client browser Stateless request/response system between client and server Features: Supports multiple host name

Performance enhancement due to multiple requests in a single TCP session

Improved efficiency due to method caching and proxying support Provides security by authentication methods

Hyper Text Transfer Protocol: Vulnerabilities

Cross-site Scripting
Allows remote attackers to execute arbitrary Javascript on other web clients

Directory Traversal
Allows attackers to access restricted directories and execute commands outside of the web server's root directory

MailMan Webmail
Allows remote attackers to execute arbitrary commands via shell metacharacters

Buffer Overflow
Allows remote attackers to execute arbitrary commands via a long password value in a form field

eWave

Allows remote attackers to upload files

Post Office Protocol

A protocol used to retrieve emails from a email server Indicates the action of transferring emails from the inbox of mail server to the inbox of the client POP3 is an enhanced version that works with/without SMTP mail gateways POP3 services run on port number 110 as defined by the IANA Features:

Supports offline mail processing and persistent message IDs

Offers access to new mail from various client platforms anywhere across the network

Summary
TCP/IP suite offers protocols at four different layers:
Data Link Layer
Point-to-Point Protocol Creates the session between the user
system and the ISP for transferring IP packets over a serial link

Network Layer
switched Internet Protocol is data-oriented protocol used by source and destination hosts for communicating data across a packetinternetwork Transmission Control Protocol is byte-stream connection oriented protocol providing reliable delivery

Transport Layer

Application Layer
File Transfer Protocol is used to exchange files over the Internet and uses TCP for transfer