internet securityinternet security dr. clincylecture1 cs 4491 internet security dr. clincy...
TRANSCRIPT
Dr. Clincy Lecture 1
Internet
Security
CS 4491 Internet Security
Dr. Clincy
Networking Fundamentals
Note: I am still “tweaking” your syllabus in trying to get to 16 or 17 lectures with 50% online
Dr. Clincy Lecture 2
Internet
Security
Internet – Consists of various technologies• LAN Examples: Ethernet, Token Ring, Wireless and
FDDI Ring
• Point-to-Point WAN Examples: Telephony Modem, DSL, Cable/Modem, T-Lines, and SONET
• Switched WAN Examples: X.25, Frame Relay and ATM
Briefly explain the difference between packet switch networks and circuit switch networks
Dr. Clincy Lecture 3
Internet
Security
Internet uses TCP/IP for internetworking – why ?
• Bottom Line: what makes TCP/IP so great and unique from other network protocols ??:– Network Technology Independence – independent of a
particular vendor’s hardware
– Universal Interconnection – any 2 computers connected to the internet can communicate – each computer has a unique internationally recognized address
– End-to-End Acknowledgements – acknowledgements between the source and destination versus intermediate nodes
– Application Protocol Standards – TCP/IP provides services (or software) to applications needing lower level communication services
• In understanding TCP/IP, one must understand OSI
Dr. Clincy Lecture 4
Internet
Security
Why Study OSI?
• Still an excellent model for conceptualizing and understanding protocol architectures
• More granularity in functionality - more functional delineation
• Key points:– Modular
– Hierarchical (chain of command, pecking order)
– Boundaries between layers (called interfaces)
NOTE: the protocols or functionality with in the layer could change however, the interface remains the same – this facilitates the flexibility
Dr. Clincy Lecture 5
Internet
Security
OSI
• Open Systems Interconnection
• Developed by ISO(International Organization for Standardization)
• Contains seven layers
• Application
• Presentation
• Session
• Transport
• Network
• Data Link
• Physical
Dr. Clincy Lecture 6
Internet
Security
A ZB C Q T
7
1
3
1
Tx Rx
Intermediate Nodes
What happens at the End and Intermediate Nodes ?
Dr. Clincy Lecture 7
Internet
Security
– between different layers on the same node or stack (INTERFACE)– between similar layers on different nodes or stacks (PEER-TO-PEER
PROCESSES)
Recap - OSI’s Layered Approach
Dr. Clincy Lecture 8
Internet
Security
OSI Reference Model ?
• Bottom 3 layers• Bottom 3 layers responsible for getting the info to the destination• (Bottom 3 layers): at the lower levels of the model protocols define
the electrical and physical standards• (Bottom 3 layers) at the lower levels, the bit ordering, the
transmission of the bits, and error detecting and correcting are defined
• Top 4 layers• at the higher levels of the model, the protocols define the data
formatting, message syntax, dialogue management, message sequences and info presentation
Dr. Clincy Lecture 9
Internet
Security
OSI Physical Layer• Responsible for transmission of bits
• Always implemented through hardware
• Encompasses mechanical, electrical, and functional interfaces
• Encoding issues: how 0’s and 1’s are converted to signals
• Transport medium: Coaxial, Twisted Pair, Optical, etc..
• Transmission Rate/Data Rate – how fast to send bits
• Transmission mode: transmission direction (simplex, duplex)
• Physical Topology: network layout
Dr. Clincy Lecture 10
Internet
Security
OSI Data Link Layer• Responsible for error-free, reliable transmission of
data
• Framing, Flow control, Error control (detection/correction)
• Makes use of physical address because with in the same network
Network Layer
Data Link Layer
Physical Layer
Actually sends the packets (groups of frames) from node to node using a routing algorithm
Takes raw data (bits) and transform them into frames, error control, etc.
Transmit and receive the raw data (bits)
Dr. Clincy Lecture 11
Internet
Security
OSI Data Link LayerHigh Level View of Data Link Layer’s Functions: 1. Take raw bits and transform them into frames or packets
(up) 2. Perform error detection on packets prior to them being sent
(down) 3. Perform error checking on packets received (up) 4. If error is encountered, the Data Link Layer notifies the
sender 5. Make sure not too much traffic is sent from the transmitter
to the receiver (flow control) In general, the bullet items above deal with creating a “transmission line” To achieve the functions above, we must have STANDARDS.
Dr. Clincy Lecture 12
Internet
Security
OSI Network Layer• Responsible for routing of messages through networks
• Concerned with type of switching used (circuit v. packet)
• Handles routing among different networks (Routing across “internetworks”)
• NOTE: with in the same network, only the DATA LINK layer is needed – amongst multiple networks, the NETWORK LAYER and routing are needed
• Makes use of logical address vs physical address because not with in same network
Dr. Clincy Lecture 13
Internet
Security
OSI Network Layer
Transport
Network Layer
Data Link Layer
Concerned with an error-free end-to-end flow of data
Actually sends the packets (groups of frames) from node to node using a routing algorithm
Takes raw data (bits) and transform them into frames
Dr. Clincy Lecture 14
Internet
Security
OSI Network Layer
High Level View of Network Layer’s Functions: 1. Transmitting data packets through a network in a timely
manner 2. There are more than one route between the source and
destination, the network layer chooses the best route (next hop) based on some criteria.
3. Makes sure the network does not become congested when
link or node failures occur. Passes data between two networks (differing networks)
Z
A
Examples - Node Cost - Link Cost - Distance - Spare Cap. - Low Util.
Dr. Clincy Lecture 15
Internet
Security
OSI Upper Layers• Application
• Presentation
• Session
• Transport
• Peer-to-Peer Processes …..
• End-to-End nodes only
Dr. Clincy Lecture 16
Internet
Security
OSI Transport Layer• Isolates messages from lower and upper layers
• Breaks down message size (segmentation) (down) and performs re-assembly (up)
• Monitors quality of communications channel (oversee all hops)
• Selects most efficient communication service necessary for a given transmission (could change over hops)
• Flow and Error control for Source and Sink
Dr. Clincy Lecture 17
Internet
Security
OSI Session Layer• Establishes logical connections between systems
(up/down)
• Manages log-ons, password exchange, log-offs (up/down)
• Terminates connection at end of session (up/down)
Dr. Clincy Lecture 18
Internet
Security
OSI Session Layer
The Session Layer is responsible for (1) dialogue management, (2)synchronization and (3) activity management.
Dialogue Management – an example is, querying a database. Let theDB sit on a remote server and the query is invoked from the client –the entire process of sending the query and receiving the data isconsidered “dialogue management”.
Synchronization – at the session layer, “synch points” can beinserted in the data being transmitted. If network failures occur, thedata would be re-transmitted starting at the last synch point.
Activity Management – involves sending special messages at thebeginning and end of an activity. These messages can help thereceiver determine when to start processing (after all data isreceived).
Dr. Clincy Lecture 19
Internet
Security
OSI Presentation Layer• Provides format and code conversion services
• Examples – File conversion from ASCII to EBDIC
– Invoking character sequences to generate bold, italics, etc on a printer
• The source and sink could operate using different encoding schemes – the presentation layer makes the translations
• Security
• Compression
Dr. Clincy Lecture 20
Internet
Security
OSI Application Layer• Provides access to network for end-user (end-user
being a human being or software application)
• User’s capabilities are determined by what items are available on this layer (ie. remote log-in, file transfer, email service, directory service, etc.)
Dr. Clincy Lecture 21
Internet
Security
An exchange using the OSI model
Explain encapsulation and decapsulation
Dr. Clincy Lecture 22
Internet
Security
COMPLEXITY TO CONSIDER
• Any particular node in an internetwork can be functioning as follows simultaneously:
• Tx to other internetwork nodes
• Rx from other internetwork nodes
• Intermediate node to some other internetwork nodes
Dr. Clincy Lecture 24
Internet
Security
Physical addresses
• Physical address is also known as the link address
• Physical address can be different sizes (depend on the network)
• Unicast type physical addresses – single Rx
• Multicast type physical address – multiple Rxs
• Broadcast type physical address – all Rxs can pickup message
Dr. Clincy Lecture 25
Internet
Security
IP Addresses can be either unicast, multicast or broadcast types
Going from network A physical address 10 to network P physical address 95.
Can’t use the physical address because different networks
The network layer address contains the uniqueness we need from source to sink. Network layer address is A-P
Unit at this layer - datagram
Explain communications at the network layer
Dr. Clincy Lecture 26
Internet
Security
Addresses in TCP/IP
Application Specific Address
Converts to a part address
Dr. Clincy Lecture 27
Internet
Security
Port addressesAddresses of sending and receiving processes (j and k)
Add IP address
Overhead (H2, T2) added for what ?