How do Networks work – Really • The purposes of set of slides is to show networks really work. • Most people (including technical people) don’t know • Many people have a high level understanding but still don’t have enough knowledge to solve simple problems • By covering these topics now, it makes learning the higher level aspects of networks easier. What is a Network? • A network is a series of computers that are connected together. • Each computer on the network can send messages (information) to any other computer on the network • These messages can contain requests for data or services. For example: • A computer requests data from a database which resides on another computer • A computer sends a document through the network to another computer for printing. Network Structure • The following diagram illustrates a network of computers File Server Printer How do computers communicate on a network? • Each network interface connector (NIC) has a unique address. (NOTE: this is NOT an internet address. More on that later). This address is called the MAC address • This address is set by the manufacturer of the NIC and it NEVER changes • In order for a computer to send a message to another computer, it must have its address Address:177231 Address: 376543 Sending messages • The sending computer constructs a message. • The message contains: • The sender’s address • The receiver’s address • The data Address:177231 Address: 376543 Message Sender: 177231 Receiver: 376543 Data… Sending the message • In order for the message to be sent, it must be placed in a “Packet” • A packet is the message which can be encoded on the network medium • If the message is too large to fit into a single packet, the message is broken up into several packets and reassembled by the receiver Address:177231 Address: 376543 Message Sender: 177231 Receiver: 376543 Data… Packet Packet Packet Packet Receiving the message • Each computer on the network is constantly listening to the network for messages which are addressed to it • When it sees packets which contain its address, it reads those packets off of the network and reassembles the packets into the original message. Address:177231 Address: 376543 Message Sender: 177231 Receiver: 376543 Data… Packet Packet Packet Packet Replying to the message • It is often the case that the sender is expecting a response from the receiver • In this case, the roles reverse. The receiver constructs a message and sends it back to the original sender. Address:177231 Address: 376543 Message Sender: 376543 Receiver: 177231 Data… Packet Packet Packet Packet Network insecurities • It is at this point that we have our first security problem • The network medium is shared by everyone • As messages are sent through the network, there is a possibility that they can be viewed by computers other than the intended recipient • This is called “sniffing” • There is no way to detect that this is happening Address:177231 Address: 376543 Message Sender: 376543 Receiver: 177231 Data… Packet Packet Packet Packet Network insecurities • Another type of insecurity is called “Man in the Middle” • In this case, the middle computer not only reads the message but changes it as it goes through the network • The receiver “thinks” it is getting a message from the sender. The message is actually hijacked by the middle man. • There is no way to detect that this is happening Address:177231 Address: 376543 Message Sender: 376543 Receiver: 177231 Data… PacketX PacketX Packet Packet Network insecurities – Defence • Sniffing and Man in the middle are problems because of the way network hardware worked. • Packets were sent to ALL computers on the network (via a hub) and computers would only take messages that were destined for them. • New technology (called a switch) only sends the message to the receiving computer. Address:177231 Address: 376543 Message Sender: 376543 Receiver: 177231 Data… Packet Packet Packet Packet Network Structure • What we’ve seen so far are computers which are connected to the same physical network • But what about computers which are connected to different networks? • This is the basis for what we call the “Internet” ? A Network of Networks – Gateways and Routers • Networks are connected together with gateways or routers • A gateway is a computer which connects to more than one network • A router is a device which connects to more than one network for the purpose of routing traffic between those networks Sending Messages – Between Networks • Each computer has a MAC address. • This address is used for sending messages to computers on the same network. • A computer’s MAC address is ONLY known on the network to which it is directly connected • In order to send a message to a computer on another network, we need a second address Internetworking Address – IP address • To be connected to a network of networks, each computer needs an Internet address • This address indicates the computer and the network to which the computer is connected • On the Internet, addresses are 32 bits long. They are represented by 4 decimal numbers separated by a period • These are examples of Internet Addresses 136.159.2.1 192.168.215.7 4.27.56.197 Network Addressing Setup • In this example, each computer has an IP address and that address indicates which network the computer is connected to • Because the gateway is connected to both networks, it has 2 IP address (one for each connection) 136.159.2.27 Network: 136.159.2 136.159.3.191 136.159.2.1 136.159.3.1 Network: 136.159.3 Sending messages between networks • When a computer wishes to send a message, it must know the IP address of the receiver computer. • Because the IP address includes the network address, the computer can identify if the receiver is on the same network as itself. • If so, it obtains the MAC address of the receiving computer and sends the message directly to it. • If the receiver is NOT on the same network, the computer only has one place to send the message • To the gateway machine. • The computer obtains the MAC address of the gateway and sends the message to it. The Gateway - Routing • There are two possibilities for the gateway: • The receiving computer is connected to a network that the gateway is connected to. The gateway obtains the MAC address of the receiver and sends the message to it. • The receiving computer is NOT connected to a network that the gateway is connected to. • In this case, the gateway has some decisions to make. Where should it send the message? Routing • The Internet is made up of many computers. • Some are gateways • Some are just computers which use the services of the Internet • Gateways know about other gateways. • When a gateway receives a message which it doesn’t know what to do with, it must figure out (based on the messages destination address) which gateway to forward the message to. It must choose a gateway which is one step closer to the receiving computer. • Every time a message goes through a gateway is called a “hop”. The Internet Backbone • At the core of the Internet is a series of very powerful machines which make up its “backbone” • These machines reside in universities, telephone companies, government agencies, ISPs, etc. • Packets “hop” through the internet from gateway to gateway until they reach their destination computer. • What are the pros and cons of this kind of structure? The Internet – From a different point of view • The previous slides have all shown how the Internet works at the very low level • There is another perspective of the Internet at a high level • This is the level with which most people are familiar • This higher level is focused on a communication mechanism called a “Socket”. Sockets – What are they? • A socket is like a telephone. • The sending (source) computer wants to make a call to the receiving (destination) computer. • The source knows the IP address of the destination • The source opens a “Socket” to the destination • The destination must be “listening” for the connection. • The destination can choose to “accept” the connection or to refuse the connection. • A socket is a bidirectional communication path • Messages can be sent in both directions through a socket. Ports – What are they? • Because the destination computer can be listening for MANY different connections, we need a way to manage multiple connections to a computer • This is accomplished with “ports”. • When a source attempts to establish a socket connection with the destination, it must specify a “port” that is trying to connect to. • The port indicates which services the source is trying to connect with. Eg: • www is port 80 • email (smtp) is port 25 Sockets – Making the connection • To establish a connection between 2 computers on the Internet, a socket requires 4 pieces of information: • The IP address of the source • The IP address of the destination • The port of the destination • The port of the source * • *NOTE: The port of the source computer is chosen at random by the source IP Address:136.159.2.27 Port: 13573 IP Address:27.56.31.9 Port: 80 Security Implications • What are the security implications of this structure? • If your computer isn’t listening on any ports, then you are relatively safe. • Products like zone-alarm notify the user when an attempt is made to connect to a port on the computer • Hackers regularly perform “port scans” on possible target computers • They attempt to connect to every port • If a connection is made, they might attempt to exploit that connection Viruses/Trojan Horses • Normally, your computer at home shouldn’t be listening on any ports. • However, if your computer gets infected with a virus or trojan horse, that program may: • Attempt to notify someone on the outside that your computer is infected. • Listen on a port so that someone on the outside world can connect to your computer. • What can a hacker do if s/he can connect to your computer? • That depends on the program which is listening for connections from the outside world. Firewalls • This is where firewalls come in to play • A firewall is a device which monitors the connections being made. • An administrator figures out ahead of time which connections (ports) that are to be allowed and which are to be denied and set up rules • The firewall filters out any packets which do not match the rules. • Some firewalls will notify an administrator via email or pager if certain kinds of suspicious activity is seen • Firewalls are very limited in the security that they can offer NAT – Network Address Translation • Many firewall devices offer something called NAT • The firewall has a valid IP address • The machines behind the firewall do not • When an internal machine makes a request to the Internet, it goes through the firewall • In doing so, the firewall puts its own address on the message. The outside world never knows the true address of the internal machine • When the reply comes back to the firewall, it forwards the message to the machine which originally made the request • Only the firewall truly knows the address of the destination computer NAT and Security • NAT augments the security provided by firewalls considerably • However, they can’t provide ultimate security • There are still ways in which a machine can be compromised even it NAT is involved. • If your machine is infected with a trojan horse or virus which seeks out a connection (rather than listens for one), you still have security problems. • Be sure to keep up your virus scanner up to date