tcp ip-week1

advertisement
Introduction
Introduction to TCP/IP
TCP/IP Security
ISSM 521
Benoit Desforges
Concordia University of Edmonton
January 10, 2019
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Outline
Introduction
Introduction to TCP/IP
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Course Outline
Course name TCP/IP Security - ISSM 521
Course overview A deep review of the TCP/IP protocol suite, with a focus
on protocol analysis, and supplemented with various issues
relevant to network security professionals, such as ARP
cache poisoning, IP source address spoofing, DNS cache
poisoning, and many others. Students will gain practical
experience constructing internetworks and implementing
servers for various application layer protocols. Students will
also engage in exercises intended to illustrate many of the
network security issues covered in the courses.
Instructor Benoit Desforges
[email protected]
Graduate Assistant Shubham Dabra
[email protected]
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Labs
Graduate Assistant Shubham Dabra
[email protected]
Timing TBD
The GA will assist you with the technical aspects of the course including:
I setting up your testing environments
I getting you up and running with a working Linux/Windows operating
systems
I provide assistance with assignments
I provide assistance with final project
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Course Outline
Course Material
I Internetworking with TCP/IP Volume One (6th Edition),
Douglas E. Comer, ISBN-10: 013608530X
I This course will be based on the notes and material from
Dr. Dale Lindskog.
Evaluation 2 Assignments: 15%
Midterm exam: 30%
Course Project: 15%
Attendance and participation 10%
Final exam: 30%
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Course Outline
Marking (tentative)
Letter
A+
A
AB+
B
BC+
C
F
Benoit Desforges
Value
4
4
3.7
3.3
3
2.7
2.3
2
0
Percentage
97-100
93-96.99
90-92.99
85-89.99
80-84.99
75-79.99
70-74.99
65-69.99
<65
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Tentative Schedule of Topics
I Week 1 (Chapters 1-3)
I Networks and Internetworks
I TCP/IP layering and OSI layers
I Introduction of packet capturing tools: tcpdump, wireshark
I Week 2 (Chapter 4)
I Binary numbering
I Classful IP addressing
I Limitation of classful IP addressing and introduction Subnetting
I Week 3 (Chapter 5)
I
I
I
I
I
Hexadecimal numbering
Ethernet addressing, ARP
Network configuration and Windows and Linux operating systems
ARP cache poisoning and Man in the Middle (MITM) attacks
Assignment 1 handed out
I Week 4 (Chapters 6, 7)
I IP datagram delivery
I Static routing
I Week 5 (Chapter 8,9)
I Introduction to ICMP
I Classless IP addressing
I Classless Inter-Domain Routing (CIDR) syntax
I Week 6
I Test 1
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Course Outline
Schedule of Topics
Tentative Schedule of Topics
I Weeks 7, 8 (Chapters 11, 23, 25)
I
I
I
I
User Datagram Protocol (UDP)
Domain Name Resolution protocol (DNS)
Trivial File Transfer protocol (TFTP)
Assignment 2 handed out
I Weeks 9,10,11 (Chapters 12, 25, 26, 27)
I
I
I
I
I
Introduction to Transmission Control Protocol
TCP Connection establishment and termination
TCP data transfer
TCP related vulnerabilities
Application layer protocols:
I File Transfer Protocol (FTP)
I Simple Mail Transfer Protocol (SMTP)
I HyperText Transfer Protocol (HTTP)
I Introduction of the Final Project
I Weeks 12 (Chapter 31)
I Introduction to IPv6
I Final Project Presentations
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
What is TCP/IP?
What is TCP/IP?
TCP/IP is an open suite of protocols within an internetwork.
I Why open Request For Comments (RFCs)?
I No vendor owns TCP/IP Technology nor does any professional society or
standards body.
I Documentation is placed in online repositories and made available at no
charge.
I Everybody can access and develop their own TCP/IP stack for their
hardware/software.
I What is a Protocol?
I A network protocol defines rules and conventions for communication
between network devices.
I Network protocols include mechanisms for devices to identify and make
connections with each other, as well as formatting rules that specify how
data is packaged into sent and received messages.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
What is TCP/IP
What is TCP/IP?
TCP/IP is a layered model of network communication.
I That’s a complicated description, so let’s unpack it in stages.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Networking and Internetworking
I There are all sorts of networks, which have been developed at different
times in recent history, in order to satisfy different cost, bandwidth, and
distance requirements.
Examples?
I Even though this class is closely connected with network technology,
except for a brief discussion of Ethernet addressing, we won’t be discussing
the details of particular network technologies.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
TCP/IP is a virtual network technology
I TCP/IP deliberately abstracts from the details of the underlying network
technology.
I TCP/IP was developed to operate on top of virtually any particular
physical network.
I TCP/IP is designed to operate in the same way regardless of the
underlying network.
I Example: the Global Internet uses TCP/IP, and the protocols used when
you connect, from a laptop in this classroom, to some website on the
Internet, is the same regardless of the different types of networks you pass
through. (Ethernet, fiber optics,GSM, wireless, etc.)
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
What purpose does TCP/IP serve?
I This raises the issue of what purpose, over and above the purposes served
by the underlying network tech – what purpose is served by TCP/IP ?
I The developers of TCP/IP didn’t just want to network – they wanted to
internetwork
I Moreover they wanted a TCP/IP network to appear to the users as if they
were communicating on a simple network – this is part of the meaning of
calling TCP/IP a virtual network.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Global and Local Addressing
I Any underlying network technology needs to have some form of addressing
in order for one computer to deliver data over a network, to another
destination computer.
I But these forms of addressing are only for hosts on that particular
network; there is no way to address communication to a host on some
other network.
I But the addressing scheme in a TCP/IP internet uses a global scheme of
addressing such that every host in the Internet is uniquely identified by an
address.
I Diagram of an Internetwork:
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Internetworking Routing
I Now I said earlier that a TCP/IP internet is a virtual network, and
explained that by saying it abstracts from network technology details, and
makes communication between networks transparent to the user.
I But there is another sense in which it is virtual.
I It is implemented entirely in software, and in fact relies on the
communication mechanisms of the underlying network technologiess,
which it is so to speak built on top of.
I This is to say that, in the last analysis, the actual delivery of data, e.g.
across cables, is performed by the underlying network technology, not
TCP/IP protocols.
I So even though we have, in our above diagram, a global addressing
scheme, we don’t have any method for delivering data across an
internetwork.
I The problem, then, is how to move data from one network to another, if
the fundamental mechanisms of delivery are designed only to deliver
locally.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Routing and Forwarding
I The solution to the above problem is routing.
I All the networks in a TCP/IP internetwork must be connected together
with special purpose computers we’ll call routers.
I Let’s redraw our diagram to illuminate this:
I There are two noteworthy features of routers:
1. Routers are physically connected to more than one network
2. Routers have local addresses on every network to which they physically
connect
I It is these two features of routers that allow TCP/IP to deliver data to an
address of a host on a different but connected network.
I Global delivery across an internetwork really consists of a series of local
deliveries via routers.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Encapsulation
I This is a good point in which to illustrate another very important concept:
encapsulation.
I And to do so, let’s fill out in a bit more detail, the mechanism of data
delivery in an internetwork.
I We keep talking about the fact that underlying network technologies can
only deliver to a local address.
I But if that’s the case, and routers somehow help by facilitating a series of
local deliveries, how does this global addressing fit into the equation?
I The unit of delivery at the local level is usually called a frame. They look
more or less different depending on the particular network technology.
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Encapsulation
I But for now we’ll think of them as much like an addressed envelop:
Benoit Desforges
TCP/IP Security ISSM 521
Introduction
Introduction to TCP/IP
Networking and Internetworking
Global and Local Addressing
Routing and Forwarding
Encapsulation
Encapsulation
I The frame is the fundamental unit of transmission. However, there is no
place in a frame for any sort of global addressing.
I What happens in TCP/IP is that the global addressing is contained in the
data portion of the frame (for now we can think of this as the contents of
the envelope).
I Routers examine the contents of the data portion of frames, extract the
global addressing information, and most importantly the global destination
address, and decide where the data should be sent to.
Benoit Desforges
TCP/IP Security ISSM 521
Download
Related flashcards
Create Flashcards