Uploaded by Sonthi Na Pattalung

Fundamental Networks

advertisement
Fundamental Networks
FO R GE N ER AL E LECTRONICS CO M M ERCE S E RV ICES CO.,LTD.
I N - H O US E TR A I N ING
Curriculums
• OSI 7 Layers, foundation of the network
• Protocol
• TCP/IP
• IP Addressing and Subnet
• About Routing
• Internet
• Services and Devices
• Cyberthreats
• Question and Answer
OSI 7 Layers, Foundation of the Network
Application
Presentation
Session
Transport
Network
Data Link
Physical
Explanation
OSI 7 Layers with Protocol
Protocol TCP/IP
• TCP/IP (Transmission Control Protocol/Internet Protocol) is the
basic communication language or protocol of the Internet. It can
also be used as a communications protocol in a private network
(either an intranet or an extranet).
Comparing TCP/IP with OSI Mode
IP Addressing and Subnet
• IP Address is a logical address of “Network Interface”
• IP Address currently has 2 version, IPv4 and IPv6
• Why 2 version?
•
•
•
•
IPv4 is being rapidly depleted
IPv4 is using 32 bits consists of 232 IPs (4,294,967,296 IPs to be exact)
New IPv6 is implemented to support larger space
IPv6 is using 128 bits and consists of 2128 IPs ( Approximately 340 trillion
trillion trillion IPs or 3.4x1038)
IPv4 Addressing
• IPv4 has 4 groups of 8 bits number (from 0-255) separated by “.”
(dot) such as 172.30.218.23, so total bits will be 32 bits
• There are 2 major groups of these IPs call Public IP and Reserve IPs
(Private IP) specified by Internet Assigned Number Authority
(IANA). The reserve IPs are by the following list:
Class
A
Starting IP
10.0.0.0
Ending IP
10.255.255.255
No of hosts
16,777,216
B
C
172.16.0.0
192.168.0.0
172.31.255.255
192.168.255.255
1,048,576
65,536
IP Classes
• IP in IPv4 are separated into classes by IANA:
Class
Leading bits
Start
End
Default subnet
mask
CIDR notation
A
0
0.0.0.0
127.255.255.255
255.0.0.0
/8
B
10
128.0.0.0
191.255.255.255
255.255.0.0
/16
C
110
192.0.0.0
223.255.255.255
255.255.255.0
/24
D
1110
224.0.0.0
239.255.255.255
not defined
not defined
E
1111
240.0.0.0
255.255.255.255
not defined
not defined
Subnetting
• The practice of dividing a network into two or more networks is
called subnetting.
• To divide network into subnet, we require a “Subnet Mask”
• Subnet Mask is a value that specify which IPs are in the same
“Subnet” and how many IPs can be used in that “Subnet”
Use of Subnet Mask
Detail
Decimal
Binary Form
IP Address
192.168.1.137
11000000.10101000.00000001.10001001
Subnet Mask
255.255.255.0
11111111.11111111.11111111.00000000
Network ID
192.168.1.0
11000000.10101000.00000001.00000000
Host Part
0.0.0.137
00000000.00000000.00000000.10001001
Broadcast ID
192.168.1.255
11000000.10101000.00000001.11111111
Network ID = IP that represent that network (subnet)
Host Part = The real value of IP that is within subnet
Broadcast ID = The IP that is used to broadcast packets with subnet
Characteristic of IP and Subnet
• Network ID is always even value (Because the last bit is 0)
• On the opposite, Broadcast ID is always be odd value
• IP that is within the same subnet always have the same Network ID
• Subnet Mask will contain 1 from left to right then 0 afterward
• No 0 in subnet mask will represent host bit
• No of IPs possible in the network is 2No of 0 in subnet
• Formula: No of useable IP = 2n – 2 while n=32-(bit 1 of subnet)
IP Addressing in CIDR Notation
• CIDR notation is a compact representation of an IP address and its
associated routing prefix
• It will be in a form of: xxx.xxx.xxx.xxx/yy
•
•
xxx.xxx.xxx.xxx is an IP address
yy is a number represent its subnet mask by using number of 1 in subnet
mask. Such as 255.255.255.0 will be written as /24 (255.255.255.0 can be
refer to 11111111.111111111.11111111.00000000, so there are 24 of 1)
• CIDR Notation is useful when using to write network diagram
• CIDR Notation is easily calculate the IP population
Exercise
• Can these IPs communicate with each other (Are they within the
same network)?
Routing
• How to communicate between network/subnet?
• To communicate between network, require additional device call
Gateway (If those networks are using different media, it will be
called Router)
• Gateway is using special configuration call routing table to
communicate
• Routing Table consists of routing record(s) which contain:
•
Dest Network, Gateway, (Out Interface)
Sample Routing Table
Lab 1 : Make them talk (15 Mins.)
• Server A:
•
IP: 10.10.1.5/24
• Server B:
•
IP: 10.10.3.7/24
• Gateway:
•
Interface eth0:
•
•
IP: 10.10.1.1/24
Interface eth1:
•
IP: 10.10.3.254/24
Internet
• When combine networks, we’ll have a bigger network. When we
combine networks between areacity->country->world, we’ll have
“Internet”
• On the “Internet” everyone will communicate with Public IP
• Internet is a public area with simply almost no security
• There are several service that is being used on the Internet and we
should know
Services
•
•
•
•
•
•
•
•
•
DNS (Domain Name Service)
NAT (Network Address Translation)
HTTP and HTTPS
E-Mail
Client-Server related system
Streaming Media
Peer to Peer file sharing
Blockchain
Etc.
DNS
• DNS is a translation service, translate from Hostname to IP Address.
Or from IP Address to Hostname (Rarely used)
• There’s a organization call ICANN responsible in managing
namespaces and root server.
NAT (Network Address Translation)
• NAT is a service to change IP from one to another
• Can perform dynamic NAT or called one to many NAT
• Usually perform between private and public IP in order to limit the
usage of public IP
HTTP/HTTPS
• HTTP or Hypertext Transfer Protocol is an application layer’s
Protocol
• Hypertext is structured text that uses logical links (hyperlinks)
between nodes containing text.
• This is a basic Protocol of the WEB service
• Request from browser using syntax “http://”
• Basically use port 80 as a default port and transfer data in plain text
HTTPS
• HTTPS is similar to the HTTP but with additional security by
encrypting the data between server and client. Or can be call “HTTP
over SSL(TLS)”
• HTTPS is using Asymmetric Keys Cryptography technique using
certificate to encrypt/decrypt data
• Require a Trusted 3rd party organization call Certificate Authority to
support activity on the Internet
How certificate is being used
CA
A
Pb(CA1)
Pb(CA2)
…….
Pr(B)
B
Cyberthreats
• Malicious Software: Malware, Ransomware, Botnet etc.
• Man-in-the-middle: Spoofing, eavesdropping, dns spoof etc.
• Denial-of-service attack and also DDOS
• Phishing
• Hacking through vulnerabilities
Security Measure
• With Security Devices:
•
Firewall
•
•
•
•
Application Layer Gateway
•
•
•
Packet Filtering
Stateful Inspection
UTM Firewall (Marketing Name)
IDS/IPS
Web Application Firewall
Anti-Virus
•
•
Software at endpoint
Gateway Anti-Virus
Security Measure
• With people
Security Awareness Training
• Internet Security Policy (information Security Policy, regarding to GEC’s ISOMS)
• Constantly update OS
• Consider using 2 Factors Authentication if possible
•
Download