Fundamentals of Information Systems Security/Telecommunications and Network Security
A Wikibookian believes this page should be split into smaller pages with a narrower subtopic. You can help by splitting this big page into smaller ones. Please make sure to follow the naming policy. Dividing books into smaller sections can provide more focus and allow each one to do one thing well, which benefits everyone. |
Introduction
edit
Basic Concepts
editData Communication
- Data Communications is the transfer of data or information between a source and a receiver.
- The source transmits the data and the receiver receives it.
- Data Communication is interested in the transfer of data, the method of transfer and the preservation of the data during the transfer process and it does not bother of the information generation.
- Components of a DC
- Protocol- Defines the Rules and Regulations to control and manage the communication
- Message-information/data that is needed to be conveyed to the receiver
- Sender- to generate the data
- Receiver- to receive/consume the data
- Medium- a communication channel to carry the message
Telecommunication
- Telecommunication is the assisted transmission of signals over a distance for the purpose of communication
Networking
- A computer network is an interconnection of a group of computers
- An internetwork is a collection of individual networks, connected by intermediate networking devices, that functions as a single large network. Internetworking refers to the industry, products, and procedures that meet the challenge of creating and administering internetworks
Network Categories and Technologies
Category | Characteristics | Technologies |
---|---|---|
Local Area Network (LAN) |
|
|
Wide Area Network (WAN) |
|
|
Metropolitan Area Network(MAN) |
|
|
Network Models
editOSI Reference Model
editOverview
- The Open Systems Interconnection Basic Reference Model (OSI Reference Model) is a layered, abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative by ISO.
- The OSI is composed of seven layers, each specifying particular network functions.
- The Seven Layers of OSI Model
- One OSI layer communicates with another layer to make use of the services provided by the second layer.
- The services provided by adjacent layers help a given OSI layer communicate with its peer layer in other computer systems.
- Three basic elements are involved in layer services:
- The service user- resides inside the layer
- The service provider- resides inside the layer
- The service access point (SAP)- resides between the layers
- Advantages of Layering
- Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.
- Various technologies, protocols, and services can interact with each other and provide the proper interfaces to enable communications.
OSI Layer Services and Protocols
Layer | Services | Protocols |
---|---|---|
L7:Application layer |
|
FTP,TFTP,SNMP,SMTP,Telnet,HTTP |
L6:Presentation layer |
|
ASCII,EBCDIC,TIFF,JPEG,MPEG,MIDI |
L5:Session layer |
|
NFS,NetBIOS,SQL,RPC |
L4:Transport layer |
|
TCP,UDP,SSL,SPX |
L3:Network layer |
|
IP,ICMP,IGMP,RIP,OSPF,IPX |
L2:Data link layer |
|
ARP,RARP,PPP,SLIP |
L1:Physical layer |
|
HSSI,X.21,EIA/TIA-232 |
OSI Security Services
The security services that are defined in the OSI security model include
- Data integrity - protection from modification and destruction
- Data confidentiality - protection from disclosure
- Authentication -verification of identity of the communication source and
- Access control services - enable mechanisms to allow or restrict access.
Information Exchange Process
- The seven OSI layers use various forms of control information to communicate with their peer layers in other computer systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers.
- Control information typically takes one of two forms:
- Headers are pre-appended to data that has been passed down from upper layers
- Trailers are appended to data that has been passed down from upper layers
- An OSI layer is not required to attach a header or a trailer to data from upper layers.
- The data portion of an information unit at a given OSI layer potentially can contain headers, trailers, and data from all the higher layers. This is known as encapsulation.
TCP/IP Model
editOverview
- The TCP/IP model or Internet reference model, sometimes called the DoD (Department of Defense) model or the ARPANET reference model, is a layered abstract description for communications and computer network protocol design.
- It was created in the 1970s by DARPA for use in developing the Internet's protocols.
- It is a suite of protocols among which TCP and IP are the two main protocols, hence the name.
- This model was developed before the OSI Reference Model, and the Internet Engineering Task Force (IETF), which is responsible for the model and protocols developed under it, has never felt obligated to be compliant with OSI.
- The model is composed of 5 layers
- Physical
- Data Link
- Network
- Transport
- Application
The TCP/IP Advantage
The reasons that TCP/IP has become the most widely used protocol are as follows:
- The flexible addressing scheme of TCP/IP allows data to be routed over even very large networks.
- Virtually all operating systems and platforms can use TCP/IP.
- TCP/IP offers a very large number of utilities and tools.
- The I/Internet communication is based on TCP/IP.
TCP/IP Services and Protocols
Layer | Services | Protocols | Devices |
---|---|---|---|
Physical Layer |
|
|
|
Data Link Layer |
|
|
|
Network Layer |
|
|
|
Transport Layer |
|
|
N/A |
Application Layer |
|
|
|
Physical Layer
edit
Signals
edit- Data is transmitted in the form of electromagnetic signals.
- Signals are of two types
- Analog Signals
- Digital Signals
Analog Signals
edit- Analog data refers to information that is continuous;
- Analog data take on continuous values
- Analog signals - can have an infinite number of values in a range;
Digital Signals
edit- Digital data refers to information that has discrete states.
- Digital data take on discrete values.
- Digital signals- can have only a limited number of values.
Analog vs Digital
editPeriodic vs Non-Periodic Signals
- In data communications, we commonly use periodic analog signals and nonperiodic digital signals.
- Periodic analog signals can be classified as simple or composite.
- A simple periodic analog signal, a sine wave, cannot be decomposed into simpler signals.
- A composite periodic analog signal is composed of multiple sine waves.
Signal Properties
- Frequency is the rate of change with respect to time.
- Change in a short span of time means high frequency.
- Change over a long span of time means low frequency.
- If a signal does not change at all, its frequency is zero.
- If a signal changes instantaneously, its frequency is infinite.
- Frequency and period are the inverse of each other.
- Phase describes the position of the waveform relative to time 0.
A complete sine wave in the time domain can be represented by one single spike in the frequency domain A single-frequency sine wave is not useful in data communications; we need to send a composite signal, a signal made of many simple sine waves According to Fourier analysis, any composite signal is a combination of simple sine waves with different frequencies, amplitudes, and phases.
If the composite signal is periodic, the decomposition gives a series of signals with discrete frequencies; �if the composite signal is nonperiodic, the decomposition gives a combination of sine waves with continuous frequencies. The bandwidth of a composite signal is the difference between the highest and the lowest frequencies contained in that signal.
- Digital Signals
- In addition to being represented by an analog signal, information can also be represented by a digital signal. For example, a 1 can be encoded as a positive voltage and a 0 as zero voltage. A digital signal can have more than two levels. In this case, we can send more than 1 bit for each level.
- A digital signal is a composite analog signal with an infinite bandwidth.
- Baseband transmission of a digital signal that preserves the shape of the digital signal is possible only if we have a low-pass channel with an infinite or very wide bandwidth.
- In baseband transmission, the required bandwidth is proportional to the bit rate;
if we need to send bits faster, we need more bandwidth.
- If the available channel is a bandpass channel, we cannot send the digital signal directly to the channel; �we need to convert the digital signal to an analog signal before transmission.
Data Transmission
editData Rate
- Data Rate Limits- depends on three factors:
- The bandwidth available
- The level of the signals we use
- The quality of the channel (the level of noise)
Note:Increasing the levels of a signal may reduce the reliability of the system.
Transmission Impairments
- Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not what is received. Three causes of impairment are attenuation, distortion, and noise.
- Performance
- One important issue in networking is the performance of the network—how good is it?
The first, bandwidth in hertz, refers to the range of frequencies in a composite signal or the range of frequencies that a channel can pass. The second, bandwidth in bits per second, refers to the speed of bit transmission in a channel or link.
- The bandwidth-delay product defines the number of bits that can fill the link.
Network Topology
editA Network topology is the study of the arrangement or mapping of the elements of a network.
Physical Topologies
editOverview
- Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the network.
- There are five main types of physical topologies that can be used and each has its own strengths and weaknesses.
Topologies
Topology | Advantages | Disadvantages | Commonly used Technology | Structure |
---|---|---|---|---|
Bus
|
|
|
Ethernet | |
Ring
|
|
|
FDDI | |
Star
|
|
|
Logical bus (Ethernet) and ring topologies (Token Ring) | |
Tree
|
Combined Advantages | Combined Disadvantages | Ethernet | |
Mesh
|
|
|
Internet |
Logical Topologies
edit- The Logical topology defines how the systems communicate across the physical topologies.
- There are two main types of logical topologies:
- shared media topology
- token-based topology
Shared Media Topology
- In a shared media topology, all the systems have the ability to access the physical layout whenever they need it.
- Advantage- the systems have unrestricted access to the physical media.
- Disadvantage-collisions: If two systems send information out on the wire at the same time, the packets collide and kill both packets.
- Example: Ethernet- uses CSMA/CD protocol to avoid collision
- Ideal for small networks-many networks are broken up into several smaller networks with the use of switches or hubs to reduce the collision domain.
- Shared media networks are typically deployed in a bus, star, or hybrid physical topology.
Token Based
- The token-based topology works by using a token to provide access to the physical media.
- In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels around the network, each system examines the token. When the packets arrive at the destination systems, those systems copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.
- Advantage - no collision problems
- Disadvantage- latency, because each machine has to wait until it can use the token, there is often a delay in when communications actually occur.
- Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the originating machine for it to release. The ring topology best facilitates this requirement
Media
editSignal and data transmissions occurs between a transmitter and at least a receiver, mostly in the form of electromagnetic waves over a transmission medium (or a sequence of them). Transmission media can be classified as:
- Guided
- Unguided
Guided Media
edit- Twisted Pair
- Coaxial Cable
- Fiber Optics
Unguided Media
editUnguided media provides a means for transmitting electromagnetic waves but do not guide them; examples are the propagation through air, vacuum or water, all these media are unguided.
L1 Devices
editPatch Panels
Modems
Wireless Transmission Technologies
editData-Link Layer
edit
Concepts and Architecture
Architecture
Transmission Technologies
Technology and Implementation
Ethernet
Wireless Local Area Networks
Address Resolution Protocol (ARP)
Point-to-Point Protocol (PPP)
Network Layer
edit
Basic Concepts
editLocal Area Network (LAN)
Wide Area Network (WAN) Technologies
Metropolitan Area Network (MAN)
Global Area Network (GAN)
Technology and Implementation
Routers
Firewalls
End Systems
The Internet Protocol (IP)
editOverview
- The IP component of TCP/IP determines where packets of data are to be routed based on their destination addresses, and IP has certain characteristics related to how it handles this function.
- The functioning of an IP based communication is analogous to Delivering Mail Through the Postal Service
IP Characteristics
- Operates at network layer
- Connectionless protocol- The destination device receives the data and does not return any status information to the sending device
- Packets treated independently- A packet can be misdirected, duplicated, or lost on the way to its destination.
- Hierarchical addressing
- Best-effort delivery
- No data recovery features- does not provide any special features that recover corrupted packets
IP Packet Format
- The header consists of 12 fields + 1 optional field
Bits 0–3 | 4–7 | 8–15 | 16–18 | 19–31 | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Version | Header length | Type of Service | Total Length | ||||||||||||||||||||||||||||
Identification | Flags | Fragment Offset | |||||||||||||||||||||||||||||
Time to Live | Protocol | Header Checksum | |||||||||||||||||||||||||||||
Source Address | |||||||||||||||||||||||||||||||
Destination Address | |||||||||||||||||||||||||||||||
Options | |||||||||||||||||||||||||||||||
Data |
- Version(4bits) :For IPv4, this has a value of 4 (hence the name IPv4).
- Internet Header Length(4bits) : tells the number of 32-bit words in the header. In IPv4, this field specifies the size of the header.
- Type of Service (8bits)
- bits 0-2: precedence
- bit 3: 0 = Normal Delay, 1 = Low Delay
- bit 4: 0 = Normal Throughput, 1 = High Throughput
- bit 5: 0 = Normal Reliability, 1 = High Reliability
- bits 6-7: Reserved for future use or for Differentiated services or for Explicit Congestion Notification
- Total Length(16bits) : defines the entire datagram size, including header and data, in bytes.
- Identification : primarily used for uniquely identifying fragments of an original IP datagram.
- Flags(3bits) : used to control or identify fragments. They are (in order, from high order to low order):
- Reserved; must be zero.
- Don't Fragment (DF)
- More Fragments (MF)
- Fragment Offset(13bits) : specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram.
- Time To Live(8bits) : helps prevent datagrams from persisting in an internetwork. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded.
- Protocol : defines the protocol used in the data portion of the IP datagram.
- Header Checksum(16bits) :used for error-checking of the header.
- Source address : An IP address is a group of 4, 8-bit octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value.
- Destination address : indicates the address of the packet receiver.
- Options : Additional header fields may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words)
IP Addressing
- Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for subnetwork.
- Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided into two main parts:
- the network number- identifies a network, assigned by InterNIC or an ISP
- the host number-identifies a host on a network,assigned by the local network administrator.
- IPv4 Address representations
Notation | Value | Conversion from dot-decimal |
---|---|---|
Dot-decimal notation | 192.0.2.235 | N/A |
Dotted Hexadecimal | 0xC0.0x00.0x02.0xEB | Each octet is individually converted to hex |
Dotted Octal | 0300.0000.0002.0353 | Each octet is individually converted into octal |
Hexadecimal | 0xC00002EB | Concatenation of the octets from the dotted hexadecimal |
Decimal | 3221226219 | The hexadecimal form converted to decimal |
Octal | 030000001353 | The hexadecimal form converted to octal |
- IP Address Classes
- The IPV4 addresses are divided into five different address classes: A, B,C, D, and E.
IP Address Class | Format | Purpose | High-Order Bit(s) | Address Range | No. Bits Network/Host | Max. Hosts |
---|---|---|---|---|---|---|
A | N.H.H.H | Few large organizations | 0 | 1.0.0.0 to 126.0.0.0 | 7/24 | 167772142 (224- 2) |
B | N.N.H.H | Medium-size organizations | 1, 0 | 128.1.0.0 to 191.254.0.0 | 14/16 | 65534 (216 - 2) |
C | N.N.N.H | Relatively small organizations | 1, 1, 0 | 192.0.1.0 to 223.255.254.0 | 21/8 | 254 (28 - 2) |
D | N/A | Multicast groups (RFC 1112) | 1, 1, 1, 0 | 224.0.0.0 to 239.255.255.255 | N/A (not for commercial use) | N/A |
E | N/A | Experimental | 1, 1, 1, 1 | 240.0.0.0 to 254.255.255.255 | N/A | N/A |
Virtual Private Network (VPN)
Tunneling
Dynamic Host Configuration Protocol (DHCP)
Internet Control Message Protocol (ICMP)
Internet Group Management Protocol (IGMP)
Transport Layer
edit
Concepts and Architecture
The Transmission Control Protocol (TCP)
editOverview
- TCP is a connection-oriented protocol that provides data reliability between hosts. TCP has a number of unique characteristics related to the way in which it accomplishes this transmission.
- The functioning of a TCP based communication is analogous to Sending Mail Certified(registered mail)
TCP Characteristics
- Operates at the transport layer of the TCP/IP stack
- Provides applications with access to the network layer
- Connection-oriented protocol- The end systems synchronize with one another to manage packet flows and adapt to congestion in the network.
- Full-duplex mode operation
- Error checking- provides error checking by including a checksum in the datagram to verify that the TCP header information is not corrupt
- Sequencing of data packets- TCP segments are numbered and sequenced so that the destination can reorder segments and determine if data is missing.
- Acknowledgment of receipt- the receiver returns an acknowledgment to the sender indicating that it received the segment.
- Data recovery features- the receiver can request retransmission of a segment
TCP Connection Establishment
- TCP provides reliable transport services by establishing a connection-oriented session between the hosts. The Connection establishment is performed by using a "three-way handshake" mechanism.
- A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers.
- This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well.
- Each host randomly chooses a sequence number used to track bytes within the stream it is sending and receiving. Then, the three-way handshake proceeds in the following manner:
- The first host (Host A) initiates a connection by sending a packet with the initial sequence number (X) and SYN bit set to indicate a connection request.
- The second host (Host B) receives the SYN, records the sequence number X, and replies by acknowledging the SYN (with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host has received bytes 0 through 19 and expects byte 20 next. This technique is called forward acknowledgment.
- Host A then acknowledges all bytes Host B sent with a forward acknowledgment indicating the next byte Host A expects to receive (ACK = Y + 1). Data transfer then can begin.
TCP segment structure
- Consists of header(11 fields) and data sections
Bits 0–3 | 4–7 | 8–15 | 16–31 | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Source port | Destination port | |||||||||||||||||||||||||||||||
Sequence number | ||||||||||||||||||||||||||||||||
Acknowledgment number | ||||||||||||||||||||||||||||||||
Data offset | Reserved | CWR | ECE | URG | ACK | PSH | RST | SYN | FIN | Window | ||||||||||||||||||||||
Checksum | Urgent pointer | |||||||||||||||||||||||||||||||
Options (optional) | ||||||||||||||||||||||||||||||||
Data |
- Source port (16 bits) – identifies the sending port
- Destination port (16 bits) – identifies the receiving port
- Sequence number (32 bits) – has a dual role
- If the SYN flag is present then this is the initial sequence number and the first data byte is the sequence number plus 1
- if the SYN flag is not present then the first data byte is the sequence number
- Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next expected byte that the receiver is expecting.
- Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes. This field gets its name from the fact that it is also the offset from the start of the TCP packet to the data.
- Reserved (4 bits) – for future use and should be set to zero
- Flags (8 bits) (aka Control bits) – contains 8 bit flags
- CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set.
- ECE (ECN-Echo) (1 bit) – indicate that the TCP peer is Explicit Congestion Notification(allows end-to-end notification of congestion without dropping packets)capable during 3-way handshake.
- URG (1 bit) – indicates that the URGent pointer field is significant
- ACK (1 bit) – indicates that the ACKnowledgment field is significant
- PSH (1 bit) – Push function
- RST (1 bit) – Reset the connection
- SYN (1 bit) – Synchronize sequence numbers
- FIN (1 bit) – No more data from sender
- Window (16 bits) – the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive
- Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data
- Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte
- Data (Variable bits): As you might expect, this is the payload, or data portion of a TCP packet. The payload may be any number of application layer protocols. The most common are HTTP, Telnet, SSH, FTP, but other popular protocols also use TCP.
The User Datagram Protocol(UDP)
editOverview
- The User Datagram Protocol (UDP) is a connectionless transport-layer protocol that belongs to the Internet protocol family.
- UDP is basically an interface between IP and upper-layer processes. UDP protocol ports distinguish multiple applications running on a single device from one another.
- Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP. Because of UDP's simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.
- UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in cases where a higher-layer protocol might provide error and flow control.
- UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS), Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).
TCP vs UDP
Service | TCP | UDP |
---|---|---|
Reliability | Ensures that packets reach their destinations, returns ACKs when a packet is received, and is a reliable protocol. | Does not return ACKs and does not guarantee that a packet will reach its destination, and is an unreliable protocol. |
Connection | Connection oriented, thus it performs handshaking and develops a virtual connection with destination computer. | Connectionless, thus it does no handshaking and does not set up a virtual connection. |
Packet sequencing | Uses sequence numbers within headers to make sure that each packet within a transmission is received. | Does not use sequence numbers. |
Congestion controls | The destination computer can tell the source if it is overwhelmed and to slow the transmission rate. | The destination computer does not communicate back to the source computer about flow control through UDP. |
Usage | Used when reliable delivery is required. | Used when reliable delivery is not required, such as in streaming video and status broadcasts. |
Speed and overhead | Uses a considerable amount of resources and is slower than UDP. | Uses fewer resources and is faster than TCP. |
Technology and Implementation
Scanning Techniques
Denial of Service
Session Layer
edit
Concepts and Architecture
Technology and Implementation
Remote Procedure Calls
Directory Services
Access Services
Presentation Layer
edit
Concepts and Architecture
Technology and Implementation
Transport Layer Security (TLS)
Application Layer
edit
Concepts and Architecture
Technology and Implementation
Asynchronous Messaging (E-mail and News)
Instant Messaging
Data Exchange (World Wide Web)
Peer-to-Peer Applications and Protocols
Administrative Services
Remote-Access Services
Information Services
Voice-over-IP (VoIP)
General References
Sample Questions
Endnotes