IFSM - Final Assessment Essay

profiletwinkletoes
FundamentalsofInformationSystemsSecurity_TelecommunicationsandNetworkSecurity.pdf

Fundamentals of Information Systems

Security/Telecommunications and Network Security

Contents

◾ 1 Introduction

◾ 1.1 Basic Concepts

◾ 1.2 Network Models

◾ 1.2.1 OSI Reference Model

◾ 1.2.2 TCP/IP Model

◾ 2 Physical Layer

◾ 2.1 Signals

◾ 2.1.1 Analog Signals

◾ 2.1.2 Digital Signals

◾ 2.1.3 Analog vs Digital

◾ 2.2 Data Transmission

◾ 2.3 Network Topology

◾ 2.3.1 Physical Topologies

◾ 2.3.2 Logical Topologies

◾ 2.4 Media

◾ 2.4.1 Guided Media

◾ 2.4.2 Unguided Media

◾ 2.5 L1 Devices

◾ 2.6 Wireless Transmission Technologies

◾ 3 Data-Link Layer

◾ 4 Network Layer

◾ 4.1 Basic Concepts

◾ 4.2 The Internet Protocol (IP)

◾ 5 Transport Layer

◾ 5.1 The Transmission Control Protocol (TCP)

◾ 5.2 The User Datagram Protocol(UDP)

◾ 6 Session Layer

◾ 7 Presentation Layer

◾ 8 Application Layer

◾ 9 Further reading

Introduction

Basic Concepts

Data Communication

◾ Data Communications is the transfer of data or information between a source and a receiver.

◾ The source transmits the data and the receiver receives it.

◾ Data Communication is interested in the transfer of data, the method of transfer and the preservation of the data during the

transfer process and it does not bother of the information generation.

◾ Components of a DC

◾ Protocol- Defines the Rules and Regulations to

control and manage the communication

Page 1 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ Message-information/data that is needed to be

conveyed to the receiver

◾ Sender- to receive/consume the data

◾ Receiver- to generate the data

◾ Medium- a communication channel to carry the

message

Telecommunication

◾ Telecommunication is the assisted transmission of signals over a distance for the purpose of communication

Networking

◾ A computer network is an interconnection of a group of computers

◾ An internetwork is a collection of individual networks, connected by intermediate networking devices, that functions as a

single large network. Internetworking refers to the industry, products, and procedures that meet the challenge of creating and

administering internetworks

Network Categories and Technologies

Category Characteristics Technologies

Local Area Network (LAN)

◾ small geographic range

◾ higher data transfer rates

◾ typically configured and are operated by the owner of

the network

◾ Ethernet

◾ FDDI

◾ Token Ring

◾ Wireless LAN

◾ VLANs

Wide Area Network (WAN) ◾ connects different LANs over great distances.

◾ slow data rate

◾ ISDN

◾ Frame Relay

◾ ATM

Metropolitan Area Network

(MAN)

◾ intermediate between LAN and WAN.

◾ moderate-to-high data rates

◾ SMDS which is based on

DQDB

Network Models

OSI Reference Model

Overview

◾ The Open Systems Interconnection Basic Reference Model (OSI

Reference Model) is a layered, abstract description for

communications and computer network protocol design, developed as

part of the Open Systems Interconnection initiative by ISO.

◾ The OSI is composed of seven layers, each specifying particular

network functions.

◾ The Seven Layers of OSI Model

◾ One OSI layer communicates with another layer to make use of

the services provided by the second layer.

◾ The services provided by adjacent layers help a given OSI layer

communicate with its peer layer in other computer systems.

◾ Three basic elements are involved in layer services:

◾ The service user- resides inside the layer

Page 2 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ The service provider- resides inside the layer

◾ The service access point (SAP)- resides between the layers

◾ Advantages of Layering

◾ Each layer is reasonably self-contained so that the tasks

assigned to each layer can be implemented independently.

This enables the solutions offered by one layer to be

updated without adversely affecting the other layers.

◾ Various technologies, protocols, and services can interact

with each other and provide the proper interfaces to enable

communications.

OSI Layer Services and Protocols

Layer Services Protocols

L7:Application layer ◾ Identifying communication partners, determining

resource availability, and synchronizing

communication

FTP,TFTP,SNMP,SMTP,Telnet,HTTP

L6:Presentation layer

◾ Provides a variety of coding and conversion

functions that are applied to application layer data

◾ Ensure that information sent from the application

layer of one system would be readable by the

application layer of another system

ASCII,EBCDIC,TIFF,JPEG,MPEG,MIDI

L5:Session layer

◾ Establishes, manages, and terminates

communication sessions consisting of service

requests and service responses that occur between

applications located in different network devices

NFS,NetBIOS,SQL,RPC

L4:Transport layer

◾ Flow control- manages data transmission between

devices so that the transmitting device does not

send more data than the receiving device can

process

◾ Multiplexing- enables data from several

applications to be transmitted onto a single physical

link.

◾ Virtual circuits- are established, maintained, and

terminated by the transport layer

◾ Error checking- involves creating various

mechanisms for detecting transmission errors,

while error recovery involves acting, such as

requesting that data be retransmitted, to resolve any

errors that occur.

TCP,UDP,SSL,SPX

L3:Network layer ◾ Path determination(routing) and logical addressing IP,ICMP,IGMP,RIP,OSPF,IPX

L2:Data link layer ARP,RARP,PPP,SLIP

Page 3 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ Provides reliable transit of data across a physical

network link

◾ Defines different network and protocol

characteristics, including physical addressing,

network topology, error notification, sequencing of

frames, and flow control

◾ Divided into 2 sublayers-LLC and MAC

◾ The Logical Link Control (LLC) sublayer of

the data link layer manages communications

between devices over a single link of a

network

◾ The Media Access Control (MAC) sublayer

of the data link layer manages protocol

access to the physical network medium. The

IEEE MAC specification defines MAC

addresses, which enable multiple devices to

uniquely identify one another at the data link

layer.

L1:Physical layer

◾ Defines the electrical, mechanical, procedural, and

functional specifications for activating,

maintaining, and deactivating the physical link

between communicating network systems.

◾ Define characteristics such as voltage levels, timing

of voltage changes, physical data rates, maximum

transmission distances, and physical connectors

HSSI,X.21,EIA/TIA-232

OSI Security Services

The security services that are defined in the OSI security model include

◾ Data integrity - protection from modification and destruction

◾ Data confidentiality - protection from disclosure

◾ Authentication -verification of identity of the communication source and

◾ Access control services - enable mechanisms to allow or restrict access.

Information Exchange Process

◾ The seven OSI layers use various forms of control information to communicate with their peer layers in other computer

systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers.

◾ Control information typically takes one of two forms:

◾ Headers are pre-appended to data that has been passed down from upper layers

◾ Trailers are appended to data that has been passed down from upper layers

◾ An OSI layer is not required to attach a header or a trailer to data from upper layers.

◾ The data portion of an information unit at a given OSI layer potentially can contain headers, trailers, and data from all the

higher layers. This is known as encapsulation.

TCP/IP Model

Overview

◾ The TCP/IP model or Internet reference model,

sometimes called the DoD (Department of

Defense) model or the ARPANET reference

model, is a layered abstract description for

communications and computer network protocol

design.

Page 4 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ It was created in the 1970s by DARPA for use

in developing the Internet's protocols.

◾ It is a suite of protocols among which TCP and

IP are the two main protocols, hence the name.

◾ This model was developed before the OSI

Reference Model, and the Internet Engineering

Task Force (IETF), which is responsible for the

model and protocols developed under it, has

never felt obligated to be compliant with OSI.

◾ The model is composed of 5 layers

◾ Physical

◾ Data Link

◾ Network

◾ Transport

◾ Application

The TCP/IP Advantage

The reasons that TCP/IP has become the most widely

used protocol are as follows:

◾ The flexible addressing scheme of TCP/IP

allows data to be routed over even very large

networks.

◾ Virtually all operating systems and platforms can use TCP/IP.

◾ TCP/IP offers a very large number of utilities and tools.

◾ The I/Internet communication is based on TCP/IP.

TCP/IP Services and Protocols

Layer Services Protocols Devices

Physical Layer

◾ Dictates Signal Characteristics

◾ Data Transmission

◾ Signal Multiplexing

◾ Dictates Network L/O

◾ Dictates Media Characteristics

◾ Switching

◾ HSSI

◾ X.21

◾ Repeaters

◾ Hubs

◾ Modems

Data Link Layer

◾ Error Detection and Correction

◾ Flow and Error Control

◾ Media Access Control

◾ Virtual Circuit Switching

◾ HDLC

◾ ARP/RARP

◾ SLIP

◾ PPP

◾ Bridges

◾ Switches

Network Layer

◾ Internetworking

◾ Logical Addressing

◾ Routing

◾ Datagram Switching

◾ Routed Protocols

◾ IGMP

◾ IP

◾ ICMP

◾ Routing Protocols

◾ RIP

◾ IGRP

◾ BGP

◾ OSF

◾ Routers

◾ Gateways

Transport Layer ◾ Process-to-Process Delivery

◾ Congestion Control

◾ TCP

◾ UDP

N/A

Page 5 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ Quality of Service

Application Layer

◾ WWW

◾ Mail

◾ Multimedia

◾ TFTP

◾ HTTP

◾ FTP

◾ SMTP

◾ SNMP

◾ POP3

◾ Application Gateways

Physical Layer

Signals

◾ Data is transmitted in the form of electromagnetic signals.

◾ Signals are of two types

◾ Analog Signals

◾ Digital Signals

Analog Signals

◾ Analog data refers to information that is continuous;

◾ Analog data take on continuous values

◾ Analog signals - can have an infinite number of values in a range;

Digital Signals

◾ Digital data refers to information that has discrete states.

◾ Digital data take on discrete values.

◾ Digital signals- can have only a limited number of values.

Analog vs Digital

Periodic vs Non-Periodic Signals

◾ In data communications, we commonly use periodic analog signals and nonperiodic digital signals.

◾ Periodic analog signals can be classified as simple or composite.

◾ A simple periodic analog signal, a sine wave, cannot be decomposed into simpler signals.

◾ A composite periodic analog signal is composed of multiple sine waves.

Signal Properties

◾ Frequency is the rate of change with respect to time.

◾ Change in a short span of time means high frequency.

◾ Change over a long span of time means low frequency.

◾ If a signal does not change at all, its frequency is zero.

◾ If a signal changes instantaneously, its frequency is infinite.

◾ Frequency and period are the inverse of each other.

◾ Phase describes the position of the waveform relative to time 0.

A complete sine wave in the time domain can be represented by one single spike in the frequency domain A single-frequency sine

wave is not useful in data communications; we need to send a composite signal, a signal made of many simple sine waves

According to Fourier analysis, any composite signal is a combination of simple sine waves with different frequencies, amplitudes,

and phases.

Page 6 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

If the composite signal is periodic, the decomposition gives a series of signals with discrete frequencies; �if the composite signal

is nonperiodic, the decomposition gives a combination of sine waves with continuous frequencies. The bandwidth of a composite

signal is the difference between the highest and the lowest frequencies contained in that signal.

◾ Digital Signals

◾ In addition to being represented by an analog signal, information can also be represented by a digital signal. For

example, a 1 can be encoded as a positive voltage and a 0 as zero voltage. A digital signal can have more than two

levels. In this case, we can send more than 1 bit for each level.

◾ A digital signal is a composite analog signal with an infinite bandwidth.

◾ Baseband transmission of a digital signal that preserves the shape of the digital signal is possible only if we have a

low-pass channel with an infinite or very wide bandwidth.

◾ In baseband transmission, the required bandwidth is proportional to the bit rate;

if we need to send bits faster, we need more bandwidth.

◾ If the available channel is a bandpass channel, we cannot send the digital signal directly to the channel; �we need to

convert the digital signal to an analog signal before transmission.

Data Transmission

Data Rate

◾ Data Rate Limits- depends on three factors:

◾ The bandwidth available

◾ The level of the signals we use

◾ The quality of the channel (the level of noise)

Note:Increasing the levels of a signal may reduce the reliability of the system.

Transmission Impairments

◾ Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means

that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not

what is received. Three causes of impairment are attenuation, distortion, and noise.

◾ Performance

◾ One important issue in networking is the performance of the network—how good is it?

The first, bandwidth in hertz, refers to the range of frequencies in a composite signal or the range of frequencies that a channel can

pass. The second, bandwidth in bits per second, refers to the speed of bit transmission in a channel or link.

◾ The bandwidth-delay product defines the number of bits that can fill the link.

Network Topology

A Network topology is the study of the arrangement or mapping of the elements of a network.

Physical Topologies

Overview

◾ Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the

network.

◾ There are five main types of physical topologies that can be used and each has its own strengths and weaknesses.

Topologies

Page 7 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Topology Advantages Disadvantages

Commonly

used

Technology

Structure

Bus

◾ Uses a linear,

single cable for

all computers

attached

◾ All traffic

travels the full

cable and can

be viewed by all

other

computers.

◾ Easy to

install

◾ Costs are

usually low

◾ Easy to add

systems to

network

◾ Great for

small

networks

◾ Out-of-date

technology

◾ If cable

breaks, whole

network is

down

◾ Can be

difficult to

troubleshoot

◾ Unmanageable

in a large

network

◾ If a malicious

user were on

this network

and utilized a

packet capture

program, he

could see

every

conversation

that occurred

between

machines.

Ethernet

Ring

◾ All computers

are connected

by a

unidirectional

transmission

link, and the

cable is in a

closed loop.

◾ Does not

require

termination

like the bus.

◾ Easy to

install

◾ Costs are

usually low

◾ Great for

small

networks

◾ Easy to add

systems to

network

◾ If one station

experiences a

problem, it can

negatively

affect

surrounding

computers on

the same ring.

◾ Out-of-date

technology

◾ If cable

breaks, whole

network is

down

◾ Can be

difficult to

troubleshoot

◾ Unmanageable

in a large

network

FDDI

Star

◾ All computers

are connected to

a central device,

which provides

more resilience

for the network.

◾ when one

system goes

down, it

does not

bring the

rest of the

network

down.

◾ Costs are

usually higher

than with bus

or ring

networks

◾ If you have

only one

central device

Logical bus

(Ethernet)

and ring

topologies

(Token

Ring)

Page 8 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

◾ It is the most

prevalent

topology in use

today.

◾ Easy to

install

◾ Easy to add

devices to

network

◾ One break

does not

bring whole

network

down

◾ Easier to

troubleshoot

◾ Widely used

◾ Centralized

management

and it fails, it

brings the

network down

Tree

◾ The hybrid or

tree topology is

simply a

combination of

the other

topologies.

◾ The hierarchy

of the tree is

said to be

symmetrical, if

each node in the

network having

a specific fixed

number, f

('branching

factor' ),of

nodes

connected to it

at the next

lower level in

the hierarchy.

Combined

Advantages

Combined

Disadvantages Ethernet

Mesh

◾ In this layout,

every system is

connected to

every other

system.

◾ The main

advantage of

this topology is

high

availability.

◾ The main

disadvantage of

this topology is

cost, both

administrative

and physical.

◾ Mainly used in

Wide Area

◾ Extremely

fault tolerant

◾ Expensive

◾ Difficult to

implement

◾ Difficult to

administer

◾ Difficult to

troubleshoot

problems like

cable faults.

Internet

Page 9 of 16Fundamentals of Information Systems Security/Telecommunications and Network Securit...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Network

environments or

in environments

where high

availability

outweighs the

costs associated

with this

amount of

interconnection.

Logical Topologies

◾ The Logical topology defines how the systems communicate across the physical topologies.

◾ There are two main types of logical topologies:

◾ shared media topology

◾ token-based topology

Shared Media Topology

◾ In a shared media topology, all the systems have the ability to access the physical layout whenever they need it.

◾ Advantage- the systems have unrestricted access to the physical media.

◾ Disadvantage-collisions: If two systems send information out on the wire at the same time, the packets collide and kill both

packets.

◾ Example: Ethernet- uses CSMA/CD protocol to avoid collision

◾ Ideal for small networks-many networks are broken up into several smaller networks with the use of switches or hubs to

reduce the collision domain.

◾ Shared media networks are typically deployed in a bus, star, or hybrid physical topology.

Token Based

◾ The token-based topology works by using a token to provide access to the physical media.

◾ In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs

the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels

around the network, each system examines the token. When the packets arrive at the destination systems, those systems

copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender

receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.

◾ Advantage - no collision problems

◾ Disadvantage- latency, because each machine has to wait until it can use the token, there is often a delay in when

communications actually occur.

◾ Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the

originating machine for it to release. The ring topology best facilitates this requirement

Media

Signal and data transmissions occurs between a transmitter and at least a receiver, mostly in the form of electromagnetic waves

over a transmission medium (or a sequence of them). Transmission media can be classified as:

◾ Guided

◾ Unguided

Guided Media

◾ Twisted Pair

◾ Coaxial Cable

◾ Fiber Optics

Page 10 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Unguided Media

Unguided media provides a means for transmitting electromagnetic waves but do not guide them; examples are the propagation

through air, vacuum or water, all these media are unguided.

L1 Devices

Patch Panels

Modems

Wireless Transmission Technologies

Data-Link Layer

Concepts and Architecture

Architecture

Transmission Technologies

Technology and Implementation

Ethernet

Wireless Local Area Networks

Address Resolution Protocol (ARP)

Point-to-Point Protocol (PPP)

Network Layer

Basic Concepts

Local Area Network (LAN)

Wide Area Network (WAN) Technologies

Metropolitan Area Network (MAN)

Global Area Network (GAN)

Technology and Implementation

Routers

Firewalls

End Systems

The Internet Protocol (IP)

Overview

◾ The IP component of TCP/IP determines where packets of data are to be routed based on their destination addresses, and IP

has certain characteristics related to how it handles this function.

◾ The functioning of an IP based communication is analogous to Delivering Mail Through the Postal Service

IP Characteristics

Page 11 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Bits 0–3 4–7 8–15 16–18 19–31

Version Header length Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options

Data

◾ Operates at network layer

◾ Connectionless protocol- The destination device receives the data and does not return any status information to the sending

device

◾ Packets treated independently- A packet can be misdirected, duplicated, or lost on the way to its destination.

◾ Hierarchical addressing

◾ Best-effort delivery

◾ No data recovery features- does not provide any special features that recover corrupted packets

IP Packet Format

◾ The header consists of 12 fields + 1 optional field

◾ Version(4bits) :For IPv4, this has a value of 4 (hence the

name IPv4).

◾ Internet Header Length(4bits) : tells the number of 32-bit

words in the header. In IPv4, this field specifies the size of

the header.

◾ Type of Service (8bits)

◾ bits 0-2: precedence

◾ bit 3: 0 = Normal Delay, 1 = Low Delay

◾ bit 4: 0 = Normal Throughput, 1 = High Throughput

◾ bit 5: 0 = Normal Reliability, 1 = High Reliability

◾ bits 6-7: Reserved for future use or for

Differentiated services or for Explicit Congestion

Notification

◾ Total Length(16bits) : defines the entire datagram size, including header and data, in bytes.

◾ Identification : primarily used for uniquely identifying fragments of an original IP datagram.

◾ Flags(3bits) : used to control or identify fragments. They are (in order, from high order to low order):

◾ Reserved; must be zero.

◾ Don't Fragment (DF)

◾ More Fragments (MF)

◾ Fragment Offset(13bits) : specifies the offset of a particular fragment relative to the beginning of the original unfragmented

IP datagram.

◾ Time To Live(8bits) : helps prevent datagrams from persisting in an internetwork. When the TTL field hits zero, the packet is

no longer forwarded by a packet switch and is discarded.

◾ Protocol : defines the protocol used in the data portion of the IP datagram.

◾ Header Checksum(16bits) :used for error-checking of the header.

◾ Source address : An IP address is a group of 4, 8-bit octets for a total of 32 bits. The value for this field is determined by

taking the binary value of each octet and concatenating them together to make a single 32-bit value.

◾ Destination address : indicates the address of the packet receiver.

◾ Options : Additional header fields may follow the destination address field, but these are not often used. Note that the value

in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the

header contains an integral number of 32-bit words)

IP Addressing

◾ Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to

create addresses for subnetwork.

◾ Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided into two main parts:

◾ the network number- identifies a network, assigned by InterNIC or an ISP

◾ the host number-identifies a host on a network,assigned by the local network administrator.

◾ IPv4 Address representations

Notation Value Conversion from dot-decimal

Dot-decimal notation 192.0.2.235 N/A

Dotted Hexadecimal 0xC0.0x00.0x02.0xEB Each octet is individually converted to hex

Dotted Octal 0300.0000.0002.0353 Each octet is individually converted into octal

Hexadecimal 0xC00002EB Concatenation of the octets from the dotted hexadecimal

Page 12 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Decimal 3221226219 The hexadecimal form converted to decimal

Octal 030000001353 The hexadecimal form converted to octal

◾ IP Address Classes

◾ The IPV4 addresses are divided into five different address classes: A, B,C, D, and E.

IP Address

Class Format Purpose

High-Order

Bit(s) Address Range

No. Bits

Network/Host Max. Hosts

A N.H.H.H Few large

organizations 0 1.0.0.0 to 126.0.0.0 7/24

167772142

(2 24

- 2)

B N.N.H.H Medium-size

organizations 1, 0

128.1.0.0 to

191.254.0.0 14/16 65534 (2

16 - 2)

C N.N.N.H Relatively small

organizations 1, 1, 0

192.0.1.0 to

223.255.254.0 21/8 254 (2

8 - 2)

D N/A Multicast groups (RFC

1112) 1, 1, 1, 0

224.0.0.0 to

239.255.255.255

N/A (not for

commercial use) N/A

E N/A Experimental 1, 1, 1, 1 240.0.0.0 to

254.255.255.255 N/A N/A

Virtual Private Network (VPN)

Tunneling

Dynamic Host Configuration Protocol (DHCP)

Internet Control Message Protocol (ICMP)

Internet Group Management Protocol (IGMP)

Transport Layer

Concepts and Architecture

The Transmission Control Protocol (TCP)

Overview

◾ TCP is a connection-oriented protocol that provides data reliability between hosts. TCP has a number of unique

characteristics related to the way in which it accomplishes this transmission.

◾ The functioning of a TCP based communication is analogous to Sending Mail Certified(registered mail)

TCP Characteristics

◾ Operates at the transport layer of the TCP/IP stack

◾ Provides applications with access to the network layer

◾ Connection-oriented protocol- The end systems synchronize with one another to manage packet flows and adapt to

congestion in the network.

◾ Full-duplex mode operation

◾ Error checking- provides error checking by including a checksum in the datagram to verify that the TCP header information

is not corrupt

◾ Sequencing of data packets- TCP segments are numbered and sequenced so that the destination can reorder segments and

determine if data is missing.

◾ Acknowledgment of receipt- the receiver returns an acknowledgment to the sender indicating that it received the segment.

◾ Data recovery features- the receiver can request retransmission of a segment

TCP Connection Establishment

Page 13 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Bits 0–3 4–7 8–15 16–31

Source port Destination port

Sequence number

Acknowledgment number

Data offset Reserved CWR ECE URG ACK PSH RST SYN FIN Window

Checksum Urgent pointer

Options (optional)

Data

◾ TCP provides reliable transport services by establishing a connection-oriented session between the hosts. The Connection

establishment is performed by using a "three-way handshake" mechanism.

◾ A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence

numbers.

◾ This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as

well.

◾ Each host randomly chooses a sequence number used to track bytes within the stream it is sending and receiving. Then, the

three-way handshake proceeds in the following manner:

◾ The first host (Host A) initiates a connection by sending a packet with the initial sequence number (X) and SYN bit

set to indicate a connection request.

◾ The second host (Host B) receives the SYN, records the sequence number X, and replies by acknowledging the SYN

(with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host

has received bytes 0 through 19 and expects byte 20 next. This technique is called forward acknowledgment.

◾ Host A then acknowledges all bytes Host B sent with a forward acknowledgment indicating the next byte Host A

expects to receive (ACK = Y + 1). Data transfer then can begin.

TCP segment structure

◾ Consists of header(11 fields) and data sections

◾ Source port (16 bits) – identifies the

sending port

◾ Destination port (16 bits) – identifies

the receiving port

◾ Sequence number (32 bits) – has a dual

role

◾ If the SYN flag is present then

this is the initial sequence

number and the first data byte is

the sequence number plus 1

◾ if the SYN flag is not present

then the first data byte is the

sequence number

◾ Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next expected byte that the

receiver is expecting.

◾ Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the

maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes. This field gets its name from the

fact that it is also the offset from the start of the TCP packet to the data.

◾ Reserved (4 bits) – for future use and should be set to zero

◾ Flags (8 bits) (aka Control bits) – contains 8 bit flags

◾ CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP

segment with the ECE flag set.

◾ ECE (ECN-Echo) (1 bit) – indicate that the TCP peer is Explicit Congestion Notification(allows end-to-end

notification of congestion without dropping packets)capable during 3-way handshake.

◾ URG (1 bit) – indicates that the URGent pointer field is significant

◾ ACK (1 bit) – indicates that the ACKnowledgment field is significant

◾ PSH (1 bit) – Push function

◾ RST (1 bit) – Reset the connection

◾ SYN (1 bit) – Synchronize sequence numbers

◾ FIN (1 bit) – No more data from sender

◾ Window (16 bits) – the size of the receive window, which specifies the number of bytes (beyond the sequence number in

the acknowledgment field) that the receiver is currently willing to receive

◾ Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data

◾ Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the

last urgent data byte

◾ Data (Variable bits): As you might expect, this is the payload, or data portion of a TCP packet. The payload may be any

number of application layer protocols. The most common are HTTP, Telnet, SSH, FTP, but other popular protocols also use

TCP.

Page 14 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

The User Datagram Protocol(UDP)

Overview

◾ The User Datagram Protocol (UDP) is a connectionless transport-layer protocol that belongs to the Internet protocol family.

◾ UDP is basically an interface between IP and upper-layer processes. UDP protocol ports distinguish multiple applications

running on a single device from one another.

◾ Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP. Because of UDP's simplicity, UDP

headers contain fewer bytes and consume less network overhead than TCP.

◾ UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in cases where a higher-layer

protocol might provide error and flow control.

◾ UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS),

Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).

TCP vs UDP

Service TCP UDP

Reliability

Ensures that packets reach their destinations, returns

ACKs when a packet is received, and is a reliable

protocol.

Does not return ACKs and does not guarantee that a

packet will reach its destination, and is an unreliable

protocol.

Connection

Connection oriented, thus it performs handshaking and

develops a virtual connection with destination

computer.

Connectionless, thus it does no handshaking and does not

set up a virtual connection.

Packet

sequencing

Uses sequence numbers within headers to make sure

that each packet within a transmission is received. Does not use sequence numbers.

Congestion

controls

The destination computer can tell the source if it is

overwhelmed and to slow the transmission rate.

The destination computer does not communicate back to

the source computer about flow control through UDP.

Usage Used when reliable delivery is required. Used when reliable delivery is not required, such as in

streaming video and status broadcasts.

Speed and

overhead

Uses a considerable amount of resources and is slower

than UDP. Uses fewer resources and is faster than TCP.

Technology and Implementation

Scanning Techniques

Denial of Service

Session Layer

Concepts and Architecture

Technology and Implementation

Remote Procedure Calls

Directory Services

Access Services

Presentation Layer

Concepts and Architecture

Technology and Implementation

Transport Layer Security (TLS)

Page 15 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...

Application Layer

Concepts and Architecture

Technology and Implementation

Asynchronous Messaging (E-mail and News)

Instant Messaging

Data Exchange (World Wide Web)

Peer-to-Peer Applications and Protocols

Administrative Services

Remote-Access Services

Information Services

Voice-over-IP (VoIP)

General References

Sample Questions

Endnotes

Further reading

◾ Basic Computer Security

◾ Information Security in Education

◾ Communication Networks

◾ Wifi/Security

◾ UNIX Computing Security

◾ Security Architecture and Design

Retrieved from "https://en.wikibooks.org/w/index.php?

title=Fundamentals_of_Information_Systems_Security/Telecommunications_and_Network_Security&oldid=2952618"

◾ This page was last modified on 3 May 2015, at 10:07.

◾ Text is available under the Creative Commons Attribution-ShareAlike License.; additional terms may apply. By using this

site, you agree to the Terms of Use and Privacy Policy.

Page 16 of 16Fundamentals of Information Systems Security/Telecommunications and Network Sec...

9/29/2016https://en.wikibooks.org/w/index.php?title=Fundamentals_of_Information_Systems_Secur...