1 - 1 Network Fundamentals - SANS ©2001 1 Security Essentials Day 3 Security Essentials The SANS Institute 1 - 2 Network Fundamentals - SANS ©2001 2 Agenda • Network fundamentals – Network topologies •IP concepts –1 –Protocol stacks –IP •IP concepts –2 –TCP –UDP –ICMP This page intentionally left blank. 1 - 3 Network Fundamentals - SANS ©2001 3 Agenda (cont.) •IP Behavior –TCP dump – Analyzing network traffic •Routing – Routing protocols • Host perimeter defense – Personal firewalls This page intentionally left blank. 1 - 4 Network Fundamentals - SANS ©2001 4 Network Fundamentals Security Essentials The SANS Institute Hello. Welcome to Network Fundamentals. Over the next several modules we are going to look at various aspects of networking and how computers connect over a network. Understanding the key issues of networking is critical to being able to secure a network. The basic question comes down to if you do not understand how a network operates, how are you going to be able to secure it? In this module, we are going to cover some of the fundamental principles of networking that you will need to understand in order to build a secure network. 1 - 5 Network Fundamentals - SANS ©2001 5 Agenda • Topology • Ethernet, Token Ring, Wireless •Wiring •Network Devices •VLANs In this module, we are going to cover various aspects of networking. First we are going to look at various topologies you can use to design a network, including covering how Ethernet and Token Ring networks operate. Since it is becoming more popular we are also going to look at wireless networks. Then, we are going to cover the different types of wiring and how you would connect computers together so that they can communicate. Lastly, we are going to look at various devices, like hubs, switches, bridges and routers, that you would use to connect computers together. We will finish this section with looking at how we can use these devices to create virtual LANS or VLANS. 1 - 6 Network Fundamentals - SANS ©2001 6 Physical vs Logical Topologies • Physical topology – Defines how systems are connected together – bus, ring, star, and point-to-point • Logical topology – Defines the rules of communication across the logical topology – Ethernet, Fiber Distributed Data Interface (FDDI), Frame Relay There are two types of topologies: Physical and logical. A physical topology describes the way the network is wired together. This is the logical layout of how the computers are actually connected via physical wires or wireless devices. In order for computers to communicate with each other they must be connected in some fashion. The physical topology is independent of the logical topology which describes the communication rules which are to be used when systems exchange data on the logical topology. Physical and logical topologies are independent of each other and you can actually mix and match. For example, a logical topology can be wired using different physical topologies. Just to emphasize the difference between the two, let’s look at how humans communicate. In most cases, the logical topology we use to communicate or the rules we would use to communicate would be the English language. The English language has a lot of rules that dictate how we form words and sentences, to help provide meaning to what we say. The physical topology would be the system we would use to communicate. For example a telephone could be one physical topology or using the mail could be another. As you can see in this example, the English language is the logical topology or the rules of communications and there are several physical topologies we can use to actually send the information. 1 - 7 Network Fundamentals - SANS ©2001 7 Bus Topology • All systems connect to the same segment of wire – Poor scalability – Poor traffic isolation – Low fault tolerance – Troubleshooting nightmare Bus topology is the first physical topology that we will look at. This topology is dated and used very little today. It is very simple, so for small networks it does have some usefulness. With a bus topology, all of the computers are connected to the same segment of wire. Depending on where the computers are located this type of topology can be easier and cheaper to install. For example, if I have five computers in one room and a server in another room, with a bus topology I only have to run a single wire between the two rooms and all computers would connect to the same wire. With other topologies, you would have to run a wire for each computer back to a central spot. Some of the negative aspects of using a bus topology are: Since all of the computers share a single segment, if that segment fails then the entire network is down, which causes a single point of failure for the entire network. It is also very hard to troubleshoot and difficult to isolate particular traffic, since all traffic is going over a single wire. Since all computers share the same wire, it is very difficult to add additional computers because a new wire would have to be run. As you can see for certain small environments from an ease of implementation and cost standpoint, the bus topology has some usefulness, but overall for most companies the drawbacks outweigh the benefits. 1 - 8 Network Fundamentals - SANS ©2001 8 Ring Topology • Multiple point-to- point connections forming a ring • Systems transmit on one side and receive on another – Dual ring can provide fault tolerance The next topology we will look at is the ring topology. An easy way to think of this is a bunch of kids standing in a circle playing the telephone game and you’ll get a good idea of how ring topology works. Each station transmits on one side while receiving on the other. So if I have something to say to a person on the other side of the ring, I tell the person on my left and they pass it along. Eventually, I will get a reply to my message from the person standing on my right. There are two major reasons why you do not see ring topology in wide use today. The first is that it is not supported by Ethernet. Since Ethernet came out on top in the logical topology wars, people don’t use rings because you can’t run Ethernet on them. The other major factor was cost. Each system’s network card acts like a repeater (discussed in greater detail later) which increases the cost of hardware. The major logical topology that uses a ring is Token Ring. A Token Ring network is setup so each computer receives information and passes it on to the next computer in a ring. FDDI or fiber distributed data interface is an enhancement to Token Ring and uses two rings, one for transmission and one for redundancy purposes. 1 - 9 Network Fundamentals - SANS ©2001 9 Star Topology • Multiple point-to- point connections to a central device (hub or switch) – Good fault tolerance – Certain hardware can provide traffic isolation –Scales well Star is the most common physical topology used today. With a star topology, all systems are connected together through a central device such as a hub or a switch. While the central device is a central point of failure, star is usually resilient enough to deal with any one circuit or system failing. For example, if the cable leading to the desktop system is cut, the Mac and the server would be unaffected. Traffic control is also improved. Since all circuits are tied to a single device I can build intelligence into that device in order to control traffic flow on my network. Star topology is a little more expensive to implement depending on distance because each computer has a dedicated wire that is run from the computer to a central location. Now, if new systems are added to the network a new wire has to be run from the new location to the central location and the computer can now communicate on the network. 1 - 10 Network Fundamentals - SANS ©2001 10 Logical Topologies • Independent of physical topologies • Logical Topologies – Ethernet –Token Ring – Fiber Distributed Data Interface (FDDI) –Frame Relay Now that we have covered the major physical topologies, let’s look at the major logical topologies. Remember, the logical topologies are independent of the physical topologies. As we will see at the end of this section, there is sometimes a relationship between the two or based on best practices a certain logical topology is sometimes often used with a particular physical topology. The main logical topologies that we are going to look at are: Ethernet, Token Ring, FDDI or fiber distributed data interface, and Frame Relay. [...]... cables and connectors but the punch downs were only rated for CAT3 The best way to verify compliance is to use a cable tester and verify the entire circuit, including patch cables 1 - 15 Pin Assignments • Ethernet 10BT uses pins 1 -3, 2-6 • Ethernet 100BTx uses pins 1 -3, 2-6 • Ethernet 100BT4 uses pins 1-2, 3- 6, 4-5, 7-8 • Token Ring uses pins 3- 6, 4-5 • ATM uses pins 1-2, 7-8 Network Fundamentals - SANS... operate at layer 3 1 - 30 Network Design Network Fundamentals - SANS ©2001 This page intentionally left blank 1 - 31 31 Network Design Objectives • Publish separate mail, web and DNS servers to the Internet • Provide appropriate access from the internal network to the Internet • Protect the internal network from external attacks • Provide defense in depth Network Fundamentals - SANS ©2001 32 For this example... access the remainder of our production systems A good network security design should always provide multiple layers of defense to guard against the failure of a single component 1 - 32 Network Sections • Public – Internet • Semi-public – Web server – Mail server – DNS server • Private – Internal Systems Network Fundamentals - SANS ©2001 33 By analyzing our situation, it becomes apparent that we can... category The supported category indicates what level of bandwidth can be pushed through the cable without error While you can use category 3 (CAT3) cabling on a 100 Mb network you would probably end up having intermittent communication problems and failures Therefore while CAT 3 is suitable for 10 base T communication, for 100 base T communication you would need to use CAT 5 Remember that your cabling is only... “Uplink” port Since these cables are so handy, here are the wiring connections you need to create one: Pin 1 to Pin 3 Pin 2 to Pin 6 Pin 3 to Pin 1 Pin 6 to Pin 2 1 - 17 Frames vs Packets • A frame describes an OSI layer 2 chunk of data – Ethernet, Token Ring, Frame Relay • A packet is an OSI layer 3 chunk of data – IP, IPX, AppleTalk Network Fundamentals - SANS ©2001 18 During conversation, you might hear... want to actively protect this information from being disclosed These are our private servers 1 - 33 Firewall Objectives • Allow legitimate outbound traffic • Provide limited access to and from the semi-public servers • Block all unsolicited traffic to the private network Network Fundamentals - SANS ©2001 34 To protect our servers from attack, we need to install a firewall The question is where? We want... the semi-public servers to the Internet 1 - 35 Firewall Placement • Between the Internet and the other networks • Between the semi-public and private network Network Fundamentals - SANS ©2001 36 Knowing the basic network paths, it’s easy to determine where to place the firewall It’s position needs to be placed at the intersection of these three paths 1 - 36 ... Asynchronous Transfer Mode (ATM) • ATM utilizes both OSI layer 2 and layer 3 communication properties • Like combining Ethernet and IP • Encapsulates common protocols • Uses Virtual Path Identifiers (VPI) to create end-to-end connectivity • ATM uses a fixed cell size (48 bytes) for better Quality of Service (QoS) Network Fundamentals - SANS ©2001 13 ATM is a bit of a strange beast It has properties that make it... connection requests to the web, DNS, and email servers, but that protects the private servers from all connection attempts 1 - 34 Network Intersections • Private Network to Internet • Private Network to Semi-Public Network • Semi-Public Network to Internet Network Fundamentals - SANS ©2001 35 This leads to the conclusion that there are three basic paths that network traffic should pass among our network - from... this field 1 - 20 Packet Info Includes • OSI Layer 3 protocol header – source and destination software address – time to live (ttl), CRC, ID for transport protocol • OSI Layer 4 and up headers – Sequencing, translation, ports or sockets • Actual data being transmitted Network Fundamentals - SANS ©2001 21 A packet includes header information for OSI layers 3 and up After the headers is the actual data being . 1 - 1 Network Fundamentals - SANS ©2001 1 Security Essentials Day 3 Security Essentials The SANS Institute 1 - 2 Network Fundamentals. Ethernet 10BT uses pins 1 -3, 2-6 • Ethernet 100BTx uses pins 1 -3, 2-6 • Ethernet 100BT4 uses pins 1-2, 3- 6, 4-5, 7-8 • Token Ring uses pins 3- 6, 4-5 • ATM uses