1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu Routing Fundamentals pptx

52 199 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 52
Dung lượng 0,99 MB

Nội dung

5 - 1 Routing Fundamentals - SANS ©2001 1 Routing Fundamentals Security Essentials The SANS Institute Hello, welcome to Routing Fundamentals. Just like it is important to understand how networks operate in order to secure them, it is also critical to understand how routers and routing work in order to have a secure network. What allows people from all over the world to communicate and what allows the Internet to function is routers. Routers are responsible for determining the path and sending traffic from source to destination. As you can imagine because they play such a key role, it is critical that they are properly secured because they are often the target of attacks. If someone can compromise a router, they can read, modify or delete any traffic that goes through it and this can cause a variety of problems. Based on router importance from a functionality and security standpoint, we have devoted a module to looking into the wonderful world of routers. 5 - 2 Routing Fundamentals - SANS ©2001 2 Agenda •Routers • Cisco IOS •Routing • Routing Protocols • Access Control Lists •Firewalls In this module, we are going to cover an overview of routers. We are going to start by looking at what a router is and how it works. We will then cover the routing operating system or IOS. How routing actually works and why there are two addresses will also be covered along with several examples. How routers communicate with each other via routing protocols will be discussed and we will wrap up the module with a brief look at how routers can filter traffic via access control lists. It is important to point out that the subject of routers is very complex and there are several week courses on each topic covered in this module. This module is meant to give you a high level overview and introduce you to several of these topics, not to provide a comprehensive coverage of the material. Also, this module tries to stay general but in certain cases if we have to discuss the specifics of a router, we will be using Cisco routers and the Cisco IOS in our examples. 5 - 3 Routing Fundamentals - SANS ©2001 3 What is a Router? • Routers connect two networks together. • Routers determine the path a packet should take from source to destination. • Uses IP addresses to determine a route. Since this module is devoted to routers, we should probably cover what a router is. As you will see, a computer is only capable of communicating with other systems that are on the same network. A computer does not have the capability to determine the best way to get to another network and how to send the packet. Therefore, a specialized device is needed to connect different networks together and to move the traffic between the networks. The device that performs this work is called a router. A router connects two or more networks together and is responsible to make sure those networks can communicate with each other. Routers will also determine the path a packet should take to get from a source to a destination. In order to do all of this work, routers use the source IP address and the destination IP address that is located in the layer 3 header to determine this information. This is why routers are sometimes referred to as layer 3 devices. 5 - 4 Routing Fundamentals - SANS ©2001 4 Starting a Router • The following are the basic steps a router performs on startup: – Check hardware – Find and locate the IOS – Find and apply the router configuration As we have discussed, a router’s primary role is to connect different networks together and to route traffic from source to destination. In order to determine how to do that, the router needs a configuration file and other information. Most of this information is loaded when the router is started. Let’s briefly look at the steps that are performed when a router is turned on. 1) Check the hardware and perform a self test to make sure all of the correct components are present and that everything is working properly 2) Find, locate, and load the IOS for the router. The IOS is the operating system for the router which tells it what to do and allows people to interface with it 3) Find and apply the router configuration information to the router. The IOS is generic and the same for all routers, but the configuration information uniquely identifies a particular router and tells it what it should do under different circumstances 5 - 5 Routing Fundamentals - SANS ©2001 5 Accessing the Router • The router can be accessed via the following: –Telnet –Console – Web browser (HTTP) • Modes of operation – User EXEC mode – Privilege EXEC mode – ROM Monitor mode In most cases once the router is configured and installed, it requires minimal user interaction in order for it to function properly. Even in cases where the router is working perfectly there still might be a need to periodically verify the configuration and perform maintenance on the router. The two basic ways to access a router are: To either telnet to the router across a network, or to directly connect to the router via a console cable where one end of the cable plugs into the router and the other end plugs into a computer. From an ease of use standpoint telnetting in is easier because you can access the router from a variety of places and you do not have to be sitting directly next to it. This, however, also increases your security risks, because if you can access the router from anywhere so can a possible attacker. Connecting via the console increases security because the only way you can change anything is if you have physical access to the router. This increases security but makes it difficult to remotely monitor routers. Just to touch base on the topic of physical security for routers: It is critical that routers have proper physical protection. With most routers, if you can get physical access to the system, you can gain access to the router and bypass any passwords or other security. In terms of modes of operations, Cisco routers have 7 command modes to access the router. In this section we will look at the three you will probably use most often. EXEC allows a user to type commands and have them interpreted by the system. User mode allows someone to run basic commands to find out information about the system. In order to make changes to the system, you must be in privileged mode. On most systems there are two passwords, one for user mode and one for privileged mode. These passwords should be different and hard to guess. ROM monitor mode allows you to configure a router if the IOS does not exist, and get the router up and running. 5 - 6 Routing Fundamentals - SANS ©2001 6 Basic Configuration Commands • Enable •Configure terminal • Hostname <router> • Enable secret <password> • Interface ethernet 0 • Ip address <ip address> <mask> Just to get a better idea of how routers work, let’s look at some basic configuration commands you might use to configure a router. When you first connect to a router, the router is operating in user mode which has very limited functionality. By typing “enable,” you will be prompted for a password and will enter privileged mode. The way that you can tell that you are in privileged mode is the router prompt will be a #. In order to make changes to the router and to start to configure it, you have to enter configuration mode by typing “configure terminal.” To give the router a name, you would type” hostname” followed by the name of the router. To specify that the password used to access the router is encrypted, you would type “enable secret” followed by the password. The password will appear in plaintext on the terminal when you initially type it in, so make sure no one is shoulder surfing or reading the screen. Since routers are responsible for routing traffic between different interfaces, you have to go in and configure each interface on the router so that it knows what its IP address and subnet mask is. To enter configuration mode for a particular interface, you would type “interface ethernet” followed by the number of the interface. Then you would type “ip address” followed by the ip address and subnet mask for that interface. There are a large number of commands one would use to configure a router, but this just gives you an idea of some of the key commands you might have to use. 5 - 7 Routing Fundamentals - SANS ©2001 7 Routing MAC and IP addresses Now that we have a general idea of what a router is and how it works, let’s look at how routing actually takes place on a network. 5 - 8 Routing Fundamentals - SANS ©2001 8 Two Addresses • At a minimum, a computer has two addresses: – MAC address • 48 bit address (12 hexadecimal digits) • First half vendor code (I.e., 00-00-0c Cisco or 08-00-20 Sun) • Usually hard-coded into NIC •Does not change – IP address • 32 bit address • Part network and part host • Configured by user • Changes based on location In order to understand how routing works, we have to cover the concept that any computer connected to a network has a minimum of two addresses. Usually there are two addresses per network interface. So, if a server has 4 network interface cards or NICs, then each interface would have two addresses: A MAC address and an IP address. The reason you need two addresses goes back to the OSI model and how communication is broken down into multiple layers. Layer 3 is responsible for routing traffic across a network, and IP operates at layer 3 and needs an address in order to route the traffic. So there is an IP address that layer 3 uses to determine how to get a packet from source to destination. But as we go down the OSI stack, the layer 3 information gets encapsulated by layer 2 before it goes out on the wire. So layer 1 and 2 need some way to directly send information to a given host. This is done via a MAC or Media Access Control address that operates at the lower layers. Now let’s look at each address in more detail. A MAC address is a 48-bit address that is usually written as 12 hexadecimal digits grouped in pairs of two. So, a typical address might look like the following: 00-00-0c-34-15-43. Since a MAC address is usually hard-coded into the NIC card and does not change, it is the vendor’s responsibility to make sure that every card has a unique MAC address. The way this is done is the MAC address is broken into two pieces. The first half or 6 hexadecimal digits is assigned to a specific vendor and the second half is a unique number assigned by that vendor. Now as long as the vendor uses the first half of their code, it is their responsibility to make sure every card has a unique MAC address and that there are no duplicates. So, by looking at a MAC address you can tell what vendor the NIC came from. For example, if the first half is 00-00-0c then you know the card was produced by Cisco and if it starts with 08-00-20 you know it was produced by Sun. An IP address is a 32 bit address, or 4 bytes, and usually written with a period between each byte. So a typical IP address might be 15.5.10.35. An IP address is broken into two pieces: A network piece and a host piece, but depending on the type of address it is (class A, B, or C) and whether subnet masks are being used. You can not tell where the division is just by looking at the address. You must also look at the subnet mask to see which piece identifies the network and which piece identifies the host. The IP address is configured by the user and as the computer moves around or changes location, the IP address must also change. Just to summarize the two addresses, let’s look at an example. I travel around the world and check my email from various locations. Each time I go to a new state or country, I have to reconfigure my machine with a new IP address, but my MAC address never changes. Actually, for my home network I know my IP address by heart because I change it so often, but I have no idea what my MAC address is because it never changes and it operates at a layer in the protocol stack that most people do not get that involved with. 5 - 9 Routing Fundamentals - SANS ©2001 9 MAC and IP Addresses • There is no direct relationship between the two addresses • Given one address, a computer must send out a packet to find out the other address – ARP (Address Resolution Protocol) – RARP (Reverse Address Resolution Protocol) So now we know that there are two addresses: A MAC and an IP address, but how do we tie the two together? Unfortunately, there is no direct relationship between the two addresses. Looking only at an IP address, there is no way that you can determine what the MAC address is and the reverse is also true. If I give you a MAC address of 00-00-0c-45-56-32, there is no way that you can tell me what the IP address is. You could make a totally random guess, but that would not be a good way to link the two together. Therefore, given one of the addresses, the only way to find out the address is to send out a packet saying, “Hey I know one address! Can you let me know what the other address is?” Actually, there is a protocol that will take care of this for us. ARP or Address Resolution Protocol, given an IP address will find out what the corresponding MAC address is. RARP or Reverse Address Resolution Protocol, given a MAC address will find out what the corresponding IP address is. 5 - 10 Routing Fundamentals - SANS ©2001 10 Address Resolution Protocol (ARP) 172.20.42.1 172.20.42.2 42.1 broadcasts a packet with 42.2’s IP Address and asks it to respond with its physical address. 01631 TARGET IP TARGET IP TARGET MAC TARGET MAC SOURCE IP TARGET MAC SOURCE MAC SOURCE IP SOURCE MAC SOURCE MAC HLEN OPERATION HARDWARE TYPE PROTOCOL TYPE PLEN Now let’s take a look at ARP and how it works. The internet protocols are specified by standards documents called Requests For Comments (RFCs). ARP [Address Resolution Protocol] is specified by RFC 826. It is not an internet protocol per se, because it is not carried in an internet packet (or an IP packet). It is an Ethernet frame that is sent to all systems on a network segment (this is what we call a broadcast). If a message is a broadcast message, that means it is sent to all of the machines on part or all of the network. The source host sends the ARP request and includes its source MAC and IP address, and then presumably the destination host will pick it up and reply. Of course, the reply will contain the destination host’s MAC and IP address. After this is done, the two systems can talk IP to one another. If you see an ARP, you are probably on the same physical cable segment as the sending computer, since ARPs will not be passed through a router. [...]... Protocol • Specifies routing between autonomous systems or networks that are very large • Is an exterior gateway protocol (EGP) • Performs 3 types of routing: – inter-autonomous system routing – intra-autonomous system routing – pass-through autonomous system routing Routing Fundamentals - SANS ©2001 21 BGP or border gateway protocol is an exterior gateway protocol which determines how routing should be... How Routing Works (2) INTERNET Routing protocols exchange information so that routers on the Internet know the location of a site’s primary point of connection(s) 128.38.0.0 128.38.20.0 128.38.15.0 Routing Fundamentals - SANS ©2001 16 In our first example, both of the subnetworks were directly connected to a single router This is of course a simple case On the Internet, routing protocols – dynamic routing. .. developed Routing protocols are the rules that routers use to communicate information with each other There are two general types of routing protocols: Distance vector and link state 5 - 17 Distance Vectors • Identifies neighbors and figures out distance metrics to each network • Problems – Routing loops • Solutions – Defining a maximum – Split Horizon – Poison Reverse – Hold down timers Routing Fundamentals. .. only generate additional bandwidth but can be slow to converge, which means it leaves the routing table open to having routing loops develop With distance vector routing protocols, slow convergence on a new configuration can cause inconsistent entries to exist which cause a routing loop to be created An example of a routing loop is: Router A sends all of its traffic to router B and router B sends all of... RIP 5 - 18 RIP • Distance vector protocol • Hop count is used as the metric • Maximum hop count is 15 • Routing updates every 30 seconds • Can load balance over multiple paths Routing Fundamentals - SANS ©2001 19 RIP or Routing Information Protocol is a basic protocol used for routers to exchange routing information and the details of RIP are specified in RFC 1058 Let’s look at some of the key characteristics... communicate between autonomous systems A wellknown example of this is the Border Gateway Protocol (BGP) Now let’s look at routing protocols in more detail 5 - 16 Routing Protocols • Distance Vector – RIP • Link State – OSPF • Hybrid – EIGRP – BGP Routing Fundamentals - SANS ©2001 17 We have seen how routing works and how packets get from source to destination, but how do routers actually determine the best path... single entity The Internet is composed of a large number of autonomous systems that are interconnected BGP performs 3 general types of routing: inter-autonomous system routing intra-autonomous system routing pass-through autonomous system routing Inter-autonomous system routing occurs between two or more BGP routers in different autonomous systems Peer routers in these systems use BGP to maintain a consistent... – no ip source-route Routing Fundamentals - SANS ©2001 For the source independent ACL’s Cisco provides shorthand descriptors 5 - 31 31 Internet Connection General Restrictions • Network Time Protocol ntp disable • SNMP no snmp • Network Broadcasts no ip direct-broadcast • Redirects no ip redirects • Unreachables no ip unreachables • Cisco Discovery Protocol no cdp enable Routing Fundamentals - SANS... next router the packet has to go to Now let’s look at a graphical representation of this process 5 - 13 Routing Example 41.2 wants to talk to 19.8, what has to happen? - 41.2 builds a packet, puts it on the media - Router forwards it to 19.8 172.20.41.1 172.20.19.8 172.20.41.2 172.20.19.212 Routing Fundamentals - SANS ©2001 14 On your slide, host 172.20.41.2 wants to talk to 172.20.19.8 The big star... full knowledge of all routers and how they connect • All routers have similar picture of the entire network Routing Fundamentals - SANS ©2001 20 We discussed distance vector protocols and looked at an example of RIP As we have seen, they are fairly basic but are also very limited The second type of routing protocols are link state and these overcome the limitations of distance vector protocols but also . 5 - 1 Routing Fundamentals - SANS ©2001 1 Routing Fundamentals Security Essentials The SANS Institute Hello, welcome to Routing Fundamentals. . the wonderful world of routers. 5 - 2 Routing Fundamentals - SANS ©2001 2 Agenda •Routers • Cisco IOS Routing • Routing Protocols • Access Control Lists •Firewalls In

Ngày đăng: 17/01/2014, 07:20

w