Nederlandse samenvatting van het boek Computer Networking : A Top-Down Approach & Network Forensics :
Tracking Hackers through Cyberspace, met de benodigde hoofdstukken voor het vak Network Engineering 1 van studierichting Cyber Security.
Lijst met opgenomen hoofdstukken:
KR3, KR4, KR5, KR6, KR7,...
Samenvatting Computer Networking, ISBN: 9781292153599 Network and Network Security (5062NENS6Y)
HBO-ICT, Jaar 1, Infrastructure, Boek Samenvatting
Computer Networking A top down approach
All for this textbook (4)
Written for
Hogeschool van Amsterdam (HvA)
HBO-ICT: Cyber Security
Network Engineering 1 (NE1_1920_VT)
All documents for this subject (2)
5
reviews
By: davidmladenovski • 3 year ago
By: feyewoerlee • 3 year ago
By: dasfsdfsdf21 • 3 year ago
By: othmanzarouali • 3 year ago
By: justinekoppen • 4 year ago
Seller
Follow
jbl2010
Reviews received
Content preview
Samenvatting Network
Engineering 1
,Inhoudsopgave
Inhoudsopgave..................................................................................................................1
3.5 Connection-Oriented Transport: TCP.............................................................................5
3.5.1 The TCP Connection.............................................................................................................5
3.5.2 TCP Segment Structure........................................................................................................5
Sequence Numbers and Acknowledge Numbers...........................................................................................5
A Few Interesting Scenarios............................................................................................................................6
3.5.2 Round-Trip Time Estimation and Timeout............................................................................6
3.5.4 Reliable Data Transfer.........................................................................................................7
Fast Retransmit...............................................................................................................................................7
Go-Back-N or Selective Repeat?.....................................................................................................................7
3.5.5 Flow Control........................................................................................................................7
3.5.6 TCP Connection Management..............................................................................................8
The syn flood attack........................................................................................................................................9
Beveiligingen tegen synflood attacks...........................................................................................................10
3.7 TCP Congestion Control..............................................................................................10
5.2 Routing Algorithms....................................................................................................11
Routing algorithms........................................................................................................................................11
5.2.1 The Link-State(LS) Routing Algorithm.................................................................................12
5.2.2 The Distance-Vector (DV) Routing Algorithm.....................................................................12
A Comparison of LS and DV Routing Algorithms..........................................................................................13
5.3 Intra-AS Routing in the Internet: OSPF........................................................................13
Open Shortest Path First (OSPF).................................................................................................14
5.4 Routing Among the ISPs: BGP.....................................................................................15
5.4.1 The Role of BGP.................................................................................................................15
5.4.2 Advertising BGP Route Information...................................................................................15
5.4.3 Determining the Best Routes.............................................................................................16
Hot Potato Routing.......................................................................................................................................16
Route-Selection Algorithm...........................................................................................................................16
5.4.6 Putting the Pieces Together: Obtaining Internet Presence.................................................17
DNS beveiligingen.........................................................................................................................................17
4.4 Generalized Forwarding and SDN...............................................................................19
4.4.1 Match................................................................................................................................19
4.4.2 Action................................................................................................................................19
4.4.3 OpenFlow Examples of Match-plus action in Action..........................................................19
5.1 Introduction...............................................................................................................20
5.5 The SDN Control Plane................................................................................................20
5.5.2 The SDN Control Plane: SDN Controller and SDN Network-control Applications................21
, 5.5.2 OpenFlow Protocol............................................................................................................22
5.5.3 Data and Control Plane Interaction: An Example...............................................................22
5.7 Summary....................................................................................................................24
Control Plane................................................................................................................................................24
SDN...............................................................................................................................................................24
Routing algoritmes........................................................................................................................................24
Waarom SDN gecentraliseerd?.....................................................................................................................24
6.4 Switched Local Area Networks....................................................................................24
6.4.1 Link-Layer Addressing and ARP..........................................................................................24
Mac Addresses..............................................................................................................................................25
Address Resolution Protocol (ARP)...............................................................................................................25
6.6 Data Center Networking.............................................................................................27
Load Balancing..............................................................................................................................................28
Hierarchical Architecture..............................................................................................................................28
6.7 Retrospective: A Day in the Life of a Web Page Request.............................................29
6.7.1 Getting Started: DHCP, UDP, IP and Ethernet.....................................................................29
6.7.2 Still Getting Started: DNS and ARP.....................................................................................30
6.7.3 Still Getting Started: Intra-Domain Routing to the DNS Server...........................................30
6.7.4 Web Client-Server Interaction: TCP and HTTP....................................................................30
7.1 Introduction - Wireless and Mobile Networks.............................................................30
7.2 Wireless Links and Network Characteristics................................................................31
7.3 WiFi: 802.11 Wireless LANs.........................................................................................32
7.3.1 The 802.11 Architecture.....................................................................................................33
Channels and Association.............................................................................................................................33
7.3.3 The IEEE 802.11 Frame.......................................................................................................34
Payload and CRC Fields.................................................................................................................................34
Address Fields...............................................................................................................................................34
Sequence Number, Duration, and Frame Control Fields..............................................................................35
7.3.4 Mobility in the Same IP Subnet..........................................................................................35
7.3.5 Advanced Features in 802.11.............................................................................................36
802.11 Rate Adaptation................................................................................................................................36
Power Management.....................................................................................................................................36
7.3.6 Personal Area Networks: Bluetooth and Zigbee.................................................................36
Bluetooth......................................................................................................................................................36
Zigbee............................................................................................................................................................36
8.8 Securing Wireless LANs...............................................................................................36
8.8.1 Wired Equivalent Privacy (WEP).........................................................................................37
8.8.3 IEEE 802.11i........................................................................................................................37
8.1 What Is Network Security...........................................................................................38
,8.2 Principles of Cryptography..........................................................................................39
8.2.1 Symmetric Key Cryptography.............................................................................................39
Block Ciphers.................................................................................................................................................40
Cipher-Block Chaining...................................................................................................................................40
8.2.2 Public Key Encryption.........................................................................................................40
RSA................................................................................................................................................................41
Session Keys voor semmetrische key encryptie (DES).................................................................................41
Why Does RSA Work?...................................................................................................................................41
8.3 Message Integrity and Digital Signatures...................................................................41
8.3.1 Cyptographic Hash Functions.............................................................................................41
8.3.2 Message Authentication Code...........................................................................................42
8.8.3 Digital Signatures...............................................................................................................42
Public Key Certification.................................................................................................................................43
8.6 Securing TCP Connections: SSL....................................................................................45
8.6.1 The Big Picture...................................................................................................................45
Handshake....................................................................................................................................................46
Key Derivation...............................................................................................................................................46
Data Transfer................................................................................................................................................46
SSL Record.....................................................................................................................................................46
SSL Handshake..............................................................................................................................................46
Connection Closure.......................................................................................................................................47
Chapter 1 Practical investigative Strategies......................................................................47
Real-World Cases........................................................................................................................47
Footprints...................................................................................................................................47
Concepts in Digital Evidence.......................................................................................................48
1.3.7 Digital Evidence.................................................................................................................48
1.3.8 Network-Based Digital Evidence........................................................................................48
Chapter 7 Network Intrusion Detection and Analysis........................................................49
7.1 Why Investigate NIDS/NIPS?.................................................................................................49
7.2 Typical NIDS/NIPS Functionality............................................................................................49
7.2.1. Sniffing..............................................................................................................................49
7.2.2 Higher-Layer Protocol Awareness......................................................................................50
7.2.3 Alerting on Suspicious Bits.................................................................................................50
7.2.3.1 Fidelity............................................................................................................................50
7.3 Modes of Detection..............................................................................................................50
7.4 Types of NIDS/NIPSs.............................................................................................................51
, 7.4.2 Roll-Your-Own...................................................................................................................51
7.5 NIDS/NIPS Evidence Acquisition...........................................................................................51
7.5.2 NIDS/NIPS Interfaces.........................................................................................................51
7.7 Snort.....................................................................................................................................51
7.7.1 Basic Architecture..............................................................................................................52
7..2 Configuration.......................................................................................................................52
7.7.3 Snort Rule Language..........................................................................................................52
7.7.3.1 Rule Header & rule Body.................................................................................................52
7.8 Conclusion............................................................................................................................53
Chapter 9 Switches, Routers and Firewalls.......................................................................53
9.1. Storage Media.....................................................................................................................53
9.2. Switches...............................................................................................................................53
9.2.1 Why Investigate Switches?................................................................................................53
9.2.3 Types of Switches..............................................................................................................54
9.3. Routers................................................................................................................................54
9.4 Firewalls...............................................................................................................................55
9.5 interfaces..............................................................................................................................56
9.6 Logging.................................................................................................................................57
9.6.4 Authentication, Authorization, and Accouting Logging......................................................58
9.7 Conclusie..............................................................................................................................58
Chapter 10 Web Proxies.............................................................................................................58
10.1 Why Investigate Web Proxies?............................................................................................58
10.2 Web Proxy Functionality.....................................................................................................59
10.3 Evidence.............................................................................................................................60
10.4 Squid...................................................................................................................................60
10.5 Web Proxy Analysis.............................................................................................................61
10.7 Conclusion..........................................................................................................................61
Chapter 12 Malware Forensics....................................................................................................61
12.2 Network Behavior of Malware............................................................................................63
12.3 De toekomst van malware en netwerkforensics.................................................................63
,3.5 Connection-Oriented Transport: TCP
3.5.1 The TCP Connection
TPC:
- Connection-Oriented: Moet eerst met een “handshake” verbonden worden.
- Full-duplex service: het proces A naar proces B tegelijk van proces B naar A
kan versturen.
- Point-to-point 1 zender, 1 ontvanger.
- Three-way handshake: De eerste twee segmenten geen payload, de derde
heeft dat wel daarom wordt dit ook wel een Three-way handshake
genoemd.
- Betrouwbaar
- Flow en Congestion Control
- Pinelined: De zender verstuurt meerdere data-pakketten zodat er niet te lang
gewacht wordt op bevestiging.
Maximum transmission unit (MTU) bepaalt de limiet van data die ontvangen en
geplaatst wordt met een TCP segment naar IP datagram. TCP segments worden
gekoppeld door client data chunks met een TCP header.
3.5.2 TCP Segment Structure
- 32-bit: Sequence number field / Acknowledgement number field: Zorgen
voor betrouwbare data transport.
- 16 bit: Receive window: wordt gebruikt voor flow control.
- 4 bit: Header length field: definieert de lengte van TCP header in 32 bit
woorden.
- Option field: Bepaalt maximum segment grootte.
- 6 bit: Flag field / ACK bit, RST, SYN, FIN, (PSH, URG): Om te bepalen of
data goed is aangekomen.
Sequence Numbers and Acknowledge Numbers
Sequence numbers for a segment: het bytestroomnummer van de eerste byte in
het segment.
Acknowledgement numbers: Host A verstuurt een segment met sequence
number 1000. Host B ontvangt dan een acknowledge nummer van 1000 +
(1) = 1001
Cumulative acknowledgement: Host A wacht nog steeds op byte 536 (en verder)
om de gegevensstroom van B opnieuw te maken. Het volgende segment van A naar
B zal dus 536 bevatten in het veld met het bevestigingsnummer.
,A Few Interesting Scenarios
Figure 1:round-trip time outs
3.5.2 Round-Trip Time Estimation and Timeout.
TCP gebruikt een timeout/retransmit mechanisme om verloren segmenten te
herstellen.
Estimating the Round-Trip Time
- SampleRTT: Gemeten tijd vanaf verzonden segment tot ACK.
- EstimatedRTT: Het gemiddelde van de SampleRTT waardes wat gebaseerd
is op nieuwe waardes.
Setting and Managing the Retransmission Timeout Interval
De timeout interval moet niet veel hoger liggen dan de EstimatedRTT, anders zal dit
leiden tot vertraagde data overdracht. Daarom is het noodzakelijk om de timeout tijd
gelijk te maken aan de EstimatedRTT. De waarde van de Timeoutinterval is 1
seconden.
, Figuur 1: RTT samples en Estimated RTTs
3.5.4 Reliable Data Transfer
Reliable data transfer service: TCP maakt een betrouwbare verbinding bovenop
het IP’s onbetrouwbare best effort service.
- Timeouts van het herstellen van verloren segmenten: TCP reageert op de
time-outgebeurtenis door het segment dat de time-out heeft veroorzaakt
opnieuw te verzenden. TCP start vervolgens de timer opnieuw.
- Dubbele acknowledgments: Als de Acknowledge niet matched met
SendBase-1 dan wordt de verbinding verbroken.
- Ontvangen data: De foutmeldingen worden berekend door TimeoutInterval
door EstimatedRTT en DevRTT.
Fast Retransmit
Duplicate ACK: is een ACK die een segment bevestigt waarvoor de afzender al
eerder een bevestiging heeft ontvangen.
TCP fast retransmit (zie Figuur 1: Fast) : Als zender 3 ACK’s ontvangt voor
hetzelfde segment wordt een unacknowledge segment met het laagste sequence
nummer teruggestuurd.
- Timeout lang: Lange vertraging voordat het verloren segment teruggestuurd
wordt.
- Dubbele ack’s: Door duplicate ACK’s probeert TCP het verloren segment
terug te vinden.
Go-Back-N or Selective Repeat?
Selective acknowledges: Segmenten die buiten bereik vallen worden detecteert.
Hierdoor is TCP’s error recovery mechanisme een combinatie van Go-Back-N en
Selective Repeat.
3.5.5 Flow Control
Flow control zorgt dat de zender de ontvanger niet overspoeld wordt met berichten.
De zender draagt een variabelen die receive window heet. Hierdoor heeft de
zender een idee hoeveel buffer de ontvanger nog vrij heeft.
- LastByteRead: laatste nummer van bite gelezen door de buffer door de
applicatie van B
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jbl2010. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.82. You're not tied to anything after your purchase.
