Networks and Network Security Summary
Chapter 1 2
1.1 A Nuts-and-Bolts Description 2
1.2 Access Networks 2
1.3 Packet Switching 3
1.4 Delay, Loss and Throughput 3
1.5 Protocol layers and their service model 3
1.6 Networks under attack 4
Chapter 2: 6
2.1 Principles of Network Applications 6
2.2 The Web and HTTP 7
2.3 Electronic Mail in the Internet 9
2.4 DNS - The Internet’s Directory Service 9
2.5 Peer-to-Peer File Distribution 10
2.6 Video streaming and Content Distribution Networks 11
2.7 Socket programming 12
Chapter 3: 13
3.1 Introduction and Transport-Layer Services 13
3.2 Multiplexing and demultiplexing 13
3.3 Connectionless transport: UDP 14
3.5 Connection-oriented transport: TCP 15
3.6 Principle of congestion control 20
3.7 TCP congestion control 21
Chapter 4: 24
4.1 Overview of the network layer 24
4.2 What's inside a router? 25
4.3 The Internet Protocol (IP) 27
4.4 Generalized forwarding 31
Chapter 5: 34
5.1 Introduction 34
5.2 Routing Algorithms 34
5.3 Intra-AS routing in the Internet: OSPF 35
5.4 Rouring Among the ISPs: BGP 36
5.5 The SDN control plane 37
5.6 ICMP: The Internet Control Message Protocol 38
Chapter 6: 40
6.1 Introduction to the link layer 40
6.3 Multiple Access Links and Protocols 40
, 6.4 Switched Local Area Networks 43
Chapter 7: 47
7.1 Introduction 47
7.2 Wireless links and network characteristics 48
7.3 WiFi: 802.11 wireless LANs 49
7.5 Mobility Management: principles 53
7.6 Mobility Management: in practice 54
Chapter 8: 56
8.1 What is network security? 56
8.2 Principle of cryptography 56
8.3 Message integrity and digital signatures 60
8.5 Securing e-mail 62
8.6 Securing TCP connections: TLS 64
8.7 Network layer security 65
8.8 Securing wireless LANs 67
8.9 Operational security 70
, Networks and Network Security Summary 1Chapter 1
1.1 A Nuts-and-Bolts Description
The internet is a network that interconnects almost all computing devices.
The computing devices are called hosts or end systems. These end systems are
connected by a network of communication links, which are the physical media that
transfers data. Each link has a different transmission rate in bits/second.
End systems access the Internet through Internet Service Providers (ISP’s).
Transmission Control Protocol and Internet Protocol are two of the most important
protocols, also known as TCP and IP. Internet standards are developed by the Internet
Engineering Task Force and the documents are called the request for comments (RFC).
1.2 Access Networks
Physical media fall into two categories: guided and unguided media. With guided it goes
through physical stuff and unguided is LAN or digital satellite channel.
There are two fundamental approaches to move data through a network, first up circuit
switching: this is when there are circuits reserved on links, and when there is an
end-to-end connection between two hosts. This is implemented by either
frequency-division multiplexing (FDM) or time-division multiplexing (TDM).
1.3 Packet Switching
Then there is packet switching: the source breaks long messages into smaller chunks of
data known as packets. Most packet switches use store and forward transmission that
means a packet switch must receive the entire package before it can transmit to the
outbound link.
Each packet switch has an output buffer a.k.a output queue that stores all the packets the
router is about to send and this causes queuing delay. When a packet arrives and finds a full
queue there will be packet loss, either the arriving packet will be dropped or a packet which
is already in the queue will be dropped.
Each router has a forwarding table that maps destination addresses to the router outbound
links.
1.4 Delay, Loss and Throughput
Packet switching is not suitable for real-time services, because of its variable and
unpredictable end-to-end delays. But it does beat circuit-switching in sharing of transmission
capacity, less complex and cost-efficient.
● Processing Delay: This is the time needed to look at where the packet needs to be
directed to or other processing factors.
● Queuing Delay: This is the time the packet has to wait to be sent out by the router,
this depends on how many packets were sent before this one and how long the
queue wait is.
● Transmission delay: This is the amount of time required to push (that is, transmit)
all of the packet’s bits into the link. Transmission delays are typically on the order of
microseconds to milliseconds in practice.
, ● Propagation Delay: This is the time needed for the packet from when it is pushed on
the link by router A until it arrives at router B a.k.a. traveling time.
1.5 Protocol layers and their service model
Protocol layering: structure in the design of network protocols. On top we have the
application layer: this is where network applications and their protocols reside. Examples
are HTTP web document requests and transfer, SMTP transfer of email messages. and the
FTP transfer of files. packet information is called a message.
Then there is the Transport layer: there are two transport protocols TCP which provides
connection-oriented services and even breaks long messages into shorter ones and UDP
which provides connectionless services and provides no reliability. A transport layer packet
is called a segment.
On the third layer we have the network layer: provides the service of delivering the segment
to the transport layer in the destination host. This layer includes the IP protocol.
Then, there is the link layer: To move a packet from one node (host or router) to the
next node in the route, the network layer, relies on the services of the link layer. We’ll refer to
the link-layer packets as frames.
At last, there is the physical layer: the job of the physical layer is to move the individual
bits within the frame from one node to the next.
Encapsulation: refers to the bundling of data with the methods that operate on that data, or
the restricting of direct access to some of an object's components. In network-layers, the
packet from the layer above is encapsulated by the headers of this layer.
1.6 Networks under attack
Malware consists of software that is specifically designed to disrupt, damage, or gain
unauthorized access to a computer system. A network of private computers infected with this
software and controlled as a group without the host’s knowledge is called a botnet. Much of
the malware out there today is self-replicating: once it infects one host, it seeks entry into
other hosts over the Internet, and from the newly infected hosts, it seeks entry into yet more
hosts.
Another broad class of security threats are known as denial-of-service (DoS) attacks. A
DoS attack renders a network, host, or other piece of infrastructure unusable by legitimate
users. Most Internet DoS attacks fall into one of three categories:
● Vulnerability attack. This involves sending a few well-crafted messages to a
vulnerable application or operating system running on a targeted host. If the right
sequence of packets is sent to a vulnerable application or operating system, the
service can stop or, worse, the host can crash.
● Bandwidth flooding. The attacker sends a deluge of packets to the targeted host - so
many packets that the target’s access link becomes clogged, preventing legitimate
packets from reaching the server.
● Connection flooding. The attacker establishes a large number of half-open or fully
open TCP connections at the target host. The host can become so bogged down with
these bogus connections that it stops accepting legitimate connections.
,In a distributed DoS (DDoS) attack, illustrated in Figure 1.25, the attacker controls multiple
sources and has each source blast traffic at the target.
A packet sniffer is a piece of hardware or software used to monitor network traffic. Sniffers
work by examining streams of data packets that flow between computers on a network as
well as between networked computers and the larger Internet. Because packet sniffers are
passive they are difficult to detect. So, when we send packets into a wireless channel, we
must accept the possibility that some bad guy may be recording copies of our packets.
The ability to inject packets into the Internet with a false source address is known as IP
spoofing, and is but one of many ways in which one user can masquerade as another user.
To solve this problem, we will need end-point authentication, that is, a mechanism that will
allow us to determine with certainty if a message originates from where we think it does.
, Chapter 2:
2.1 Principles of Network Applications
The application architecture: is designed by the application developer and dictates how it
is structured over various end-systems. This is split into two:
Client-server architecture, there is an always-on host, called the server, which services
requests from many other hosts, called clients. A classic example is the Web application for
which an always-on Web server services requests from browsers running on client hosts.
When a Web server receives a request for an object from a client host, it responds by
sending the requested object to the client host.
P2P architecture, there is minimal (or no) reliance on dedicated servers in data centers.
Instead, the application exploits direct communication between pairs of intermittently
connected hosts, called peers. The peers are not owned by the service provider, but are
instead desktops and laptops controlled by users, with most of the peers residing in homes,
universities, and offices. Because the peers communicate without passing through a
dedicated server, the architecture is called peer-to-peer. Many of today’s most popular and
traffic-intensive applications are based on P2P architectures. One of the most compelling
features of P2P architectures is their self-scalability.
With two processes sending messages to each other, those messages need to go through
an underlying network. This is done through a software interface called a socket. A socket
is the interface between the application layer and the transport layer within a host, this is
also referred to as the Application Programming Interface (API) between the application
and the network. The application developer has control of everything on the application
side, but on the transport-layer side it can only decide which protocol to use (UDP or TCP)
and maybe the parameters of the transport-layer such as maximum buffer and maximum
segments.
To identify the receiving process, two pieces of information are needed, the address of the
host and an identifier that specifies the receiving process in the host.
Internet hosts can be identified by hostname (eg. www.google.com). But at the same time
hostnames can also be identified by IP-address (32-bit). To identify the receiving process
there is the port number (Web Server: 80, SMTP: 25).
The internet provides more than one transport-layer protocol, but how do you choose the
right one? To make it easier we broadly classify the possible services in four categories:
reliable data transfer, throughput, timing and security.
Reliable Data Transfer: packets can get lost in transport. For many applications this loss
can have devastating consequences. When a protocol provides a guarantee that the data is
received correctly and completely it is said to provide reliable data transfer. However there
are also applications which don't mind if some of the data never arrives. Those are called
loss-tolerant applications (Multimedia applications).