Nederlandse samenvatting van het boek Computer Networking : A Top-Down Approach & Network Forensics :
Tracking Hackers through Cyberspace, met de benodigde hoofdstukken voor het vak Network Engineering 1 van studierichting Cyber Security.
Lijst met opgenomen hoofdstukken:
KR3, KR4, KR5, KR6, KR7,...
,Inhoudsopgave
Inhoudsopgave..................................................................................................................1
3.5 Connection-Oriented Transport: TCP.............................................................................5
3.5.1 The TCP Connection.............................................................................................................5
3.5.2 TCP Segment Structure........................................................................................................5
Sequence Numbers and Acknowledge Numbers...........................................................................................5
A Few Interesting Scenarios............................................................................................................................6
3.5.2 Round-Trip Time Estimation and Timeout............................................................................6
3.5.4 Reliable Data Transfer.........................................................................................................7
Fast Retransmit...............................................................................................................................................7
Go-Back-N or Selective Repeat?.....................................................................................................................7
3.5.5 Flow Control........................................................................................................................7
3.5.6 TCP Connection Management..............................................................................................8
The syn flood attack........................................................................................................................................9
Beveiligingen tegen synflood attacks...........................................................................................................10
3.7 TCP Congestion Control..............................................................................................10
5.2 Routing Algorithms....................................................................................................11
Routing algorithms........................................................................................................................................11
5.2.1 The Link-State(LS) Routing Algorithm.................................................................................12
5.2.2 The Distance-Vector (DV) Routing Algorithm.....................................................................12
A Comparison of LS and DV Routing Algorithms..........................................................................................13
5.3 Intra-AS Routing in the Internet: OSPF........................................................................13
Open Shortest Path First (OSPF).................................................................................................14
5.4 Routing Among the ISPs: BGP.....................................................................................15
5.4.1 The Role of BGP.................................................................................................................15
5.4.2 Advertising BGP Route Information...................................................................................15
5.4.3 Determining the Best Routes.............................................................................................16
Hot Potato Routing.......................................................................................................................................16
Route-Selection Algorithm...........................................................................................................................16
5.4.6 Putting the Pieces Together: Obtaining Internet Presence.................................................17
DNS beveiligingen.........................................................................................................................................17
4.4 Generalized Forwarding and SDN...............................................................................19
4.4.1 Match................................................................................................................................19
4.4.2 Action................................................................................................................................19
4.4.3 OpenFlow Examples of Match-plus action in Action..........................................................19
5.1 Introduction...............................................................................................................20
5.5 The SDN Control Plane................................................................................................20
5.5.2 The SDN Control Plane: SDN Controller and SDN Network-control Applications................21
, 5.5.2 OpenFlow Protocol............................................................................................................22
5.5.3 Data and Control Plane Interaction: An Example...............................................................22
5.7 Summary....................................................................................................................24
Control Plane................................................................................................................................................24
SDN...............................................................................................................................................................24
Routing algoritmes........................................................................................................................................24
Waarom SDN gecentraliseerd?.....................................................................................................................24
6.4 Switched Local Area Networks....................................................................................24
6.4.1 Link-Layer Addressing and ARP..........................................................................................24
Mac Addresses..............................................................................................................................................25
Address Resolution Protocol (ARP)...............................................................................................................25
6.6 Data Center Networking.............................................................................................27
Load Balancing..............................................................................................................................................28
Hierarchical Architecture..............................................................................................................................28
6.7 Retrospective: A Day in the Life of a Web Page Request.............................................29
6.7.1 Getting Started: DHCP, UDP, IP and Ethernet.....................................................................29
6.7.2 Still Getting Started: DNS and ARP.....................................................................................30
6.7.3 Still Getting Started: Intra-Domain Routing to the DNS Server...........................................30
6.7.4 Web Client-Server Interaction: TCP and HTTP....................................................................30
7.1 Introduction - Wireless and Mobile Networks.............................................................30
7.2 Wireless Links and Network Characteristics................................................................31
7.3 WiFi: 802.11 Wireless LANs.........................................................................................32
7.3.1 The 802.11 Architecture.....................................................................................................33
Channels and Association.............................................................................................................................33
7.3.3 The IEEE 802.11 Frame.......................................................................................................34
Payload and CRC Fields.................................................................................................................................34
Address Fields...............................................................................................................................................34
Sequence Number, Duration, and Frame Control Fields..............................................................................35
7.3.4 Mobility in the Same IP Subnet..........................................................................................35
7.3.5 Advanced Features in 802.11.............................................................................................36
802.11 Rate Adaptation................................................................................................................................36
Power Management.....................................................................................................................................36
7.3.6 Personal Area Networks: Bluetooth and Zigbee.................................................................36
Bluetooth......................................................................................................................................................36
Zigbee............................................................................................................................................................36
8.8 Securing Wireless LANs...............................................................................................36
8.8.1 Wired Equivalent Privacy (WEP).........................................................................................37
8.8.3 IEEE 802.11i........................................................................................................................37
8.1 What Is Network Security...........................................................................................38
,8.2 Principles of Cryptography..........................................................................................39
8.2.1 Symmetric Key Cryptography.............................................................................................39
Block Ciphers.................................................................................................................................................40
Cipher-Block Chaining...................................................................................................................................40
8.2.2 Public Key Encryption.........................................................................................................40
RSA................................................................................................................................................................41
Session Keys voor semmetrische key encryptie (DES).................................................................................41
Why Does RSA Work?...................................................................................................................................41
8.3 Message Integrity and Digital Signatures...................................................................41
8.3.1 Cyptographic Hash Functions.............................................................................................41
8.3.2 Message Authentication Code...........................................................................................42
8.8.3 Digital Signatures...............................................................................................................42
Public Key Certification.................................................................................................................................43
8.6 Securing TCP Connections: SSL....................................................................................45
8.6.1 The Big Picture...................................................................................................................45
Handshake....................................................................................................................................................46
Key Derivation...............................................................................................................................................46
Data Transfer................................................................................................................................................46
SSL Record.....................................................................................................................................................46
SSL Handshake..............................................................................................................................................46
Connection Closure.......................................................................................................................................47
Chapter 1 Practical investigative Strategies......................................................................47
Real-World Cases........................................................................................................................47
Footprints...................................................................................................................................47
Concepts in Digital Evidence.......................................................................................................48
1.3.7 Digital Evidence.................................................................................................................48
1.3.8 Network-Based Digital Evidence........................................................................................48
Chapter 7 Network Intrusion Detection and Analysis........................................................49
7.1 Why Investigate NIDS/NIPS?.................................................................................................49
7.2 Typical NIDS/NIPS Functionality............................................................................................49
7.2.1. Sniffing..............................................................................................................................49
7.2.2 Higher-Layer Protocol Awareness......................................................................................50
7.2.3 Alerting on Suspicious Bits.................................................................................................50
7.2.3.1 Fidelity............................................................................................................................50
7.3 Modes of Detection..............................................................................................................50
7.4 Types of NIDS/NIPSs.............................................................................................................51
, 7.4.2 Roll-Your-Own...................................................................................................................51
7.5 NIDS/NIPS Evidence Acquisition...........................................................................................51
7.5.2 NIDS/NIPS Interfaces.........................................................................................................51
7.7 Snort.....................................................................................................................................51
7.7.1 Basic Architecture..............................................................................................................52
7..2 Configuration.......................................................................................................................52
7.7.3 Snort Rule Language..........................................................................................................52
7.7.3.1 Rule Header & rule Body.................................................................................................52
7.8 Conclusion............................................................................................................................53
Chapter 9 Switches, Routers and Firewalls.......................................................................53
9.1. Storage Media.....................................................................................................................53
9.2. Switches...............................................................................................................................53
9.2.1 Why Investigate Switches?................................................................................................53
9.2.3 Types of Switches..............................................................................................................54
9.3. Routers................................................................................................................................54
9.4 Firewalls...............................................................................................................................55
9.5 interfaces..............................................................................................................................56
9.6 Logging.................................................................................................................................57
9.6.4 Authentication, Authorization, and Accouting Logging......................................................58
9.7 Conclusie..............................................................................................................................58
Chapter 10 Web Proxies.............................................................................................................58
10.1 Why Investigate Web Proxies?............................................................................................58
10.2 Web Proxy Functionality.....................................................................................................59
10.3 Evidence.............................................................................................................................60
10.4 Squid...................................................................................................................................60
10.5 Web Proxy Analysis.............................................................................................................61
10.7 Conclusion..........................................................................................................................61
Chapter 12 Malware Forensics....................................................................................................61
12.2 Network Behavior of Malware............................................................................................63
12.3 De toekomst van malware en netwerkforensics.................................................................63
,3.5 Connection-Oriented Transport: TCP
3.5.1 The TCP Connection
TPC:
- Connection-Oriented: Moet eerst met een “handshake” verbonden worden.
- Full-duplex service: het proces A naar proces B tegelijk van proces B naar A
kan versturen.
- Point-to-point 1 zender, 1 ontvanger.
- Three-way handshake: De eerste twee segmenten geen payload, de derde
heeft dat wel daarom wordt dit ook wel een Three-way handshake
genoemd.
- Betrouwbaar
- Flow en Congestion Control
- Pinelined: De zender verstuurt meerdere data-pakketten zodat er niet te lang
gewacht wordt op bevestiging.
Maximum transmission unit (MTU) bepaalt de limiet van data die ontvangen en
geplaatst wordt met een TCP segment naar IP datagram. TCP segments worden
gekoppeld door client data chunks met een TCP header.
3.5.2 TCP Segment Structure
- 32-bit: Sequence number field / Acknowledgement number field: Zorgen
voor betrouwbare data transport.
- 16 bit: Receive window: wordt gebruikt voor flow control.
- 4 bit: Header length field: definieert de lengte van TCP header in 32 bit
woorden.
- Option field: Bepaalt maximum segment grootte.
- 6 bit: Flag field / ACK bit, RST, SYN, FIN, (PSH, URG): Om te bepalen of
data goed is aangekomen.
Sequence Numbers and Acknowledge Numbers
Sequence numbers for a segment: het bytestroomnummer van de eerste byte in
het segment.
Acknowledgement numbers: Host A verstuurt een segment met sequence
number 1000. Host B ontvangt dan een acknowledge nummer van 1000 +
(1) = 1001
Cumulative acknowledgement: Host A wacht nog steeds op byte 536 (en verder)
om de gegevensstroom van B opnieuw te maken. Het volgende segment van A naar
B zal dus 536 bevatten in het veld met het bevestigingsnummer.
,A Few Interesting Scenarios
Figure 1:round-trip time outs
3.5.2 Round-Trip Time Estimation and Timeout.
TCP gebruikt een timeout/retransmit mechanisme om verloren segmenten te
herstellen.
Estimating the Round-Trip Time
- SampleRTT: Gemeten tijd vanaf verzonden segment tot ACK.
- EstimatedRTT: Het gemiddelde van de SampleRTT waardes wat gebaseerd
is op nieuwe waardes.
Setting and Managing the Retransmission Timeout Interval
De timeout interval moet niet veel hoger liggen dan de EstimatedRTT, anders zal dit
leiden tot vertraagde data overdracht. Daarom is het noodzakelijk om de timeout tijd
gelijk te maken aan de EstimatedRTT. De waarde van de Timeoutinterval is 1
seconden.
, Figuur 1: RTT samples en Estimated RTTs
3.5.4 Reliable Data Transfer
Reliable data transfer service: TCP maakt een betrouwbare verbinding bovenop
het IP’s onbetrouwbare best effort service.
- Timeouts van het herstellen van verloren segmenten: TCP reageert op de
time-outgebeurtenis door het segment dat de time-out heeft veroorzaakt
opnieuw te verzenden. TCP start vervolgens de timer opnieuw.
- Dubbele acknowledgments: Als de Acknowledge niet matched met
SendBase-1 dan wordt de verbinding verbroken.
- Ontvangen data: De foutmeldingen worden berekend door TimeoutInterval
door EstimatedRTT en DevRTT.
Fast Retransmit
Duplicate ACK: is een ACK die een segment bevestigt waarvoor de afzender al
eerder een bevestiging heeft ontvangen.
TCP fast retransmit (zie Figuur 1: Fast) : Als zender 3 ACK’s ontvangt voor
hetzelfde segment wordt een unacknowledge segment met het laagste sequence
nummer teruggestuurd.
- Timeout lang: Lange vertraging voordat het verloren segment teruggestuurd
wordt.
- Dubbele ack’s: Door duplicate ACK’s probeert TCP het verloren segment
terug te vinden.
Go-Back-N or Selective Repeat?
Selective acknowledges: Segmenten die buiten bereik vallen worden detecteert.
Hierdoor is TCP’s error recovery mechanisme een combinatie van Go-Back-N en
Selective Repeat.
3.5.5 Flow Control
Flow control zorgt dat de zender de ontvanger niet overspoeld wordt met berichten.
De zender draagt een variabelen die receive window heet. Hierdoor heeft de
zender een idee hoeveel buffer de ontvanger nog vrij heeft.
- LastByteRead: laatste nummer van bite gelezen door de buffer door de
applicatie van B
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper jbl2010. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €9,99. Je zit daarna nergens aan vast.