Scribd
Upload
35 views

Ip Nat

This document discusses network security concepts like IP addressing, subnets, and network address translation (NAT). It explains that IP handles end-to-end delivery of packets across networks using source and destination addresses. There is a lack of security in the IP protocol as all information is transmitted in clear text. Network address translation allows organizations to use private IP address ranges by mapping them to public addresses, improving security by hiding internal network structures. Firewalls further enhance security by controlling traffic flow between networks.

Uploaded by

Niklaus Michaelson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views

Ip Nat

This document discusses network security concepts like IP addressing, subnets, and network address translation (NAT). It explains that IP handles end-to-end delivery of packets across networks using source and destination addresses. There is a lack of security in the IP protocol as all information is transmitted in clear text. Network address translation allows organizations to use private IP address ranges by mapping them to public addresses, improving security by hiding internal network structures. Firewalls further enhance security by controlling traffic flow between networks.

Uploaded by

Niklaus Michaelson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Network Security

Networking Technologies
IP, Subnets & NAT
Internet Protocol( IP)
⚫ IP handles end-to-end delivery
⚫ Most commonly used network layer protocol
⚫ All traffic on the internet uses IP
Internet Protocol ( IP)
⚫ Upon receiving packet from Transport layer,
IP layer generates a header
⚫ Header includes : source and destination IP
addresses
⚫ Header is added to front of TCP packet to
create a resulting IP packet.
⚫ Purpose of IP is to carry packets end to end
across a network.
IP header

Source IP address
Destination IP address

Data
IP addresses
⚫ Identify each individual machine on the
internet
⚫ 32 bits in length
⚫ Hackers attempt to determine all IP address
in use on a target network – “network
mapping”
⚫ Hackers generate bogus packets appearing
to come from a given IP address – “IP
address spoofing”
IP Addresses in depth
⚫ 32 bits, with 8 bit groupings
⚫ E.x: 192.168.0.1
⚫ Each number between the dots can be between 0
and 255
⚫ 4 billion combinations
⚫ Allocated in groups called address blocks
▪ 3 sizes, based on the class of the address
▪ Class A, Class B, and Class C
Class A Addresses
⚫ Giant organizations
⚫ There are no more available
⚫ All IP addresses are of the form:
0 – 126.x.x.x
x can be between 0 and 255
⚫ The first octet is assigned to the owner, with the rest being freely
distributable to the nodes
⚫ Has a 24 bit address space
⚫ Uses up to half of the total IP addresses available!!!
⚫ Who owns these???
⚫ Internet Service Providers
⚫ Large internet companies
⚫ Google, CNN, WB
Class B Addresses
⚫ Large Campuses or Organizations
⚫ Example: Colleges, including USC
⚫ These are running out!!!
⚫ All Class B Addresses are of the form:
128 - 191.x.x.x
Where x can take any number between 0 and 255
⚫ The first two octets are assigned to the address block owner, with
the last two being freely distributable
⚫ Example: 128.125.x.x  USC
⚫ Example: 169.232.x.x  UCLA
⚫ 16-bit address space
Class C Addresses
⚫ Small to mid-sized businesses
⚫ All Class C Addresses have the following
format:
192-232.x.x.x
⚫ The first three octets are assigned, with the
last being freely distributable
⚫ Only 253 distributable addresses within a Class C
Address
Reserved Addresses
⚫ Private Networks (no public connections)
⚫ 10.x.x.x
⚫ 172.16.x.x
⚫ 192.168.x.x
⚫ 127.x.x.x – local network (loopback)
⚫ 255.255.255.255 – broadcast – sends to
everyone on the network
Netmasks
⚫ IP address has 2 components
⚫ Network address
⚫ Host address
⚫ Determined by the address and the class of
the address
⚫ Example (Class C):
⚫ IP Address: 192.168.3.16
⚫ Network address: 192.168.3
⚫ Host address: 16
Lack of Security in IP
⚫ IP version 4 does not include any security
⚫ All components of packets are in clear text,
nothing is encrypted
⚫ Anything in the header or data segment can
be viewed or modified by the hacker
⚫ TCP/UDP Hijacking
⚫ “Man-in-the-middle” attack
ICMP
⚫ ICMP – Internet Control Message Protocol
⚫ It is the Network Plumber
⚫ Its job is to transmit command and control
information between networks and systems
ICMP examples
⚫ “ping” request = ICMP Echo message
⚫ If the “pinged” system is alive it will respond with
ICMP Echo Reply Message
⚫ Try pinging
⚫ www.google.com
⚫ www.yahoo.com
⚫ www.cnn.com
⚫ Will they all work?
⚫ Some sites have disabled ping. Why?
⚫ Ping-of-death → a ping too big
⚫ Ping flooding → type of denial-of-service attack
Routers and packets
⚫ Routers
⚫ Transfer packets from network to network
⚫ They determine the path that a packet should
take across the network specifying from hop to
hop which network segments the packets should
bounce through as they travel across the network
⚫ Most networks use dynamic routing
⚫ RIP, EIGRP, OSPF etc
Network address translation
⚫ NAT
⚫ Blocks of addresses are allotted to ISP’s and
organizations
⚫ Classes of IP Addresses
⚫ What happens when we have more
computers than IP Addresses?
⚫ We have a Class C address – allows 253
computers
⚫ Our organization has 1000 computers
⚫ What do we do???
Solution?
⚫ Reserve a range of IP addresses to build
your own IP network
⚫ 10.x.y.z - un-routable IP addresses
⚫ 172.16.y.z
⚫ 192.168.y.z
⚫ How to connect these machines to Internet?
Network Address Translation
⚫ Use a gateway /router to map invalid addresses to
valid IP addresses
⚫ Translates your local address to a routable address
⚫ Router receives one IP Address
⚫ Either dynamically assigns addresses to all the nodes
behind the router, or it is assigned statically using non-
routable addresses
▪ If dynamic, uses DHCP (Dynamic Host Configuration Protocol)
⚫ When someone inside the network wants to access a
computer outside the local network (the internet), the
request is sent to the router, which uses NAT to send the
request to the internet
NAT and security?

⚫ Does NAT improve security?


⚫ It hides internal IP addresses from hacker
⚫ NAT must be combined with “firewalls” for
optimum security
Firewalls
Firewalls
⚫ Network traffic cops
⚫ Tools that control the flow of traffic going
between networks
⚫ By looking at addresses associated with
traffic, firewalls determine whether
connections should be transmitted or
dropped
⚫ We will cover the setup and configuration of
firewalls in great depth later in class

You might also like