SlideShare a Scribd company logo

introduction to network and computer security

A
abrhamworkie8

this module

Internet
1 of 49
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Chapter 3
Introduction  Routing  a process accomplished by router  process during which data packets are forwarded from one machine or device  Selecting the minimum cost, distance, and/or time path from several alternatives to deliver a message.  Routing encapsulates two tasks:  deciding the paths for data transferred (use protocols-metrics, bandwidth, delay, reliability and algorithms), and  sending the packets on these paths
How routing works  PC2 want to send data to PC3  PC2 forward the packet to router 5 fa0/0 interface  Router5 determine the best path(next hop) by referring its routing table  Router5 transfer the packet to next hop(router)  The next hop router encapsulate the message , see the destination address and to determine the best path for forwarding the message
Routing Table  A type of data table that acts as a map, often installed on a router, network computer or other hardware  It is where data about the neighboring routers(next hop) is stored and used to calculate and decide where to send the packet.  It contains list of IP addresses and subnet masks which identifies directly connected and remote routers  Home networks: utilize a very small routing table because the simply forward all outbound traffic to ISP gateway (10 or fewer)  Largest routers at the core of the internet backbone must contain the full Internet routing table (>100000)
Routing Table designing challenges  Fixed memory  Issue of working with ARP cache & correctly maintaining list of available routs for data  Black holes causes ineffective delivery  Structures of Routing table Destination Subnet mask Interface  128.75.43.0 255.255.255.0 Eth0  128.75.43.0 255.255.255.128 Eth1  192.12.17.5 255.255.255.255 Eth3  default Eth2
Static Routing  Routing table is created maintained and updated by Network Administrator  Does not use routing protocol Dynamic Routing  Information in routing table is changed dynamically by router itself using routing protocols Types of routing
Advantage and Disadvantages of Static routing Advantages  Minimal cpu/memory overhead-do not calculate best path  No bandwidth overhead-updates are not shared between routers  Adds security-granular control on how traffic is routed Disadvantage  Infrastructure changes must be manually adjusted  No “dynamic” fault tolerance-if a link goes down the admin is responsible  Impractical in large networks Configuration syntax ip route [destination_network] [mask] [next-hop_address or exit interface] [administrative_distance] [permanent]
Default Route  When the router is unable to find a matching address to the packets destination address in its routing table, it forwards the packet to its exit interface or next hop address configured with a default route 0.0.0.0/0. Syntax ip route 0.0.0.0 0.0.0.0 [next-hop_address or exit interface]
Dynamic Routing  Use routing protocol: software & routing algorithms to determine best path and construct routing table  Routers dynamically learn destinations and how to get them & advertize those destinations to other routers (if they use the same routing protocol) Advantages  Simpler to configure on large networks  Dynamically choose a different route if a link goes down  Ability to load balance b/n multiple links Disadvantage  Updates are shared b/n routers, thus consuming bandwidth  Routing protocols put additional load on routers CPU/RAM
Types of Dynamic routing 1. DistanceVector Routing Protocols (DVRP) 2. Link State Routing Protocol (LSRP) DistanceVector Routing Protocol  find the best path to a remote network by judging distance  route with the least number of hops to the network is determined to be the best route.  They send the entire routing table to directly connected neighbors.  key characteristics:  Periodic updates of the full routing table are sent to routing neighbors. Example RIP (every 30 seconds),IGRP(every 90 seconds)  Distance-vector protocols suffer from slow convergence, and are highly susceptible to loops.  Some form of distance is used to calculate a route’s metric.  The Bellman-Ford algorithm is used to determine the shortest path.
Link State Routing Protocol  Called shortest-path-first protocols  each router create three separate tables (utilize more RAM and CPU)  Neighbor table – contains a list of all neighbors, and the interface each neighbor is connected. Neighbors are formed by sending Hello packets.  Topology table – also known as the “link-state” table contains a map of all links within an area, including each link’s status.  Shortest-Path table – contains the best routes to each particular destination (also known as the “routing” table”)  All routers within an area have identical topology tables.  Examples are:  Intermediate System-to-Intermediate System (IS-IS) and  Open Shortest Path First (OSPF)
 The state of a link changes, such as a router interface failing, an advertisement containing only this link-state change will be sent to all routers within that area. Each router will adjust its topology table accordingly, and will calculate a new best route if required.  Because updates are sent only during a link-state change, and contain only the change (and not the full table), link-state protocols are less bandwidth intensive than distance-vector protocols  Link-state protocols utilize some form of cost, usually based on bandwidth, to calculate a route’s metric.  The Dijkstra formula is used to determine the shortest path. StaticVS Dynamic routing
Administrative distances, metric and wild mask Administrative Distance  the metric used by routers to choose the best path when there are two or more routes to the same destination from two different routing protocols  Each routing protocol is prioritized in order of most to least reliable using an administrative distance value.  A router prefers a static route to a dynamic route because the router considers a route with a low number to be the shortest  To override theAD of static route, change the defaultAD during configuration to >120  AnAD is an integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed via this route.  If a router receives two updates listing the same remote network, then the route with the lowestAD will be placed in the routing table. If theAD is the same, then routing protocol metrics (such as hop count or bandwidth of the lines) will be used to find the best path to the remote network
 Default Administrative Distances Metric  is a value used by routing protocols to assign costs to reach remote networks.  Each routing protocol uses its own metric. For example, RIP uses hop count, EIGRP uses bandwidth and delay, and OSPF uses bandwidth.
Wild Card Mask  A wildcard mask can be thought of as a subnet mask, with ones and zeros inverted;  for example, a wildcard mask of 0.0.0.255 corresponds to a subnet mask of 255.255.255.0.  Used in OSPF,ACL to indicate the size of a network or subnet and what IP addresses should be permitted or denied respectively To calculate wildcard mask  Simply subtract your mask from 255.255.255.255 to get your wildcard mask. Example: The wildcard mask of /26 is: 255.255.255.255 - 255.255.255.192 = 0.0.0.63 The wildcard mask of /19 is: 255.255.255.255 - 255.255.224.0 = 0.0.31.255 The wildcard mask of /12 is: 255.255.255.255 - 255.240.0.0 = 0.15.255.255
Routing Information Protocol (RIP)  distance-vector,interior gateway protocol (IGP) used by routers to exchange routing information  uses hop count to determine the best path  maximum allowable number of hops are 15 hops  Hop Count = routers and also Firewall that are Routers  router broadcasts (RIP v1) its entire RIP table to its neighboring routers every 30 seconds  Administrative distance of 120  Suitable for small network RIPv1  It is a classful protocol .Because it doesn’t send updates with subnet mask information.  RIP supports up to six equal-cost paths to a single destination and use them for load-balancing. (default four paths)  Use broadcast  Outdated
RIPv2  RIPv2 uses multicasts (only to neighbor routers configure with RIPv2)  RIPv2 supports triggered updates—when a change occurs, a RIPv2 router will immediately propagate its routing information to its connected neighbors.  RIPv2 is a classless protocol. (supports VLSM)  RIPv2 supports authentication.You can restrict what routers you want to participate in RIPv2.This is accomplished using a hashed password value
Cont. PlainText Authentication R1(config)#interface serial 1/0 R1(config-if)#ip rip authentication mode text R1(config-if)#ip rip authentication key yourkey MD5 Authentication R1(config)#interface s1/0 R1(config-if)#ip rip authentication mode MD5 R1(config-if)#ip rip authentication key-chain yourkey
RIPTimers  uses four different kinds of timers to regulate its performance  Route update timer: routing updates are updated periodically in every 30 seconds.  Hold-down timer: Routes will enter into the hold-down state when an update packet is received that indicated the route is unreachable.The default is 180 seconds.  Route invalid timer: the length of time that must elapse (180 seconds) before a router determines that a route has become invalid.  Route flush timer: the time between a route becoming invalid and its removal from the routing table (240 seconds).
RIP Configuration  Use no auto-summary command to disable automatic summarization feature  show ip protocols and show ip route commands are important for verification and troubleshooting on any routing protocol.  show ip rip database: Lists all the routes known by RIP  debug ip rip or debug ip rip {events}:Displays RIP routing updates as sent and received in real time RIPv1 router rip network Network_Address RIPv2 router rip version 2 network Network_Address
Interior Gateway Routing Protocol (IGRP)  is a dynamic class routing protocol used by autonomous system (AS) routers running onTCP/IP hosts  overcomes RIP network limitations and supports multiple routing metrics, including delay, bandwidth, load and reliability  updates are broadcast every 90 seconds (by default).  Uses composite metrics  Uses multipath routing  Supports unequal-cost load balancing  the administrative distance of IGRP is 100
Enhanced Interior Gateway Routing Protocol (EIGRP)  owned by Cisco and operate only on their devices.  advanced distance vector routing protocol & supports link state/hybrid.  Its’s goals are to provide a loop-free routing environment and rapid convergence.  A classless routing protocol  use a composite metric (bandwidth and delay). Bandwidth  The bandwidth metric (1544 Kbps) is a static value used by some routing protocols such as EIGRP and OSPF to calculate their routing metric.  Kilobits per second (Kbps).  Most serial interfaces use the default bandwidth value of 1544 Kbps or 1,544,000 bps (1.544 Mbps). Delay  Delay is a measure of the time it takes for a packet to traverse a route.  Based on the type of link, the interface  Expressed in microseconds (millionths of a second). R1# show interface serial 0/0/0 <output omitted> MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
 use ReliableTransport Protocol (RTP- capable of transmitting both multicast and unicast) updates  uses a diffusing update algorithm (DUAL) to avoid loops and send occasional hello packets to check the status of neighbor routers  Supports discontinuous(alternating) network  Supports all layer 3 protocols (IPv4, IPX, and IPv6)  the administrative distance of EIGRP is 90  It uses neighbor table, topology table and route tables for route discovery EIGRP Configuration  AS_No(Autonomous System number) can be any number in the range from 1 to 65535 both inclusive.  debug eigrp packet: displays transmission and receipt of all EIGRP packets router eigrp AS_No network Network_Address | network Network_Address Wildcard mask
Open Shortest Path First (OSPF)  Is a Classless Interior Gateway Routing Protocol that routes IP packets within a single routing network domain only (area)  A link state routing protocol that do not send frequent periodic updates of the entire routing table  it sends an update only when a change in the topology occurs (multicasting)  OSPF performs a full update every 30 seconds.  uses the SPF (Dijkstra's algorithm) to calculate the shortest connection path. For example, a person in city A wants to travel to city M and is given two options:  Travel via cities B and C.The route would beABCM.And the distance (or bandwidth cost in the networking case) forA-B is 10 miles, B-C is 5 miles and C-M is 10 miles.  Travel via city F.The route would be AFM.And the distance forA-F is 20 miles and F-M is 10 miles.  ABCM with metric of (10+5+10=25) considered as best path than AFM (20+10=30) .
 OSPF uses bandwidth to determine the cost of a link.A link with higher bandwidth results in a lower cost.The lowest cost route to a destination is the most desirable path  AD value is 110  has unlimited hop counts  OSPF maintains a two layer hierarchy consisting of:  Backbone area(area 0)  Off backbone area ( area 1 -65, 535)
OSPF Configuration router ospf process-id. network Network_AddressWildcard_mask area 0  The process ID is chosen by the administrator and can be any number from 1 to 65535. It is only locally significant and does not have to match the ID of other OSPF routers. Name Class Type AD Metric Classful/ less Algorithm Transport type RIPv1 Distance Vector IGP 120 Hop count Classful Bellman-Fold UDP/520 RIPv2 Distance Vector IGP 120 Hop count Classless Bellman-Fold UDP/520 IGRP Distance Vector IGP 100 Composite (BW+DLY) Classful Dijkstra(SPF) IP Protocol 9 EIGRP Advanced Distance Vector IGP 90 (internal) 170(external) Composite (BW+DLY) Classless DUAL EIGRP Protocol 88 OSPF Link State IGP 110 Cost Classless Dijkstra(SPF) OSPF Protocol 89
Access Control List(ACL)  ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
`  The router examines each packet and will forward or discard it based on the conditions specified in theACL.  An ACL used to filter traffic i.e.permit/deny traffic Identify traffic i.e.include/exclude traffic Primary reasons  Limit network traffic and increase network performance.  Provide traffic flow control.ACLs can restrict the delivery of routing updates.  Provide a basic level of security for network access.  Decide which types of traffic are forwarded or blocked at the router interfaces. Like: e-mail traffic to be routed, but block allTelnet traffic.
inbound and outbound interfaces F0/0 F0/0 S 0/0 S 0/1 In In OUT OUT
How ACL work?  ACL statements operate in sequential,logical order.  If a condition match is true, the packet is permitted or denied and the rest of the ACL statements are not checked.  If all theACL statements are unmatched, an implicit deny any statement is placed at the end of the list by default. Type of ACL’s  Standard ACLs  VTY ACLs  ExtendedACLs  NamedACLs
Standard ACLs Syntax: access-list [1-99] [permit | deny] [source address] [wildcard mask] [log] Example: Block network 172.18.0.0 from accessing the 172.16.0.0 network
Router(config)# access-list 10 deny 172.18.0.0 0.0.255.255 Router(config)# access-list 10 permit any To apply this access list, we would configure the following on Router A: Router(config)# int fa4/0 Router(config-if)# ip access-group 10 out
Verifying ACLs on the router –show ip interface –show access-lists –Show running-config Extended ACL Syntax: access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask] [destination address] [wildcard mask] [operator [port]] [log]
Example: block network 172.18.0.0 from accessing anything on the 172.17.0.0 network, EXCEPT for the HTTP port on the web server
RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config)# access-list 101 deny ip 172.18.0.0 0.0.255.255 172.17.0.0 0.0.0.3 RB(config)# access-list 101 permit ip any any We could have identified the web server in one of two ways: RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 172.17.0.10 0.0.0.0 eq 80 RB(config)# int fa1/0 RB(config-if)# ip access-group 101 in
Named ACL  Synatx: ip access-list {standard | extended} name  Apply a Named ACL to an interface in the same manner as applying a Standard or Extended ACL.  Example: RB(config)#ip access-list extended web-only RB(config-ext-nacl)#permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config-ext-nacl)#deny ip 172.18.0.0 0.0.255.255 172.17.0.0 0.0.0.3 RB(config-ext-nacl)#permit ip any any We could have identified the web server in one of two ways: RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 172.17.0.10 0.0.0.0 eq 80 RB(config)# int fa1/0 RB(config-if)# ip access-group web-only in
Reading Assignment  What is static NAT?  Dynamic NAT and?  NAT Overloading or PAT?
Network Addressing Scheme Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses was for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network AddressTranslator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range • IANA-Internet Assigned Numbers Authority • RIR-Regional Internet Registry (5) • ISP and End User Org.
NAT: Network AddressTranslator NAT Translates between local addresses and public ones Many private hosts share few global addresses Public Network Uses public addresses Public addresses are globally unique Private Network Uses private address range (local addresses) Local addresses may not be used externally
Types Of NAT  Static NAT  Dynamic NAT  Dynamic NAT with Overload or PAT  Static NAT –  Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.  the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110.
introduction to network and computer security
NAT Addressing Terms  Inside Local  an address used for a host inside an enterprise.  actual IP address assigned to a host in the private network.  Inside Global  NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet.  A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.  Outside Global  an address used for a host outside an enterprise, the Internet.  the actual IP address assigned to a host that resides in the outside network, typically the Internet.  Outside Local  NAT uses an outside local address to represent the outside host as the packet is sent through the private network.  It is outside private, outside host with a private address
Static NAT Configuration  Specify the inside interface: Router(config)#interface fast eth0/0 (private side interface) Router(config-if)# ip nat inside  Specify the outside interface: Router(config)#interface fast ethernet0/1 (Public side interface) Router(config-if)# ip nat outside  Enter static translation entry : Router(config)# ip nat inside source static 192.168.0.1 206.245.160.1 To see IP address translations: Router#show ip nat translation
44 Dynamic NAT Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150.
introduction to network and computer security
Dynamic NAT Configuration  Specify the inside interface: Router(config)#interface fast ethernet0/0 Router(config-if)# ip nat inside  Specify the outside interface: Router(config)#interface serial0/0 Router(config-if)# ip nat outside  Define anAccess List to permit the inside local addresses to be translated: Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255  Define a pool of global addresses : Router(config)# ip nat pool DNAT1 179.2.2.65 179.2.2.90 netmask 255.255.255.224  Enter dynamic translation entry : Router(config)# ip nat inside source list 1 pool DNAT1
Overloading NAT with PAT (NAPT)  Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.  each computer on the private network is translated to the same IP address (213.18.123.100), but with a different port number assignment..
PAT Configuration  Set the fast eth 0/0 and se2/0 interface as the inside and outside interface: R1# configure terminal R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside R1(config-if)# interface serial2/0 R1(config-if)# ip nat outside  allow the 192.168.0.0/24 network to reach any destination. R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any  enable NAT overload and bind it to the outside interface previously selected:  R1(config)# ip nat inside source list 100 interface serial 2/0 overload
introduction to network and computer security

More Related Content

Similar to introduction to network and computer security (20)

PPTX
Qs.pptx
kuldeep Dwivedi
 
PPT
Networking in college
Harpreet Gaba
 
PPTX
ROUTING
Publicis Sapient
 
PPT
Chapter 06 - Routing
phanleson
 
PDF
Arun project-Final
Arun CCNA,CCNAvoice,CCNP Voice,MCITPCertified
 
PPTX
Routing ppt
ArpiSaxena1
 
PPTX
ENCOR_Chapter_6.pptx
ManuelRojas960410
 
PPTX
1737674082397_LEnnnnnnCTURE 0nn2 (a).pptx
nyalawemgunga
 
PDF
Routing table : Notes
Subhajit Sahu
 
PPT
DSR,LSR,IGMP,RIP,OSPF.ppt
Munnakumar518378
 
PDF
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
IRJET Journal
 
PPTX
Network Layer
reshmadayma
 
PPTX
Routing Protocols
KhushbirSinghSandhu
 
PPT
Dynamic Routing
tmavroidis
 
PPTX
Dynamic routing
Manoj Verma
 
PPT
routing-Network182912222222222918298181.ppt
alfredjbphiri
 
PPTX
Routing protocols.pptx
MNSUAM
 
PPTX
Routing Protocols.pptx
sazia7
 
PDF
CN WEEK 11.pdf
ssuser06fbd31
 
PPTX
Ccna ppt1
AIRTEL
 
Qs.pptx
kuldeep Dwivedi
 
Networking in college
Harpreet Gaba
 
ROUTING
Publicis Sapient
 
Chapter 06 - Routing
phanleson
 
Arun project-Final
Arun CCNA,CCNAvoice,CCNP Voice,MCITPCertified
 
Routing ppt
ArpiSaxena1
 
ENCOR_Chapter_6.pptx
ManuelRojas960410
 
1737674082397_LEnnnnnnCTURE 0nn2 (a).pptx
nyalawemgunga
 
Routing table : Notes
Subhajit Sahu
 
DSR,LSR,IGMP,RIP,OSPF.ppt
Munnakumar518378
 
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
IRJET Journal
 
Network Layer
reshmadayma
 
Routing Protocols
KhushbirSinghSandhu
 
Dynamic Routing
tmavroidis
 
Dynamic routing
Manoj Verma
 
routing-Network182912222222222918298181.ppt
alfredjbphiri
 
Routing protocols.pptx
MNSUAM
 
Routing Protocols.pptx
sazia7
 
CN WEEK 11.pdf
ssuser06fbd31
 
Ccna ppt1
AIRTEL
 

Recently uploaded (20)

PDF
𝐁𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓
hokimamad0
 
PPTX
Presentation3gsgsgsgsdfgadgsfgfgsfgagsfgsfgzfdgsdgs.pptx
SUB03
 
PDF
BRKACI-1001 - Your First 7 Days of ACI.pdf
fcesargonca
 
PPTX
Orchestrating things in Angular application
Peter Abraham
 
PPTX
法国巴黎第二大学本科毕业证{Paris 2学费发票Paris 2成绩单}办理方法
Taqyea
 
PDF
The-Hidden-Dangers-of-Skipping-Penetration-Testing.pdf.pdf
naksh4thra
 
DOCX
Custom vs. Off-the-Shelf Banking Software
KristenCarter35
 
PPTX
04 Output 1 Instruments & Tools (3).pptx
GEDYIONGebre
 
PPTX
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
PDF
BRKACI-1003 ACI Brownfield Migration - Real World Experiences and Best Practi...
fcesargonca
 
PPTX
L1A Season 1 ENGLISH made by A hegy fixed
toszolder91
 
PDF
Paper: Quantum Financial System - DeFi patent wars
Steven McGee
 
PDF
Top 10 Testing Procedures to Ensure Your Magento to Shopify Migration Success...
CartCoders
 
PDF
Boardroom AI: The Next 10 Moves | Cerebraix Talent Tech
Cerebraix Technologies
 
PPT
introduction to networking with basics coverage
RamananMuthukrishnan
 
PPT
Agilent Optoelectronic Solutions for Mobile Application
andreashenniger2
 
PPTX
internet básico presentacion es una red global
70965857
 
PPTX
L1A Season 1 Guide made by A hegy Eng Grammar fixed
toszolder91
 
PDF
Build Fast, Scale Faster: Milvus vs. Zilliz Cloud for Production-Ready AI
Zilliz
 
PPTX
ONLINE BIRTH CERTIFICATE APPLICATION SYSYTEM PPT.pptx
ShyamasreeDutta
 
𝐁𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓
hokimamad0
 
Presentation3gsgsgsgsdfgadgsfgfgsfgagsfgsfgzfdgsdgs.pptx
SUB03
 
BRKACI-1001 - Your First 7 Days of ACI.pdf
fcesargonca
 
Orchestrating things in Angular application
Peter Abraham
 
法国巴黎第二大学本科毕业证{Paris 2学费发票Paris 2成绩单}办理方法
Taqyea
 
The-Hidden-Dangers-of-Skipping-Penetration-Testing.pdf.pdf
naksh4thra
 
Custom vs. Off-the-Shelf Banking Software
KristenCarter35
 
04 Output 1 Instruments & Tools (3).pptx
GEDYIONGebre
 
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
BRKACI-1003 ACI Brownfield Migration - Real World Experiences and Best Practi...
fcesargonca
 
L1A Season 1 ENGLISH made by A hegy fixed
toszolder91
 
Paper: Quantum Financial System - DeFi patent wars
Steven McGee
 
Top 10 Testing Procedures to Ensure Your Magento to Shopify Migration Success...
CartCoders
 
Boardroom AI: The Next 10 Moves | Cerebraix Talent Tech
Cerebraix Technologies
 
introduction to networking with basics coverage
RamananMuthukrishnan
 
Agilent Optoelectronic Solutions for Mobile Application
andreashenniger2
 
internet básico presentacion es una red global
70965857
 
L1A Season 1 Guide made by A hegy Eng Grammar fixed
toszolder91
 
Build Fast, Scale Faster: Milvus vs. Zilliz Cloud for Production-Ready AI
Zilliz
 
ONLINE BIRTH CERTIFICATE APPLICATION SYSYTEM PPT.pptx
ShyamasreeDutta
 
Ad

introduction to network and computer security

  • 2. Introduction  Routing  a process accomplished by router  process during which data packets are forwarded from one machine or device  Selecting the minimum cost, distance, and/or time path from several alternatives to deliver a message.  Routing encapsulates two tasks:  deciding the paths for data transferred (use protocols-metrics, bandwidth, delay, reliability and algorithms), and  sending the packets on these paths
  • 3. How routing works  PC2 want to send data to PC3  PC2 forward the packet to router 5 fa0/0 interface  Router5 determine the best path(next hop) by referring its routing table  Router5 transfer the packet to next hop(router)  The next hop router encapsulate the message , see the destination address and to determine the best path for forwarding the message
  • 4. Routing Table  A type of data table that acts as a map, often installed on a router, network computer or other hardware  It is where data about the neighboring routers(next hop) is stored and used to calculate and decide where to send the packet.  It contains list of IP addresses and subnet masks which identifies directly connected and remote routers  Home networks: utilize a very small routing table because the simply forward all outbound traffic to ISP gateway (10 or fewer)  Largest routers at the core of the internet backbone must contain the full Internet routing table (>100000)
  • 5. Routing Table designing challenges  Fixed memory  Issue of working with ARP cache & correctly maintaining list of available routs for data  Black holes causes ineffective delivery  Structures of Routing table Destination Subnet mask Interface  128.75.43.0 255.255.255.0 Eth0  128.75.43.0 255.255.255.128 Eth1  192.12.17.5 255.255.255.255 Eth3  default Eth2
  • 6. Static Routing  Routing table is created maintained and updated by Network Administrator  Does not use routing protocol Dynamic Routing  Information in routing table is changed dynamically by router itself using routing protocols Types of routing
  • 7. Advantage and Disadvantages of Static routing Advantages  Minimal cpu/memory overhead-do not calculate best path  No bandwidth overhead-updates are not shared between routers  Adds security-granular control on how traffic is routed Disadvantage  Infrastructure changes must be manually adjusted  No “dynamic” fault tolerance-if a link goes down the admin is responsible  Impractical in large networks Configuration syntax ip route [destination_network] [mask] [next-hop_address or exit interface] [administrative_distance] [permanent]
  • 8. Default Route  When the router is unable to find a matching address to the packets destination address in its routing table, it forwards the packet to its exit interface or next hop address configured with a default route 0.0.0.0/0. Syntax ip route 0.0.0.0 0.0.0.0 [next-hop_address or exit interface]
  • 9. Dynamic Routing  Use routing protocol: software & routing algorithms to determine best path and construct routing table  Routers dynamically learn destinations and how to get them & advertize those destinations to other routers (if they use the same routing protocol) Advantages  Simpler to configure on large networks  Dynamically choose a different route if a link goes down  Ability to load balance b/n multiple links Disadvantage  Updates are shared b/n routers, thus consuming bandwidth  Routing protocols put additional load on routers CPU/RAM
  • 10. Types of Dynamic routing 1. DistanceVector Routing Protocols (DVRP) 2. Link State Routing Protocol (LSRP) DistanceVector Routing Protocol  find the best path to a remote network by judging distance  route with the least number of hops to the network is determined to be the best route.  They send the entire routing table to directly connected neighbors.  key characteristics:  Periodic updates of the full routing table are sent to routing neighbors. Example RIP (every 30 seconds),IGRP(every 90 seconds)  Distance-vector protocols suffer from slow convergence, and are highly susceptible to loops.  Some form of distance is used to calculate a route’s metric.  The Bellman-Ford algorithm is used to determine the shortest path.
  • 11. Link State Routing Protocol  Called shortest-path-first protocols  each router create three separate tables (utilize more RAM and CPU)  Neighbor table – contains a list of all neighbors, and the interface each neighbor is connected. Neighbors are formed by sending Hello packets.  Topology table – also known as the “link-state” table contains a map of all links within an area, including each link’s status.  Shortest-Path table – contains the best routes to each particular destination (also known as the “routing” table”)  All routers within an area have identical topology tables.  Examples are:  Intermediate System-to-Intermediate System (IS-IS) and  Open Shortest Path First (OSPF)
  • 12.  The state of a link changes, such as a router interface failing, an advertisement containing only this link-state change will be sent to all routers within that area. Each router will adjust its topology table accordingly, and will calculate a new best route if required.  Because updates are sent only during a link-state change, and contain only the change (and not the full table), link-state protocols are less bandwidth intensive than distance-vector protocols  Link-state protocols utilize some form of cost, usually based on bandwidth, to calculate a route’s metric.  The Dijkstra formula is used to determine the shortest path. StaticVS Dynamic routing
  • 13. Administrative distances, metric and wild mask Administrative Distance  the metric used by routers to choose the best path when there are two or more routes to the same destination from two different routing protocols  Each routing protocol is prioritized in order of most to least reliable using an administrative distance value.  A router prefers a static route to a dynamic route because the router considers a route with a low number to be the shortest  To override theAD of static route, change the defaultAD during configuration to >120  AnAD is an integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed via this route.  If a router receives two updates listing the same remote network, then the route with the lowestAD will be placed in the routing table. If theAD is the same, then routing protocol metrics (such as hop count or bandwidth of the lines) will be used to find the best path to the remote network
  • 14.  Default Administrative Distances Metric  is a value used by routing protocols to assign costs to reach remote networks.  Each routing protocol uses its own metric. For example, RIP uses hop count, EIGRP uses bandwidth and delay, and OSPF uses bandwidth.
  • 15. Wild Card Mask  A wildcard mask can be thought of as a subnet mask, with ones and zeros inverted;  for example, a wildcard mask of 0.0.0.255 corresponds to a subnet mask of 255.255.255.0.  Used in OSPF,ACL to indicate the size of a network or subnet and what IP addresses should be permitted or denied respectively To calculate wildcard mask  Simply subtract your mask from 255.255.255.255 to get your wildcard mask. Example: The wildcard mask of /26 is: 255.255.255.255 - 255.255.255.192 = 0.0.0.63 The wildcard mask of /19 is: 255.255.255.255 - 255.255.224.0 = 0.0.31.255 The wildcard mask of /12 is: 255.255.255.255 - 255.240.0.0 = 0.15.255.255
  • 16. Routing Information Protocol (RIP)  distance-vector,interior gateway protocol (IGP) used by routers to exchange routing information  uses hop count to determine the best path  maximum allowable number of hops are 15 hops  Hop Count = routers and also Firewall that are Routers  router broadcasts (RIP v1) its entire RIP table to its neighboring routers every 30 seconds  Administrative distance of 120  Suitable for small network RIPv1  It is a classful protocol .Because it doesn’t send updates with subnet mask information.  RIP supports up to six equal-cost paths to a single destination and use them for load-balancing. (default four paths)  Use broadcast  Outdated
  • 17. RIPv2  RIPv2 uses multicasts (only to neighbor routers configure with RIPv2)  RIPv2 supports triggered updates—when a change occurs, a RIPv2 router will immediately propagate its routing information to its connected neighbors.  RIPv2 is a classless protocol. (supports VLSM)  RIPv2 supports authentication.You can restrict what routers you want to participate in RIPv2.This is accomplished using a hashed password value
  • 18. Cont. PlainText Authentication R1(config)#interface serial 1/0 R1(config-if)#ip rip authentication mode text R1(config-if)#ip rip authentication key yourkey MD5 Authentication R1(config)#interface s1/0 R1(config-if)#ip rip authentication mode MD5 R1(config-if)#ip rip authentication key-chain yourkey
  • 19. RIPTimers  uses four different kinds of timers to regulate its performance  Route update timer: routing updates are updated periodically in every 30 seconds.  Hold-down timer: Routes will enter into the hold-down state when an update packet is received that indicated the route is unreachable.The default is 180 seconds.  Route invalid timer: the length of time that must elapse (180 seconds) before a router determines that a route has become invalid.  Route flush timer: the time between a route becoming invalid and its removal from the routing table (240 seconds).
  • 20. RIP Configuration  Use no auto-summary command to disable automatic summarization feature  show ip protocols and show ip route commands are important for verification and troubleshooting on any routing protocol.  show ip rip database: Lists all the routes known by RIP  debug ip rip or debug ip rip {events}:Displays RIP routing updates as sent and received in real time RIPv1 router rip network Network_Address RIPv2 router rip version 2 network Network_Address
  • 21. Interior Gateway Routing Protocol (IGRP)  is a dynamic class routing protocol used by autonomous system (AS) routers running onTCP/IP hosts  overcomes RIP network limitations and supports multiple routing metrics, including delay, bandwidth, load and reliability  updates are broadcast every 90 seconds (by default).  Uses composite metrics  Uses multipath routing  Supports unequal-cost load balancing  the administrative distance of IGRP is 100
  • 22. Enhanced Interior Gateway Routing Protocol (EIGRP)  owned by Cisco and operate only on their devices.  advanced distance vector routing protocol & supports link state/hybrid.  Its’s goals are to provide a loop-free routing environment and rapid convergence.  A classless routing protocol  use a composite metric (bandwidth and delay). Bandwidth  The bandwidth metric (1544 Kbps) is a static value used by some routing protocols such as EIGRP and OSPF to calculate their routing metric.  Kilobits per second (Kbps).  Most serial interfaces use the default bandwidth value of 1544 Kbps or 1,544,000 bps (1.544 Mbps). Delay  Delay is a measure of the time it takes for a packet to traverse a route.  Based on the type of link, the interface  Expressed in microseconds (millionths of a second). R1# show interface serial 0/0/0 <output omitted> MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
  • 23.  use ReliableTransport Protocol (RTP- capable of transmitting both multicast and unicast) updates  uses a diffusing update algorithm (DUAL) to avoid loops and send occasional hello packets to check the status of neighbor routers  Supports discontinuous(alternating) network  Supports all layer 3 protocols (IPv4, IPX, and IPv6)  the administrative distance of EIGRP is 90  It uses neighbor table, topology table and route tables for route discovery EIGRP Configuration  AS_No(Autonomous System number) can be any number in the range from 1 to 65535 both inclusive.  debug eigrp packet: displays transmission and receipt of all EIGRP packets router eigrp AS_No network Network_Address | network Network_Address Wildcard mask
  • 24. Open Shortest Path First (OSPF)  Is a Classless Interior Gateway Routing Protocol that routes IP packets within a single routing network domain only (area)  A link state routing protocol that do not send frequent periodic updates of the entire routing table  it sends an update only when a change in the topology occurs (multicasting)  OSPF performs a full update every 30 seconds.  uses the SPF (Dijkstra's algorithm) to calculate the shortest connection path. For example, a person in city A wants to travel to city M and is given two options:  Travel via cities B and C.The route would beABCM.And the distance (or bandwidth cost in the networking case) forA-B is 10 miles, B-C is 5 miles and C-M is 10 miles.  Travel via city F.The route would be AFM.And the distance forA-F is 20 miles and F-M is 10 miles.  ABCM with metric of (10+5+10=25) considered as best path than AFM (20+10=30) .
  • 25.  OSPF uses bandwidth to determine the cost of a link.A link with higher bandwidth results in a lower cost.The lowest cost route to a destination is the most desirable path  AD value is 110  has unlimited hop counts  OSPF maintains a two layer hierarchy consisting of:  Backbone area(area 0)  Off backbone area ( area 1 -65, 535)
  • 26. OSPF Configuration router ospf process-id. network Network_AddressWildcard_mask area 0  The process ID is chosen by the administrator and can be any number from 1 to 65535. It is only locally significant and does not have to match the ID of other OSPF routers. Name Class Type AD Metric Classful/ less Algorithm Transport type RIPv1 Distance Vector IGP 120 Hop count Classful Bellman-Fold UDP/520 RIPv2 Distance Vector IGP 120 Hop count Classless Bellman-Fold UDP/520 IGRP Distance Vector IGP 100 Composite (BW+DLY) Classful Dijkstra(SPF) IP Protocol 9 EIGRP Advanced Distance Vector IGP 90 (internal) 170(external) Composite (BW+DLY) Classless DUAL EIGRP Protocol 88 OSPF Link State IGP 110 Cost Classless Dijkstra(SPF) OSPF Protocol 89
  • 27. Access Control List(ACL)  ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
  • 28. `  The router examines each packet and will forward or discard it based on the conditions specified in theACL.  An ACL used to filter traffic i.e.permit/deny traffic Identify traffic i.e.include/exclude traffic Primary reasons  Limit network traffic and increase network performance.  Provide traffic flow control.ACLs can restrict the delivery of routing updates.  Provide a basic level of security for network access.  Decide which types of traffic are forwarded or blocked at the router interfaces. Like: e-mail traffic to be routed, but block allTelnet traffic.
  • 29. inbound and outbound interfaces F0/0 F0/0 S 0/0 S 0/1 In In OUT OUT
  • 30. How ACL work?  ACL statements operate in sequential,logical order.  If a condition match is true, the packet is permitted or denied and the rest of the ACL statements are not checked.  If all theACL statements are unmatched, an implicit deny any statement is placed at the end of the list by default. Type of ACL’s  Standard ACLs  VTY ACLs  ExtendedACLs  NamedACLs
  • 31. Standard ACLs Syntax: access-list [1-99] [permit | deny] [source address] [wildcard mask] [log] Example: Block network 172.18.0.0 from accessing the 172.16.0.0 network
  • 32. Router(config)# access-list 10 deny 172.18.0.0 0.0.255.255 Router(config)# access-list 10 permit any To apply this access list, we would configure the following on Router A: Router(config)# int fa4/0 Router(config-if)# ip access-group 10 out
  • 33. Verifying ACLs on the router –show ip interface –show access-lists –Show running-config Extended ACL Syntax: access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask] [destination address] [wildcard mask] [operator [port]] [log]
  • 34. Example: block network 172.18.0.0 from accessing anything on the 172.17.0.0 network, EXCEPT for the HTTP port on the web server
  • 35. RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config)# access-list 101 deny ip 172.18.0.0 0.0.255.255 172.17.0.0 0.0.0.3 RB(config)# access-list 101 permit ip any any We could have identified the web server in one of two ways: RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config)# access-list 101 permit tcp 172.18.0.0 0.0.255.255 172.17.0.10 0.0.0.0 eq 80 RB(config)# int fa1/0 RB(config-if)# ip access-group 101 in
  • 36. Named ACL  Synatx: ip access-list {standard | extended} name  Apply a Named ACL to an interface in the same manner as applying a Standard or Extended ACL.  Example: RB(config)#ip access-list extended web-only RB(config-ext-nacl)#permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config-ext-nacl)#deny ip 172.18.0.0 0.0.255.255 172.17.0.0 0.0.0.3 RB(config-ext-nacl)#permit ip any any We could have identified the web server in one of two ways: RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq 80 RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 172.17.0.10 0.0.0.0 eq 80 RB(config)# int fa1/0 RB(config-if)# ip access-group web-only in
  • 37. Reading Assignment  What is static NAT?  Dynamic NAT and?  NAT Overloading or PAT?
  • 38. Network Addressing Scheme Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses was for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network AddressTranslator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range • IANA-Internet Assigned Numbers Authority • RIR-Regional Internet Registry (5) • ISP and End User Org.
  • 39. NAT: Network AddressTranslator NAT Translates between local addresses and public ones Many private hosts share few global addresses Public Network Uses public addresses Public addresses are globally unique Private Network Uses private address range (local addresses) Local addresses may not be used externally
  • 40. Types Of NAT  Static NAT  Dynamic NAT  Dynamic NAT with Overload or PAT  Static NAT –  Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.  the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110.
  • 42. NAT Addressing Terms  Inside Local  an address used for a host inside an enterprise.  actual IP address assigned to a host in the private network.  Inside Global  NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet.  A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.  Outside Global  an address used for a host outside an enterprise, the Internet.  the actual IP address assigned to a host that resides in the outside network, typically the Internet.  Outside Local  NAT uses an outside local address to represent the outside host as the packet is sent through the private network.  It is outside private, outside host with a private address
  • 43. Static NAT Configuration  Specify the inside interface: Router(config)#interface fast eth0/0 (private side interface) Router(config-if)# ip nat inside  Specify the outside interface: Router(config)#interface fast ethernet0/1 (Public side interface) Router(config-if)# ip nat outside  Enter static translation entry : Router(config)# ip nat inside source static 192.168.0.1 206.245.160.1 To see IP address translations: Router#show ip nat translation
  • 44. 44 Dynamic NAT Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150.
  • 46. Dynamic NAT Configuration  Specify the inside interface: Router(config)#interface fast ethernet0/0 Router(config-if)# ip nat inside  Specify the outside interface: Router(config)#interface serial0/0 Router(config-if)# ip nat outside  Define anAccess List to permit the inside local addresses to be translated: Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255  Define a pool of global addresses : Router(config)# ip nat pool DNAT1 179.2.2.65 179.2.2.90 netmask 255.255.255.224  Enter dynamic translation entry : Router(config)# ip nat inside source list 1 pool DNAT1
  • 47. Overloading NAT with PAT (NAPT)  Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.  each computer on the private network is translated to the same IP address (213.18.123.100), but with a different port number assignment..
  • 48. PAT Configuration  Set the fast eth 0/0 and se2/0 interface as the inside and outside interface: R1# configure terminal R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside R1(config-if)# interface serial2/0 R1(config-if)# ip nat outside  allow the 192.168.0.0/24 network to reach any destination. R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any  enable NAT overload and bind it to the outside interface previously selected:  R1(config)# ip nat inside source list 100 interface serial 2/0 overload