SlideShare a Scribd company logo

1.Architecture

Download as PPT, PDF
P
phanleson

This document provides an overview and learning plan for a course on network security. It discusses the TCP/IP model and the layered architecture of networks. The document outlines strategies for network security including prevention, mitigation, detection, and response. It describes the focus on preventing vulnerabilities and detecting exploitation across the different layers of the network. Key learning objectives are to understand the network layer model and how vulnerabilities can be inherited between layers.

Technology
1 of 26
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Course 3: Network Security, Section 1 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004; updated July 30, 2004 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
Course 3 Learning Plan Architecture Physical and link layer Network layer Transport layer Application layer: DNS, RPC, NFS Application layer: Routing Wireless networks More secure protocols: DNSSEC, IPSEC, IPv6
Learning objectives Understand the logical order of presentation for this course Understand the coverage and focus Understand how networks are organized by layers
Introduction Network architecture is layered Lower layer vulnerabilities are inherited at higher levels Describing exploitable features and vulnerabilities in the scope of each layer makes sense TCP/IP v.4 is dominant design in use Many vulnerabilities can't be prevented without a major transition to a completely new design, or are hard problems Most core vulnerabilities can't really be fixed This is an important design consideration for any application that needs to use networks
Strategies Prevention Disabling features and functionality Disabling exploitation paths Some choice of network application-level protocols Mitigation (limiting consequences and impact) Network configurations (de-militarized zones, etc...) Detection Response Providing guarantees at the application level Migrating to other, safer protocols
Focus on Prevention and Detection Identify features and functionality to be turned off or provided with limited availability Identify exploitation paths and attempt to block them Investigate choice of application-level protocols (e.g., DNS, BGP, etc...) Detect Internal attackers Accountability When all the above was not sufficient Is there another exploitation path? Provide justification for continued or increased blocking
Labs and Tools Survey tools that help identify, block, control and detect Firewalls Filtering proxies Arp integrity tools Intrusion detection tools
Policies Policies define the accepted, normal states of the network Firewall rules encode a subset of the above Detection should ideally cover anything outside policy Low return on detecting blocked incoming attacks Many, expensive, no accountability (but statistics useful) Need to detect violations in the networks you control Should be inspired by The purpose of design decisions at each network layer The risks of the adopted designs We will review the above
What We Won't Cover Detailed firewall configurations See instead "Firewalls and Internet Security: Repelling the Wily Hacker", 2nd Edition, by William Cheswick, Steven M. Bellovin, Aviel D. Rubin. See CERT's Advanced Information Assurance Handbook, http://www.cert.org/archive/pdf/aia-handbook.pdf Exhaustive coverage of all network services and associated risks X11 SNMP etc...
Not Covered (cont.) Monitoring intrusion detection systems and tuning rules Incident response
Learning objectives Know the names and responsibilities of each layer in the TCP/IP model Understand that design limitations and vulnerabilities are inherited upwards
Network Models OSI Model 7 layers Old Applications often have properties of several layers at once Makes classification difficult, confusing TCP/IP Model a.k.a. "DoD" model (Department of Defense) 5 layers Often the two bottom layers are fused, yielding 4 layers Be wary of references to "layer 3" In which model? The 4-layer model makes the discussion of frames and the logical link sublayer more difficult, so we'll use 5 layers
The OSI 7-Layer Model OSI: Open Systems Interconnection ISO standard Layered approach provides: Simplification Abstraction Each layer talks only to the equivalent layer somewhere else Division of responsibilities Standardization and interchangeability of equipment from different makers
The 7 Layers Application Presentation Session Transport Network Data Link Physical
Physical Layer Specifies the physical signals (electrical, optical, etc...) Type Levels Speed Cables if any Range Examples: 10-Base-2 Ethernet coaxial cable specification
Data Link Layer How to transmit data between two stations in the same segment Two components MAC (Media Access Control) Control which station receives which data Which station has permission to transmit MAC addresses uniquely identify stations (in theory) LLC (Logical Link Control) frame synchronization Data unit is called a frame flow control error checking
Network Layer Routing between segments Forwarding Addressing Internetworking Error handling Congestion control Packet sequencing Data units are called "packets"
Transport Layer Reliability retransmissions, etc... Error recovery Flow control
Other Layers Session Handles connections between applications Presentation Handles encoding, encryption, etc... Application
Question How would you classify SSL (Secure Socket Layer) and TLS (Transport Layer Security), given that they: Provide encryption Are often implemented inside applications such as web browsers Provide sessions between hosts and servers Are responsible for data transport?
Answer SSL has been classified at all of those layers by different people: Transport Session Presentation Application
The TCP/IP Model 5 layers: Application (combines presentation and session) Transport Network Data Link Physical We will use this one as it is less ambiguous
Question Where would you classify SSH in the TCP/IP model?
Questions or Comments?
About These Slides You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. You must give the original author and other contributors credit The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes For any reuse or distribution, you must make clear to others the terms of use for this work Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification For other uses please contact the Purdue Office of Technology Commercialization. Developed thanks to the support of Symantec Corporation
Pascal Meunier [email_address] Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera

More Related Content

PPTX
Cyber crime and security ppt
Lipsita Behera
 
PPT
Firewals in Network Security NS10
koolkampus
 
PPTX
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
PDF
LAN Design and implementation of Shanto Mariam University of Creative Technology
Abdullah Al Mamun
 
DOCX
Enhanced olsr for defense against dos attack in ad hoc networks
JPINFOTECH JAYAPRAKASH
 
PDF
DEH-DoSv6: A defendable security model against IPv6 extension headers denial ...
journalBEEI
 
PPTX
Study of campus network security
Trishla Thakur
 
DOCX
IEEE 2014 JAVA NETWORKING PROJECTS Hop by-hop message uthenticationand source...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
Cyber crime and security ppt
Lipsita Behera
 
Firewals in Network Security NS10
koolkampus
 
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
LAN Design and implementation of Shanto Mariam University of Creative Technology
Abdullah Al Mamun
 
Enhanced olsr for defense against dos attack in ad hoc networks
JPINFOTECH JAYAPRAKASH
 
DEH-DoSv6: A defendable security model against IPv6 extension headers denial ...
journalBEEI
 
Study of campus network security
Trishla Thakur
 
IEEE 2014 JAVA NETWORKING PROJECTS Hop by-hop message uthenticationand source...
IEEEGLOBALSOFTSTUDENTPROJECTS
 

Similar to 1.Architecture (20)

PPT
osi-tcp.ppt
Rashmin Tanna
 
PPTX
CISSP - Chapter 4 - Network Fundamental
Karthikeyan Dhayalan
 
PPTX
Viloria osi layer4-7
Jhoniel Viloria
 
PPTX
osi-tcp ppt 1.pptx........................
swarnimprateek
 
PPT
OSI Model 2 .ppt
AnikGhosh44
 
PPT
Network Security
Jaya sudha
 
PPT
The OSI (Open Systems Interconnection) model is a conceptual framework that d...
isksaran
 
PPT
osi-tcposi-tcposi-tcposi-tcposi-tcposi-tcp.ppt
namrataparopate
 
PPT
Reference models OSI and TCP/IP new differences
Suela30
 
PPT
OSI TCP IP Protocol Layers description f
cbr49917
 
PPT
Open System Interface Transmission Control Protocol osi-tcp.ppt
durgakru
 
PPT
Understanding how logical clocks (e.g., Lamport clocks, vector clocks) are us...
amallika11
 
PPT
osi-tcp.ppt TCP/IP Modele OSI, TCPIP Pre
tiaguentiechevianel
 
PPT
OSI Model, introduction, history,OSI layers andTCP/IP.ppt
SIRJOHNMUCHIRI
 
PPTX
Lecture 1 Network Reference Models Final.pptx
Ronoh Kennedy
 
PPT
osi and tcpip.ppt
KowsalyaJayakumar2
 
PPT
Osi and tcpip
chetnaindaurkar
 
PPT
OSI Model.ppt
ShantanuBhushanMishr
 
PPTX
OSI reference Model
Johnson Ubah
 
PPT
Introduction_Network_lecture_ for begginers.ppt
Adrianaany
 
osi-tcp.ppt
Rashmin Tanna
 
CISSP - Chapter 4 - Network Fundamental
Karthikeyan Dhayalan
 
Viloria osi layer4-7
Jhoniel Viloria
 
osi-tcp ppt 1.pptx........................
swarnimprateek
 
OSI Model 2 .ppt
AnikGhosh44
 
Network Security
Jaya sudha
 
The OSI (Open Systems Interconnection) model is a conceptual framework that d...
isksaran
 
osi-tcposi-tcposi-tcposi-tcposi-tcposi-tcp.ppt
namrataparopate
 
Reference models OSI and TCP/IP new differences
Suela30
 
OSI TCP IP Protocol Layers description f
cbr49917
 
Open System Interface Transmission Control Protocol osi-tcp.ppt
durgakru
 
Understanding how logical clocks (e.g., Lamport clocks, vector clocks) are us...
amallika11
 
osi-tcp.ppt TCP/IP Modele OSI, TCPIP Pre
tiaguentiechevianel
 
OSI Model, introduction, history,OSI layers andTCP/IP.ppt
SIRJOHNMUCHIRI
 
Lecture 1 Network Reference Models Final.pptx
Ronoh Kennedy
 
osi and tcpip.ppt
KowsalyaJayakumar2
 
Osi and tcpip
chetnaindaurkar
 
OSI Model.ppt
ShantanuBhushanMishr
 
OSI reference Model
Johnson Ubah
 
Introduction_Network_lecture_ for begginers.ppt
Adrianaany
 
Ad

More from phanleson (20)

PDF
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Firewall - Network Defense in Depth Firewalls
phanleson
 
PPT
Mobile Security - Wireless hacking
phanleson
 
PPT
Authentication in wireless - Security in Wireless Protocols
phanleson
 
PPT
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
PPT
Hacking web applications
phanleson
 
PPTX
HBase In Action - Chapter 04: HBase table design
phanleson
 
PPT
HBase In Action - Chapter 10 - Operations
phanleson
 
PPT
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
PPTX
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
PPTX
Learning spark ch10 - Spark Streaming
phanleson
 
PPTX
Learning spark ch09 - Spark SQL
phanleson
 
PPT
Learning spark ch07 - Running on a Cluster
phanleson
 
PPTX
Learning spark ch06 - Advanced Spark Programming
phanleson
 
PPTX
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
PPTX
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
PPTX
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
PPT
Lecture 1 - Getting to know XML
phanleson
 
PPTX
Lecture 4 - Adding XTHML for the Web
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Firewall - Network Defense in Depth Firewalls
phanleson
 
Mobile Security - Wireless hacking
phanleson
 
Authentication in wireless - Security in Wireless Protocols
phanleson
 
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
Hacking web applications
phanleson
 
HBase In Action - Chapter 04: HBase table design
phanleson
 
HBase In Action - Chapter 10 - Operations
phanleson
 
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
Learning spark ch10 - Spark Streaming
phanleson
 
Learning spark ch09 - Spark SQL
phanleson
 
Learning spark ch07 - Running on a Cluster
phanleson
 
Learning spark ch06 - Advanced Spark Programming
phanleson
 
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
Lecture 1 - Getting to know XML
phanleson
 
Lecture 4 - Adding XTHML for the Web
phanleson
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Teaching material agriculture food technology
LiaRayya
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Cloud computing and distributed systems.
kkkkkhan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Encapsulation theory and applications.pdf
gurumoop
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

1.Architecture

  • 1. Course 3: Network Security, Section 1 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004; updated July 30, 2004 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
  • 2. Course 3 Learning Plan Architecture Physical and link layer Network layer Transport layer Application layer: DNS, RPC, NFS Application layer: Routing Wireless networks More secure protocols: DNSSEC, IPSEC, IPv6
  • 3. Learning objectives Understand the logical order of presentation for this course Understand the coverage and focus Understand how networks are organized by layers
  • 4. Introduction Network architecture is layered Lower layer vulnerabilities are inherited at higher levels Describing exploitable features and vulnerabilities in the scope of each layer makes sense TCP/IP v.4 is dominant design in use Many vulnerabilities can't be prevented without a major transition to a completely new design, or are hard problems Most core vulnerabilities can't really be fixed This is an important design consideration for any application that needs to use networks
  • 5. Strategies Prevention Disabling features and functionality Disabling exploitation paths Some choice of network application-level protocols Mitigation (limiting consequences and impact) Network configurations (de-militarized zones, etc...) Detection Response Providing guarantees at the application level Migrating to other, safer protocols
  • 6. Focus on Prevention and Detection Identify features and functionality to be turned off or provided with limited availability Identify exploitation paths and attempt to block them Investigate choice of application-level protocols (e.g., DNS, BGP, etc...) Detect Internal attackers Accountability When all the above was not sufficient Is there another exploitation path? Provide justification for continued or increased blocking
  • 7. Labs and Tools Survey tools that help identify, block, control and detect Firewalls Filtering proxies Arp integrity tools Intrusion detection tools
  • 8. Policies Policies define the accepted, normal states of the network Firewall rules encode a subset of the above Detection should ideally cover anything outside policy Low return on detecting blocked incoming attacks Many, expensive, no accountability (but statistics useful) Need to detect violations in the networks you control Should be inspired by The purpose of design decisions at each network layer The risks of the adopted designs We will review the above
  • 9. What We Won't Cover Detailed firewall configurations See instead "Firewalls and Internet Security: Repelling the Wily Hacker", 2nd Edition, by William Cheswick, Steven M. Bellovin, Aviel D. Rubin. See CERT's Advanced Information Assurance Handbook, http://www.cert.org/archive/pdf/aia-handbook.pdf Exhaustive coverage of all network services and associated risks X11 SNMP etc...
  • 10. Not Covered (cont.) Monitoring intrusion detection systems and tuning rules Incident response
  • 11. Learning objectives Know the names and responsibilities of each layer in the TCP/IP model Understand that design limitations and vulnerabilities are inherited upwards
  • 12. Network Models OSI Model 7 layers Old Applications often have properties of several layers at once Makes classification difficult, confusing TCP/IP Model a.k.a. "DoD" model (Department of Defense) 5 layers Often the two bottom layers are fused, yielding 4 layers Be wary of references to "layer 3" In which model? The 4-layer model makes the discussion of frames and the logical link sublayer more difficult, so we'll use 5 layers
  • 13. The OSI 7-Layer Model OSI: Open Systems Interconnection ISO standard Layered approach provides: Simplification Abstraction Each layer talks only to the equivalent layer somewhere else Division of responsibilities Standardization and interchangeability of equipment from different makers
  • 14. The 7 Layers Application Presentation Session Transport Network Data Link Physical
  • 15. Physical Layer Specifies the physical signals (electrical, optical, etc...) Type Levels Speed Cables if any Range Examples: 10-Base-2 Ethernet coaxial cable specification
  • 16. Data Link Layer How to transmit data between two stations in the same segment Two components MAC (Media Access Control) Control which station receives which data Which station has permission to transmit MAC addresses uniquely identify stations (in theory) LLC (Logical Link Control) frame synchronization Data unit is called a frame flow control error checking
  • 17. Network Layer Routing between segments Forwarding Addressing Internetworking Error handling Congestion control Packet sequencing Data units are called "packets"
  • 18. Transport Layer Reliability retransmissions, etc... Error recovery Flow control
  • 19. Other Layers Session Handles connections between applications Presentation Handles encoding, encryption, etc... Application
  • 20. Question How would you classify SSL (Secure Socket Layer) and TLS (Transport Layer Security), given that they: Provide encryption Are often implemented inside applications such as web browsers Provide sessions between hosts and servers Are responsible for data transport?
  • 21. Answer SSL has been classified at all of those layers by different people: Transport Session Presentation Application
  • 22. The TCP/IP Model 5 layers: Application (combines presentation and session) Transport Network Data Link Physical We will use this one as it is less ambiguous
  • 23. Question Where would you classify SSH in the TCP/IP model?
  • 25. About These Slides You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. You must give the original author and other contributors credit The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes For any reuse or distribution, you must make clear to others the terms of use for this work Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification For other uses please contact the Purdue Office of Technology Commercialization. Developed thanks to the support of Symantec Corporation
  • 26. Pascal Meunier [email_address] Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera

Editor's Notes

  • #5: Dominant : có ảnh hưởng lớn, chi phối Transition : chuyển tiếp, chuyển giọng, thời kì quá độ
  • #6: Mitigation : sự làm nhẹ, xoa dịu Impact : sự va chạm, ảnh hưởng
  • #7: Investigate : nghiên cứu tỉ mỉ Justification : sự chứng minh là đúng
  • #10: Exhaustive : hết mọi khía cạnh, thấu đáo
  • #12: Limitations : sự hạn chế, sự hạn định Upwards : hướng lên, đi lên
  • #13: Classification : sự phân loại Confusing : khó hiểu, gây bối rối