Cyber Security Fundamentals (M)&(H): Basic Networking Introduction
, School of Computing Science, University of Glasgow, Scotland. http://www.mariaevangelopoulou.com/
Structure of Lectures
Copyright By PowCoder代写 加微信 powcoder
Sections that will be covered:
Cyber Security Basic background, Look into networking,
Cyber Attacks and defence,
Web applications’ vulnerabilities, Trending in Cyber,
Penetration testing & Digital Forensics. Guest lectures to be confirmed.
CSF 2022 CSF Networking
➢This course a variety of core material which leads to quite an extensive reading list. However, through everything should be based to your lectures. Which means that lecture slides should be your main material and then you should connect it to the relevant books and read the relevant chapters. In no way it means that you should read all five books; however if you want to extent your knowledge in the specific described in the book this is advised.
Lecturer’s instructions
When you see the red sign in a slide it means that you must not use anything described in the specific slide without the necessary authorisation. The lecturer of this course will not be responsible for any misuse.
When you see the green sign in a slide it means that you can use anything described in the specific slide on your own.
CSF 2022 CSF Networking
➢ Some tools need special permissions in order to run them in a secure manner without violating any laws!!!
➢Because of this we have created these signs to indicate to you which tools are ok to be used and which are not!
➢One of the most important slides as if you don’t follow this rule it can have serious impact on you, so please don’t use anything under the banner of the red (first) sign.
What is a Network?
➢ Can you think a different type of network (not a computing network)?
CSF 2022 CSF Networking
@metro.co.uk @Disney
What is a MAC address?
➢MAC address is the definitive address of a Network Interface Card (NIC). Unique for every host.
➢MAC address is combined with an IP address and this information is a unique identifier of the host. The IP can change upon reconnection or by connecting to a different network. It can also be set to be static.
➢For the communication to go through a port needs to be established. There are known ports for specific services.
CSF 2022 CSF Networking
➢Computer services have to use ports for communication; the traffic needs to use a port so it can come through: A really good detailed list can be found here (Internet Assigned Number Authority official webpage):
➢ https://www.iana.org/assignments/service-names-port- numbers/service-names-port-numbers.xhtml
➢ In order to understand what a port is and how all this works let’s use an example: When you order something online your address is your IP and your door number is your port.
CSF 2022 CSF Networking
➢The socket 192.125.1.60:1815 refers to port 1815 on host 192.125.1.60
➢All ports till 1024 are well known, used for standard services
➢A socket is defined as an endpoint for communication. Communication is established between a pair of sockets.
➢Special IP address 127.0.0.1 (loopback) to refer to system on which process is running. In other words, 127.0.0.1 is the loopback Internet protocol (IP) address also referred to as the “localhost.” The address is used to establish an IP connection to the same machine or computer being used by the end-user.
Layered Network Communication Model
➢ 1. Application Layer → User interface & Application requests.
➢ 2. Transport Layer → Packages data, may include receipt of delivery.
➢ 3. Network Access Layer → Manages the sending data.
➢ 4. Network Interface Layer→Translation to raw bits.
➢ What would be the problem if there were no layers?
CSF 2022 CSF Networking
➢ In computing networking when we are referring to communication a layered approach is followed. A layered approach is much more effective and modular. When there is a layered approach system each layer may have multiple activities and interactions, but is responsible for only a certain part of the overall communication. There is no necessary knowledge required for the other layers. However every layer depends on the instructions that came from the previous layer. This means that every layer should have an input, an action and an output. In computing networks in order to achieve communications there should be employed something called protocols.
➢ There are 7 layers in the OSI model but we are concentrate in the 4 layers that are important for this class. The third layer is also referred to as Network and the fourth as Link layer.
➢ If there were no layers each type of software would need to do everything.
Some common protocols
Ethernet Tunnels DSL ISDN OSPF Token ring
Application
Network Access
Network Interface
CSF 2022 CSF Networking
➢ FTP → File transfer protocol: used to send computer files like word documents, excel and more between client and server.
➢SNMP→Simple Netwok Management protocol: collecting and organizing information for managed devices in the specific network.
➢ SMTP→Simple Mail Transfer protocol: used for email transmission.
➢ TFTP→Trivial File Transfer protocol: used for transferring files. Usually to read
and write files from a remote server.
➢ RARP → Reverse Address Resolution protocol: when a client has only is MAC address and requests its IP address from the network.
➢ ICMP → Internet Control Message protocol: transmission of operational information and error messages. Most common use to identify if a host is live or not (unreachable).
➢ Ethernet is used to set up a Local Area Network (LAN). In Ethernet the data streams are divided into packets.
➢ Tunnelling protocol allows movement of data from one network to another. It allows private network communications to be sent across a public network. What is the known public network? Internet.
➢ Digital Subscriber Line: transmission of data through telephone lines.
➢ Integrated Services Digital Network: simultaneous transmission of digital data
(voice, data, video, other services) through public telephone network.
➢ Open Shortest Path First: Routing protocol used by autonomous systems using the SPF algorithm (shortest path first).
➢ Token Ring: LAN in which logical tokens are passed from host to host. Only if a host holds a token can send data and the token is released when the data have been received. The number of tokens is controlled so in this way the data packets collision is prevented.
Domain Name System Protocol
CSF 2022 CSF Networking
@aws.Amazon.com
➢ DNS (Domain Name System) records contain information of how a web server should respond to incoming input. It contains information regarding which IP address is connecting to which domain and how to handle any requests. Basically it is mapping files. There is a need to understand is that as humans we access information online through domain names. So basically DNS acts as a translator and converts domain names to IP addresses so the browser can load the Internet resources.
➢ TLD stand for top level domain. A name server is like a phonebook handling requests from a host about a domain. Reverse is the opposite when the IP address is known and not the domain name.
➢ MX(Mail exchange), A (address), AAAA (IPv6 address)
Layered communication
Host Message Webserver HTTP
Application
Application
CSF 2022 CSF Networking
Application Layer
➢Translation of user request into code and transfer to the next level which is the Transport layer.
➢FTP, DNS, SNMP, SMPT, TFTP, NFS, HTTP, TELNET, SSH and more.
➢Do you recognize some of them?
➢Can you match them into known services?
CSF 2022 CSF Networking
➢HTTP → HyperText Transfer protocol: world wide web protocol which covers all the techniques that the data should be transmitted and the rules and commands that should be followed.
➢TELNET → for bidirectional interactive text communication.
➢SSH→Secure Shell protocol. Provides secure remote login from one computer to another.
Transport Layer
➢TCP→most common transport layer protocol & connection oriented protocol. Virtual connection must have been established through a handshake (say hi – hi back,ok – connect). In TCP acknowledgment of information is being used to verify the successful transfer of data.
➢ Accepts data from the application layer and breaks it down into
smaller pieces (segments) and adds identification information
(Sequence Number, Header size, Checksum, Destination Port).
CSF 2022 CSF Networking
TCP Segment
Data TCP Header
HTTP Request
TCP three-way handshake
In a two way handshake the last acknowledgment from HOST A is omitted.
CSF 2022 CSF Networking @ Windows Server 2003 Administration by and @ oreilly.com
TCP segment
For students who asked more specification on the TCP segment structure.
CSF 2022 CSF Networking @ Windows Server 2003 Administration by and @ oreilly.com
Access Layer – IP Protocol
➢ The Internet Protocol (IP) uses unreliable, connectionless packets to deliver information. As it can be seen is consisted of the TCP segments plus an IP Header (Source IP address, Destination IP address, Packet Length in bytes, Time To Live).
Data IP Packet
Data IP Header
TCP segment
CSF 2022 CSF Networking
➢Why TTL is necessary? Used to prevent a packet from wandering the Internet forever.
➢ Some method names encountered in HTTP: GET→retrieval of data of the specified resource
POST→mainly for accepting an entity in the specified resource; like an annotation, a post on a forum and more.
PUT→requests that enclosed data to be stored. DELETE→for deletion of the specified resource.
OPTIONS→returns the different methods that are supported by HTTP.
PATCH→asks for partial modifications to take place.
Interface Layer
➢ Interface layer → sends the actual data one bit at a time.
CSF 2022 CSF Networking
➢ Translate to binary:
001010101101 1110110101 11011
➢ Request of www.facebook.com
Application
GET /Index.htm HTTP/1.1 Host: www.facebook.com
TCP Header
TCP Header
001010101101 1110110101 11011
CSF 2022 CSF Networking
TCP Header
TCP Header
011110100101 1010110011 11001
CSF 2022 CSF Networking
TCP Header
TCP Header
101010000101 1001100001 00111
CSF 2022 CSF Networking
When Received→Decoding
TCP Header
TCP Header
001010101101 1110110101 11011
CSF 2022 CSF Networking
When Received→Decoding
TCP Header
TCP Header
011110100101 1010110011 11001
CSF 2022 CSF Networking
When Received→Decoding
Application
TCP Header
GET /Index.htm HTTP/1.1
TCP Header
101010000101 1001100001 00111
CSF 2022 CSF Networking
User Datagram Protocol (UDP)
➢Alternative to TCP at the transport layer with no initial connection required and no error correction.
➢ Good for voice and video data (broadcasting). Basically any applications that a loss of data will not be significant. Makes it unreliable as there is no authentication and there is a packet loss.
CSF 2022 CSF Networking
Address Resolution Protocol
CSF 2022 CSF Networking
➢ At boot and at regular intervals the MAC and IP address is being broadcasted on your network. This information is being stored in a document called ARP table per host. How is this helpful?
➢What is happening if there is no entry for a specific IP address?
➢Every time we want to send something when knowing the IP address we look the ARP table and identify the MAC. As we mentioned before the MAC address does not change. ARP is necessary as it matches the IP address to MAC. We will talk in more detail on the cyber attacks part.
➢ Broadcast whos is? In this case a broadcast will take place and the host who matches the specific IP address will respond to this request. And in this case the ARP table will be updated and fill in the empty entry.
Computing Environments – Distributed
CSF 2022 CSF Networking
➢ Distributed
➢Local Area Network (LAN)
➢Metropolitan Area Network (MAN)
➢Wide Area Network (WAN) ➢Personal Area Network (PAN)
➢ Network Operating System provides features between systems across network.
➢ Distributed networking → network system over which computer programming, software, and its data are spread out across more than one computer, but communicate complex messages through their nodes, and are dependent upon each other.
➢ A LAN (local area network) is a group of computers and network devices connected together, usually within the same building. Usually high speed and relatively inexpensive (e.g., token ring or Ethernet). A MAN (metropolitan area network) is a larger network that usually spans several buildings in the same city or town. A microwave antenna on a TV news van sending data back to the main TV studio. It’s also possible to wire buildings together using fiber optic cable. A WAN (wide area network), in comparison to a MAN, is not restricted to a geographical location, although it might be confined within the bounds of a state or country. Usually high speed and expensive. The Internet is a famous example. PAN stands for personal area network→a network covering a very small area, usually a small room. Bluetooth is a wireless PAN but a wired PAN is for example USB.
Computing Environments – Client-Server
→ A system (acts as server), responding to requests generated by clients.
→ Computer-server system provides an interface to client to request services.
→File-server system provides interface for clients to store and file retrieval.
CSF 2022 CSF Networking
➢ A computer network in which one centralized, powerful computer (called the server) is a hub to which many less powerful personal computers or workstations (called clients) are connected.
Computing Environments – Peer-to-Peer
➢ Another model of distributed system
➢ P2P does not distinguish clients and servers:
➢Instead, all nodes are considered peers.
➢May each act as client, server or both.
➢Node must join P2P network.
CSF 2022 CSF Networking
➢ In a P2P network, computer systems (peers) are connected to each other via the Internet. Files can be shared directly between systems on the network without the need of a central server. In other words, each computer on a P2P network becomes a file server as well as a client. Well known P2P are Voice over IP (VoIP) systems like Skype.
Computing Environments – Virtualization
CSF 2022 CSF Networking
➢ Allows operating systems to run applications within other OS.
➢Vast and growing industry
➢Emulation used when source CPU type
different from target type.
➢Virtualization – OS natively compiled for CPU, running guest OSes also natively compiled .
➢ Computer emulation is when one system imitates or reproduces another system. A type of software emulation allows console video games, such as Nintendo, Sega and more, to be run on a PC. Emulation is also when using a type of file called a disk image. For example, an .ISO file (Windows) that can be mounted on the desktop, which makes the operating system view the file as a physical disk. This provides an easy way to make exact copies of CDs, DVDs, and hard disks. Disk images are also commonly used to create virtual installer disks that can’t be modified by the user. In general, in emulation the virtual machine simulates the complete hardware in software. This allows an operating system for one computer architecture to be run on the architecture that the emulator is written for. More specific the purpose of an emulator is to accurately reproduce the behaviour of some hardware.
➢ In computing, virtualization means to create a virtual version of a device or resource, such as a server, storage device or a network and more, where the framework divides the resource into one or more execution environments. Virtualization involves simulating parts of a computer’s hardware – enough for a guest operating system to run unmodified – but most operations still occur on the real hardware for efficiency reasons. Virtualization therefore is normally faster than emulation but the real system has to have an architecture identical to the guest system. More specific, the purpose of a virtual machine is to create an isolated environment.
Network Monitoring – Wireshark
CSF 2022 CSF Networking
➢Wireshark is an open source free tool but should not be used on networking environments you don’t own or have special authorisation as it sniffs the traffic, which is an illegal action. We will use this tool only to open the provided .pcap file from the Moodle page of the course.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com