Download - Network Architecture
![Page 1: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/1.jpg)
Network Architecture Fundamentals
Niranjana.S.Karandikar
![Page 2: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/2.jpg)
Networking Devices
• Hub• Switch• Router• Gateway• Modem• Firewall
• IPS• IDS• DHCP• DNS• UTM• Server
![Page 3: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/3.jpg)
![Page 4: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/4.jpg)
HUB•Depending upon the topology the placement of the hub varies•Asks every node its identity and forwards the frame
![Page 5: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/5.jpg)
Switch
Smarter than the hub
![Page 6: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/6.jpg)
Smarter—WHY???• Contains ARP table• ARP table contains:• Ports( switch ports not system ports)• IP• MAC• Load balancing capability• Incase of DOS, acts like HUB
![Page 7: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/7.jpg)
Router
![Page 8: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/8.jpg)
Router
• Forwards data packets BETWEEN networks• Contains routing configuration tables:-• Information on which connections lead to
particular groups of addresses• Priorities for connections to be used• Rules for handling both routine and special
cases of traffic
![Page 9: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/9.jpg)
Jobs
• Ensures that information doesn't go where it's not needed
• Information does make it to the intended destination
![Page 10: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/10.jpg)
Switch,Hub,Router???
Intelligence is the key difference!!!
![Page 11: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/11.jpg)
![Page 12: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/12.jpg)
Segments,Packets,Frames• Each layer have its header, as you can see:• Segments: Transport layer (TCP/UDP) = transport header + data (from
upper layer)• Packet: Internet layer (IP) = network header + transport header and
data (both transport and data from upper layers)• Frames: Network layer (Ethernet) = frame header + network , transport
header and data (from three upper layers).• So, answering to your question, the difference between segment,
packet and frames are basically what it's respective layer consider as "data". On a segment, data comes from the application layer, on a packet, data comes from the transport layer (transport header + data) and on a frame, the data comes from the internet layer (transport and internet headers + data from application layer).
![Page 13: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/13.jpg)
To be precise…
• Segment = original data + Transport Layer
header.
• Packet = Segment + Network Layer header.
• Frame = Packet + Data Link Layer header.
• So basically that means that if we put the
headers aside, Segments = Packets = Frames.
![Page 14: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/14.jpg)
Gateway
• A gateway is the same as a router, except in that it also translates between one network system or protocol and another.
• The NAT protocol for example uses a NAT gateway to connect a private network to the Internet.
![Page 15: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/15.jpg)
Modem
• Modulator• Demodulator
![Page 16: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/16.jpg)
Firewall
![Page 17: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/17.jpg)
Types
• Packet filtering• Application Level- - -Proxy Servers• Circuit level Gateways• Stateful Multilayer Inspection(Dynamic)
![Page 18: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/18.jpg)
Working Principle
• ACL : Access Control Lists• Black ListingAllow: ALL Deny: LISTED• White ListingDeny : ALLAllow: LISTED
![Page 19: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/19.jpg)
IDS
• Intrusion “Detection” System• PASSIVE• Monitors• Identifies Malicious or Suspicious activity• Generates logs(useful for auditing and
implementation)• ALERTS
![Page 20: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/20.jpg)
IDS-Architecture
![Page 21: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/21.jpg)
Types
• NIDS• HIDS• Signature based• Heuristic or Anomaly based
![Page 22: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/22.jpg)
Signature based
• Pattern matching: :Black listing• Allows all except the listed ones in the DB• New or Modified Attacks!!!
![Page 23: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/23.jpg)
Heuristic based
• Looks for behavior that is distinct from the formed baseline of process
• Acceptable events are predefined• Activity classified as:i. Good/benignii. Suspiciousiii. unknown
![Page 24: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/24.jpg)
IPS• Intrusion “Prevention” System• ACTIVE• Takes actions such as:• Sending an alarm to the administrator (as
would be seen in an IDS)• Dropping the malicious packets• Blocking traffic from the source address• Resetting the connection
![Page 25: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/25.jpg)
Methods of Detection
• Signature based• Anomaly Based
![Page 26: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/26.jpg)
Signature Based
• As an exploit is discovered, its signature is recorded and stored in a continuously growing dictionary of signatures.
• Signature detection for IPS breaks down into two types:
• Exploit-facing• Vulnerability-facing
![Page 27: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/27.jpg)
Exploit Facing
• Exploit-facing signatures identify individual exploits by triggering on the unique patterns of a particular exploit attempt.
• The IPS can identify specific exploits by finding a match with an exploit-facing signature in the traffic stream
![Page 28: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/28.jpg)
Vulnerability Facing
• Vulnerability-facing signatures are broader signatures that target the underlying vulnerability in the system that is being targeted.
• These signatures allow networks to be protected from variants of an exploit that may not have been directly observed in the wild, but also raise the risk of false-positives.
![Page 29: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/29.jpg)
DHCP
• Dynamic Host Configuration “Protocol”• that assigns unique IP addresses to devices,• then releases and renews these addresses as• devices leave and re-join the network.• Used in both IPv4 as well as IPv6
![Page 30: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/30.jpg)
DNS
• Domain Name Server• Table containing IP addresses and Domain
names• Total 13 DNS servers globally• Many sub DNS• Local DNS
![Page 31: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/31.jpg)
![Page 32: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/32.jpg)
UTM
• Unified Threat Management• Combo of devices• Integrated devices• Eg: Router+Firwall+IDS+IPS
![Page 33: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/33.jpg)
Server
• Central Repository
![Page 34: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/34.jpg)
VPN
• Virtual Private Network• Private Network In Public Network• Data transmitted through encrypted channels
![Page 35: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/35.jpg)
DMZ
• Demilitarized Zone or Perimeter Network• Public Facing• Web servers• Mail servers• FTP servers• VoIP servers
![Page 36: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/36.jpg)
![Page 37: Network Architecture](https://reader030.vdocuments.us/reader030/viewer/2022033106/577cc5281a28aba7119b816e/html5/thumbnails/37.jpg)