how do networks work – really the purposes of set of slides is to show networks really work. most...

How do Networks work – Really

• The purposes of set of slides is to show networks really work.

• Most people (including technical people) don’t know• Many people have a high level understanding but still don’t have enough knowledge to solve simple problems

• By covering these topics now, it makes learning the higher level aspects of networks easier.

What is a Network?

• A network is a series of computers that are connected together.

• Each computer on the network can send messages (information) to any other computer on the network• These messages can contain requests for data or services. For example:

• A computer requests data from a database which resides on another computer• A computer sends a document through the network to another computer for printing.

Network Structure

• The following diagram illustrates a network of computers

File Server

Printer

How do computers communicate on a network?

• Each network interface connector (NIC) has a unique address. (NOTE: this is NOT an internet address. More on that later). This address is called the MAC address• This address is set by the manufacturer of the NIC and it NEVER changes• In order for a computer to send a message to another computer, it must have its address

Address:177231 Address: 376543

Sending messages

• The sending computer constructs a message.• The message contains:

• The sender’s address• The receiver’s address• The data

Address:177231 Address: 376543MessageSender: 177231Receiver: 376543Data…

Sending the message

• In order for the message to be sent, it must be placed in a “Packet”• A packet is the message which can be encoded on the network medium• If the message is too large to fit into a single packet, the message is broken up into several packets and re-assembled by the receiver


Packet Packet Packet Packet

Receiving the message

• Each computer on the network is constantly listening to the network for messages which are addressed to it• When it sees packets which contain its address, it reads those packets off of the network and re-assembles the packets into the original message.



Replying to the message

• It is often the case that the sender is expecting a response from the receiver• In this case, the roles reverse. The receiver constructs a message and sends it back to the original sender.

Address:177231 Address: 376543


MessageSender: 376543Receiver: 177231Data…

Network insecurities

• It is at this point that we have our first security problem• The network medium is shared by everyone• As messages are sent through the network, there is a possibility that they can be viewed by computers other than the intended recipient• This is called “sniffing”• There is no way to detect that this is happening



Network insecurities

• Another type of insecurity is called “Man in the Middle”• In this case, the middle computer not only reads the message but changes it as it goes through the network• The receiver “thinks” it is getting a message from the sender. The message is actually hijacked by the middle man. • There is no way to detect that this is happening


PacketX PacketX Packet Packet

Network insecurities – Defence

• Sniffing and Man in the middle are problems because of the way network hardware worked. • Packets were sent to ALL computers on the network (via a hub) and computers would only take messages that were destined for them.• New technology (called a switch) only sends the message to the receiving computer.



Network Structure

• What we’ve seen so far are computers which are connected to the same physical network• But what about computers which are connected to different networks?• This is the basis for what we call the “Internet”

?

A Network of Networks – Gateways and Routers

• Networks are connected together with gateways or routers• A gateway is a computer which connects to more than one network• A router is a device which connects to more than one network for the purpose of routing traffic between those networks

Sending Messages – Between Networks

• Each computer has a MAC address.• This address is used for sending messages to computers on the same network.• A computer’s MAC address is ONLY known on the network to which it is directly connected• In order to send a message to a computer on another network, we need a second address

Internetworking Address – IP address

• To be connected to a network of networks, each computer needs an Internet address• This address indicates the computer and the network to which the computer is connected• On the Internet, addresses are 32 bits long. They are represented by 4 decimal numbers separated by a period• These are examples of Internet Addresses

136.159.2.1192.168.215.74.27.56.197

Network Addressing Setup

• In this example, each computer has an IP address and that address indicates which network the computer is connected to• Because the gateway is connected to both networks, it has 2 IP address (one for each connection)

Network: 136.159.2 Network: 136.159.3

136.159.2.27 136.159.3.191

136.159.2.1 136.159.3.1

Sending messages between networks

• When a computer wishes to send a message, it must know the IP address of the receiver computer.

• Because the IP address includes the network address, the computer can identify if the receiver is on the same network as itself.

• If so, it obtains the MAC address of the receiving computer and sends the message directly to it.

• If the receiver is NOT on the same network, the computer only has one place to send the message

• To the gateway machine. • The computer obtains the MAC address of the gateway and sends the message to it.

The Gateway - Routing

• There are two possibilities for the gateway:• The receiving computer is connected to a network that the gateway is connected to. The gateway obtains the MAC address of the receiver and sends the message to it.• The receiving computer is NOT connected to a network that the gateway is connected to.

• In this case, the gateway has some decisions to make. Where should it send the message?

Routing

• The Internet is made up of many computers.• Some are gateways• Some are just computers which use the services of the Internet

• Gateways know about other gateways.

• When a gateway receives a message which it doesn’t know what to do with, it must figure out (based on the messages destination address) which gateway to forward the message to. It must choose a gateway which is one step closer to the receiving computer.

• Every time a message goes through a gateway is called a “hop”.

The Internet Backbone

• At the core of the Internet is a series of very powerful machines which make up its “backbone”

• These machines reside in universities, telephone companies, government agencies, ISPs, etc.

• Packets “hop” through the internet from gateway to gateway until they reach their destination computer.

• What are the pros and cons of this kind of structure?

The Internet – From a different point of view

• The previous slides have all shown how the Internet works at the very low level

• There is another perspective of the Internet at a high level

• This is the level with which most people are familiar

• This higher level is focused on a communication mechanism called a “Socket”.

Sockets – What are they?

• A socket is like a telephone.• The sending (source) computer wants to make a call to the receiving (destination) computer.• The source knows the IP address of the destination• The source opens a “Socket” to the destination• The destination must be “listening” for the connection.• The destination can choose to “accept” the connection or to refuse the connection.

• A socket is a bidirectional communication path• Messages can be sent in both directions through a socket.

Ports – What are they?

• Because the destination computer can be listening for MANY different connections, we need a way to manage multiple connections to a computer

• This is accomplished with “ports”.

• When a source attempts to establish a socket connection with the destination, it must specify a “port” that is trying to connect to.

• The port indicates which services the source is trying to connect with. Eg:

• www is port 80• email (smtp) is port 25

IP Address:136.159.2.27Port: 13573

Sockets – Making the connection

• To establish a connection between 2 computers on the Internet, a socket requires 4 pieces of information:

• The IP address of the source • The IP address of the destination• The port of the destination• The port of the source *

• *NOTE: The port of the source computer is chosen at random by the source

IP Address:27.56.31.9Port: 80

Security Implications

• What are the security implications of this structure?

• If your computer isn’t listening on any ports, then you are relatively safe.

• Products like zone-alarm notify the user when an attempt is made to connect to a port on the computer

• Hackers regularly perform “port scans” on possible target computers

• They attempt to connect to every port• If a connection is made, they might attempt to exploit that connection

Viruses/Trojan Horses

• Normally, your computer at home shouldn’t be listening on any ports.• However, if your computer gets infected with a virus or trojan horse, that program may:

• Attempt to notify someone on the outside that your computer is infected.• Listen on a port so that someone on the outside world can connect to your computer.

• What can a hacker do if s/he can connect to your computer?

• That depends on the program which is listening for connections from the outside world.

Firewalls

• This is where firewalls come in to play

• A firewall is a device which monitors the connections being made.

• An administrator figures out ahead of time which connections (ports) that are to be allowed and which are to be denied and set up rules• The firewall filters out any packets which do not match the rules.• Some firewalls will notify an administrator via email or pager if certain kinds of suspicious activity is seen

• Firewalls are very limited in the security that they can offer

NAT – Network Address Translation

• Many firewall devices offer something called NAT• The firewall has a valid IP address

• The machines behind the firewall do not• When an internal machine makes a request to the Internet, it goes through the firewall

• In doing so, the firewall puts its own address on the message. The outside world never knows the true address of the internal machine

• When the reply comes back to the firewall, it forwards the message to the machine which originally made the request

• Only the firewall truly knows the address of the destination computer

NAT and Security

• NAT augments the security provided by firewalls considerably

• However, they can’t provide ultimate security• There are still ways in which a machine can be compromised even it NAT is involved.• If your machine is infected with a trojan horse or virus which seeks out a connection (rather than listens for one), you still have security problems.

• Be sure to keep up your virus scanner up to date

how do networks work – really the purposes of set of slides is to show networks really work. most...

Documents

address address

receiver address

data address

packet message sender

unique address

internet address

original message

network insecurities