network architecture
DESCRIPTION
Network Architecture basicsTRANSCRIPT
Network Architecture Fundamentals
Niranjana.S.Karandikar
Networking Devices
• Hub• Switch• Router• Gateway• Modem• Firewall
• IPS• IDS• DHCP• DNS• UTM• Server
HUB•Depending upon the topology the placement of the hub varies•Asks every node its identity and forwards the frame
Switch
Smarter than the hub
Smarter—WHY???• Contains ARP table• ARP table contains:• Ports( switch ports not system ports)• IP• MAC• Load balancing capability• Incase of DOS, acts like HUB
Router
Router
• Forwards data packets BETWEEN networks• Contains routing configuration tables:-• Information on which connections lead to
particular groups of addresses• Priorities for connections to be used• Rules for handling both routine and special
cases of traffic
Jobs
• Ensures that information doesn't go where it's not needed
• Information does make it to the intended destination
Switch,Hub,Router???
Intelligence is the key difference!!!
Segments,Packets,Frames• Each layer have its header, as you can see:• Segments: Transport layer (TCP/UDP) = transport header + data (from
upper layer)• Packet: Internet layer (IP) = network header + transport header and
data (both transport and data from upper layers)• Frames: Network layer (Ethernet) = frame header + network , transport
header and data (from three upper layers).• So, answering to your question, the difference between segment,
packet and frames are basically what it's respective layer consider as "data". On a segment, data comes from the application layer, on a packet, data comes from the transport layer (transport header + data) and on a frame, the data comes from the internet layer (transport and internet headers + data from application layer).
To be precise…
• Segment = original data + Transport Layer
header.
• Packet = Segment + Network Layer header.
• Frame = Packet + Data Link Layer header.
• So basically that means that if we put the
headers aside, Segments = Packets = Frames.
Gateway
• A gateway is the same as a router, except in that it also translates between one network system or protocol and another.
• The NAT protocol for example uses a NAT gateway to connect a private network to the Internet.
Modem
• Modulator• Demodulator
Firewall
Types
• Packet filtering• Application Level- - -Proxy Servers• Circuit level Gateways• Stateful Multilayer Inspection(Dynamic)
Working Principle
• ACL : Access Control Lists• Black ListingAllow: ALL Deny: LISTED• White ListingDeny : ALLAllow: LISTED
IDS
• Intrusion “Detection” System• PASSIVE• Monitors• Identifies Malicious or Suspicious activity• Generates logs(useful for auditing and
implementation)• ALERTS
IDS-Architecture
Types
• NIDS• HIDS• Signature based• Heuristic or Anomaly based
Signature based
• Pattern matching: :Black listing• Allows all except the listed ones in the DB• New or Modified Attacks!!!
Heuristic based
• Looks for behavior that is distinct from the formed baseline of process
• Acceptable events are predefined• Activity classified as:i. Good/benignii. Suspiciousiii. unknown
IPS• Intrusion “Prevention” System• ACTIVE• Takes actions such as:• Sending an alarm to the administrator (as
would be seen in an IDS)• Dropping the malicious packets• Blocking traffic from the source address• Resetting the connection
Methods of Detection
• Signature based• Anomaly Based
Signature Based
• As an exploit is discovered, its signature is recorded and stored in a continuously growing dictionary of signatures.
• Signature detection for IPS breaks down into two types:
• Exploit-facing• Vulnerability-facing
Exploit Facing
• Exploit-facing signatures identify individual exploits by triggering on the unique patterns of a particular exploit attempt.
• The IPS can identify specific exploits by finding a match with an exploit-facing signature in the traffic stream
Vulnerability Facing
• Vulnerability-facing signatures are broader signatures that target the underlying vulnerability in the system that is being targeted.
• These signatures allow networks to be protected from variants of an exploit that may not have been directly observed in the wild, but also raise the risk of false-positives.
DHCP
• Dynamic Host Configuration “Protocol”• that assigns unique IP addresses to devices,• then releases and renews these addresses as• devices leave and re-join the network.• Used in both IPv4 as well as IPv6
DNS
• Domain Name Server• Table containing IP addresses and Domain
names• Total 13 DNS servers globally• Many sub DNS• Local DNS
UTM
• Unified Threat Management• Combo of devices• Integrated devices• Eg: Router+Firwall+IDS+IPS
Server
• Central Repository
VPN
• Virtual Private Network• Private Network In Public Network• Data transmitted through encrypted channels
DMZ
• Demilitarized Zone or Perimeter Network• Public Facing• Web servers• Mail servers• FTP servers• VoIP servers