Infrastructure SecurityChapter 10Principles of Compute.docx

Infrastructure Security
Chapter 10
Principles of Computer Security, Fifth Edition
Copyright © 2018 by McGraw-Hill Education. All rights
reserved.
Objectives (1 of 2)
Construct networks using different types of network devices.
Enhance security using security devices.
Understand virtualization concepts.
Enhance security using NAC/NAP methodologies.
Identify the different types of media used to carry network
signals.
Describe the different types of storage media used to store
information.
reserved.
2
Objectives (2 of 2)
Use basic terminology associated with network functions related

to information security.
Describe the different types and uses of cloud computing.
reserved.
3
Key Terms (1 of 3)
Basic packet filtering
Bridge
Cloud computing
Coaxial cable
Collision domain
Concentrator
Data loss prevention (DLP)
Firewall
Hypervisor
Hub
Infrastructure as a Service (IaaS)
Internet content filters
Load balancer
Modem
Network access control
reserved.
Basic packet filtering – Filtering that looks at each packet

entering or leaving the network and then either accepts the
packet or rejects the packet based on user-defined rules. Each
packet is examined separately.
Bridge – A network device that separates traffic into separate
collision domains at the data layer of the OSI model.
Cloud computing – The automatic provisioning of on demand
computational resources across a network.
Coaxial cable – A network cable that consists of a solid center
core conductor and a physical spacer to the outer conductor
which is wrapped around it. Commonly used in video systems.
Collision domain – An area of shared traffic in a network where
packets from different conversations can collide.
Concentrator – A device used to manage multiple similar
networking operations, such as provide a VPN endpoint for
multiple VPNs.
Data loss prevention (DLP) – Technology, processes, and
procedures designed to detect when unauthorized removal of
data from a system occurs. DLP is typically
active, preventing the loss of data, either by blocking the
transfer or dropping the connection.
Firewall – A network device used to segregate traffic based on
rules.
Hypervisor - A low-level program that allows multiple
operating systems to run concurrently on a single host
computer.
Hub – A network device used to connect devices at the physical
layer of the OSI model.
Infrastructure as a Service (IaaS) – The automatic, on-demand
provisioning of infrastructure elements, operating as a service; a
common element of cloud computing.
Internet content filters – A content-filtering system use to
protect corporations from employees’ viewing of inappropriate
or illegal content at the workplace and the subsequent
complications that occur when such viewing takes place.
Load balancer – A network device that distributes computing
across multiple computers.

Modem – A modulator/demodulator that is designed to connect
machines via telephone-based circuits.
Network access control – An approach to endpoint security that
involves monitoring and remediating endpoint security issues
before allowing an object to connect to a network.
4
Key Terms (2 of 3)
Network Access Protection (NAP)
Network Admission Control (NAC)
Network-Attached Storage (NAS)
Network interface card (NIC)
Network operations center (NOC)
Next-generation firewall
Platform as a Service (PaaS)
Private branch exchange (PBX)
Proxy server
reserved.
Network Access Protection (NAP) – A Microsoft approach to
network access control.
Network Admission Control (NAC) – The Cisco technology
approach for generic network access control.
Network-Attached Storage (NAS) – The connection of storage
to a system via a network connection.
Network interface card (NIC) – A piece of hardware designed to
connect machines at the physical layer of the OSI model.
Network operations center (NOC) – A control point from where
network performance can be monitored and managed.
Next-generation firewall – Firewall technology based on packet

contents as opposed to simple address and port information.
Platform as a Service (PaaS) – The concept of having
provisionable operational platforms that can be obtained via a
service.
Private branch exchange (PBX) – A telephone exchange that
serves a specific business or entity.
Proxy server – A server that acts as a proxy for individual
requests and is used for performance and security purposes in a
scalable fashion.
5
Key Terms (3 of 3)
Router
Sandboxing
Servers
Shielded twisted-pair (STP)
Software as a Service (SaaS)
Solid-state drive (SSD)
Switch
Unified threat management (UTM)
Unshielded twisted-pair (UTP)
Virtualization
Web security gateway
Wireless access point
Workstation
reserved.
Router – A network device that operates at the network layer of
the OSI model.

Sandboxing – The concept of isolating a system and specific
processes form the OS in order to provide specific levels of
security.
Servers – The computers in a network that host applications and
data for everyone to share.
Shielded twisted-pair (STP) – A physical network connection
consisting of two wires twisted and covered with a shield to
prevent interference.
Software as a Service (SaaS) – The provisioning of software as
a service, commonly known as on-demand software.
Solid-state drive (SSD) – A mass storage device, such as a hard
drive, that is composed of electronic memory as opposed to a
physical device of spinning platters.
Switch – A network device that operates at the data layer of the
OSI model.
Unified threat management (UTM) – The aggregation of
multiple network security products into a single appliance for
efficiency purposes.
Unshielded twisted-pair (UTP) – A form of network cabling in
which pairs of wires are twisted to reduce crosstalk. Commonly
used in LANs.
Virtualization – An abstraction of the OS layer, creating the
ability to host multiple OSs on a single piece of hardware.
Web security gateway – A device that combines proxy functions
with content-filtering functions with the intention of addressing
the security threats and pitfalls unique to web-based traffic.
Wireless access point – A network access device that facilitates
the connection of wireless devices to a network.
Workstation – The machine that sits on the desktop and is used
every day for sending and reading e-mail, creating spreadsheets,
writing reports in a word processing program, and playing
games.
6
Devices

Devices are needed to connect clients and servers and to
regulate the traffic between them.
Devices expand the network beyond simple client computers
and servers.
Devices come in many forms and with many functions.
Each device has a specific network function and plays a role in
maintaining network infrastructure security.
reserved.
A complete network computer solution in today’s business
environment consists of more than just client computers and
servers.
Devices are needed to expand a network beyond simple client
computers and servers to include yet other devices, such as
wireless and handheld systems.
Devices come in many forms and with many functions, from
hubs and switches, to routers, wireless access points, and
special-purpose devices such as virtual private network (VPN)
devices.
7
Workstations
The workstation is the machine that sits on the desktop.
It is used every day for sending and reading e-mail, creating
spreadsheets, writing reports in a word processing program, and
playing games.
A workstation connected to a network is an important part of
the network security solution.
Many threats to information security can start at a workstation,

but much can be done in a few simple steps to provide
protection from many of these threats.
reserved.
Most users are familiar with the client computers used in the
client/server model called workstation devices.
8
Servers
Servers are the computers in a network that host applications
and data for everyone to share.
Servers come in many sizes.
Server operating systems range from Windows Server, to UNIX,
to Multiple Virtual Storage (MVS) and other mainframe
operating systems
They tend to be more robust than workstation OSs.
They are designed to service multiple users over a network at
the same time.
Servers can host a variety of applications.
reserved.
Servers come in many sizes, from small single-CPU boxes that
may be less powerful than a workstation, to multiple-CPU
monsters, up to and including mainframes.
The operating systems used by servers range from Windows

Server, to UNIX, to Multiple Virtual Storage (MVS) and other
mainframe operating systems.
The OS on a server tends to be more robust than the OS on a
workstation system and is designed to service multiple users
over a network at the same time.
Servers can host a variety of applications, including web
servers, databases, e-mail servers, file servers, print servers,
and application servers for middleware applications.
9
Mobile Devices
Mobile devices such as laptops, tablets, and mobile phones are
the latest devices to join the corporate network.
Mobile devices can create a major security gap, as a user may
access separate e-mail accounts, one personal, without antivirus
protection, and the other corporate.
reserved.
Device Security, Common Concerns
As more and more interactive devices are being designed, a new
threat source has appeared.
Default accounts and passwords are well known in the hacker
community.
First steps you must take to secure such devices is to change the
default credentials.

reserved.
In an attempt to build security into devices, typically, a default
account and password must be entered to enable the user to
access and configure the device remotely. These default
accounts and passwords are well known in the hacker
community, so one of the first steps you must take to secure
such devices is to change the default credentials. Anyone who
has purchased a home office router knows the default
configuration settings and can check to see if another user has
changed theirs. If they have not, this is a huge security hole,
allowing outsiders to “reconfigure” their network devices.
11
Network-Attached Storage
Because of the speed of today’s Ethernet networks, it is possible
to manage data storage across the network.
This has led to a type of storage known as Network- Attached
Storage (NAS).
The combination of inexpensive hard drives, fast networks, and
simple application-based servers has made NAS devices in the
terabyte range affordable for even home users.
As a network device, it is susceptible to attacks.
reserved.
Because of the large size of video files, this has become popular
for some users as a method of storing TV and video libraries.
Because NAS is a network device, it is susceptible to various
attacks, including sniffing of credentials and a variety of brute-
force attacks to obtain access to the data.

12
Removable Storage
Removable devices can move data outside of the corporate-
controlled environment.
Removable devices can bring unprotected or corrupted data into
the corporate environment.
All removable devices should be scanned by antivirus software
upon connection to the corporate environment.
Corporate policies should address the copying of data to
removable devices.
reserved.
Many mobile devices can be connected via USB to a system and
used to store data—and in some cases vast quantities of data.
This capability can be used to avoid some implementations of
data loss prevention mechanisms.
13
Virtualization (1 of 2)
Virtualization technology is used to allow a computer to have
more than one OS present and, in many cases, operating at the
same time.
Virtualization is an abstraction of the OS layer.
It creates the ability to host multiple OSs on a single piece of
hardware.
A major advantage of virtualization is the separation of the
software and the hardware.
It creates a barrier that can improve many system functions,
including security.

reserved.
14
Virtualization (2 of 2)
The underlying hardware is referred to as the host machine, and
on it is a host OS.
A hypervisor is needed to manage virtual machines (VMs).
Virtual machines are typically referred to as the guest OSs.
Newer OSs are designed to natively incorporate virtualization
hooks.
Common virtualization solutions include:
Microsoft Hyper-V, VMware, Oracle VM VirtualBox, Parallels,
and Citrix Xen
reserved.
Exam Tip: A hypervisor is the interface between a virtual
machine and the host machine hardware. Hypervisors are the
layer that enables virtualization.
Either the host OS has built-in hypervisor capability or an
application is needed to provide the hypervisor function to
manage the virtual machines (VMs).
Newer OSs are designed to natively incorporate virtualization
hooks, enabling virtual machines to be employed with greater

ease.
15
Hypervisor (1 of 4)
A hypervisor enables virtualization.
A low-level program that allows multiple operating systems to
run concurrently on a single host computer.
The hypervisor acts as the traffic cop that controls I/O and
memory management.
reserved.
16
Hypervisor (2 of 4)
Major advantages of virtualization:
The separation of the software and the hardware
Creates a barrier that can improve many system functions,
including security.
Either the host OS has built-in hypervisor capability or an
application is needed to provide the hypervisor function to
manage the virtual machines (VMs).
reserved.

17
Hypervisor (3 of 4)
Type 1
Type 1 hypervisors run directly on the system hardware.
Referred to as a native, bare-metal, or embedded hypervisors in
typical vendor literature.
Are designed for speed and efficiency, as they do not have to
operate through another OS layer.
These platforms come with management toolsets to facilitate
VM management in the enterprise.
reserved.
18
Hypervisor (4 of 4)
Type 2
Type 2 hypervisors run on top of a host operating system.
In the beginning, Type 2 hypervisors were the most popular.
Typical Type 2 hypervisors include Oracle’s VirtualBox and
VMware’s VMware Workstation Player.
Are designed for limited numbers of VMs, typically in a
desktop or small server environment.
reserved.

19
Application Cells/Containers
Application cells/containers holds the portions of an OS that it
needs separate from the kernel.
Multiple containers can share an OS and have separate memory,
CPU, and storage threads.
A container consists of an entire runtime environment
The application platform, including its dependencies, is
containerized
reserved.
20
VM Sprawl Avoidance
Sprawl is the uncontrolled spreading of disorganization caused
by a lack of an organizational structure when many similar
elements require management.
VM sprawl is a symptom of a disorganized structure.
VM sprawl avoidance needs to be implemented via policy.
reserved.
21

VM Escape Protection
VM escape occurs when software (typically malware) or an
attacker escapes from one VM to the underlying OS and then
resurfaces in a different VM.
Large-scale VM environments have specific modules designed
to detect escape and provide VM escape protection to other
modules.
reserved.
22
Snapshots
A snapshot is a point-in-time saving of the state of a virtual
machine.
Snapshots uses:
Roll a system back to a previous point in time
Undo operations
Provide a quick means of recovery from a complex, system-
altering change that has gone awry
Snapshots act as a form of backup and are typically much faster
than normal system backup and recovery operations.
reserved.

23
Patch Compatibility
Patches are still needed and should be applied, independent of
the virtualization status.
reserved.
24
Host Availability/Elasticity
In a virtualization environment, protecting the host OS and
hypervisor level is critical for system stability.
Best practice is to avoid the installation of any applications on
the host-level machine.
Elasticity refers to the ability of a system to expand/contract as
system requirements dictate.
reserved.
25
Security Control Testing
It is important to test the controls applied to a system to manage
security operations to ensure that they are providing the desired

results.
It is essential to specifically test all security controls inside the
virtual environment to ensure their behavior is still effective.
reserved.
26
Sandboxing
Sandboxing refers to the quarantine or isolation of a system
from its surroundings.
Virtualization can be used as a form of sandboxing with respect
to an entire system.
reserved.
27
Networking
Networks are used to connect devices together.
Networks are composed of components that perform networking
functions to move data between devices.
Networks begin with network interface cards, then continue in
layers of switches and routers.

Specialized networking devices are used for specific purposes,
such as security and traffic management.
reserved.
28
Network Interface Cards (1 of 2)
To connect a server or workstation to a network, a device
known as a network interface card (NIC) is used.
A NIC is the physical connection between a computer and the
network.
Each NIC port is serialized with a unique code, 48 bits long,
referred to as a Media Access Control address (MAC address).
Unfortunately, these addresses can be changed, or “spoofed,”
rather easily.
reserved.
A NIC is a card with a connector port for a particular type of
network connection, either Ethernet or Token Ring. The most
common network type in use for LANs is the Ethernet protocol,
and the most common connector is the RJ-45 connector.
The purpose of a NIC is to provide lower-level protocol
functionality from the OSI (Open System Interconnection)
model. Because the NIC defines the type of physical layer

connection, different NICs are used for different physical
protocols.
NICs come as single-port and multiport, and most workstations
use only a single-port NIC, as only a single network connection
is needed. For servers, multiport NICs are used to increase the
number of network connections, increasing the data throughput
to and from the network.
Each NIC port is serialized with a unique code, 48 bits long,
referred to as a Media Access Control address (MAC address).
These are created by the manufacturer, with 24 bits representing
the manufacturer and 24 bits being a serial number,
guaranteeing uniqueness. MAC addresses are used in the
addressing and delivery of network packets to the correct
machine and in a variety of security situations.
Unfortunately, these addresses can be changed, or “spoofed,”
rather easily. In fact, it is common for personal routers to clone
a MAC address to allow users to use multiple devices over a
network connection that expects a single MAC.
29
Network Interface Cards (2 of 2)
Figure 10.1 Linksys network interface card (NIC)
reserved.
This figure shows a common form of a NIC.
30

Hubs
A hub is networking equipment that connects devices that are
using the same protocol at the physical layer of the OSI model.
A hub allows multiple machines in an area to be connected
together in a star configuration with the hub at the center.
All connections on a hub share a single collision domain, a
small cluster in a network where collisions occur.
Increased network traffic can become limited by collisions; this
problem has made hubs obsolete in newer networks.
Hubs also create a security weakness due to sniffing and
eavesdropping issues.
reserved.
A hub configuration can save significant amounts of cable and
is an efficient method of configuring an Ethernet backbone.
The collision issue has made hubs obsolete in newer, higher
performance networks, with inexpensive switches and switched
Ethernet keeping costs low and usable bandwidth high. Hubs
also create a security weakness in that all connected devices see
all traffic, enabling sniffing and eavesdropping to occur. In
today’s networks, hubs have all but disappeared, being replaced
by low-cost switches.
31
Bridges
A bridge operates at the data link layer, filtering traffic based
on MAC addresses.
Bridges can reduce collisions by separating pieces of a network
into two separate collision domains.

This only cuts the collision problem in half.
A better solution is to use switches for network connections.
reserved.
Bridges are networking equipment that connect devices using
the same protocol at the data link layer of the OSI model.
32
Switches (1 of 4)
A switch forms the basis for connections in most Ethernet-based
LANs.
Switches have replaced hubs and bridges.
A switch has separate collision domains for each port.
When full duplex is employed, collisions are virtually
eliminated from the two nodes, host and client.
A switch is usually a Layer 2 device, but Layer 3 switches
incorporate routing functionality.
reserved.
A switch has separate collision domains for each port. This
means that for each port, two collision domains exist: one from
the port to the client on the downstream side, and one from the
switch to the network upstream. When full duplex is employed,
collisions are virtually eliminated from the two nodes, host and
client. This also acts as a hub-based system, where a single
sniffer can see all of the traffic to and from connected devices.

Switches operate at the data link layer, while routers act at the
network layer. For intranets, switches have become what routers
are on the Internet—the device of choice for connecting
machines. As switches have become the primary network
connectivity device, additional functionality has been added to
them. A switch is usually a Layer 2 device, but Layer 3
switches incorporate routing functionality.
33
Switches (2 of 4)
Advantages of switches
They improve network performance by filtering traffic.
They provide the option to disable a port so that it cannot be
used without authorization.
They support port security allowing the administrator to control
which systems can send data to each of the ports.
Switches use the MAC address of the systems to incorporate
traffic filtering and port security features.
Port address security based on MAC addresses functionality is
what allows an 802.1X device to act as an “edge device.”
reserved.
A switch filters traffic by only sending the data to the port on
the switch that the destination system resides on. The switch
knows what port each system is connected to and sends the data
only to that port.
The switch uses the MAC address of the systems to incorporate
traffic filtering and port security features, which is why it is
considered a Layer 2 device.

Port address security based on MAC addresses can determine
whether a packet is allowed or blocked from a connection. This
is the very function that a firewall uses for its determination,
and this same functionality is what allows an 802.1X device to
act as an “edge device.”
34
Switches (3 of 4)
Switch security concerns
They are intelligent network devices and are therefore subject to
hijacking by hackers.
Switches are commonly administered using the Simple Network
Management Protocol (SNMP) and Telnet protocol.
Both protocols have a serious weakness in that they send
passwords across the network in cleartext.
Switches are shipped with default passwords.
Switches are subject to electronic attacks, such as ARP
poisoning and MAC flooding.
reserved.
One of the security concerns with switches is that, like routers,
they are intelligent network devices and are therefore subject to
hijacking by hackers. Should a hacker break into a switch and
change its parameters, he might be able to eavesdrop on specific
or all communications, virtually undetected. Switches are
commonly administered using the Simple Network Management
Protocol (SNMP) and Telnet protocol, both of which have a
serious weakness in that they send passwords across the
network in cleartext. A hacker armed with a sniffer that
observes maintenance on a switch can capture the administrative

password. This allows the hacker to come back to the switch
later and configure it as an administrator. An additional
problem is that switches are shipped with default passwords,
and if these are not changed when the switch is set up, they
offer an unlocked door to a hacker.
Switches are also subject to electronic attacks, such as ARP
poisoning and MAC flooding. ARP poisoning is where a device
spoofs the MAC address of another device, attempting to change
the ARP tables through spoofed traffic and the ARP table-
update mechanism. MAC flooding is where a switch is
bombarded with packets from different MAC addresses,
flooding the switch table and forcing the device to respond by
opening all ports and acting as a hub. This enables devices on
other segments to sniff traffic.
35
Switches (4 of 4)
Loop protection is a concern with switches.
Switches operate at Layer 2 so there is no countdown
mechanism to kill packets that get caught in loops or on paths
that will never resolve.
The Layer 2 space acts as a mesh, where potentially the addition
of a new device can create loops in the existing device
interconnections.
Spanning trees technology is employed to prevent loops.
The Spanning Tree Protocol (STP) allows for multiple,
redundant paths, while breaking loops to ensure a proper
broadcast pattern.
reserved.

36
Routers (1 of 2)
A router is a network traffic management device used to connect
different network segments.
Operate at the network layer (Layer 3) of the OSI model
Form the backbone of the Internet
Use algorithms and tables to determine where to send the packet
Use access control lists (ACLs) as a method of deciding whether
a packet is allowed to enter the network
Must limit router access and control of internal functions
reserved.
Routers operate at the network layer (Layer 3) of the OSI …
Network Fundamentals
Chapter 9
reserved.
Objectives
Identify the basic network architectures.

Define the basic network protocols.
Explain routing and address translation.
Classify security zones.
reserved.
2
Key Terms (1 of 3)
Address Resolution Protocol (ARP)
Bus topology
Datagram
Denial-of-service (DoS)
Domain Name System (DNS)
DMZ
Dynamic Host Configuration Protocol (DHCP)
Enclave
Ethernet
Extranet
Flat network
reserved.
Address Resolution Protocol (ARP) – A protocol in the TCP/IP
suite specification used to map an IP address to a Media Access
Control (MAC) address.
Bus topology – A network layout in which a common line (the

bus) connects devices.
Datagram – A packet of data that can be transmitted over a
packet-switched system in a connectionless mode.
Denial-of-service (DoS) – An attack in which actions are taken
to deprive authorized individuals from accessing a system, its
resources, the data it stores or processes, or the network to
which it is connected.
Domain Name System (DNS) – An attack in which actions are
taken to deprive authorized individuals from accessing a
system, its resources, the data it stores or processes, or the
network to which it is connected.
DMZ – A network segment that exists in a semi-protected zone
between the Internet and the inner, secure trusted network.
Dynamic Host Configuration Protocol (DHCP) – An Internet
Engineering Task Force (IETF) Internet Protocol (IP)
specification for automatically allocating IP addresses and other
configuration information based on network adapter addresses.
It enables address pooling and allocation and simplifies TCP/IP
installation and administration.
Enclave – A section of a network that serves a specific purpose
and is isolated by protocols from other parts of a network.
Ethernet – The common name for the IEEE 802.3 standard
method of packet communication between two nodes at layer 2.
Extranet – an extension of a selected portion of a company’s
intranet to external partners.
Flat network – A network design that avoids packet-looping
issues through an architecture that does not have tiers.
3
Key Terms (2 of 3)
Internet Control Message Protocol (ICMP)
Internet Protocol (IP)
Intranet
Local area network (LAN)
Media Access Control (MAC) address
Mixed topology

Network
Network Address Translation (NAT)
Packet
Protocol
Ring topology
Routing
Star topology
reserved.
Internet Control Message Protocol (ICMP) – One of the core
protocols of the TCP/IP protocol suite, used for error reporting
and status messages.
Internet Protocol (IP) – The network layer protocol used by the
Internet for routing packets across a network.
Intranet – a private, internal network that uses common network
technologies (such as HTTP, FTP, and so on) to share
information and provide
resources to organizational users.
Local area network (LAN) – A grouping of computers in a
network structure confined to a limited area and using specific
protocols, such as Ethernet for OSI Layer 2 traffic addressing.
Media Access Control (MAC) address – The data link layer
address for local network addressing.
Mixed topology - Larger networks, such as those inside an
office complex, may use more than one topology at the same
time.
Network – A means to connect two or more computers together
for the purposes of sharing network information.
Network Address Translation (NAT) – A method of
readdressing packets in a network at a gateway point to enable
the use of local nonroutable IP addresses over a public network

such as the Internet.
Packet – Smaller pieces of data used for transmission resulting
from the breaking up of larger data.
Protocol – An agreed-upon format for exchanging or
transmitting data between systems, enable computers to
communicate.
Ring topology – A network layout in which network components
are connected to each other in a closed loop with each device
directly connected to two other devices.
Routing – That process of moving packets from one network to
another.
Star topology – A network topology where network components
are connected to a central point.
4
Key Terms (3 of 3)
Storage area network (SAN)
Subnet mask
Subnetting
Three-way handshake
Topology
Transmission Control Protocol (TCP)
Trunking
Tunneling
User Datagram Protocol (UDP)
Virtual local area network (VLAN)
Wide area network (WAN)
reserved.
Storage area network (SAN) – A technology-based storage
solution consisting of network attached storage.

Subnetting – The creation of a network within a network by
manipulating how an IP address is split into network and host
portions.
Subnet mask – The information that tells a device how to
interpret the network and host portions of an IP address.
Three-way handshake – A means of ensuring information
transference through a three-step data exchange. Used to initiate
a TCP connection.
Topology – Describes how the network is physically or
logically arranged.
Transmission Control Protocol (TCP) – The connection-oriented
transport layer protocol for use on the Internet that allows
packet-level tracking of a conversation.
Trunking – The process of spanning a single VLAN across
multiple switches.
Tunneling – The process of packaging packets so that they can
traverse a network in a secure, confidential manner.
User Datagram Protocol (UDP) – A protocol in the TCP/ IP
protocol suite for the transport layer that does not sequence
packets—it is “fire and forget” in nature.
Virtual local area network (VLAN) – A broadcast domain inside
a switched system.
Wide area network (WAN) – A network that spans a large
geographic region.
5
Introduction
By the simplest definition in the data world, a network is a
means to connect two or more computers together for the
purposes of sharing information.
The term “network” has different meanings depending on the
context and usage.
Though data networks vary widely in size and scope, they are
generally defined in terms of their architecture, topology, and
protocol.

reserved.
Network sizes and shapes vary drastically—from two personal
computers connected with a crossover cable or wireless router
to the Internet, encircling the globe and linking together untold
numbers of individual, distributed systems.
6
Network Architectures (1 of 3)
A local area network (LAN) typically is smaller in terms of size
and geographic coverage and consists of two or more connected
devices.
Home networks and most small office networks can be
classified as LANs.
A wide area network (WAN) tends to be larger, covering more
geographic area, and consists of two or more systems in
geographically separated areas.
They are connected by leased lines, radio waves, satellite
relays, microwaves, or even dial-up connections.
reserved.
Exam Tip: A LAN is a local area network—an office building,
home network, and so on. A WAN is a wide area network—a
corporate network connecting offices in Dallas, New York, and
San Jose, for example.
Every network has an architecture—whether by design or by

accident. Defining or describing a specific network’s
architecture involves identifying the network’s physical
configuration, logical operation, structure, procedures, data
formats, protocols, and other components. For the sake of
simplicity and categorization, people tend to divide network
architectures into two main categories: LANs and WANs.
7
Figure 9.1 Corporate WAN connecting multiple offices
reserved.
Most corporations have multiple LANs within each office
location that all connect to a WAN that provides intercompany
connectivity.
This figure shows an example of a corporate network. Each
office location will typically have one or more LANs, which are
connected to the other offices and the company headquarters
through a corporate WAN.
8
Specialized network structures are classified by size and use.
Campus area network (CAN)
Intranet
Internet
Metropolitan area network (MAN)
Storage area network (SAN)
Virtual local area network (VLAN)

Client/server
Peer-to-peer
reserved.
Over time, as networks have grown, diversified, and multiplied,
the line between LAN and WAN has become blurred. To better
describe emerging, specialized network structures, new terms
have been coined to classify networks based on size and use:
Campus area network (CAN) – A network connecting any
number of buildings in an office or university complex (also
referred to as a campus wide area network).
Intranet – A “private” network that is accessible only to
authorized users. Many large corporations host an intranet to
facilitate information sharing within their organization.
Internet – The “global network” connecting hundreds of
millions of systems and users.
Metropolitan area network (MAN) – A network designed for a
specific geographic locality such as a town or a city.
Storage area network (SAN) – A high-speed network connecting
a variety of storage devices such as tape systems, RAID arrays,
optical drives, file servers, and others.
Virtual local area network (VLAN) – A logical network
allowing systems on different physical networks to interact as if
they were connected to the same physical network.
Client/server – A network in which powerful, dedicated systems
called servers provide resources to individual workstations or
clients.
Peer-to-peer – A network in which every system is treated as an
equal, such as a home network.
9

Network Topology (1 of 5)
Topology refers to how the network is physically or logically
arranged.
The main classes of network topologies are:
Star topology – components connected to a central point
Bus topology – components connected to the same cable, often
called “the bus” or “the backbone”
Ring topology – components connected to each other in a closed
loop with each device directly connected to two other devices
Mixed topology – uses more than one topology
reserved.
10
Figure 9.2 Star topology
reserved.
11
Figure 9.3 Bus topology

reserved.
12
Figure 9.4 Ring topology
reserved.
13
Figure 9.5 Mixed topology
reserved.
Larger networks, such as those inside an office complex, may
use more than one topology at the same time. For example, an
office complex may have a large ring topology that

interconnects all the buildings in the complex. Each building
may have a large bus topology to interconnect star topologies
located on each floor of the building. This is called a mixed
topology or hybrid topology.
14
Wireless
Wireless networking is the transmission of packetized data by
means of a physical topology that does not use direct physical
links.
Hub-and-spoke: wireless access point is the hub and is
connected to the wired network
Mesh: wireless units talk directly to each other, without a
central access point
Ad-Hoc: systems on the network direct packets to and from
their source and target locations without using a central router
or switch
reserved.
15
Network Protocols
When engineers first started to connect computers together via
networks, they quickly realized they needed a commonly
accepted method for communicating—a protocol.

reserved.
16
Protocols (1 of 4)
A protocol is an agreed-upon format for exchanging or
transmitting data between systems.
A protocol defines a number of agreed-upon parameters, such as
the data compression method, the type of error checking to use,
and mechanisms for systems to signal when they have finished
either receiving or transmitting data.
Most networks are dominated by Ethernet and Internet Protocol.
reserved.
17
Protocols (2 of 4)
AppleTalk
Asynchronous Transfer Mode (ATM)
Ethernet
Fiber Distributed Data Interface (FDDI)
Internet Protocol (IP)
Internetwork Packet Exchange (IPX)
Signaling System 7 (SS7)
Systems Network Architecture (SNA)
Token Ring
Transmission Control Protocol/Internet Protocol (TCP/IP)
X.25A protocol

reserved.
There is a wide variety of protocols, each designed with certain
benefits and uses in mind. Some of the more common protocols
that have been used in networking are:
AppleTalk – The communications protocol developed by Apple
to connect Macintosh computers and printers.
Asynchronous Transfer Mode (ATM) – A protocol based on
transferring data in fixed-size packets. The fixed packet sizes
help ensure that no single data type monopolizes the available
bandwidth.
Ethernet – The LAN protocol developed jointly by Xerox, DEC,
and Intel—the most widely implemented LAN standard.
Fiber Distributed Data Interface (FDDI) – The protocol for
sending digital data over fiber-optic cabling.
Internet Protocol (IP) – The protocols for managing and
transmitting data between packet-switched computer networks,
originally developed for the Department of Defense. Most users
are familiar with Internet protocols such as e-mail, File Transfer
Protocol (FTP), Telnet, and Hypertext Transfer Protocol
(HTTP).
Internetwork Packet Exchange (IPX) – The networking protocol
created by Novell for use with Novell NetWare operating
systems.
Signaling System 7 (SS7) – The telecommunications protocol
used between private branch exchanges (PBXs) to handle tasks
such as call setup, routing, and teardown.
Systems Network Architecture (SNA) – A set of network
protocols developed by IBM, originally used to connect IBM’s
mainframe systems.
Token Ring – A LAN protocol developed by IBM that requires

systems to possess the network “token” before transmitting
data.
Transmission Control Protocol/Internet Protocol (TCP/IP) – The
collection of communications protocols used to connect hosts on
the Internet. TCP/IP is by far the most commonly used network
protocol and is a combination of the TCP and IP protocols.
X.25A protocol – Developed by the Comité Consultatif
International Téléphonique et Télégraphique (CCITT) for use in
packet-switched networks. The CCITT was a subgroup within
the International Telecommunication Union (ITU) before the
CCITT was disbanded in 1992.
18
Protocols (3 of 4)
In most cases, communications protocols were developed
around the Open System Interconnection (OSI) model.
OSI defines a framework for implementing protocols and
networking components in seven distinct layers.
Control is passed from one layer to another (top-down) before it
exits one system and enters another system, where control is
passed bottom-up to complete the communications cycle.
Most protocols only loosely follow the OSI model.
Several protocols combine one or more layers.
reserved.
The OSI model, or OSI Reference Model, is an International
Organization for Standardization (ISO) standard for worldwide
communications that defines a framework for implementing
protocols and networking components in seven distinct layers.
The OSI model also provides a certain level of abstraction and

isolation for each layer, which only needs to know how to
interact with the layer above and below it. The application
layer, for example, only needs to know how to communicate
with the presentation layer—it does not need to talk directly to
the physical layer.
19
Protocols (4 of 4)
Figure 9.6 The OSI Reference Model
reserved.
This figure shows the different layers of the OSI model.
20
Packets (1 of 4)
Large chunks of data must typically be broken up into smaller,
more manageable chunks before they are transmitted from one
computer to another.
Advantages of breaking the data up include:
More effective sharing of bandwidth with other systems
Not needing to retransmit the entire dataset if there is a problem
in transmission
When data is broken up into smaller pieces for transmission,
each of the smaller pieces is typically called a packet.
reserved.

Networks are built to share information and resources, but like
other forms of communication, networks and the protocols they
use have limits and rules that must be followed for effective
communication.
Each protocol has its own definition of a packet—dictating how
much data can be carried, what information is stored where,
how the packet should be interpreted by another system, and so
on.
A standard packet structure is a crucial element in a protocol
definition. Without a standard packet structure, systems would
not be able to interpret the information coming to them from
other systems. Packet-based communication systems have other
unique characteristics, such as size, which need to be addressed.
This is done via a defined maximum and fragmenting packets
that are too big.
21
Packets (2 of 4)
Maximum Transmission Unit (MTU) is a factor in determining
the number of packets into which a message must be broken.
It represents the largest packet that can be carried across a
network channel.
The value of the MTU is used by TCP to prevent packet
fragmentation at intervening devices.
Packet fragmentation is the splitting of a packet while in transit
into two packets so that they fit past an MTU bottleneck.
reserved.

When transmitting packets across a network, there are many
intervening protocols and pieces of equipment, each with its
own set of limitations.
22
Packets (3 of 4)
Packet fragmentation is a method of handling large packets.
Internet Protocol has a mechanism for the handling of packets
that are larger than allowed across a hop.
Under ICMP v4, a router has two options:
Break the packet into two fragments, sending each separately
Drop the packet and send an ICMP message back to the
originator, indicating that the packet is too big
The fragmentation problem can cause excessive levels of packet
retransmission.
reserved.
Built into the Internet Protocol is a mechanism for handling of
packets that are larger than allowed across a hop. Under ICMP
v4, a router has two options when it encounters a packet that is
too large for the next hop: break the packet into two fragments,
sending each separately, or drop the packet and send an ICMP
message back to the originator, indicating that the packet is too
big. When a fragmented packet arrives at the receiving host, it
must be reunited with the other packet fragments and
reassembled. One of the problems with fragmentation is that it
can cause excessive levels of packet retransmission as TCP
must retransmit an entire packet for the loss of a single
fragment. In IPv6, to avoid fragmentation, hosts are required to
determine the minimal path MTU before transmission of packets

to avoid fragmentation en route. Any fragmentation
requirements in IPv6 are resolved at the origin, and if
fragmentation is required, it occurs before sending.
23
Packets (4 of 4)
Steps are taken to avoid fragmentation in IPv6.
Hosts are required to determine the minimal path MTU before
transmission of packets to avoid fragmentation en route.
Any fragmentation requirements in IPv6 are resolved at the
origin, and if fragmentation is required, it occurs before
sending.
IP fragmentation can be exploited in a variety of ways to bypass
security measures.
reserved.
IP fragmentation can be exploited in a variety of ways to bypass
security measures. Packets can be purposefully constructed to
split exploit code into multiple fragments to avoid IDS
detection. Because the reassembly of fragments is dependent
upon data in the fragments, it is possible to manipulate the
fragments to result in datagrams that exceed the 64KB limit,
resulting in denial of service.
24
Internet Protocol (1 of 2)
The Internet Protocol (IP) is not a single protocol but a suite of
protocols.
The two versions of the protocol in use are v4 and v6.
There are differences between the two versions.
One difference is the replacement of the Internet Group

Management Protocol (IGMP) with the Internet Control
Message Protocol (ICMP) and Multicast Listener Discovery
(MLD) in IPv6
reserved.
25
Internet Protocol (2 of 2)
Figure 9.7 Internet Protocol suite components
reserved.
This figure shows the relationship between some of the IP suite
and the OSI model.
26
IP Packets (1 of 2)
An IP packet, often called a datagram, has two main sections:
Header – contains all of the information needed to describe the
packet.
Data section – sometimes called the payload

reserved.
27
IP Packets (2 of 2)
Figure 9.8 Logical layout of an IP packet, (a) IPv4 (b) IPv6
reserved.
In IPv6, the source and destination addresses take up much
greater room, and for equipment and packet handling reasons,
most of the informational options have been moved to the
optional area after the addresses. This series of optional
extension headers allows the efficient use of the header in
processing the routing information during packet routing
operations. One of the most common options is the IPsec
extension, which is used to establish IPsec connections. IPsec
uses encryption to provide a variety of protections to packets.
28
TCP vs. UDP (1 of 4)
Two protocols required for Internet’s existence
Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP)
Both protocols run on top of the IP network protocol.
As separate protocols, they each have their own packet
definitions, capabilities, and advantages.
Most important difference between TCP and UDP is the concept

of “guaranteed” reliability and delivery.
reserved.
Exam Tip: TCP is a “connection-oriented” protocol and offers
reliability and guaranteed delivery of packets. UDP is a
“connectionless” protocol with no guarantees of delivery.
29
UDP is known as a “connectionless” protocol.
It has very few error recovery services and no guarantee of
packet delivery.
Sender has no idea whether the packets were successfully
received or whether they were received in order.
UDP is considered to be an unreliable protocol.
UDP is good for time synchronization requests, name lookups,
and streaming audio.
It is a fairly “efficient” protocol in terms of content delivery
versus overhead.
reserved.
With UDP, more time and space is dedicated to content (data)
delivery than with other protocols such as TCP. This makes
UDP a good candidate for streaming protocols, as more of the
available bandwidth and resources are used for data delivery
than with other protocols.

30
TCP is a “connection-oriented” protocol specifically designed
to provide a reliable connection between two hosts exchanging
data.
TCP is designed to ensure packets processed in the same order
in which they were sent.
Packet sequence number shows where each packet fits into the
overall conversation.
TCP requires systems to follow a specific pattern when
establishing communications called the three-way handshake.
reserved.
As part of TCP, each packet has a sequence number to show
where that packet fits into the overall conversation. With the
sequence numbers, packets can arrive in any order and at
different times and the receiving system will still know the
correct order for processing them. The sequence numbers also
let the receiving system know if packets are missing—receiving
packets 1, 2, 4, and 7 tells us that packets 3, 5, and 6 are
missing and needed as part of this conversation. The receiving
system can then request retransmission of packets from the
sender to fill in any gaps.
The “guaranteed and reliable” aspect of TCP makes it very
popular for many network applications and services such as
HTTP, FTP, and Telnet.
31

Figure 9.9 TCP’s three-way handshake
reserved.
As part of the connection, TCP requires that systems follow a
specific pattern when establishing communications. This
pattern, often called the three-way handshake, is a sequence of
very specific steps:
The originating host (usually called the client) sends a SYN
(synchronize) packet to the destination host (usually called the
server). The SYN packet tells the server what port the client
wants to connect to and the initial packet sequence number of
the client.
The server sends a SYN/ACK packet back to the client. This
SYN/ACK (synchronize/acknowledge) tells the client “I
received your request” and also contains the server’s initial
packet sequence number.
The client responds to the server with an ACK packet to
complete the connection establishment process.
Note: Think of the three-way handshake as being similar to a
phone call. You place a call to your friend—that’s the SYN.
Your friend answers the phone and says “hello”—that’s the
SYN/ACK. Then you say “Hi, it’s me”—that’s the ACK. Your
connection is established and you can start your conversation.
32
ICMP (1 of 2)
Internet Control Message Protocol (ICMP) is probably the third

most commonly used protocol.
ICMP is a control and information protocol.
It is used by network devices to determine such things as a
remote network’s availability, the length of time to reach a
remote network, and the best route for packets to take when
traveling to that remote network.
ICMP can also be used to handle traffic flow.
ICMP is a connectionless protocol designed to carry small
messages quickly with minimal overhead or impact to
bandwidth.
reserved.
During the early development of large networks, it was quickly
discovered that there needed to be some mechanism for
managing the overall infrastructure—handling connection
status, traffic flow, availability, and errors. This mechanism is
ICMP.
ICMP can also be used to handle the flow of traffic, telling
other network devices to “slow down” transmission speeds if
packets are coming in too fast. ICMP, like UDP, is a
connectionless protocol. ICMP was designed to carry small
messages quickly with minimal overhead or impact to
bandwidth.
33
ICMP (2 of 2)
ICMP has been greatly abused …

Infrastructure SecurityChapter 10Principles of Compute.docx

Infrastructure SecurityChapter 10Principles of Compute.docx

Recommended

Recommended

More Related Content

Similar to Infrastructure SecurityChapter 10Principles of Compute.docx

Similar to Infrastructure SecurityChapter 10Principles of Compute.docx (20)

More from annettsparrow

More from annettsparrow (20)

Recently uploaded

Recently uploaded (20)

Infrastructure SecurityChapter 10Principles of Compute.docx