5. Basic
Networking
Protocols
• Reviewing Basic Connectivity
Protocols
– IPv4 and IPv6
– ICMP
• Commonly blocked at
firewalls
• If ping fails, ICMP may be
blocked
– ARP
• Resolves MAC addresses for
IPv4
– NDP
• Resolves MAC addresses for
IPv6 (and more)
6. Protocols
and Use
Cases
• Transport voice and video over
network
– RTP & SRTP
• Transfer files over a network
– FTP
– TFTP
– SSH
– SSL
– TLS
– IPsec
– SFTP
– FTPS
7. Reviewing
Application
Protocols
• HTTP – Port 80
• HTTPS – Port 443
• FTP – Ports 20 and 21
• SFTP – Port 22 (uses SSH)
• FTPS – Port varies
• Sometimes uses 989 and 990
• TFTP – UDP port 69
8. Reviewing
Encryption
Protocols
• SSH (Secure Shell) – Port 22
• SCP (Secure Copy) – Port 22 with
SSH
• SSL (Secure Sockets Layer)
• TLS (Transport Layer Security)
– SSL and TLS use port 443 with HTTPS
– SSL and TLS use port 636 with LDAP
9. Reviewing
Encryption
Protocols
• IPsec (Internet Protocol security)
– Port 500 with VPNs
• Authentication Header (AH)
– Protocol ID number 1
• Encapsulating Security Payload (ESP)
– Protocol ID number 50
18. Understanding
and Identifying
Ports
• IP address used to locate hosts
• Port used to direct traffic to correct
protocol/service or application
• Server ports
• Client ports
• Blocking ports blocks protocol
traffic
22. Switches
• Switching Loop
– Caused if two ports connected together
– STP and RSTP protect against switching loops
• Port security
– Disable unused ports
– MAC address filtering
23. Flood Attack
Flood Guard
• Flood attack on switch
– Overloads a switch with different MAC
addresses for a single port
– Runs out of memory – operates in fail-open
state
• Flood guard
– Might limit memory used for a port
– Typically sends an SNMP trap
– Might limit number of MAC addresses for a port
24. Access
Control Lists
(ACLs)
• List of rules to define access
• Identify what is allowed and what is not
allowed
• ACLs often use an implicit deny policy
– NTFS uses a DACL to identify who is allowed
access to a file or a folder
• All others blocked
– Firewalls define what traffic is allowed
• Deny any any rule blocks all other traffic
25. Routers
• Route traffic between networks
• Do not pass broadcasts
• Routers and ACLs
– Filter based on
• IP addresses and networks
• Ports
• Protocols
30. Firewalls
• Host-based vs network-based firewall
• Firewall rules
• Last rule
– deny any any
• Linux
– iptables
– ipv6tables
– arptables
31. Firewalls
• Application-based firewalls
– Software running on a system
– Filters traffic to and from system
• Network-based firewalls
– System with two or more NICs
– All traffic passes through it
– Filters traffic to and from network
32. Firewalls
• Stateless
– Permission (deny, allow)
– Protocol (TCP, UDP, Any)
– Source (IP address or IP block)
• IP address example: 192.168.1.20/32
• IP block example: 192.168.1.0/24
– Destination (IP address or IP block)
– Port or protocol (80 for HTTP, 25 for SMTP)
– Ends with deny any any (or something similar)
33. Firewalls
• Stateful
– Makes decisions based on context, or state, of
traffic
– Can ensure TCP traffic is part of an established
TCP session
• If not, traffic is blocked
35. Firewall Rule
Example
• Allow all HTTP traffic to a web server with
an IP of 192.168.1.25
• Allow all HTTP and HTTPS traffic to a web
server with an IP of 192.168.1.25
• Allow DNS queries from any source to a
computer with an IP of 192.168.1.10
• Block DNS zone transfer traffic from any
source to any destination
• Block all DNS traffic from any source to
any destination
• Implement implicit deny
38. Network
Separation
• Physical isolation and airgaps
• Logical separation and segmentation
– Typically done with routers and firewalls
• VLAN (created with a switch)
– Logically group computers
– Logically separate/segment computers
42. Gateways
• Media gateway
– Converts traffic transmitted between different
networks
• Mail gateways
– Examines all incoming and outgoing email
– Filters spam
– Typically includes DLP
43. Routing &
Switching
Use Cases
• Switches
– Prevent switching loops.
• STP or RSTP on switches.
– Block flood attacks
• Flood guards block
– Prevent unauthorized users from connecting to
unused ports.
• Port security methods
– Provide increased segmentation of user
computers
– VLANs
44. Routing &
Switching
Use Cases
• Routers
– Prevent IP address spoofing.
• Antispoofing methods
• Provide secure management of routers
– Use SNMPv3