Post on 03-Apr-2018
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
1/34
05 TCP/IP Transport Layer,
Applications & Network Security
By Muhammad Asghar Khan
Reference: CCENT/CCNA ICND1 Official Exam Certification Guide By Wendell Odom
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
2/34
Agenda
Introduction Transport Layer (L4)
Transmission Control Protocol (TCP)
Multiplexing using Ports Error Recovery
Flow Control
Connection Establishment & Termination
Ordered Data Transfer & Data Segmentation
User Datagram Protocol
Multiplexing using Ports
2 www.asghars.blogspot.com
1/2
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
3/34
www.asghars.blogspot.com3
TCP/IP Applications QoS
WWW
Network Security
Firewalls & ASA
Intrusion Detection & Prevention Systems
VPN
2/2
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
4/34
Introduction
www.asghars.blogspot.com4
OSI Transport Layer (L4) or TCP/IP Transport Layerprotocols define several functions as:
Multiplexing using Ports
Error Recovery
Flow Control Connection Establishment & Termination
Ordered Data Transfer & Data Segmentation
The two most pervasive transport layer protocols
are:
TCP
UDP
1/1
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
5/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com5
TCP provides a connection oriented and reliable service TCP relies on IP for end-to-end delivery of the data and
routing
TCP provides the following facilities:
Multiplexing Using Ports
Error Recovery
Flow Control Using Windowing
Connection Establishment & Termination Data Segmentation & Order Data Transfer
TCP provides these features at the expense of
processing and overhead
1/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
6/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com6
TCP header and data field together are called a TCPsegment
TCP segment can also be named as L4 PDU as TCP is alayer 4 protocol
Multiplexing Using Port Numbers Multiplexing enables the receiving computer to know
which application to give the data to (e.g. web browser, e-mail client or VoIP application)
Multiplexing relies on a concept called a socket, socketconsists of:
IP Address
Transport Protocol (TCP/UDP)
Port Number
2/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
7/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com7
Hosts typically allocate dynamic port numbersstarting at 1024 bcz ports below 1024 are reservedfor well known applications
Table on next slide lists the popular applications andtheir well known port
Trivial File Transfer Protocol (TFTP) is a network protocolthat does not have any authentication processes whileFTP is a user-based password network protocol used totransfer data across a network
Simple Network Management Protocol (SNMP) isapplication layer protocol used for network devicemanagement. E.g. Cisco Works network managementsoftware product family
3/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
8/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com8
4/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
9/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com9
Error Recovery (Reliability) To accomplish reliability , TCP numbers data bytes
using the Sequence and Acknowledgment fields in
the TCP header
TCP achieves reliability in both directions, using theSequence Number field of one direction combined
with the Acknowledgement field in the opposite
direction
Figure shows the
basic operation
5/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
10/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com10
Acknowledgment field in the TCP header sent by theweb client (4000) implies the next byte to be
received; this is called forward acknowledgment
The Sequence & Acknowledgment fields count the
number of bytes Figure shows
the same
scenario but
the second
TCP segment
was lost
6/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
11/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com11
Flow Control Using Windowing
Flow control is achieved through Sequence &Acknowledgment fields in TCP header along with otherfiled called Window field
The Window field implies the maximum number ofunacknowledged bytes that are allowed to be outstandingat any instant in time
The Window starts small and grows until errors occur, i.ewhy sometime called dynamic window
Also as sequence & acknowledge numbers grow overtime, i.e why it is also sometime called sliding window
When the window is full, the sender doesnt send, whichcontrols the flow of data
7/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
12/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com12
Figure shows the windowing with a current windowsize of 3000, each TCP segment has 1000 bytes of
data
The term Positive
Acknowledgment &Retransmission (PAR)
is sometimes used to
describe error recoveryand windowing process
Wait window
exhaustedAfter ACK, ne
window is sen
Sender Wait 4000
1000
1000
10001000
------
4000
8/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
13/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com13
Connection Establishment & Termination Connection establishment refers to the process of
initializing sequence and acknowledgment fields and
agreeing on the port numbers used
TCP uses 3-Way Connection process
TCP signals connection
establishment using
2-bits in flag fields, calledSYN & ACK
SYN means Synchronize the Sequence Numbers
9/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
14/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com14
TCP uses the 4-Way termination sequence Termination sequence uses the additional flag called
the FIN bit (FIN is short for finished)
10/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
15/34
Transmission Control Protocol (TCP)
www.asghars.blogspot.com15
Data Segmentation & Ordered Data Transfer
Each data link layer protocol has a limit on theMaximum transmission Unit (MTU)
For many data link layer protocols, Ethernet included
the MTU is 1500 bytes TCP segments large data into 1460-byte chunks
Because IP routing can choose to balance trafficacross multiple link, actual segments may be
delivered out of order TCP receiver must performs the reassembly and
reordering of the data
11/11
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
16/34
User Datagram Protocol (UDP)
www.asghars.blogspot.com16
UDP provides a connectionless oriented and unreliableservice
UDP provides the following facilities:
Multiplexing Using Ports
Note that other facilities like Error Recovery, FlowControl, Ordering of Data & Data Segmentation is notsupported by the UDP
Applications that use UDP are tolerant to the lost data,
or they have some application mechanism to recoverlost data
For example; VoIP, DNS and Network File System (NFS)
1/1
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
17/34
TCP/IP Applications
www.asghars.blogspot.com17
The goal of Enterprise network is to useapplications; such as web browsing, e-mail, file
downloads, voice & video
Applications requires Quality of Service (QoS)
QoS refers to the entire topic of what an application
needs from the network service
Each type of application can be analyzed in terms of
its QoS requirements on the network, so if thenetwork meets those requirements, the application
will work well
1/5
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
18/34
TCP/IP Applications
www.asghars.blogspot.com18
The four main QoS requirements are: Bandwidth; he maximum amount of information (in
bits/second) that can be transmitted on a transmission
medium
Delay Jitter; it is the variation in delay
Loss
The migration of voice & video to the data network
puts more pressure on the data network to deliverrequired quality of network service
2/5
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
19/34
TCP/IP Applications
www.asghars.blogspot.com19
VoIP traffic has the following QoS demands: Bandwidth i.e. 30 kbps
Low Delay i.e. 200 ms (0.2 sec)
Low Jitter i.e. 30 ms (0.03 sec)
Loss; Bcz of delay & jitter issues, no need to recover, itwould be useless by the time it was recovered. Lost
packets can sound like a break in the sound of VoIP call
Video over IP has same performance issues, except
that video requires more bandwidth (i.e. 300/400kbps to 3/10 Mbps
Routers & Switches can be configures with a variety
of QoS tools
3/5
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
20/34
TCP/IP Applications
www.asghars.blogspot.com20
Table summarizes needs of various types ofapplications QoS requirements
4/5
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
21/34
TCP/IP Applications
www.asghars.blogspot.com21
WWW
WWW consists of all the Internet-connected webservers in the world, plus all the Internet-connectedhosts with web browsers
You identify a web page when you click something onthe web page or when you enter Universal ResourceLocater (URL) in the browsers address bar
Each URL defines the protocol , name of server andthe particular page on that server (e.g.http://www.cisco.com/go/prepcenter)
Protocol is listed before //
Hostname is listed b/w // and /
Name of web page is listed after /
5/5
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
22/34
Network Security
www.asghars.blogspot.com22
For the purposes of this book, and for the ICND1exam, the goal is to know some of the basic
terminology, types of security issues, and some of
the common tools used to mitigate security risks
The kinds of attacks that might occur:
Denial of service (DoS) attacks: DoS attacks called
flooders flood the network with packets to make the
network unusable, preventing any usefulcommunications with the servers
1/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
23/34
Network Security
www.asghars.blogspot.com23
Reconnaissance attacks: its goal is gatheringinformation to perform an access attack. An example
is learning IP addresses and then trying to discover
servers that do not appear to require encryption to
connect to the server Access attacks: An attempt to steal data, typically
data for some financial advantage, or for
international espionage
A higher percentage of security attacks actuallycome from inside the Enterprise network
2/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
24/34
Network Security
www.asghars.blogspot.com24
Figure depicts common security issues in anenterprise
PC1
3/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
25/34
Network Security
www.asghars.blogspot.com25
List explains three ways in which the Enterprisenetwork is exposed to the possibility of an attack fromwithin
Access from the wireless LAN: an unsecured wireless LANallows the user across the street in a coffee shop to
access the Enterprise network, letting the attacker (PC1)begin the next phase of trying to gain access to thecomputers in the Enterprise
Infected mobile laptops: the laptop (PC2)connects to the
Enterprise network, with the virus spreading to other PCs,such as PC3. PC3 may be vulnerable in part because theusers may have avoided running the daily anti-virussoftware scans that, although useful, can annoy the user
4/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
26/34
Network Security
www.asghars.blogspot.com26
Disgruntled employees: The user at PC4 is planning tomove to a new company. He steals information fromthe network and loads it onto an MP3 player or USBflash drive. This allows him to carry the entirecustomer database in a device that can be easily
concealed and removed from the building To prevent such problems, Cisco uses the term
security in depth to refer to a security design thatincludes security tools throughout the network,
including features in routers and switches Cisco also uses the term self-defending network to
refer to automation in which the network devicesautomatically react to network problems
5/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
27/34
Network Security
www.asghars.blogspot.com27
For example, Network Admission Control (NAC) is one
security tool to help prevent two of the attacks just
described
The following tools can be used to provide that in-
depth security Firewalls and the Cisco Adaptive Security Appliance (ASA)
The firewalls role is to stop packets that the network or
security engineer has deemed unsafe
The firewall mainly looks at the transport layer port numbersand the application layer headers to prevent certain ports
and applications from getting packets into the Enterprise
6/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
28/34
Network Security
www.asghars.blogspot.com28
However, a perimeter firewall (a firewall on the edge, or
perimeter, of the network) does not protect the
Enterprise from all the dangers possible through the
Internet connection
Firewalls sit in the packet-forwarding path between two
networks, often with one LAN interface connecting to
the secure local network, and one to the other, less-
secure network (often the Internet)
The DMZ LAN is a place to put devices that need to be
accessible, but that access puts them at higher risk
7/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
29/34
Network Security
www.asghars.blogspot.com29
Figure shows a common internet design using a firewall
8/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
30/34
Network Security
www.asghars.blogspot.com30
The firewall needs to be configured to know which
interfaces are connected to the inside, outside, andDMZ parts of the network
Then, a series of rules can be configured that tell thefirewall which traffic patterns are allowed and which
are not The figure shows two typically allowed flows and one
typical disallowed flow, shown with dashed lines
In years past, Cisco sold firewalls with the trade namePIX firewall
A few years ago, Cisco introduced a whole newgeneration of network security hardware using thetrade name Adaptive Security Appliance (ASA)
9/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
31/34
Network Security
www.asghars.blogspot.com31
Cisco ASA appliances can provide or assist in the overall
in-depth security design with a variety of tools that
prevent problems such as viruses
Cisco uses the term anti-x to refer to the whole class of
security tools that prevent these various problems,
including the following:
Anti-virus
Anti-spyware
Anti-spam
Anti-phishing
URL filtering
E-mail filtering
10/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
32/34
Network Security
www.asghars.blogspot.com32
Intrusion Detection (IDS) & Prevention Systems (IPS)
Some types of attacks cannot be easily found with anti-x tools
A couple of tools that can be used to prevent suchattacks are; Intrusion Detection Systems (IDS) and
Intrusion Prevention Systems (IPS) Virtual Private Networks (VPN)
VPN might be better termed a virtual private WAN
VPNs send packets through the Internet, which is a
public network However, VPNs make the communication secure, like a
private leased line
11/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
33/34
Network Security
www.asghars.blogspot.com33
VPNs authenticate the VPNs endpoints, meaning that
both endpoints can be sure that the other endpoint of
the VPN connection is legitimate
Additionally, VPNs encrypt the original IP packets so
that even if an attacker managed to get a copy of the
packets as they pass through the Internet, he or she
cannot read the data
Two types of VPNs:
Access VPN: supports a home or small-office user
Site-to-site intranet VPN: typically connects two sites of the
same Enterprise, the encryption could be done for all devices
using different kinds of hardware, including routers, firewalls as
shown in figure on next slide
12/13
7/29/2019 05 - TCP/IP Transport, Applications & Network Security
34/34
Network Security
www asghars blogspot com34
13/13