05 - TCP/IP Transport, Applications & Network Security

7/29/2019 05 - TCP/IP Transport, Applications & Network Security

1/34

05 TCP/IP Transport Layer,

Applications & Network Security

By Muhammad Asghar Khan

Reference: CCENT/CCNA ICND1 Official Exam Certification Guide By Wendell Odom


2/34

Agenda

Introduction Transport Layer (L4)

Transmission Control Protocol (TCP)

Multiplexing using Ports Error Recovery

Flow Control

Connection Establishment & Termination

Ordered Data Transfer & Data Segmentation

User Datagram Protocol

Multiplexing using Ports

2 www.asghars.blogspot.com

1/2


3/34

www.asghars.blogspot.com3

TCP/IP Applications QoS

WWW

Network Security

Firewalls & ASA

Intrusion Detection & Prevention Systems

VPN

2/2


4/34

Introduction


OSI Transport Layer (L4) or TCP/IP Transport Layerprotocols define several functions as:

Multiplexing using Ports

Error Recovery

Flow Control Connection Establishment & Termination

Ordered Data Transfer & Data Segmentation

The two most pervasive transport layer protocols

are:

TCP

UDP

1/1


5/34



TCP provides a connection oriented and reliable service TCP relies on IP for end-to-end delivery of the data and

routing

TCP provides the following facilities:

Multiplexing Using Ports

Error Recovery

Flow Control Using Windowing

Connection Establishment & Termination Data Segmentation & Order Data Transfer

TCP provides these features at the expense of

processing and overhead

1/11


6/34



TCP header and data field together are called a TCPsegment

TCP segment can also be named as L4 PDU as TCP is alayer 4 protocol

Multiplexing Using Port Numbers Multiplexing enables the receiving computer to know

which application to give the data to (e.g. web browser, e-mail client or VoIP application)

Multiplexing relies on a concept called a socket, socketconsists of:

IP Address

Transport Protocol (TCP/UDP)

Port Number

2/11


7/34



Hosts typically allocate dynamic port numbersstarting at 1024 bcz ports below 1024 are reservedfor well known applications

Table on next slide lists the popular applications andtheir well known port

Trivial File Transfer Protocol (TFTP) is a network protocolthat does not have any authentication processes whileFTP is a user-based password network protocol used totransfer data across a network

Simple Network Management Protocol (SNMP) isapplication layer protocol used for network devicemanagement. E.g. Cisco Works network managementsoftware product family

3/11


8/34



4/11


9/34



Error Recovery (Reliability) To accomplish reliability , TCP numbers data bytes

using the Sequence and Acknowledgment fields in

the TCP header

TCP achieves reliability in both directions, using theSequence Number field of one direction combined

with the Acknowledgement field in the opposite

direction

Figure shows the

basic operation

5/11


10/34



Acknowledgment field in the TCP header sent by theweb client (4000) implies the next byte to be

received; this is called forward acknowledgment

The Sequence & Acknowledgment fields count the

number of bytes Figure shows

the same

scenario but

the second

TCP segment

was lost

6/11


11/34



Flow Control Using Windowing

Flow control is achieved through Sequence &Acknowledgment fields in TCP header along with otherfiled called Window field

The Window field implies the maximum number ofunacknowledged bytes that are allowed to be outstandingat any instant in time

The Window starts small and grows until errors occur, i.ewhy sometime called dynamic window

Also as sequence & acknowledge numbers grow overtime, i.e why it is also sometime called sliding window

When the window is full, the sender doesnt send, whichcontrols the flow of data

7/11


12/34



Figure shows the windowing with a current windowsize of 3000, each TCP segment has 1000 bytes of

data

The term Positive

Acknowledgment &Retransmission (PAR)

is sometimes used to

describe error recoveryand windowing process

Wait window

exhaustedAfter ACK, ne

window is sen

Sender Wait 4000

1000

1000

10001000

------

4000

8/11


13/34



Connection Establishment & Termination Connection establishment refers to the process of

initializing sequence and acknowledgment fields and

agreeing on the port numbers used

TCP uses 3-Way Connection process

TCP signals connection

establishment using

2-bits in flag fields, calledSYN & ACK

SYN means Synchronize the Sequence Numbers

9/11


14/34



TCP uses the 4-Way termination sequence Termination sequence uses the additional flag called

the FIN bit (FIN is short for finished)

10/11


15/34



Data Segmentation & Ordered Data Transfer

Each data link layer protocol has a limit on theMaximum transmission Unit (MTU)

For many data link layer protocols, Ethernet included

the MTU is 1500 bytes TCP segments large data into 1460-byte chunks

Because IP routing can choose to balance trafficacross multiple link, actual segments may be

delivered out of order TCP receiver must performs the reassembly and

reordering of the data

11/11


16/34

User Datagram Protocol (UDP)


UDP provides a connectionless oriented and unreliableservice

UDP provides the following facilities:

Multiplexing Using Ports

Note that other facilities like Error Recovery, FlowControl, Ordering of Data & Data Segmentation is notsupported by the UDP

Applications that use UDP are tolerant to the lost data,

or they have some application mechanism to recoverlost data

For example; VoIP, DNS and Network File System (NFS)

1/1


17/34

TCP/IP Applications


The goal of Enterprise network is to useapplications; such as web browsing, e-mail, file

downloads, voice & video

Applications requires Quality of Service (QoS)

QoS refers to the entire topic of what an application

needs from the network service

Each type of application can be analyzed in terms of

its QoS requirements on the network, so if thenetwork meets those requirements, the application

will work well

1/5


18/34

TCP/IP Applications


The four main QoS requirements are: Bandwidth; he maximum amount of information (in

bits/second) that can be transmitted on a transmission

medium

Delay Jitter; it is the variation in delay

Loss

The migration of voice & video to the data network

puts more pressure on the data network to deliverrequired quality of network service

2/5


19/34

TCP/IP Applications


VoIP traffic has the following QoS demands: Bandwidth i.e. 30 kbps

Low Delay i.e. 200 ms (0.2 sec)

Low Jitter i.e. 30 ms (0.03 sec)

Loss; Bcz of delay & jitter issues, no need to recover, itwould be useless by the time it was recovered. Lost

packets can sound like a break in the sound of VoIP call

Video over IP has same performance issues, except

that video requires more bandwidth (i.e. 300/400kbps to 3/10 Mbps

Routers & Switches can be configures with a variety

of QoS tools

3/5


20/34

TCP/IP Applications


Table summarizes needs of various types ofapplications QoS requirements

4/5


21/34

TCP/IP Applications


WWW

WWW consists of all the Internet-connected webservers in the world, plus all the Internet-connectedhosts with web browsers

You identify a web page when you click something onthe web page or when you enter Universal ResourceLocater (URL) in the browsers address bar

Each URL defines the protocol , name of server andthe particular page on that server (e.g.http://www.cisco.com/go/prepcenter)

Protocol is listed before //

Hostname is listed b/w // and /

Name of web page is listed after /

5/5


22/34

Network Security


For the purposes of this book, and for the ICND1exam, the goal is to know some of the basic

terminology, types of security issues, and some of

the common tools used to mitigate security risks

The kinds of attacks that might occur:

Denial of service (DoS) attacks: DoS attacks called

flooders flood the network with packets to make the

network unusable, preventing any usefulcommunications with the servers

1/13


23/34

Network Security


Reconnaissance attacks: its goal is gatheringinformation to perform an access attack. An example

is learning IP addresses and then trying to discover

servers that do not appear to require encryption to

connect to the server Access attacks: An attempt to steal data, typically

data for some financial advantage, or for

international espionage

A higher percentage of security attacks actuallycome from inside the Enterprise network

2/13


24/34

Network Security


Figure depicts common security issues in anenterprise

PC1

3/13


25/34

Network Security


List explains three ways in which the Enterprisenetwork is exposed to the possibility of an attack fromwithin

Access from the wireless LAN: an unsecured wireless LANallows the user across the street in a coffee shop to

access the Enterprise network, letting the attacker (PC1)begin the next phase of trying to gain access to thecomputers in the Enterprise

Infected mobile laptops: the laptop (PC2)connects to the

Enterprise network, with the virus spreading to other PCs,such as PC3. PC3 may be vulnerable in part because theusers may have avoided running the daily anti-virussoftware scans that, although useful, can annoy the user

4/13


26/34

Network Security


Disgruntled employees: The user at PC4 is planning tomove to a new company. He steals information fromthe network and loads it onto an MP3 player or USBflash drive. This allows him to carry the entirecustomer database in a device that can be easily

concealed and removed from the building To prevent such problems, Cisco uses the term

security in depth to refer to a security design thatincludes security tools throughout the network,

including features in routers and switches Cisco also uses the term self-defending network to

refer to automation in which the network devicesautomatically react to network problems

5/13


27/34

Network Security


For example, Network Admission Control (NAC) is one

security tool to help prevent two of the attacks just

described

The following tools can be used to provide that in-

depth security Firewalls and the Cisco Adaptive Security Appliance (ASA)

The firewalls role is to stop packets that the network or

security engineer has deemed unsafe

The firewall mainly looks at the transport layer port numbersand the application layer headers to prevent certain ports

and applications from getting packets into the Enterprise

6/13


28/34

Network Security


However, a perimeter firewall (a firewall on the edge, or

perimeter, of the network) does not protect the

Enterprise from all the dangers possible through the

Internet connection

Firewalls sit in the packet-forwarding path between two

networks, often with one LAN interface connecting to

the secure local network, and one to the other, less-

secure network (often the Internet)

The DMZ LAN is a place to put devices that need to be

accessible, but that access puts them at higher risk

7/13


29/34

Network Security


Figure shows a common internet design using a firewall

8/13


30/34

Network Security


The firewall needs to be configured to know which

interfaces are connected to the inside, outside, andDMZ parts of the network

Then, a series of rules can be configured that tell thefirewall which traffic patterns are allowed and which

are not The figure shows two typically allowed flows and one

typical disallowed flow, shown with dashed lines

In years past, Cisco sold firewalls with the trade namePIX firewall

A few years ago, Cisco introduced a whole newgeneration of network security hardware using thetrade name Adaptive Security Appliance (ASA)

9/13


31/34

Network Security


Cisco ASA appliances can provide or assist in the overall

in-depth security design with a variety of tools that

prevent problems such as viruses

Cisco uses the term anti-x to refer to the whole class of

security tools that prevent these various problems,

including the following:

Anti-virus

Anti-spyware

Anti-spam

Anti-phishing

URL filtering

E-mail filtering

10/13


32/34

Network Security


Intrusion Detection (IDS) & Prevention Systems (IPS)

Some types of attacks cannot be easily found with anti-x tools

A couple of tools that can be used to prevent suchattacks are; Intrusion Detection Systems (IDS) and

Intrusion Prevention Systems (IPS) Virtual Private Networks (VPN)

VPN might be better termed a virtual private WAN

VPNs send packets through the Internet, which is a

public network However, VPNs make the communication secure, like a

private leased line

11/13


33/34

Network Security


VPNs authenticate the VPNs endpoints, meaning that

both endpoints can be sure that the other endpoint of

the VPN connection is legitimate

Additionally, VPNs encrypt the original IP packets so

that even if an attacker managed to get a copy of the

packets as they pass through the Internet, he or she

cannot read the data

Two types of VPNs:

Access VPN: supports a home or small-office user

Site-to-site intranet VPN: typically connects two sites of the

same Enterprise, the encryption could be done for all devices

using different kinds of hardware, including routers, firewalls as

shown in figure on next slide

12/13


34/34

Network Security

www asghars blogspot com34

13/13

05 - TCP/IP Transport, Applications & Network Security

Documents

Transcript of 05 - TCP/IP Transport, Applications & Network Security