Nachos Theoretical Presentation 3

Teammates:Jorge Jose DanielRicardo

Network Protocol

Defines rules and conventions for communication between network devices.

● Ethernet● ARP● IP ● UDP● TCP● CAN● SSH

UDP Protocol    Used to communicate (unreliable) between application programs in a network. UDP header.

Source port and destination port identifies the process that sends a receives the data in the UDP packet.

The IP protocol needs network address to send the data to the correct host in the network and needs a port number to send the data to the correct program application.

Well-known portsThere's a list of currently assigned ports to some services, so when you need to use a port number you must remember to avoid those numbers.

Port number Name

22 SSH

23 Telnet

88 Kerberos

80 HTTP

194 IRC

UDP Properties

Does not need acknowledge. It's not a reliable network protocol, that's why the messages can be:

● lost● arrive out of order● duplicated

Does not provide feedback to control the rate at which information flows between the machines.

TCP Protocol    

TCP is a reliable connection oriented protocol, which means that:

● data it's received in the same order that was send.● detects duplicated data.● retransmits lost data.

TCP header

Establishing a TCP connection

Closing a TCP connection

Ping response delay

Google facebook and wikipedia takes more time to ack a packet send than yahoo and twitter.Ps: test realized at 11 pm.

Likelihood packet will be dropped.

Emulating lost packed.

Planning practical implementation

Nachos already send packets in order but it's protocol is not reliable.

So with that in mind we propose build a protocol similar to TCP in top of the nachos one.

The program for testing the new protocol will be a ping or a chat.

Network Security

Confidence information and services available on a network cannot be accessed by unauthorized users. There's two fundamental techniques that form the basis for the internet security:

● Perimeter security● encryption

Perimeter security allows an organization to determine the services and networks it will make available to outsiders and the extend to which outsiders can use resources.

Aspects of information security    

● Data Integrity● Data Availability● Privacy Or Confidentiality● Authorization● Autentication● Replay Avoidance

Internet Security    

Source authentication (accepts requests from computers on a authorized list) is a weak security method. Stronger authentication requires encryption.

IPsec    

Provides a set of security algorithms and a general framework that allows a security communication .

HMAC algorithm

Firewall

Blocks all unauthorized communication between computers in the organization and computers outside the organization.

Monitoring:● a firewall notifies a manager whenever an incident occurs

(active monitoring).● a firewall logs a record of each incident in a file on disk

(passive monitoring).

Planning practical implementation    

Some security in nachos programs execution and comunication:

● Implement a list of nachos machines authorized to communicate with.

● Implement a list of users (id's) authorized to execute useprog programs.

DHCP

The Dynamic Host Configuration Protocol (DHCP) service enables devices on a network to obtain IP addresses and other information from a DHCP server. This service automates the assignment of IP addresses, subnet masks, gateway and other IP networking parameters.

Static Assignment of Addresses

With a static assignment, the network administrator must manually configure the network information for a host, as shown in the figure. At a minimum, this includes entering the host IP address, subnet mask, and default gateway.

Dynamic Assignment of Addresses

DHCP enables the automatic assignment of addressing information such as IP address, subnet mask, default gateway, and other configuration information.

DNS

Domain Name Service Protocol (DNS) is used to resolve Internet names to IP addresses.

DNS protocol communications use a single format called a message. This message format is used for all types of client queries and server responses, error messages, and the transfer of resource record information between servers.