1 2

CHAPTER 1 INTRODUCTION TO NETWORKS Network Definition A network is basically all of the components (hardware and software) involved in connecting computers and applications across small and large distances. Networks are used to provide easy access to information, thus increasing productivity for users. Resources that are commonly shared in a network include data and applications, printers, network storage components (shared disk space), and backup storage components. Network Characteristics Cost Includes the cost of the network components, their installation, and their ongoing maintenance. Security Includes the protection of the network components and the data they contain and/or the data transmitted between them. Speed Includes how fast data is transmitted between network end points (the data rate). Network Characteristics (Cont.) Topology Describes the physical cabling layout and the logical way data moves between components. Scalability Defines how well the network can adapt to new growth, including new users, applications, and network components. Reliability Defines the reliability of the network components and the connectivity between them. Availability Measures the likelihood of the network being available to the users, where downtime occurs when the network is not available because of an outage or schedules maintenance. Components Applications It enable users to perform various tasks. Many applications are network aware, allowing you to access and use resources that are not located on your local computer. Protocols Used to implement applications. Some protocols are open standard, meaning that many vendors can create applications that can interoperate with other, while others are proprietary, meaning that they work only with a particular application. To build a network, you need three component categories: Computer Components Such as PCs and file servers running Microsoft Windows, McIntosh OS, UNIX (including LINUX), or other operating systems. Networking Components Such as hubs, bridges, switches, routers, firewalls, wireless access points, modems, NT1, and CSU/DSUare responsible for moving information between computers. Media Such as copper of fiber cabling, are needed to connect the computers and networking components so that information can be shared between components. Wireless

7 8

10

communication also falls in this category. Network Locations Local Area Networks Are used to connect networking devices that are in a very close geographic area, such as a floor of a building, a building itself, or within a campus environment. Components: PCs, file servers, hubs, bridges, switches, routers, multilayer switches, voice gateways, firewalls, and other devices. Media: copper and fiber cabling. Frame Types: Ethernet, Fast Ethernet (FE), Gigabit Ethernet (GE), Token Ring, and fiber distributed data interface (FDDI) Wide Area Networks Are used to connect LANs together. Typically, WANs are sued when the LANs that must be connected are separated by a large distance. 4 Basic Types of Connections: Circuit-switched (Analog Dialup, Integrated Services Digital Network (ISDN)), cell-switched (Asynchronous transfer mode (ATM), Switched Multimegabit Data Service (SMDS)), packet-switched(Frame Relay and X.25) and dedicated connections. Dedicated Circuit A permanent connection between two sites in which bandwidth is dedicated to that companys use. DSL provides speeds up to a few megabits per second (Mbps) and costs much less than a typical WAN circuit from the carrier. Cable access uses coaxial copper and fiber connectionsthe same medium used to provide television broadcast services. Network Topologies It defines how the components are connected. 1. Point-to-point topology has a single connection between two components. An example is two routers connected across a dedicated WAN circuit. 2. 2. Star Topology, a central device has many point-to-point connections to other components. Example is 10BaseT Ethernet connected in a central hub or switch.

11

12

13

Network Topologies (Cont.) 3. Bus Topology, all components are connected to and share a singe wire. Uses 10Base5 and 10Base2 Ethernet and special types of connectors or transceivers. 4. Ring Topology, device one connects to device two, device two connects to device three, and so on to the last device, which connects back to the first device. Implemented a single ring or dual ring for redundancy which uses the FDDI media technology. Physical and Logical Topologies Physical topology describes how components are physically cabled together. A logical topology describes how components communicate across the physical topology. Example, any variety of Ethernet uses a logical bus topology when components communicate, regardless of the physical layout of the cabling. Fully and Partially Meshed Topologies Meshing generally describes how components are connected together. In a partially meshed environment, every device is not connected to every device. In a

14

fully meshed environment, every component is connected to every other component. Partial and full meshed can be seen from both a physical view and a logical one. Example, in a physical bus topology. All the components are fully meshed, since they are all connected to the same piece of wirethis is both a physical and a logical fully meshed topology and is common in LAN topologies. Introduction to Network Security The foundation of security is contained in a companys security policy. A security policy defines what people can and cant do with network components and resources. A security solution is derived from the security policy. A security solution that hinders a company from reaching its business goals, or course is counterproductive. Classes of Attacks Adversaries An adversary is a person or persons interested in attacking your network. Common adversaries include disgruntled employees, hackers, criminals, terrorists, and other. Motivations Adversaries motivations range from being challenged, to gathering or stealing information, to denial of service. Classes of attacks Adversaries can employ five classes of attacks: passive, active, distributed, insider, and close-in Classes of Attacks (Cont.) A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan Horses, or by exploiting a discovered security vulnerability.

15

16

17

18

Distributed Attack A distributed attack requires that the adversary introduce code, such as a Trojan Horse or back-door program, to a trusted component or software that will later be distributed to many other companies and users. An insider attack involves someone from the inside, such as a disgruntled employee, attacking the network. A close-in attack involves someone attempting to get physically close to network components, data and systems in order to learn more about a network. Common Threats and Mitigation Physical Installations Hardware threats involve physical damage to network components, such as servers, routers, and switches. Electrical threats include irregular fluctuations in voltage, such as brownouts and voltage spikes, and complete loss of power. Environmental threats include very low or high temperatures, moisture, electrostatic and magnetic interference. Maintenance threats include not having backup parts of components for critical network components. Reconnaissance Attacks

19

20

Occurs when an adversary tires to learn information about your network. Adversaries will commonly use several tools in their attacks: social engineering, scanning tools, packet sniffers, and other tools. To mitigate a social engineering attack, users should have to go through proper training about the kinds of information they can and cant share with other people. To mitigate scanning and packet sniffing attacks, good access control mechanisms, such as firewalls and IDS/IPS, should be deployed.
21

Access Attacks Occurs when someone tries to gain unauthorized access to a component, tries to gain unauthorized access to information on a component, or increases their privileges on a network component. Many kind of access attacks are used, but the most common kind is a password attack and brute-force attack. To mitigate these kinds of access attacks, strict access control features should be in place. Access should be restricted to network components and their information through the use of network filters, for example only accounting people should be able to access accounting servers and data on those servers. DoS Attacks Involves an adversary reducing the level of operation or service, preventing access to, or completely crashing a network component or service. It can involve the flooding of millions of packets or injecting code into an application or overrunning the buffer(s) of an application, causing it to crash. Appropriate firewall access control mechanisms such as packet filtering should be used to control access to a system and mitigate certain kinds of DoS attacks. End of Chapter 1

22

23