Fundamentals of Information Systems Security/Telecommunications and Network Security

Basic Concepts
Data Communication Telecommunication Networking Network Categories and Technologies
 * Data Communications is the transfer of data or information between a source and a receiver.
 * The source transmits the data and the receiver receives it.
 * Data Communication is interested in the transfer of data, the method of transfer and the preservation of the data during the transfer process and it does not bother of the information generation.
 * Components of a DC [[Image:Components of a DC system.png|right]]
 * Protocol- Defines the Rules and Regulations to control and manage the communication
 * Message-information/data that is needed to be conveyed to the receiver
 * Sender- to generate the data
 * Receiver- to receive/consume the data
 * Medium- a communication channel to carry the message
 * Telecommunication is the assisted transmission of signals over a distance for the purpose of communication
 * A computer network is an interconnection of a group of computers
 * An internetwork is a collection of individual networks, connected by intermediate networking devices, that functions as a single large network. Internetworking refers to the industry, products, and procedures that meet the challenge of creating and administering internetworks

OSI Reference Model
Overview
 * The Open Systems Interconnection Basic Reference Model (OSI Reference Model) is a layered, abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative by ISO.
 * The OSI is composed of seven layers, each specifying particular network functions.
 * The Seven Layers of OSI Model
 * One OSI layer communicates with another layer to make use of the services provided by the second layer.
 * The services provided by adjacent layers help a given OSI layer communicate with its peer layer in other computer systems.
 * Three basic elements are involved in layer services:
 * The service user- resides inside the layer
 * The service provider- resides inside the layer
 * The service access point (SAP)- resides between the layers
 * Advantages of Layering
 * Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.
 * Various technologies, protocols, and services can interact with each other and provide the proper interfaces to enable communications.

OSI Layer Services and Protocols

OSI Security Services

The security services that are defined in the OSI security model include
 * Data integrity - protection from modification and destruction
 * Data confidentiality - protection from disclosure
 * Authentication -verification of identity of the communication source and
 * Access control services - enable mechanisms to allow or restrict access.

Information Exchange Process
 * The seven OSI layers use various forms of control information to communicate with their peer layers in other computer systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers.
 * Control information typically takes one of two forms:
 * Headers are pre-appended to data that has been passed down from upper layers
 * Trailers are appended to data that has been passed down from upper layers
 * An OSI layer is not required to attach a header or a trailer to data from upper layers.
 * The data portion of an information unit at a given OSI layer potentially can contain headers, trailers, and data from all the higher layers. This is known as encapsulation.

TCP/IP Model
Overview The TCP/IP Advantage
 * The TCP/IP model or Internet reference model, sometimes called the DoD (Department of Defense) model or the ARPANET reference model, is a layered abstract description for communications and computer network protocol design.
 * It was created in the 1970s by DARPA for use in developing the Internet's protocols.
 * It is a suite of protocols among which TCP and IP are the two main protocols, hence the name.
 * This model was developed before the OSI Reference Model, and the Internet Engineering Task Force (IETF), which is responsible for the model and protocols developed under it, has never felt obligated to be compliant with OSI.
 * The model is composed of 5 layers
 * Physical
 * Data Link
 * Network
 * Transport
 * Application

The reasons that TCP/IP has become the most widely used protocol are as follows:
 * The flexible addressing scheme of TCP/IP allows data to be routed over even very large networks.
 * Virtually all operating systems and platforms can use TCP/IP.
 * TCP/IP offers a very large number of utilities and tools.
 * The I/Internet communication is based on TCP/IP.

TCP/IP Services and Protocols

Signals

 * Data is transmitted in the form of electromagnetic signals.
 * Signals are of two types
 * Analog Signals
 * Digital Signals

Analog Signals

 * Analog data refers to information that is continuous;
 * Analog data take on continuous values
 * Analog signals - can have an infinite number of values in a range;

Digital Signals

 * Digital data refers to information that has discrete states.
 * Digital data take on discrete values.
 * Digital signals- can have only a limited number of values.

Analog vs Digital
Periodic vs Non-Periodic Signals Signal Properties A complete sine wave in the time domain can be represented by one single spike in the frequency domain A single-frequency sine wave is not useful in data communications; we need to send a composite signal, a signal made of many simple sine waves According to Fourier analysis, any composite signal is a combination of simple sine waves with different frequencies, amplitudes, and phases.
 * In data communications, we commonly use periodic analog signals and nonperiodic digital signals.
 * Periodic analog signals can be classified as simple or composite.
 * A simple periodic analog signal, a sine wave, cannot be decomposed into simpler signals.
 * A composite periodic analog signal is composed of multiple sine waves.
 * Frequency is the rate of change with respect to time.
 * Change in a short span of time means high frequency.
 * Change over a long span of time means low frequency.
 * If a signal does not change at all, its frequency is zero.
 * If a signal changes instantaneously, its frequency is infinite.
 * Frequency and period are the inverse of each other.
 * Phase describes the position of the waveform relative to time 0.

If the composite signal is periodic, the decomposition gives a series of signals with discrete frequencies; �if the composite signal is nonperiodic, the decomposition gives a combination of sine waves with continuous frequencies. The bandwidth of a composite signal is the difference between the highest and the lowest frequencies contained in that signal. if we need to send bits faster, we need more bandwidth.
 * Digital Signals
 * In addition to being represented by an analog signal, information can also be represented by a digital signal. For example, a 1 can be encoded as a positive voltage and a 0 as zero voltage. A digital signal can have more than two levels. In this case, we can send more than 1 bit for each level.
 * A digital signal is a composite analog signal with an infinite bandwidth.
 * Baseband transmission of a digital signal that preserves the shape of the digital signal is possible only if we have a low-pass channel with an infinite or very wide bandwidth.
 * In baseband transmission, the required bandwidth is proportional to the bit rate;
 * If the available channel is a bandpass channel, we cannot send the digital signal directly to the channel; �we need to convert the digital signal to an analog signal before transmission.

Data Transmission
Data Rate Note:Increasing the levels of a signal may reduce the reliability of the system. Transmission Impairments The first, bandwidth in hertz, refers to the range of frequencies in a composite signal or the range of frequencies that a channel can pass. The second, bandwidth in bits per second, refers to the speed of bit transmission in a channel or link.
 * Data Rate Limits- depends on three factors:
 * The bandwidth available
 * The level of the signals we use
 * The quality of the channel (the level of noise)
 * Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not what is received. Three causes of impairment are attenuation, distortion, and noise.
 * Performance
 * One important issue in networking is the performance of the network—how good is it?
 * The bandwidth-delay product defines the number of bits that can fill the link.

Network Topology
A Network topology is the study of the arrangement or mapping of the elements of a network.

Physical Topologies
Overview Topologies
 * Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the network.
 * There are five main types of physical topologies that can be used and each has its own strengths and weaknesses.

Logical Topologies
Shared Media Topology Token Based
 * The Logical topology defines how the systems communicate across the physical topologies.
 * There are two main types of logical topologies:
 * shared media topology
 * token-based topology
 * In a shared media topology, all the systems have the ability to access the physical layout whenever they need it.
 * Advantage- the systems have unrestricted access to the physical media.
 * Disadvantage-collisions: If two systems send information out on the wire at the same time, the packets collide and kill both packets.
 * Example: Ethernet- uses CSMA/CD protocol to avoid collision
 * Ideal for small networks-many networks are broken up into several smaller networks with the use of switches or hubs to reduce the collision domain.
 * Shared media networks are typically deployed in a bus, star, or hybrid physical topology.
 * The token-based topology works by using a token to provide access to the physical media.
 * In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels around the network, each system examines the token. When the packets arrive at the destination systems, those systems copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.
 * Advantage - no collision problems
 * Disadvantage- latency, because each machine has to wait until it can use the token, there is often a delay in when communications actually occur.
 * Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the originating machine for it to release. The ring topology best facilitates this requirement

Media
Signal and data transmissions occurs between a transmitter and at least a receiver, mostly in the form of electromagnetic waves over a transmission medium (or a sequence of them). Transmission media can be classified as:
 * Guided
 * Unguided

Guided Media

 * Twisted Pair
 * Coaxial Cable
 * Fiber Optics

Unguided Media
Unguided media provides a means for transmitting electromagnetic waves but do not guide them; examples are the propagation through air, vacuum or water, all these media are unguided.

L1 Devices
Patch Panels

Modems

Data-Link Layer
Concepts and Architecture

Architecture

Transmission Technologies

Technology and Implementation

Ethernet

Wireless Local Area Networks

Address Resolution Protocol (ARP)

Point-to-Point Protocol (PPP)

Basic Concepts
Local Area Network (LAN)

Wide Area Network (WAN) Technologies

Metropolitan Area Network (MAN)

Global Area Network (GAN)

Technology and Implementation

Routers

Firewalls

End Systems

The Internet Protocol (IP)
Overview IP Characteristics IP Packet Format
 * The IP component of TCP/IP determines where packets of data are to be routed based on their destination addresses, and IP has certain characteristics related to how it handles this function.
 * The functioning of an IP based communication is analogous to Delivering Mail Through the Postal Service
 * Operates at network layer
 * Connectionless protocol- The destination device receives the data and does not return any status information to the sending device
 * Packets treated independently- A packet can be misdirected, duplicated, or lost on the way to its destination.
 * Hierarchical addressing
 * Best-effort delivery
 * No data recovery features- does not provide any special features that recover corrupted packets
 * The header consists of 12 fields + 1 optional field

IP Addressing
 * Version(4bits) :For IPv4, this has a value of 4 (hence the name IPv4).
 * Internet Header Length(4bits)  : tells the number of 32-bit words in the header. In IPv4, this field specifies the size of the header.
 * Type of Service (8bits)
 * bits 0-2: precedence
 * bit 3: 0 = Normal Delay, 1 = Low Delay
 * bit 4: 0 = Normal Throughput, 1 = High Throughput
 * bit 5: 0 = Normal Reliability, 1 = High Reliability
 * bits 6-7: Reserved for future use or for Differentiated services or for Explicit Congestion Notification
 * Total Length(16bits) : defines the entire datagram size, including header and data, in bytes.
 * Identification : primarily used for uniquely identifying fragments of an original IP datagram.
 * Flags(3bits) : used to control or identify fragments. They are (in order, from high order to low order):
 * Reserved; must be zero.
 * Don't Fragment (DF)
 * More Fragments (MF)
 * Fragment Offset(13bits) : specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram.
 * ''Time To Live(8bits) : helps prevent datagrams from persisting in an internetwork. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded.
 * Protocol : defines the protocol used in the data portion of the IP datagram.
 * Header Checksum(16bits) :used for error-checking of the header.
 * Source address : An IP address is a group of 4, 8-bit octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value.
 * Destination address : indicates the address of the packet receiver.
 * Options : Additional header fields may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words)
 * Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for subnetwork.
 * Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided into two main parts:
 * the network number- identifies a network, assigned by InterNIC or an ISP
 * the host number-identifies a host on a network,assigned by the local network administrator.
 * IPv4 Address representations
 * IP Address Classes
 * The IPV4 addresses are divided into five different address classes: A, B,C, D, and E.

Virtual Private Network (VPN)

Tunneling

Dynamic Host Configuration Protocol (DHCP)

Internet Control Message Protocol (ICMP)

Internet Group Management Protocol (IGMP)

Transport Layer
Concepts and Architecture

The Transmission Control Protocol (TCP)
Overview TCP Characteristics  TCP Connection Establishment  TCP segment structure
 * TCP is a connection-oriented protocol that provides data reliability between hosts. TCP has a number of unique characteristics related to the way in which it accomplishes this transmission.
 * The functioning of a TCP based communication is analogous to Sending Mail Certified(registered mail)
 * Operates at the transport layer of the TCP/IP stack
 * Provides applications with access to the network layer
 * Connection-oriented protocol- The end systems synchronize with one another to manage packet flows and adapt to congestion in the network.
 * Full-duplex mode operation
 * Error checking- provides error checking by including a checksum in the datagram to verify that the TCP header information is not corrupt
 * Sequencing of data packets- TCP segments are numbered and sequenced so that the destination can reorder segments and determine if data is missing.
 * Acknowledgment of receipt- the receiver returns an acknowledgment to the sender indicating that it received the segment.
 * Data recovery features- the receiver can request retransmission of a segment
 * TCP provides reliable transport services by establishing a connection-oriented session between the hosts. The Connection establishment is performed by using a "three-way handshake" mechanism.
 * A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers.
 * This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well.
 * Each host randomly chooses a sequence number used to track bytes within the stream it is sending and receiving. Then, the three-way handshake proceeds in the following manner:
 * The first host (Host A) initiates a connection by sending a packet with the initial sequence number (X) and SYN bit set to indicate a connection request.
 * The second host (Host B) receives the SYN, records the sequence number X, and replies by acknowledging the SYN (with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host has received bytes 0 through 19 and expects byte 20 next. This technique is called forward acknowledgment.
 * Host A then acknowledges all bytes Host B sent with a forward acknowledgment indicating the next byte Host A expects to receive (ACK = Y + 1). Data transfer then can begin.
 * Consists of header(11 fields) and data sections
 * Source port (16 bits) – identifies the sending port
 * Destination port (16 bits) – identifies the receiving port
 * Sequence number (32 bits) – has a dual role
 * If the SYN flag is present then this is the initial sequence number and the first data byte is the sequence number plus 1
 * if the SYN flag is not present then the first data byte is the sequence number
 * Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next expected byte that the receiver is expecting.
 * Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes.  This field gets its name from the fact that it is also the offset from the start of the TCP packet to the data.
 * Reserved (4 bits) – for future use and should be set to zero
 * Flags (8 bits) (aka Control bits) – contains 8 bit flags
 * CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set.
 * ECE (ECN-Echo) (1 bit) – indicate that the TCP peer is Explicit Congestion Notification(allows end-to-end notification of congestion without dropping packets)capable during 3-way handshake.
 * URG (1 bit) – indicates that the URGent pointer field is significant
 * ACK (1 bit) – indicates that the ACKnowledgment field is significant
 * PSH (1 bit) – Push function
 * RST (1 bit) – Reset the connection
 * SYN (1 bit) – Synchronize sequence numbers
 * FIN (1 bit) – No more data from sender
 * Window (16 bits) – the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive
 * Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data
 * Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte
 * Data (Variable bits): As you might expect, this is the payload, or data portion of a TCP packet. The payload may be any number of application layer protocols. The most common are HTTP, Telnet, SSH, FTP, but other popular protocols also use TCP.

The User Datagram Protocol(UDP)
Overview
 * The User Datagram Protocol (UDP) is a connectionless transport-layer protocol that belongs to the Internet protocol family.
 * UDP is basically an interface between IP and upper-layer processes. UDP protocol ports distinguish multiple applications   running on a single device from one another.
 * Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP. Because of UDP's simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.
 * UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in cases where a higher-layer protocol might provide error and flow control.
 * UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS), Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).

TCP vs UDP

Technology and Implementation

Scanning Techniques

Denial of Service

Session Layer
Concepts and Architecture

Technology and Implementation

Remote Procedure Calls

Directory Services

Access Services

Presentation Layer
Concepts and Architecture

Technology and Implementation

Transport Layer Security (TLS)

Application Layer
Concepts and Architecture

Technology and Implementation

Asynchronous Messaging (E-mail and News)

Instant Messaging

Data Exchange (World Wide Web)

Peer-to-Peer Applications and Protocols

Administrative Services

Remote-Access Services

Information Services

Voice-over-IP (VoIP)

General References

Sample Questions

Endnotes