05 TCP/IP Transport Layer, Applications & Network Security

By Muhammad Asghar Khan

Reference: CCENT/CCNA ICND1 Official Exam Certification Guide By Wendell Odom

1/2

Agenda

Introduction Transport Layer (L4)

Transmission Control Protocol (TCP)

Multiplexing using Ports Error Recovery Flow Control Connection Establishment & Termination Ordered Data Transfer & Data Segmentation Multiplexing using Ports
www.asghars.blogspot.com

User Datagram Protocol

2/2

TCP/IP Applications

QoS WWW Firewalls & ASA Intrusion Detection & Prevention Systems VPN

Network Security

www.asghars.blogspot.com

1/1

Introduction

OSI Transport Layer (L4) or TCP/IP Transport Layer protocols define several functions as:

Multiplexing using Ports Error Recovery Flow Control Connection Establishment & Termination Ordered Data Transfer & Data Segmentation

The two most pervasive transport layer protocols are:

4

TCP UDP
www.asghars.blogspot.com

1/11

Transmission Control Protocol (TCP)

TCP provides a connection oriented and reliable service TCP relies on IP for end-to-end delivery of the data and routing TCP provides the following facilities:

Multiplexing Using Ports Error Recovery Flow Control Using Windowing Connection Establishment & Termination Data Segmentation & Order Data Transfer

TCP provides these features at the expense of processing and overhead

www.asghars.blogspot.com

2/11

Transmission Control Protocol (TCP)

TCP header and data field together are called a TCP segment TCP segment can also be named as L4 PDU as TCP is a layer 4 protocol Multiplexing Using Port Numbers

Multiplexing enables the receiving computer to know which application to give the data to (e.g. web browser, email client or VoIP application) Multiplexing relies on a concept called a socket, socket consists of:

IP Address Transport Protocol (TCP/UDP) Port Number

www.asghars.blogspot.com

3/11

Transmission Control Protocol (TCP)

Hosts typically allocate dynamic port numbers starting at 1024 bcz ports below 1024 are reserved for well known applications Table on next slide lists the popular applications and their well known port

Trivial File Transfer Protocol (TFTP) is a network protocol that does not have any authentication processes while FTP is a user-based password network protocol used to transfer data across a network Simple Network Management Protocol (SNMP) is application layer protocol used for network device management. E.g. Cisco Works network management software product family
www.asghars.blogspot.com

4/11

Transmission Control Protocol (TCP)

www.asghars.blogspot.com

5/11

Transmission Control Protocol (TCP)

Error Recovery (Reliability)

To accomplish reliability , TCP numbers data bytes using the Sequence and Acknowledgment fields in the TCP header TCP achieves reliability in both directions, using the Sequence Number field of one direction combined with the Acknowledgement field in the opposite direction Figure shows the basic operation
www.asghars.blogspot.com

6/11

Transmission Control Protocol (TCP)

Acknowledgment field in the TCP header sent by the web client (4000) implies the next byte to be received; this is called forward acknowledgment The Sequence & Acknowledgment fields count the number of bytes Figure shows the same scenario but the second TCP segment was lost
www.asghars.blogspot.com

10

7/11

Transmission Control Protocol (TCP)

Flow Control Using Windowing

Flow control is achieved through Sequence & Acknowledgment fields in TCP header along with other filed called Window field The Window field implies the maximum number of unacknowledged bytes that are allowed to be outstanding at any instant in time The Window starts small and grows until errors occur, i.e why sometime called dynamic window Also as sequence & acknowledge numbers grow over time, i.e why it is also sometime called sliding window When the window is full, the sender doesnt send, which controls the flow of data
www.asghars.blogspot.com

11

8/11

Transmission Control Protocol (TCP)

Figure shows the windowing with a current window size of 3000, each TCP segment has 1000 bytes of data The term Positive Acknowledgment & Retransmission (PAR) Wait window exhausted After ACK, new is sometimes used to window is send describe error recovery 1000 and windowing process 1000
Sender Wait 4000 1000 1000 -----4000

12

www.asghars.blogspot.com

9/11

Transmission Control Protocol (TCP)

Connection Establishment & Termination

Connection establishment refers to the process of initializing sequence and acknowledgment fields and agreeing on the port numbers used TCP uses 3-Way Connection process

TCP signals connection establishment using 2-bits in flag fields, called SYN & ACK SYN means Synchronize the Sequence Numbers
www.asghars.blogspot.com

13

10/11

Transmission Control Protocol (TCP)

TCP uses the 4-Way termination sequence

Termination sequence uses the additional flag called the FIN bit (FIN is short for finished)

14

www.asghars.blogspot.com

11/11

Transmission Control Protocol (TCP)

Data Segmentation & Ordered Data Transfer

Each data link layer protocol has a limit on the Maximum transmission Unit (MTU) For many data link layer protocols, Ethernet included the MTU is 1500 bytes TCP segments large data into 1460-byte chunks Because IP routing can choose to balance traffic across multiple link, actual segments may be delivered out of order TCP receiver must performs the reassembly and reordering of the data
www.asghars.blogspot.com

15

1/1

User Datagram Protocol (UDP)

UDP provides a connectionless oriented and unreliable service UDP provides the following facilities:

Multiplexing Using Ports

Note that other facilities like Error Recovery, Flow Control, Ordering of Data & Data Segmentation is not supported by the UDP Applications that use UDP are tolerant to the lost data, or they have some application mechanism to recover lost data For example; VoIP, DNS and Network File System (NFS)
16 www.asghars.blogspot.com

1/5

TCP/IP Applications

The goal of Enterprise network is to use applications; such as web browsing, e-mail, file downloads, voice & video Applications requires Quality of Service (QoS)

QoS refers to the entire topic of what an application needs from the network service Each type of application can be analyzed in terms of its QoS requirements on the network, so if the network meets those requirements, the application will work well
www.asghars.blogspot.com

17

2/5

TCP/IP Applications

The four main QoS requirements are:

Bandwidth; he maximum amount of information (in bits/second) that can be transmitted on a transmission medium Delay Jitter; it is the variation in delay Loss

The migration of voice & video to the data network puts more pressure on the data network to deliver required quality of network service

18

www.asghars.blogspot.com

3/5

TCP/IP Applications

VoIP traffic has the following QoS demands:

Bandwidth i.e. 30 kbps Low Delay i.e. 200 ms (0.2 sec) Low Jitter i.e. 30 ms (0.03 sec) Loss; Bcz of delay & jitter issues, no need to recover, it would be useless by the time it was recovered. Lost packets can sound like a break in the sound of VoIP call

19

Video over IP has same performance issues, except that video requires more bandwidth (i.e. 300/400 kbps to 3/10 Mbps Routers & Switches can be configures with a variety of QoS tools
www.asghars.blogspot.com

4/5

TCP/IP Applications

Table summarizes needs of various types of applications QoS requirements

20

www.asghars.blogspot.com

5/5

TCP/IP Applications

WWW

WWW consists of all the Internet-connected web servers in the world, plus all the Internet-connected hosts with web browsers You identify a web page when you click something on the web page or when you enter Universal Resource Locater (URL) in the browsers address bar Each URL defines the protocol , name of server and the particular page on that server (e.g. http://www.cisco.com/go/prepcenter)

21

Protocol is listed before // Hostname is listed b/w // and / Name of web page is listed after /

www.asghars.blogspot.com

1/13

Network Security

For the purposes of this book, and for the ICND1 exam, the goal is to know some of the basic terminology, types of security issues, and some of the common tools used to mitigate security risks The kinds of attacks that might occur:

Denial of service (DoS) attacks: DoS attacks called flooders flood the network with packets to make the network unusable, preventing any useful communications with the servers

22

www.asghars.blogspot.com

2/13

Network Security

Reconnaissance attacks: its goal is gathering information to perform an access attack. An example is learning IP addresses and then trying to discover servers that do not appear to require encryption to connect to the server Access attacks: An attempt to steal data, typically data for some financial advantage, or for international espionage

A higher percentage of security attacks actually come from inside the Enterprise network
23 www.asghars.blogspot.com

3/13

Network Security

Figure depicts common security issues in an enterprise

PC1

24

www.asghars.blogspot.com

4/13

Network Security

List explains three ways in which the Enterprise network is exposed to the possibility of an attack from within

Access from the wireless LAN: an unsecured wireless LAN allows the user across the street in a coffee shop to access the Enterprise network, letting the attacker (PC1) begin the next phase of trying to gain access to the computers in the Enterprise Infected mobile laptops: the laptop (PC2)connects to the Enterprise network, with the virus spreading to other PCs, such as PC3. PC3 may be vulnerable in part because the users may have avoided running the daily anti-virus software scans that, although useful, can annoy the user
www.asghars.blogspot.com

25

5/13

Network Security

Disgruntled employees: The user at PC4 is planning to move to a new company. He steals information from the network and loads it onto an MP3 player or USB flash drive. This allows him to carry the entire customer database in a device that can be easily concealed and removed from the building To prevent such problems, Cisco uses the term security in depth to refer to a security design that includes security tools throughout the network, including features in routers and switches Cisco also uses the term self-defending network to refer to automation in which the network devices automatically react to network problems
www.asghars.blogspot.com

26

6/13

Network Security

For example, Network Admission Control (NAC) is one security tool to help prevent two of the attacks just described The following tools can be used to provide that indepth security

Firewalls and the Cisco Adaptive Security Appliance (ASA)

The firewalls role is to stop packets that the network or security engineer has deemed unsafe The firewall mainly looks at the transport layer port numbers and the application layer headers to prevent certain ports and applications from getting packets into the Enterprise
www.asghars.blogspot.com

27

7/13

Network Security

However, a perimeter firewall (a firewall on the edge, or perimeter, of the network) does not protect the Enterprise from all the dangers possible through the Internet connection Firewalls sit in the packet-forwarding path between two networks, often with one LAN interface connecting to the secure local network, and one to the other, lesssecure network (often the Internet) The DMZ LAN is a place to put devices that need to be accessible, but that access puts them at higher risk

28

www.asghars.blogspot.com

8/13

Network Security

Figure shows a common internet design using a firewall

29

www.asghars.blogspot.com

9/13

Network Security

The firewall needs to be configured to know which interfaces are connected to the inside, outside, and DMZ parts of the network Then, a series of rules can be configured that tell the firewall which traffic patterns are allowed and which are not The figure shows two typically allowed flows and one typical disallowed flow, shown with dashed lines In years past, Cisco sold firewalls with the trade name PIX firewall A few years ago, Cisco introduced a whole new generation of network security hardware using the trade name Adaptive Security Appliance (ASA)
www.asghars.blogspot.com

30

10/13

Network Security

Cisco ASA appliances can provide or assist in the overall in-depth security design with a variety of tools that prevent problems such as viruses Cisco uses the term anti-x to refer to the whole class of security tools that prevent these various problems, including the following:
Anti-virus Anti-spyware Anti-spam Anti-phishing URL filtering E-mail filtering

31

www.asghars.blogspot.com

11/13

Network Security

Intrusion Detection (IDS) & Prevention Systems (IPS)

Some types of attacks cannot be easily found with antix tools A couple of tools that can be used to prevent such attacks are; Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) VPN might be better termed a virtual private WAN VPNs send packets through the Internet, which is a public network However, VPNs make the communication secure, like a private leased line
www.asghars.blogspot.com

Virtual Private Networks (VPN)

32

12/13

Network Security

VPNs authenticate the VPNs endpoints, meaning that both endpoints can be sure that the other endpoint of the VPN connection is legitimate Additionally, VPNs encrypt the original IP packets so that even if an attacker managed to get a copy of the packets as they pass through the Internet, he or she cannot read the data Two types of VPNs:
Access VPN: supports a home or small-office user Site-to-site intranet VPN: typically connects two sites of the same Enterprise, the encryption could be done for all devices using different kinds of hardware, including routers, firewalls as shown in figure on next slide

33

www.asghars.blogspot.com

13/13

Network Security

34

www.asghars.blogspot.com