NS - 04 Information Assurance - 4

NETWORK
SECURITY
04 INFORMATION ASSURANCE
Contents
4.1 Network Architecture 4.2 OSI and TCP IP !ode" 4.# Securit$ Po"icies% Ser&ices ' !echanis(s
4.1 Network Architecture

) To *e a*"e to i(+"e(ent securit$ in a co((unications network% it is necessar$ to understand how the network o+erates. ) The ter( computer network is (ost"$ used to descri*e se&era" autono(ous co(+uters and ser&ers interconnected in a co(+"e, structure -Tanen*au(% 1./10.
04 INFORMATION ASSURANCE 3
4.1 Network Architecture

) Co(+uter networks are or1ani2ed in a series o3 "a$ers or "e&e"s. ) The +ur+ose o3 each "a$er is to o33er certain ser&ices to hi1her "a$ers and to shie"d the( 3ro( the detai"s o3 ser&ice i(+"e(entation.
4.2 OSI and TCP IP !ode"

4.2.1 OSI 7 Layers Reference Model )The OSI di&ides co((unications into se&en "a$ers% each +ro&idin1 a s+eci3ic set o3 ser&ices 3ro( a "ower "e&e". )The ISO IEC 44./5#6 1..47*asic re3erence (ode".

) Each "a$er can *e de&e"o+ed inde+endent"$ and is constrained on"$ *$ the ser&ices it +ro&ides to the n + 1 "a$er and *$ the ser&ices +ro&ided *$ the n - 1 "a$er.

Application
8 The a++"ication "a$er is where users +rocess the in3or(ation and deter(ine which +ro1ra(s the$ wi"" run and which +rotoco"s the$ wi"" use. 8 Si(+"e (ai" trans3er +rotoco" -s(t+0% h$+erte,t trans3er +rotoco" -htt+0% 3i"e trans3er +rotoco" -3t+0% te"net% and tri&ia" trans3er +rotoco" -T9TP0 are so(e e,a(+"es o3 the +rotoco"s workin1 at the a++"ication "a$er.

Presentation
8 The 3unction o3 the +resentation "a$er is to +ro&ide the users with certain use3u"% *ut not a"wa$s essentia"% trans3or(ation ser&ices o3 the users: data. 8 These ser&ices inc"ude con&ersion *etween character codes -/5*it ASCII% &irtua" ter(ina" +rotoco"s0% cr$+to1ra+hic trans3or(ations% te,t co(+ression% ter(ina" hand"in1% 3i"e trans3er% and (ani+u"ation o3 3i"es.

Session
8 The session "a$er is the user:s inter3ace with the network. 8 The user (ust ne1otiate with this "a$er to esta*"ish a connection with another (achine. 8 A connection *etween users -or *etween two +resentation "a$ers0 is ca""ed a session. 8 The network 3i"e s$ste( -N9S0% structured ;uer$ "an1ua1e -S<=0% and re(ote +rocedure ca"" -RPC0 are so(e e,a(+"es.

Transport
8 The trans+ort "a$er:s task is to +ro&ide re"ia*"e and e33icient end5to5end trans+ort ser&ice *etween users: +rocesses. 8 Co""ecti&e"$% "a$ers 1 throu1h 4 +ro&ide a trans+ort ser&ice% shie"din1 the hi1her "a$ers 3ro( the technica" detai"s o3 how co((unication is achie&ed.
11

Network
8 The "owest three "a$ers -#% 2% and 10 are concerned with the end5to5end trans(ission% 3ra(in1% and routin1 o3 +ackets *etween (achines. 8 A network "a$er% so(eti(es ca""ed the co((unication su*net "a$er% contro"s the e,chan1e o3 data *etween the user and the network% as we"" as the o+eration o3 the su*net.

8 The network "a$er 1rou+s the *inar$ di1its% inc"udin1 data and contro" e"e(ents% into +ackets o3 in3or(ation co(+osed o3 header% data% and trai"er% which are trans(itted as a who"e. 8 Internet +rotoco" -IP0% Internet contro" (essa1e +rotoco" IC!P0% routin1 in3or(ation +rotoco" -RIP0% o+en shortest +ath 3irst -OSP90% and *order 1atewa$ +rotoco" ->?P0 are so(e e,a(+"es o3 the +rotoco"s workin1 at the network "a$er.

Data Link
8 When the +ackets 3ro( "a$er # arri&e at "a$er 2% a 3ra(e header and trai"er are attached 3or trans(ission. 8 The data "ink "a$er *reaks u+ the data 3ro( the network "a$er into data 3ra(es and trans(its the 3ra(es se;uentia""$.
14

8 Ad&anced data co((unication contro" -A@CCP0% "a$er 2 3orwardin1 -=290% "a$er 2 tunne"in1 +rotoco" -=2TP0% and hi1h5"e&e" data contro" -A@=C0% as$nchronous trans3er (ode -AT!0 are so(e e,a(+"es o3 the +rotoco"s. 8 A"" these +rotoco"s a""ow data 3ra(es to contain an ar*itrar$ nu(*er o3 *its and are re3erred to as *it5oriented +rotoco"s.
15

P !sical
8 The +h$sica" "a$er -"a$er 10 con&erts *its into e"ectrica" si1na"s% and it is in&o"&ed with the trans(ission and rece+tion o3 the raw *its o&er a co((unication s$ste(. 8 Inte1rated ser&ices di1ita" network -IS@N0% Ethernet +h$sica" "a$er% and SONET S@A are so(e e,a(+"es.

8 The (ain task o3 the +h$sica" "a$er is to (ake sure that when a B *it is sent% the other +h$sica" "a$er wi"" recei&e a B *it and not a 1. 8 !ost o3 the ti(e% the +h$sica" "a$er is connected to *rid1es% routers% switches% 1atewa$s% or (ode(s.
17

4.2.2 TCP/IP Model )TCP IP% is a"so (ode"ed in "a$ers. )The TCP IP +rotoco" stack consists o3 3our "a$ers6 a++"ications "a$er% trans+ort "a$er% network "a$er% and data "a$er.
18
19

Application
8 A++"ications co((unicate with each other o&er the network *$ usin1 the data co((unication ser&ices o3 the trans+ort "a$er. 8 ATTP% 3i"e trans3er +rotoco" -9TP0% S!TP% and SN!P te"net are so(e e,a(+"es o3 the +rotoco"s workin1 at the a++"ication "a$er. 8 The data 3or(atted at the a++"ication "a$er are ca""ed (essa1es.

Transport
8 The trans+ort "a$er +ro&ides end5to5end data trans3er *$ de"i&erin1 data 3ro( an a++"ication to its re(ote +eer. 8 Two (ain +rotoco"s work at the trans+ort "a$er6 the trans(ission contro" +rotoco" -TCP0 and the user data1ra( +rotoco" -C@P0.
) TCP is re3erred to as a connection5oriented +rotoco" *ecause handshakin1 takes +"ace *e3ore an$ data is sent.

) C@P i(+"e(ents connection"ess sessions &ia D*est e33ortE de"i&er$ (echanis(s.
Network
8 The network "a$er is a"so ca""ed the Internet layer or the Internetwork layer. 8 The trans+ort "a$er needs to deter(ine the routes *etween end+oints to trans3er the end5 to5end data% and the network "a$er +ro&ides the network routin1 ser&ices or IP addresses.

8 The +rotoco" used to +ro&ide these ser&ices o&er the Internet is the Internet +rotoco" -IP0. 8 IC!P% I?!P% ARP% and RARP are so(e e,a(+"es o3 the +rotoco"s workin1 at the network "a$er.
23

) @ata
8 The data "a$er is a"so ca""ed the network inter3ace "a$er or the "ink "a$er. 8 The data "a$er is the inter3ace to the actua" network hardware. 8 IEEE /B2.2% F.2G AT!% 9@@I% SNA% PPP% 9ra(e Re"a$% AT!% and IEEE /B2.# are so(e e,a(+"es. 8 The data 3or(atted at the data "a$er are ca""ed 3ra(es.
4.# Sec. Po".% Ser&.% ' !ech.

) Securit$ Po"icies states an or1ani2ation:s intentions and decisions on what and how e"ectronic in3or(ation shou"d *e secured. ) The R9C 2/2/% DInternet Securit$ ?"ossar$E a*out securit$ +o"ic$% securit$ ser&ices% and securit$ (echanis(s.
25
4.# Sec. Po".% Ser&.% ' !ech.

) Securit$ +o"ic$6
8 -10 A set o3 ru"es and +ractices that s+eci3$ or re1u"ate how a s$ste( or or1ani2ation +ro&ides securit$ ser&ices to +rotect sensiti&e and critica" s$ste( resources. 8 -20 The set o3 ru"es "aid down *$ the securit$ authorit$ 1o&ernin1 the use and +ro&ision o3 securit$ ser&ices and 3aci"ities.
4.# Sec. Po".% Ser&.% ' !ech.

) Securit$ de&ices6
8 A +rocessin1 or co((unication ser&ice that is +ro&ided *$ a s$ste( to 1i&e a s+eci3ic kind o3 +rotection to s$ste( resources.
) Securit$ (echanis(s6
8 A +rocess -or a de&ice incor+oratin1 such a +rocess0 that can *e used in a s$ste( to i(+"e(ent a securit$ ser&ice that is +ro&ided *$ or within the s$ste(.
4.# Sec. Po".% Ser&.% ' !ech.
28
4.# Sec. Po".% Ser&.% ' !ech.
29
4.# Sec. Po".% Ser&.% ' !ech.

Con"i#entialit!
8 Con3identia"it$ is the assurance that in3or(ation is not (ade a&ai"a*"e or disc"osed to unauthori2ed indi&idua"s% entities% or +rocesses.
30
4.# Sec. Po".% Ser&.% ' !ech.
31
4.# Sec. Po".% Ser&.% ' !ech.

Inte$rit!
8 Inte1rit$ is the assurance that data is not accidenta""$ or de"i*erate"$ (odi3ied in transit *$ re+"ace(ent% insertion% or de"etion.
32
4.# Sec. Po".% Ser&.% ' !ech.
33
4.# Sec. Po".% Ser&.% ' !ech.

A%t entication
8 Authentication is the assurance that a (essa1e is co(in1 3ro( the source 3ro( which it c"ai(s to co(e.
34
4.# Sec. Po".% Ser&.% ' !ech.
35
4.# Sec. Po".% Ser&.% ' !ech.

) Access Control Authentication
8 Access contro" +ro&ides +rotection a1ainst the unauthori2ed use o3 resources. 8 It inc"udes the +re&ention o3 the use o3 a resource in an unauthori2ed (anner *$ identi3$in1 or &eri3$in1 the e"i1i*i"it$ o3 a station% ori1inator% or indi&idua" to access s+eci3ic cate1ories o3 in3or(ation.
4.# Sec. Po".% Ser&.% ' !ech.
37
4.# Sec. Po".% Ser&.% ' !ech.

) Nonrepudiation
8 Re+udiation (eans denia" *$ one o3 the entities in&o"&ed in a co((unication o3 ha&in1 +artici+ated in a"" or +art o3 the co((unication.
38
4.# Sec. Po".% Ser&.% ' !ech.
39

NS - 04 Information Assurance - 4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NS - 04 Information Assurance - 4

Uploaded by

Copyright:

Available Formats

NETWORK

4.1 Network Architecture

4.1 Network Architecture

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.2 OSI and TCP IP !ode"

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

4.# Sec. Po".% Ser&.% ' !ech.

You might also like