Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×
Nächste SlideShare
Wird geladen in …3

Hier ansehen

1 von 51 Anzeige

Weitere Verwandte Inhalte

Aktuellste (20)


OSI Model.ppt

  1. 1. UNIT-VIII Network Security Models
  2. 2. 2.2 LAYERED TASKS • We use the concept of layers in our daily life. • As an example, let us consider two friends who communicate through postal mail. • The process of sending a letter to a friend would be complex if there were no services available from the post office.
  3. 3. • OSI Reference Model - internationally standardised network architecture. • OSI = Open Systems Interconnection: deals with open systems, i.e. – systems open for communications with other systems. • The first standard model for network communications, – adopted by all major computer and telecommunication companies in the early 1980s • Specified in ISO 7498. • Model has 7 layers. OSI Reference Model
  4. 4. • Layers 1-4 relate to communications technology. • Layers 5-7 relate to user applications. 7-Layer OSI Model Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Communications subnet boundary
  5. 5. • Level at which applications access network services. – Represents services that directly support software applications for file transfers, database access, and electronic mail etc. – the user creates a message at the application layer using a Web browser by clicking on a link. – The browser translates the user’s message into HTTP. – The rules of HTTP define a specific PDU—called an HTTP packet—that all Web browsers must use when they request a Web page. • Attacks: DOS and DDOS Layer 7: Application Layer
  6. 6. • Related to representation of transmitted data – Translates different data representations from the Application layer into uniform standard format • Providing services for secure efficient data transmission – e.g. data encryption, and data compression. • Attacks: Phishing Layer 6: Presentation Layer
  7. 7. • Allows two applications on different computers to establish, use, and end a session. – e.g. file transfer, remote login • Establishes dialog control – Regulates which side transmits, plus when and how long it transmits. • Performs token management and synchronization. • Attacks: Session Hijacking Layer 5: Session Layer
  8. 8. • Manages transmission packets – Repackages long messages when necessary into small packets for transmission – Reassembles packets in correct order to get the original message. • Handles error recognition and recovery. – Transport layer at receiving acknowledges packet delivery. – Resends missing packets • Attacks: Reconnaissance (Packet sniffing, ping sweeping, Port scanning, social Layer 4: Transport Layer
  9. 9. • Manages addressing/routing of data within the subnet – Addresses messages and translates logical addresses and names into physical addresses. – Determines the route from the source to the destination computer – Manages traffic problems, such as switching, routing, and controlling the congestion of data packets. • Routing can be: – Based on static tables – determined at start of each session – Individually determined for each packet, reflecting the current network load. • Attacks: Man in the middle Layer 3: Network Layer
  10. 10.  Packages raw bits from the Physical layer into frames (logical, structured packets for data).  Provides reliable transmission of frames  It waits for an acknowledgment from the receiving computer.  Retransmits frames for which acknowledgement not received  Attacks: Spoofing ( DNS spoofing, ARP spoofing, IP spoofing etc.) Layer 2: Data Link Layer
  11. 11. • Transmits bits from one computer to another • Regulates the transmission of a stream of bits over a physical medium. • Defines how the cable is attached to the network adapter and what transmission technique is used to send data over the cable. Deals with issues like – The definition of 0 and 1, e.g. how many volts represents a 1, and how long a bit lasts? – Whether the channel is simplex or duplex? – How many pins a connector has, and what the function of each pin is? • Attacks: Sniffing like application Wireshark, Tcpdump Layer 1: Physical Layer
  12. 12. Contd..
  13. 13. • Explicit Presentation and session layers missing in Internet Protocols • Data Link and Network Layers redesigned Internet Protocols vs OSI Application Presentation Session Transport Network Data Link Physical Application TCP IP Network Interface Hardware
  14. 14. Summery of Layers
  15. 15. Internet Model • The OSI model is a formal standard that is documented in one standard, • The Internet model has never been formally defined; it has to be interpreted from a number of standards. • The two models have very much in common simply put, the Internet model collapses the top three OSI layers into one layer. • we use the five-layer Internet model for the rest of this topic.
  16. 16. Layer 1: The Physical Layer • The physical layer in the Internet model, as in the OSI model, is – the physical connection between the sender and receiver. • Its role is to transfer a series of – electrical, radio, or light signals through the circuit. • The physical layer includes all – the hardware devices (e.g., computers, modems, and hubs) and physical media (e.g., cables and satellites). • The physical layer specifies – the type of connection and – the electrical signals, radio waves, or light pulses that pass through it.
  17. 17. Layer 2: The Data Link Layer • It is responsible for moving a message from – one computer to the next computer in the network path from the sender to the receiver. • The data link layer in the Internet model performs the same three functions as the data link layer in the OSI model. • First, it controls the physical layer by deciding – when to transmit messages over the media. • Second, it formats the messages by indicating – where they start and end. • Third, it detects and corrects any errors that have occurred during transmission.
  18. 18. Layer 3: The Network Layer • The network layer in the Internet model performs the same functions as the network layer in the OSI model. • First, it performs routing, in that – it selects the next computer to which the message should be sent. • Second, it can find the address of that – computer if it doesn’t already know it.
  19. 19. Layer 4: The Transport Layer • The transport layer in the Internet model is very similar to the transport layer in the OSI model. • It performs two functions. • First, it is responsible for – linking the application layer software to the network and – establishing end-to-end connections between the sender and receiver when such connections are needed. • Second, it is responsible for – breaking long messages into several smaller messages to make them easier to transmit. – The transport layer can also detect lost messages and request that they be resent.
  20. 20. Layer 5: Application Layer • The application layer is the application software used by the network user and includes much of what the OSI model contains in the – application, presentation, and session layers. • It is the user’s access to the network. • By using the application software, the user defines what – messages are sent over the network. – It discusses the architecture of network applications and – several types of network application software and the types of messages they generate.
  21. 21. Message Transmission Using Layers
  22. 22. TCP/IP REFERENCE Model • four-layered suite of communication protocols. • developed by the DoD (Department of Defence) in the 1960s. • Named after the two main protocols that – TCP and IP. • TCP stands for Transmission Control Protocol and IP stands for Internet Protocol.
  23. 23. Contd.. • The four layers in the TCP/IP protocol suite are − • Host-to- Network Layer − • It is the lowest layer that is concerned with the physical transmission of data. • TCP/IP does not specifically define any protocol here but supports all the standard protocols.
  24. 24. Contd.. • Internet Layer − • It defines the protocols for logical transmission of data over the network. • The main protocol in this layer is • Internet Protocol (IP) and • it is supported by the protocols • ICMP, ARP etc.
  25. 25. Contd.. • Transport Layer − – It is responsible for error-free end-to-end delivery of data. – The protocols defined here are • Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). • Application Layer − – This is the topmost layer and defines the interface of host programs with the transport layer services. – This layer includes all high-level protocols like Telnet, DNS, HTTP, FTP, SMTP, etc.
  26. 26. Contd.. • 4 layers – Layer 1 : Link – Layer 2 : Network – Layer 3 : Transport – Layer 4 : Application
  27. 27. • Link Layer : includes device driver and network interface card • Network Layer : handles the movement of packets, i.e. Routing • Transport Layer : provides a reliable flow of data between two hosts • Application Layer : handles the details of the particular application OSI Model TCP/IP Hierarchy Protocols 7th Application Layer 6th Presentation Layer 5th Session Layer 4th Transport Layer 3rd Network Layer 2nd Link Layer 1st Physical Layer Application Layer Transport Layer Network Layer Link Layer
  28. 28. Protocols to Layers
  29. 29. Packet Encapsulation • The data is sent down the protocol stack • Each layer adds to the data by prepending headers
  30. 30. IP • Responsible for end to end transmission • Sends data in individual packets • Maximum size of packet is determined by the networks – Fragmented if too large • Unreliable – Packets might be lost, corrupted, duplicated, delivered out of order
  31. 31. Routing • How does a device know where to send a packet? – All devices need to know what IP addresses are on directly attached networks – If the destination is on a local network, send it directly there
  32. 32. Routing (cont) • If the destination address isn’t local – Most non-router devices just send everything to a single local router – Routers need to know which network corresponds to each possible IP address
  33. 33. Allocation of addresses • Controlled centrally by ICANN – Fairly strict rules on further delegation to avoid wastage • Have to demonstrate actual need for them • Organizations that got in early have bigger allocations than they really need
  34. 34. IP packets • Source and destination addresses • Protocol number – 1 = ICMP, 6 = TCP, 17 = UDP • Various options – e.g. to control fragmentation • Time to live (TTL) – Prevent routing loops
  35. 35. IP Datagram Vers Len TOS Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source Internet Address Destination Internet Address Options... Padding Data... 0 4 8 16 19 24 31 Field Purpose Vers IP version number Len Length of IP header (4 octet units) TOS Type of Service T. Length Length of entire datagram (octets) Ident. IP datagram ID (for frag/reassembly) Flags Don’t/More fragments Frag Off Fragment Offset Field Purpose TTL Time To Live - Max # of hops Protocol Higher level protocol (1=ICMP, 6=TCP, 17=UDP) ChecksumChecksum for the IP header Source IA Originator’s Internet Address Dest. IA Final Destination Internet Address Options Source route, time stamp, etc. Data... Higher level protocol data You just need to know the IP addresses, TTL and protocol #
  36. 36. Security in the Transport Layer • These protocols are at the level below the application layer. – Two Socket layer • Secure Socket Layer (SSL) and • Transport Layer Security (TLS). • These two are no longer considered as two separate protocols but one under the name SSL/TLS, – after the SSL standardization was passed over to IETF, by the Netscape consortium, and – Internet Engineering Task Force (IETF) renamed it TLS.
  37. 37. Secure Socket Layer (SSL) • SSL is a widely used general purpose cryptographic system used in the two major Internet browsers Netscape and Explorer. • It provides an encrypted end-to-end data path between a client and a server regardless of platform or OS. • Secure and authenticated services are provided through – data encryption, – server authentication, – message integrity, and – client authentication for a TCP connection through HTTP, LDAP or POP3 application layers.
  38. 38. Contd.. • Transport Layer Security (TLS) – TLS is the result of the 1996 Internet Engineering Task Force (IETF) attempt at standardization of a secure method to communicate over the Web. – 1999 outcome of that attempt was released as RFC 2246 spelling out a new protocol- • the Transport Layer Security or TLS. – TLS was charged with providing security and data integrity at the transport layer between two applications. – TLS version 1.0 was an evolved SSL 3.0. Frequently, the new standard is referred to as SSL/TLS. – Since then, however, the following additional features have been added • Interoperability - ability to exchange TLS parameters by either party, with no need for one party to know the others TLS implementation details. • Expandability to plan for future expansions and accommodation of new protocols
  39. 39. Security in the Network Layer • These protocols also address Internet communication security. • These protocols include IPSec and VPN technologies.
  40. 40. Internet Protocol Security (IPSec) • Internet Protocol Security (IPSec) – IPSec is a suite of authentication and encryption protocols • developed by the Internet Engineering Task Force (IETF) and • designed to address the inherent lack of security for IP-based networks. – IPSec, has a very complex set of protocols described in a number of RFCs including RFC 2401 and 2411. – Although it was designed to run in the new version of the Internet Protocol, IP Version 6 (IPv6), it has also successfully run in the older IPv4 as well. – IPSec sets out to offer protection by providing the following services at the network layer • Access Control to prevent an unauthorized access to the resource.
  41. 41. Contd.. – Connectionless Integrity to give an assurance that the traffic received has not been modified in any way. – Confidentiality to ensure that Internet traffic is not examined by non-authorized parties. • This requires all IP datagrams to have their data field, TCP, UDP, ICMP or any other datagram data field segment, encrypted. – Authentication particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. • This prevents spoofed IP addresses. – Replay protection to guarantee that each packet exchanged between two parties is different.
  42. 42. Contd.. • IPSec protocol achieves these objectives by dividing the protocol suite into two main protocols Authentication Header (AH) protocol and the Encapsulation Security Payload (ESP)protocol. • The AH protocol provides source authentication and data integrity but no confidentiality. • The ESP protocol provides authentication, data integrity, and confidentiality. • Any datagram from a source must be secured with either AH or ESP.
  43. 43. Contd.. – IPSec protocol achieves these objectives by dividing the protocol suite into two main protocols • Authentication Header (AH) protocol and • the Encapsulation Security Payload (ESP) protocol. – The AH protocol provides source authentication and data integrity but no confidentiality. – The ESP protocol provides authentication, data integrity, and confidentiality. – Any datagram from a source must be secured with either AH or ESP.
  44. 44. Contd.. – IPSec operates in two modes transport and tunnel – Transport mode • The Transport mode provides host-to-host protection to higher layer protocols in the communication between two hosts in both IPv4 and IPv6. – In IPv4, this area is the area beyond the IP address. – In IPv6, the new extensions to IPv4, the protection includes the upper protocols
  45. 45. Contd.. – Tunnel mode – Tunnel mode offers protection to the entire IP datagram both in AH and ESP between two IPSec gateways. – This is possible because of the added new IP header in both IPv4 and IPv6. Between the two gateways, the datagram is secure and the original IP address is also secure. • However, beyond the gateways, the datagram may not be secure. – Such protection is created when the first IPSec gateway encapsulate the datagram including its IP address into a new shield datagram with a new IP address of the receiving IPSec gateway. – At the receiving gateway, the new datagram is unwrapped and brought back to the original datagram
  46. 46. IP Security Architecture 1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology. 2. ESP Protocol: ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways: 1. ESP with optional Authentication. 2. ESP with Authentication.
  47. 47. Packet Format •Security Parameter Index(SPI): This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server. •Sequence Number: Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly. •Payload Data: Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality. •Padding: Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message. •Next Header: Next header means the next payload or next actual data. •Authentication Data This field is optional in ESP protocol packet format.
  48. 48. Contd.. 3. Encryption algorithm: Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload. 4. AH Protocol: • AH (Authentication Header) Protocol provides both Authentication and Integrity service. • Authentication Header is implemented in one way only: – Authentication along with Integrity. • Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity.
  49. 49. Contd.. 5. Authentication Algorithm: – Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP. 6. DOI (Domain of Interpretation): – DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other. 7. Key Management: – Key Management contains the document that describes how the keys are exchanged between sender and receiver.
  50. 50. Virtual Private Networks (VPN) • Virtual Private Networks (VPN) – A VPN is a private data network that makes use of the public telecommunication infrastructure, such as the Internet, by adding security procedures over the unsecure communication channels. – The security procedures that involve encryption are achieved through the use of a tunneling protocol. – There are two types of VPNs remote access which lets single users connect to the protected company network and site-to-site which supports connections between two protected company networks. – In either mode, VPN technology gives a company the facilities of expensive private leased lines at much lower cost by using the shared public infrastructure like the Internet.