Networking+ 4.1

CIAT Networking Fundamentals, Part 1 Notes

General Information

  • Course: CIS 102 A

  • Institution: California Institute of Applied Technology

  • Class Schedule: Week 4 Night 2 begins at 6 PM Pacific Time

Week 4 Night 2 Agenda

  • Review of Week 4 Night 1

  • Introduction to Encryption

  • Overview of Remote Access Protocols

  • Discussion of Troubleshooting Network Issues

  • Lab Exercise 4.2

Week 4 Night 1 Review

Topics Covered
  • Protocols

  • Transmission Control Protocol (TCP)

  • User Datagram Protocol (UDP)

  • Internet Protocol (IP)

  • Internet Control Message Protocol (ICMP)

  • Address Resolution Protocol (ARP)

  • Neighbor Discovery

  • Ethernet

  • Remote Access Protocols

  • Troubleshooting Network Issues

Chapter 4: Protocols

Objectives

By the end of this session, you should be able to:

  1. Secure network data and transmissions using encryption protocols.

  2. Configure remote access connections between devices.

  3. Employ various TCP/IP utilities for network discovery and troubleshooting.

Encryption Protocols

Overview
  • Definition: Encryption protocols utilize a mathematical code known as a cipher to scramble data, making it readable only by reversing the cipher.

  • Performance Benchmarks:

    • Confidentiality: Ensuring that information is not made available or disclosed to unauthorized individuals.

    • Integrity: Proving that data has not been altered during transmission.

    • Availability: Ensuring that authorized users have access to the information when needed.

  • Together, these principles form the CIA Triad of security standards.

Encryption Methods
  • Key Definition: A key is a random string of characters integrated into the original data’s bits.

    • It generates a unique data block known as ciphertext.

    • Keys are created using specific rules or algorithms.

    • Private Key Encryption (Symmetric Cryptography): Data is encrypted using a single key known only to the sender and receiver.

    • Public Key Encryption (Asymmetric Cryptography): Data is encrypted with a private key known only to the user and decrypted with a mathematically related public key, accessible via a third-party source.

Digital Certificates and PKI
  • A key's owner may create a Digital Certificate, a small file containing the user’s verified identification information and public key.

  • These certificates are issued by a Certificate Authority (CA).

  • The relationship between public keys and entities is governed by Public-Key Infrastructure (PKI).

  • Authentication: The process of confirming that an entity is who they claim to be.

  • A Self-Signed Certificate is issued by the entity itself rather than a trusted third party.

Key Management
  • Definition: Key management involves enforcing standards throughout a key's life cycle.

  • Key Life Cycle Phases:

    • Creation

    • Storage

    • Access

    • Backup

    • Rotation

    • Revocation

    • Deletion

  • Access permission can be managed for tasks related to keys.

  • Secure conversations use keys and certificates, with specific protocols required for actual encryption processes.

Secure Sockets Layer (SSL) & Transport Layer Security (TLS)

SSL/TLS Overview
  • Both SSL and TLS are methods for encrypting TCP/IP transmissions.

  • Upon establishing an SSL/TLS connection, a unique session initializes through an SSL handshake protocol.

    • This handshake enables client and server authentication and is analogous to a TCP three-way handshake.

Internet Protocol Security (IPsec)

Overview
  • IPsec Definition: An encryption protocol suite defining rules for encryption, authentication, and key management for TCP/IP transmissions.

  • IPsec Process Steps:

    1. IPsec initiation

    2. Key management

    3. Security negotiations

    4. Data transfer

    5. Termination

Troubleshooting Tools

Netstat
  • The netstat command displays active TCP connections, ports the computer is listening on, Ethernet statistics, the IP routing table, and various network protocol statistics.

    • netstat -a: Displays all active connections and listening ports.

    • netstat -b: Shows executables involved in creating each connection.

    • netstat -e: Provides Ethernet statistics (bytes and packets sent/received).

    • netstat -n: Displays IP addresses and port numbers numerically, useful for scripts.

    • netstat -o: Shows owning process ID associated with each connection.

    • netstat -r: Displays the routing table.

    • netstat -s: Shows statistics for each protocol (TCP, UDP, ICMP, IP).

Tracert
  • The tracert command helps diagnose network issues by tracing packet paths to a destination.

    • Sends ICMP echo requests with incrementally increasing Time-To-Live (TTL) values.

    • Each router decreases the TTL by 1 before forwarding; a TTL of 0 triggers an ICMP "Time Exceeded" message back to the source.

    • Basic commands:

    • tracert <hostname>: Trace the route to a hostname/IP.

    • tracert -d <hostname>: Prevents resolving IPs to hostnames.

    • tracert -h <maximumhops> <hostname>: Specifies maximum hops (default is 30).

    • tracert -w <timeout> <hostname>: Sets reply timeout in milliseconds.

    • tracert -4 <hostname>: Forces IPv4 use.

    • tracert -6 <hostname>: Forces IPv6 use.

tcpdump
  • tcpdump Definition: A command-line packet sniffer for Linux and Unix OSs that captures network traffic.

  • Output can be saved for filtering or playback.

  • Usage requires root access or use of the sudo command before tcpdump commands.

Solving Common Network Problems

Common Issues
  • Duplicate MAC Addresses: Problem arises when two devices share a MAC address.

    • Such issues can lead to MAC spoofing, a significant security risk.

    • Switches typically detect this and provide error messages for tracking down rogue devices.

  • Hardware Failure:

    • Failure in routers, switches, NICs leads to complications. Steps to address include using tracert/traceroute to identify malfunctioning devices.

    • Targeting nodes beyond the questionable router often provides clearer feedback.

    • Utilize ping for connectivity testing.

Lab Exercise 4.2

Topics Covered
  • Subnetting

  • VLANs

  • Routing

  • Layer 3 Switches

  • Trunks

Remote Access Protocols

Overview
  • Remote Access: The service allowing clients to connect to and log on to servers, LANs, or WANs in different geographical locations.

  • Requires a Remote Access Server (RAS).

  • Types include:

    • Remote file access

    • Terminal emulation

    • VPNs (Virtual Private Networks)

Remote File Access
  • FTP (File Transfer Protocol): Transfers files in plaintext.

  • Other technologies include:

    • FTPS (FTP Secure): Adds SSL/TLS encryption to FTP.

    • SFTP (Secure FTP): Encrypted file transfer through SSH with authentication.

    • TFTP (Trivial FTP): Simplified version of FTP without security.

Terminal Emulator
  • Definition: Software enabling clients to control remote host computers.

  • Examples of Command-line software:

    • Telnet

    • SSH

  • Examples of GUI-based software:

    • Remote Desktop for Windows

    • VNC

    • LogMeIn Rescue

    • TeamViewer

Terminal Emulator Specifics
  • Telnet: Allows remote control without security measures.

  • SSH (Secure Shell): Offers secure authentication and encryption, protecting against security threats such as unauthorized access and data interception.

  • RDP (Remote Desktop Protocol): Microsoft’s proprietary protocol for remote computer control.

  • Out-of-Band Management (OOBM): Utilizes a dedicated connection for centralized management of network devices via a console server or console router.

Virtual Private Networks (VPN)

VPN Overview
  • A VPN service encrypts internet traffic to enhance online privacy and security.

    • It creates an encrypted tunnel, securing data from eavesdropping and hiding IP addresses, making user activities difficult to trace.

  • Types of VPNs:

    • Site-to-Site

    • Client-to-Site

    • Client-to-Client

    • Host-to-Host

VPN Tunneling Protocols
  • VPNs utilize protocols to encapsulate higher-layer protocols through a process called Tunneling.

    • Many operate at the Data Link Layer, while some work at Layer 3 for added features.

    • Typically require an additional encryption protocol for data security.

Common VPN Tunneling Protocols
  • L2TP (Layer 2 Tunneling Protocol): Supports virtual private networks.

  • GRE (Generic Routing Encapsulation): Cisco-developed protocol encapsulating various network layer protocols.

  • OpenVPN: An open-source protocol for secure connections.

  • IKEv2: Part of the IPsec suite, establishing secure communication channels between clients and servers.

Summary

After this lesson, you should be able to:

  1. Describe core TCP/IP protocols.

  2. Secure network data using encryption protocols.

  3. Configure remote access connections.

  4. Utilize various TCP/IP tools for network troubleshooting.