Networking+ 4.1
CIAT Networking Fundamentals, Part 1 Notes
General Information
Course: CIS 102 A
Institution: California Institute of Applied Technology
Class Schedule: Week 4 Night 2 begins at 6 PM Pacific Time
Week 4 Night 2 Agenda
Review of Week 4 Night 1
Introduction to Encryption
Overview of Remote Access Protocols
Discussion of Troubleshooting Network Issues
Lab Exercise 4.2
Week 4 Night 1 Review
Topics Covered
Protocols
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet Protocol (IP)
Internet Control Message Protocol (ICMP)
Address Resolution Protocol (ARP)
Neighbor Discovery
Ethernet
Remote Access Protocols
Troubleshooting Network Issues
Chapter 4: Protocols
Objectives
By the end of this session, you should be able to:
Secure network data and transmissions using encryption protocols.
Configure remote access connections between devices.
Employ various TCP/IP utilities for network discovery and troubleshooting.
Encryption Protocols
Overview
Definition: Encryption protocols utilize a mathematical code known as a cipher to scramble data, making it readable only by reversing the cipher.
Performance Benchmarks:
Confidentiality: Ensuring that information is not made available or disclosed to unauthorized individuals.
Integrity: Proving that data has not been altered during transmission.
Availability: Ensuring that authorized users have access to the information when needed.
Together, these principles form the CIA Triad of security standards.
Encryption Methods
Key Definition: A key is a random string of characters integrated into the original data’s bits.
It generates a unique data block known as ciphertext.
Keys are created using specific rules or algorithms.
Private Key Encryption (Symmetric Cryptography): Data is encrypted using a single key known only to the sender and receiver.
Public Key Encryption (Asymmetric Cryptography): Data is encrypted with a private key known only to the user and decrypted with a mathematically related public key, accessible via a third-party source.
Digital Certificates and PKI
A key's owner may create a Digital Certificate, a small file containing the user’s verified identification information and public key.
These certificates are issued by a Certificate Authority (CA).
The relationship between public keys and entities is governed by Public-Key Infrastructure (PKI).
Authentication: The process of confirming that an entity is who they claim to be.
A Self-Signed Certificate is issued by the entity itself rather than a trusted third party.
Key Management
Definition: Key management involves enforcing standards throughout a key's life cycle.
Key Life Cycle Phases:
Creation
Storage
Access
Backup
Rotation
Revocation
Deletion
Access permission can be managed for tasks related to keys.
Secure conversations use keys and certificates, with specific protocols required for actual encryption processes.
Secure Sockets Layer (SSL) & Transport Layer Security (TLS)
SSL/TLS Overview
Both SSL and TLS are methods for encrypting TCP/IP transmissions.
Upon establishing an SSL/TLS connection, a unique session initializes through an SSL handshake protocol.
This handshake enables client and server authentication and is analogous to a TCP three-way handshake.
Internet Protocol Security (IPsec)
Overview
IPsec Definition: An encryption protocol suite defining rules for encryption, authentication, and key management for TCP/IP transmissions.
IPsec Process Steps:
IPsec initiation
Key management
Security negotiations
Data transfer
Termination
Troubleshooting Tools
Netstat
The netstat command displays active TCP connections, ports the computer is listening on, Ethernet statistics, the IP routing table, and various network protocol statistics.
netstat -a: Displays all active connections and listening ports.
netstat -b: Shows executables involved in creating each connection.
netstat -e: Provides Ethernet statistics (bytes and packets sent/received).
netstat -n: Displays IP addresses and port numbers numerically, useful for scripts.
netstat -o: Shows owning process ID associated with each connection.
netstat -r: Displays the routing table.
netstat -s: Shows statistics for each protocol (TCP, UDP, ICMP, IP).
Tracert
The tracert command helps diagnose network issues by tracing packet paths to a destination.
Sends ICMP echo requests with incrementally increasing Time-To-Live (TTL) values.
Each router decreases the TTL by 1 before forwarding; a TTL of 0 triggers an ICMP "Time Exceeded" message back to the source.
Basic commands:
tracert <hostname>: Trace the route to a hostname/IP.tracert -d <hostname>: Prevents resolving IPs to hostnames.tracert -h <maximumhops> <hostname>: Specifies maximum hops (default is 30).tracert -w <timeout> <hostname>: Sets reply timeout in milliseconds.tracert -4 <hostname>: Forces IPv4 use.tracert -6 <hostname>: Forces IPv6 use.
tcpdump
tcpdump Definition: A command-line packet sniffer for Linux and Unix OSs that captures network traffic.
Output can be saved for filtering or playback.
Usage requires root access or use of the sudo command before tcpdump commands.
Solving Common Network Problems
Common Issues
Duplicate MAC Addresses: Problem arises when two devices share a MAC address.
Such issues can lead to MAC spoofing, a significant security risk.
Switches typically detect this and provide error messages for tracking down rogue devices.
Hardware Failure:
Failure in routers, switches, NICs leads to complications. Steps to address include using tracert/traceroute to identify malfunctioning devices.
Targeting nodes beyond the questionable router often provides clearer feedback.
Utilize ping for connectivity testing.
Lab Exercise 4.2
Topics Covered
Subnetting
VLANs
Routing
Layer 3 Switches
Trunks
Remote Access Protocols
Overview
Remote Access: The service allowing clients to connect to and log on to servers, LANs, or WANs in different geographical locations.
Requires a Remote Access Server (RAS).
Types include:
Remote file access
Terminal emulation
VPNs (Virtual Private Networks)
Remote File Access
FTP (File Transfer Protocol): Transfers files in plaintext.
Other technologies include:
FTPS (FTP Secure): Adds SSL/TLS encryption to FTP.
SFTP (Secure FTP): Encrypted file transfer through SSH with authentication.
TFTP (Trivial FTP): Simplified version of FTP without security.
Terminal Emulator
Definition: Software enabling clients to control remote host computers.
Examples of Command-line software:
Telnet
SSH
Examples of GUI-based software:
Remote Desktop for Windows
VNC
LogMeIn Rescue
TeamViewer
Terminal Emulator Specifics
Telnet: Allows remote control without security measures.
SSH (Secure Shell): Offers secure authentication and encryption, protecting against security threats such as unauthorized access and data interception.
RDP (Remote Desktop Protocol): Microsoft’s proprietary protocol for remote computer control.
Out-of-Band Management (OOBM): Utilizes a dedicated connection for centralized management of network devices via a console server or console router.
Virtual Private Networks (VPN)
VPN Overview
A VPN service encrypts internet traffic to enhance online privacy and security.
It creates an encrypted tunnel, securing data from eavesdropping and hiding IP addresses, making user activities difficult to trace.
Types of VPNs:
Site-to-Site
Client-to-Site
Client-to-Client
Host-to-Host
VPN Tunneling Protocols
VPNs utilize protocols to encapsulate higher-layer protocols through a process called Tunneling.
Many operate at the Data Link Layer, while some work at Layer 3 for added features.
Typically require an additional encryption protocol for data security.
Common VPN Tunneling Protocols
L2TP (Layer 2 Tunneling Protocol): Supports virtual private networks.
GRE (Generic Routing Encapsulation): Cisco-developed protocol encapsulating various network layer protocols.
OpenVPN: An open-source protocol for secure connections.
IKEv2: Part of the IPsec suite, establishing secure communication channels between clients and servers.
Summary
After this lesson, you should be able to:
Describe core TCP/IP protocols.
Secure network data using encryption protocols.
Configure remote access connections.
Utilize various TCP/IP tools for network troubleshooting.