1. CATEGORIES AND FUNCTION OF GATEWAYS
1.1. joins two networks so the devices on one network can communicate with the devices on another network
1.2. categories
1.2.1. unidirectional gateways
1.2.2. bidirectioal gateways
2. PROTOCOL ANALYSIS
2.1. TCP/IP SUITE PROTOCAL
2.1.1. Transmission Control Protocol / internet Protocol
2.1.2. protocols used to connect host on the internet
2.1.3. facto standard on the internet and has becomes the protocol of choice on LANs and WANs.
2.2. TCP INTERFACES
2.3. PROBLEM RELATED TO TCP
2.3.1. PACKET REPLICATION
2.3.1.1. Packets are retransmitted over the network if there is congestion or if the packet lost.
2.3.2. CHECKSUM ERROR
2.3.2.1. The checksum is part of the TCP header field. The purpose of a checksum is to ensure data integrity. A failed checksum indicates a problem with the data in a packet. In this case, the packet has to be retransmitted.
2.3.3. BOTTLENECK BANDWIDTH
2.3.3.1. A bandwidth bottleneck is a phenomenon where the performance of a network is limited because not enough bandwidth is available to ensure that all data packets in the network reach their destination.
2.3.3.2. Bottleneck bandwidth is the rate at which all bandwidth is used and even a single additional packet cannot be accommodated.
2.3.4. PACKET LOSS
2.3.4.1. Packet loss occurs when one or more packetsof data travelling across a computer network fail to reach their destination. Packet loss is typically caused by network congestion. Packet loss is measured as a percentage of packets lost with respect to packets sent.
2.4. IP DATAGRAM
2.4.1. Packets in the network (internet) layer are called datagrams. A datagram is a variable-length packet consisting of two parts: header and data. The header is 20 to 60 bytes in length and contains information essential to routing and delivery
2.4.2. Data transmitted over an internet using IP is carried in messages called IP datagram Each IP datagram contains a specific set of fields in a specific order so that the reader knows how to decode and read the stream of data received.
2.4.3. MAXIMUM TRANSFER UNIT (MTU)
2.4.3.1. A maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes) It can be sent in a packet- or frame-based network such as the Internet. The Internet's TCP uses the MTU to determine the maximum size of each packet in any transmission
2.4.4. FRAGMENTATION
2.4.4.1. An Internet Protocol (IP) process that breaks datagrams into smaller pieces (fragments). So that packets may be formed that can pass through a link with a smaller maximum transmission unit (MTU) than the original datagram size.
2.4.4.2. Fragmentation can be done at the sender or at intermediate routers The same datagram can be fragmented several times. Reassembly of original datagram is only done at destination hosts !!
2.4.5. ENCAPSULATION
2.4.5.1. When data moves from upper layer to lower level of TCP/IP (outgoing transmission) each layer includes a bundle of relevant information called a header along with the actual data. The data package containing the header and the data from the upper layer then becomes the data that is repackaged at the next lower level with lower layer's header.
2.4.5.2. Header is the supplemental data placed at the beginning of a block of data when it is transmitted. This supplemental data is used at the receiving side to extract the data from the encapsulated data packet. This packing of data at each layer is known as data encapsulation.
2.5. MODES IN ENCAPSULATING SECURITY PAYLOAD (ESP)
2.5.1. Encapsulating Security Payload is primarily designed to provide encryption, authentication and protection services for the data or payload that is being transferred in an IP network. ESP doesn’t protect the packet header; however, in a tunnel mode if the entire packet is encapsulated within another packet as a payload/data packet, it can encrypt the entire packet residing inside another packet.
2.5.2. Typically, in an IP network packet, the ESP header is placed after the IP header. The components of an ESP header include sequence number, payload data, padding, next header, an integrity check and sequenced numbers.
2.5.3. TUNNEL MODE
2.5.3.1. Tunnel mode protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by a another set of IP headers. Additional headers are added to the packet; so the payload MSS is less. In tunnel mode, the entire IP packet is encrypted and/or authenticated.
2.5.4. TRANSPORT MODE ESP
2.5.4.1. Tunnel mode protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by a another set of IP headers. Additional headers are added to the packet; so the payload MSS is less. In transport mode, only the payload of the IP packet is usually encrypted and/or authenticated
2.6. IPV6 HEADER FORMAT
2.6.1. The wonder of IPv6 lies in its header. An IPv6 address is 4 times larger than IPv4, but surprisingly, the header of an IPv6 address is only 2 times larger than that of IPv4. All the necessary information that is essential for a router is kept in the Fixed Header. The Extension Header contains optional information that helps routers to understand how to handle a packet/flow.
2.6.2. The following list describes the function of each header field. Version – 4-bit version number of Internet Protocol = 6. Traffic class – 8-bit traffic class field. Flow label – 20-bit field. Payload length – 16-bit unsigned integer, which is the rest of the packet that follows the IPv6 header, in octets.
2.6.3. Next header – 8-bit selector. Identifies the type of header that immediately follows the IPv6 header. Uses the same values as the IPv4 protocol field. Hop limit – 8-bit unsigned integer. Decremented by one by each node that forwards the packet. The packet is discarded if the hop limit is decremented to zero.
2.6.4. Source address – 128 bits. The address of the initial sender of the packet. Destination address – 128 bits. The address of the intended recipient of the packet. The intended recipient is not necessarily the recipient if an optional routing header is present.
2.7. COMMON PROTOCOLS AND STANDARDS
2.7.1. DOMAIN NAME SERVER SECURITY (DNSSEC)
2.7.1.1. DNS Security Extensions (DNSSEC) created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats. The purpose of DNSSEC is to increase the security of the Internet as a whole by addressing DNS security weaknesses. Essentially, DNSSEC adds authentication to DNS to make the system more secure.
2.7.2. GENERIC SECURITY SERVICES API (GSSAPI)
2.7.2.1. Also GSS-API) is an application programming interface for programs to access security services. The GSSAPI the problem of many similar but incompatible security services in use today. Provides an authentication, key exchange and encryption interface to different cryptographic algorithms and systems.
2.7.2.2. GSSAPI is an application programming interface for programs to access security services. •The GSSAPI interface provides 5 groups of services: •Credential Management Services •Context-Level Services •Authentication Services •Confidentiality Services •Support Services
2.7.3. SECURE SOCKETS LAYER (SSL)
2.7.3.1. Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the internet.
2.7.4. SECURE HYPERTEXT TRANSFER PROTOCOL (SHTTP)
2.7.4.1. S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web. Each S-HTTP file is either encrypted, contains a digital certificate, or both. A major difference is that S-HTTP allows the client to send a certificate to authenticate the user
2.7.5. SECURITY TOKENS
2.7.5.1. A small hardware device that the owner carries to authorize access to a network service. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (pin), Which authorizes them as the owner of that particular device
2.7.6. BlackDuck
2.7.6.1. Black Duck Software attempts to address that question with Black Duck Hub, a system that allows enterprise developers and code auditors to continuously audit the use of third-party open source code for known vulnerabilities.
3. KEY ELEMENTS IN A NETWORK
3.1. Nodes
3.1.1. can be a computer, printer, or any other device capable of sending and or receiving data generated by other nodes on the network
3.2. Network Backbone
3.2.1. part of computer network that interconnects various pieces of network, providing a path for the exchange of information between different LANs or subnetworks
3.3. Segments
3.3.1. segment is a small section of a network
3.4. Subnets
3.4.1. subnetwork or subnet, is a logically visible subdivistion of an IP network
4. IP AND VIRTUAL ADDRESSES
4.1. internet protocol address
4.1.1. An Internet protocol address (IP address) is a numerical label assigned to each device (computer, printer) participating in a computer network that uses the Internet Protocol for communication
4.1.2. IPV4
4.1.2.1. Internet Protocol version 4
4.1.2.2. consists of 2 bits
4.1.3. IPV6
4.1.3.1. A new Internet addressing system Internet Protocol version 6 (IPV6) is being deployed to fulfill the need for more Internet addresses
4.1.3.2. consists of 128 bits
4.1.3.3. allow for approximately three hundred and forty trillion unique IP adresses
4.2. virtual IP address
4.2.1. an IP address that is shared among multiple domain names or multiple servers
4.2.2. A virtual IP address eliminates a host"s dependency upon individual network interfaces
4.2.3. Incoming packets are sent to the system VIPA address, but real network interfaces