Protocols and Services

 < Free Open Study > 



Network protocols are defined as a common language or set of rules that computers use to communicate with one another. Protocols come in packages known as protocol stacks. Individual protocols reside at each layer of the OSI reference model in order to carry out specified functions. In this section, we will discuss the most commonly used communication protocols such as TCP/IP, IPX/SPX, and ARP. Then, we will focus on protocols specifically designed for security purposes.

Security protocols are typically used to encrypt and decrypt data packets for safe transmission over a communications medium.

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the most popular protocol in use today. It is the protocol of choice for the Internet. TCP/IP is commonly used with Ethernet, Token Ring, and Internet or dial-up network connections. Every computer on a TCP/IP network uses an IP address as a unique numeric identification. An IP address is a 32-bit numeric combination of four period-delimited octets, each of which can be a number from 0-255. IP address can be up to 12 digits long.

An example of an IP address is 209.15.176.206. This IP address is associated with the domain name address, which is provided by a Domain Name Server (DNS) of the publisher of this book, charlesriver.com. From a DOS prompt, I used the TCP/IP ping utility to test my connection to the Charles River Media Web site. Try it. Using Windows 2000, navigate to a DOS prompt. At the DOS prompt, type Ping charlesriver.com. You should receive an associated IP address of the Web site as well as four echo replies.

Another popular TCP/IP utility is the tracert command. The tracert will tell the route you are using to establish a connection with a destination computer. In other words, it will give you all of the TCP/IP addresses and domain names of the computers you are using to reach your final destination. Try the tracert command from a DOS prompt. At the DOS prompt, type tracert charlesriver.com. You will receive the IP addresses and domain names of the computers you are hitting to get to the Charles River Media Web site. The time it takes for your request to go from each of the destination IP addresses you see is measured in units of time called hops. A subnet mask is used to specify which particular network a TCP/IP address belongs to.

You can check the IP configuration of your computer using two popular commands. If you are using Windows 95 or 98, type winipcfg at a DOS prompt. If you are using Windows NT or 2000, type ipconfig or ipconfig/all at a DOS prompt. Your computer's IP address, subnet mask, and default gateway settings will be displayed.

If your computer is unable to communicate with other computers on the network, and all of the other computers are functioning correctly, you should first check your computer's IP address configuration settings. They might not be properly configured. If this is the case, your computer will only be able to access itself.

The IP portion of the TCP/IP protocol is actually responsible for delivering messages and data over networks. The TCP protocol's main function is to package packets back together after they arrive at a destination. It is very important to note the most common versions of IP. They are: IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6.) IPv6 is the latest version of IP. It is packaged with most newer operating systems of the day and in most cases has replaced the earlier IPv4 based on its major improvements. IPv6 provides rules and support for the following types of addressing:

  • Unicast: Transmits rules for sending messages from a single host to another single host.

  • Anycast: Involves rules for transmission from a single host to the nearest possible host from a grouping of hosts.

  • Multicast: Involves rules for transmission from a single host to an entire group of hosts.

The most important fact to remember regarding these two versions of IP is that IPv6 allows for IP addresses to be lengthened from the IPv4 limitation of 32 bits to 128 bits.

IPv6 also allows better authentication, privacy, and improved data delivery assurance.

TCP/IP Address Classes

TCP/IP address classes are divided into five distinct classes as defined by the InterNIC. The InterNIC is a consortium of businesses whose purpose is to manage certain services for Internet users and business. One of the primary services provided by the InterNIC is the management and assignment of TCP/IP address classes. The five classes of TCP/IP addresses provided by the InterNIC are as follows:

  • Class A: Used for large networks. Supports up to 16 million host systems on each of 127 networks.

  • Class B: Used for medium size networks. Supports up to 65,000 host systems on each of 16,000 networks.

  • Class C: Used for small to mid-size networks. Supports up to 254 host systems on each of 2,000,000 networks.

  • Class D: Used for multicast service only.

  • Class E: Used for experimental purposes only.

Address classes A, B, and C each have their own set or block of reserved IP addresses that are specifically used for private internal networks. These IP addresses are not routable addresses and cannot be seen or accessed by default beyond the boundary of the local network on which they are utilized. The reserved addresses for Class A networks are 10.0.0.0 through 10.255.255.255. The reserved addresses for Class B networks are 172.16.0.0 through 172.31.255.255. The reserved addresses for Class C networks are 192.168.0.0 through 192.168.255.255.

The Security+ exam just might ask you a question such as the following:

Which of the following IP addresses is reserved for internal use and cannot be used on the Internet?

A. 172.14.42.5.

B. 172.42.42.5.

C. 172.31.42.5.

D. 172.52.42.5.

The correct answer to this question is C. 172.31.42.5. Notice that all of the other choices do not fit into the range of privately reserved Class B. In other words, the IP address would have to fall between 172.16.0.0 and 172.31.255.255 to be considered private.

IPX/SPX

IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) is a protocol stack used in Novell networks that supports routing. There are several versions of Novell operating systems in use today. When connecting a system to a Novell network, it is often necessary to bind a specific frame type to your network interface card for connection to various Novell operating systems versions. Frame type specifications are beyond our study focus. Just remember that if you have trouble connecting to a Novell network, you should first verify that the proper frame type is bound to your NIC.

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a protocol used to map an IP (Internet Protocol) address at the network layer of the OSI model to a physical hardware address at the MAC (Media access Control) sublayer.

Packets that arrive at a gateway (typically a router) on a network are resolved by an ARP cache or table and directed to the proper destination system or subnetwork based on this IP to MAC resolution technique.

Every network interface card (NIC) has a hard-coded hardware or MAC address programmed to it or burned to its PROM chip by the manufacturer. ARP resolves the computer systems IP address to this hardware address. On a typical Windows 2000 system, you can view your computer system's IP, MAC address, and local ARP cache by navigating to a command prompt and entering arp -a.

The following are the results of entering arp -a on a system:

Interface: 10.1.18.67 on Interface 0x1000003 Internet Address Physical Address Type 10.1.18.1 00-00-0c-07-ac-0d dynamic 10.1.18.77 00-d0-b7-4f-22-f2 dynamic 10.1.18.137 00-10-5a-01-d1-2a dynamic 10.1.18.211 00-d0-b7-4f-55-1b dynamic

Secure Shell (SSH)

Secure Shell (SSH) is a UNIX-based strong authentication method used to allow administrators to access and control remote systems securely. SSH is actually a suite of newer UNIX protocols and utilities including ssh, scp and slogin that replace the older UNIX rcp, rsh, and rlogin utilities. Unlike these older utilities, password encryption and digital certificates are used with SSH to ensure the entire communication channel is secure from the client to server and server to client. This makes it virtually impossible for attackers using spoofing and IP source redirecting techniques to interfere with a communication session. We will discuss SSH in more detail in Chapter 5.

High Level Data Link Control (HDLC)

High Level Data Link Control (HDLC) is a transmission protocol that operates at the Data Link layer (layer 2) of the OSI model. HDLC and SDLC (Synchronous Data Link Control) were originally developed for IBM SNA network architecture.

Today, HDLC is most commonly used in X.25 frame relay packet switching networks that are used by the Internet. HDLC establishes a session for communication where one node is designated as the primary node and another node is designated the secondary node. After this designation takes place, the following communication modes can be implemented:

  • Normal unbalanced mode: The secondary node responds only to the primary node's request.

  • Asynchronous mode: The secondary node can begin the communication by sending a message.

  • Asynchronous balanced mode: Both stations can send and receive messages by duplex transmission. Networks that implement X.25 packet switching most commonly use this mode.

Synchronous Data Link Control (SDLC)

Synchronous Data Link Control (SDLC) is the original IBM developed communications protocol from which HDLC is based. SDLC is based on a primary/secondary communications model where a secure connection is established between a mainframe (host) and a client. Multiple clients can be connected to a common point with SDLC. This connection technique is known as multipoint or multidrop. SDLC is an efficient protocol for private networks with dedicated lines of communication.

Password Authentication Protocol (PAP)

Password Authentication Protocol (PAP) is a basic type of authentication where a username and password are transmitted unencrypted across a network to an authenticating host. The host houses a security table or database that is typically encrypted. If the requesting username and password match those stored in the server's database, an acknowledgement is sent to the requester and authentication is granted. In a Windows client/server environment, the server's security database is called the SAM (Security Accounts Manager.) PAP is an outdated authentication method. If CHAP (described next) is available on a server, it should be used in place of PAP.

Note 

PAP is outdated. For better security, use CHAP.

Challenge-Handshake Authentication Protocol (CHAP)

Challenge-Handshake Authentication Protocol (CHAP) is a much more secure method of authenticating communications between server or agent and requester than PAP. CHAP uses a secret one-way hash value that is generated by the requester and sent to the server. The sever builds upon the hash value and generates a secret MD5 value that is only known to the requester and server. (MD5 is an algorithm used to create digital signatures.) If the requester's value matches the server's hash value, the requester is authenticated. Only the hash value is transmitted during communication using CHAP.

Note 

The CHAP authentication process is called a three-way handshake. It is highly probable that you will run across the CHAP authentication process several times on this exam.

Point-To-Point Protocol (PPP)

Point-To-Point Protocol (PPP) is a full-duplex serial communication protocol that operates at the Data Link layer of the OSI reference model. Internet service providers (ISPs) often use PPP to link their customers to the Internet. PPP has replaced the older SLIP (described next) based on its error-checking capabilities and ability to provide more stability.

Serial Line Internet Protocol (SLIP)

Serial Line Internet Protocol (SLIP) is an older TCP/IP communications protocol used to connect two computer systems. SLIP was and sometimes is still used to connect systems to the Internet through a slow analog dial-up connection. SLIP does not handle error detection as PPP does and is considered outdated technology.

X.25

X.25 is a communications protocol used in packet switching networks designed to handle the passage of analog data. The X.25 standard was adopted by the CCIT (International Consultative Committee for Telegraphy and Telephony) in 1976 as a solution needed to provide interconnection between different types of internal networks.

X.25 operates at the Physical, Data Link, and Network layers of the OSI reference model to provide reliable communication between such communication devices as a host or Data Terminal Equipment (DTE) and a node, known as Data Circuit Terminating Equipment (DCE). X.25 is designed to support Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs). SVCs are circuits that are set up between hosts and are only active as long as data is being transferred between the hosts. PVCs are permanent circuits that exist all of the time. Today, X.25 is used overseas more often than in the USA.

Frame Relay

Frame relay is a telecommunications service based on X.25 packet switching technology. Frame relay is much more effective than X.25 based on its ability to package data packets in variable sizes and leave error correction and other services up to service endpoints in communication. Frame relay is also much faster than X.25 and can take advantage of T1 (1.544 Mbps) and T3 (44.736 Mbps) speeds.

Frame relay technology is available through most phone service providers. It is considered inexpensive and is most commonly used to connect smaller LANs (local area networks) to larger WANs (wide area networks).

ISDN (Integrated Services Digital Network)

ISDN is a baseband transmission technology that is well suited for the transmission of audio and video at rates of up to 128Kbps. ISDN utilizes an adapter that is included with and ISDN router in place of a standard analog modem.

There are two types of ISDN services typically available by ISP or local phone carrier. They are as follows:

  • BRI (Basic Rate Interface): This is an ISDN technology made up of two 64Kbps B-channels that carry data and voice, and a 16Kbps D-channel that is responsible for control information. BRI implementations are common for small business and home use.

  • PRI (Primary Rate Interface): This ISDN technology is used with larger businesses such as ISPs and telecommunication companies. PRI is made up of 23 B-channels and one D-channel. PRI typically utilizes the bandwidth capabilities of a T1 connection.

DSL (Digital Subscriber Line)

DSL is a connection technology over a copper wire that utilizes a regular phone line to bring access speeds of up to 6.1Mbps to homes or businesses. In actuality, DSL offers upload speeds of up to 128Kbps and download speeds of 1.5Mbps for individual connections. DSL also utilizes a modem and is well suited for high-speed transmission of audio and video. DSL has provided major competition to the cable modem.



 < Free Open Study > 



The Security+ Exam Guide. TestTaker's Guide Series
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net