Itp 457 network security
1 / 23

ITP 457 Network Security - PowerPoint PPT Presentation

ITP 457 Network Security Networking Technologies III IP, Subnets & NAT Internet Protocol( IP) IP handles end-to-end delivery Most commonly used network layer protocol All traffic on the internet uses IP Internet Protocol ( IP)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

ITP 457 Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

ITP 457Network Security

Networking Technologies III

IP, Subnets & NAT

Internet Protocol( IP)

  • IP handles end-to-end delivery

  • Most commonly used network layer protocol

  • All traffic on the internet uses IP

Internet Protocol ( IP)

  • Upon receiving packet from Transport layer, IP layer generates a header

  • Header includes : source and destination IP addresses

  • Header is added to front of TCP packet to create a resulting IP packet.

  • Purpose of IP is to carry packets end to end across a network.

IP header

Source IP address

Destination IP address


IP addresses

  • Identify each individual machine on the internet

  • 32 bits in length

  • Hackers attempt to determine all IP address in use on a target network – “network mapping”

  • Hackers generate bogus packets appearing to come from a given IP address – “IP address spoofing”

IP Addresses in depth

  • 32 bits, with 8 bit groupings

    • E.x:

    • Each number between the dots can be between 0 and 255

    • 4 billion combinations

      • Not really

      • Allocated in groups called address blocks

        • 3 sizes, based on the class of the address

        • Class A, Class B, and Class C

Class A Addresses

  • Giant organizations

  • There are no more available

  • All IP addresses are of the form:

    0 – 126.x.x.x

    x can be between 0 and 255

  • The first octet is assigned to the owner, with the rest being freely distributable to the nodes

  • Has a 24 bit address space

  • Uses up to half of the total IP addresses available!!!

  • Who owns these???

    • Internet Service Providers

    • Large internet companies

      • Google, CNN, WB

Class B Addresses

  • Large Campuses or Organizations

    • Example: Colleges, including USC

  • These are running out!!!

  • All Class B Addresses are of the form:

    128 - 191.x.x.x

    Where x can take any number between 0 and 255

  • The first two octets are assigned to the address block owner, with the last two being freely distributable

    • Example: 128.125.x.x  USC

    • Example: 169.232.x.x  UCLA

  • 16-bit address space

  • ¼ of all IP addresses belong to Class B Addresses

Class C Addresses

  • Small to mid-sized businesses

  • A fair number left

  • All Class C Addresses have the following format:


  • The first three octets are assigned, with the last being freely distributable

    • Only 253 distributable addresses within a Class C Address

Reserved Addresses

  • Private Networks (no public connections)

    • 10.x.x.x

    • 172.16.x.x

    • 192.168.x.x

  • 127.x.x.x – local network (loopback)

  • – broadcast – sends to everyone on the network


  • IP address has 2 components

    • Network address

    • Host address

  • Determined by the address and the class of the address

  • Example (Class C):

    • IP Address:

    • Network address: 192.168.3

    • Host address: 16

Packet Fragmentation

  • Various transmission media have different characteristics

  • Some require short packets others require longer packets

  • E.g. satellite – longer packets

  • Local LAN – shorter packets

Packet Fragmentation

  • To optimize packet lengths for various communication links, IP offers network elements (routers and firewalls) the ability to slice up packets into smaller pieces, a process called fragmentation.

  • The end system’s IP layer is responsible for reassembling all fragments

  • Hackers use packet fragmentation to avoid being detected by Intrusion Detection Systems

Lack of Security in IP

  • IP version 4 does not include any security

  • All components of packets are in clear text, nothing is encrypted

  • Anything in the header or data segment can be viewed or modified by the hacker

    • TCP/UDP Hijacking

    • “Man-in-the-middle” attack


  • ICMP – Internet Control Message Protocol

  • It is the Network Plumber

  • Its job is to transmit command and control information between networks and systems

ICMP examples

  • “ping” request = ICMP Echo message

  • If the “pinged” system is alive it will respond with ICMP Echo Reply Message

    • Try pinging




    • Will they all work?

  • Some sites have disabled ping. Why?

    • Ping-of-death  a ping too big

    • Ping flooding  type of denial-of-service attack

Routers and packets

  • Routers

    • Transfer packets from network to network

    • They determine the path that a packet should take across the network specifying from hop to hop which network segments the packets should bounce through as they travel across the network

  • Most networks use dynamic routing

    • RIP, EIGRP

    • We will be discussing these technologies later in the course

Network address translation

  • NAT

  • Blocks of addresses are allotted to ISP’s and organizations

    • Classes of IP Addresses

  • What happens when we have more computers than IP Addresses?

    • We have a Class C address – allows 253 computers

    • Our organization has 1000 computers

    • What do we do???


  • Reserve a range of IP addresses to build your own IP network

    • 10.x.y.z - un-routable IP addresses

    • 172.16.y.z

    • 192.168.y.z

  • How to connect these machines to Internet?

Network Address Translation

  • Use a gateway /router to map invalid addresses to valid IP addresses

    • Translates your local address to a routable address

    • Router receives one IP Address

      • Either dynamically assigns addresses to all the nodes behind the router, or it is assigned statically using non-routable addresses

        • If dynamic, uses DHCP (Dynamic Host Configuration Protocol)

      • When someone inside the network wants to access a computer outside the local network (the internet), the request is sent to the router, which uses NAT to send the request to the internet

NAT and security?

  • Does NAT improve security?

    • It hides internal IP addresses from hacker

    • NAT must be combined with “firewalls” for optimum security



  • Network traffic cops

  • Tools that control the flow of traffic going between networks

  • By looking at addresses associated with traffic, firewalls determine whether connections should be transmitted or dropped

  • We will cover the setup and configuration of firewalls in great depth later in class

  • Login