is3220 information technology infrastructure security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IS3220 Information Technology Infrastructure Security PowerPoint Presentation
Download Presentation
IS3220 Information Technology Infrastructure Security

Loading in 2 Seconds...

play fullscreen
1 / 24

IS3220 Information Technology Infrastructure Security - PowerPoint PPT Presentation


  • 574 Views
  • Uploaded on

IS3220 Information Technology Infrastructure Security. Unit 1 Essential TCP/IP Network Protocols and Applications. Learning Objective. Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking. Key Concepts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

IS3220 Information Technology Infrastructure Security


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and Applications

    2. Learning Objective Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking

    3. Key Concepts • TCP/IP protocol analysis using NetWitness Investigator • Differentiating clear-text from cipher-text • Essential TCP/IP characteristics • IP networking protocol behavior • Network management tools

    4. EXPLORE: CONCEPTS

    5. TCP/IP Networking and OSI Reference Models

    6. TCP/IP Protocol Suite

    7. The Structure of a Packet

    8. A Packet Moves Through the Protocol Stack

    9. Protocol Analysis Functions of a Protocol Analyzer • Why analyze data packets? • Detect network problems, such as bottlenecks • Detect network intrusions • Check for vulnerabilities • Gather network statistics • What does a protocol analyzer do? • Captures and decodes data packets traveling on a network • Allows you to read and analyze them

    10. NetWitness Investigator • Threat analysis software • Protocol Analyzer • Captures raw packets from wired and wireless interfaces • Analyzes real-time data throughout the seven layers

    11. NetWitness Investigator (cont.) • Filters by Media Access Control (MAC) address, IP address, user, and more • Supports Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) • Gets daily threat intelligence data from the SANS Internet Storm Center • Freely available

    12. Wireshark • Network protocol analyzer • Captures Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other packets • Analyzes real-time and saved data • Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others • Supports IPv4 and IPv6 • Allows Voice over IP (VoIP) analysis • Freely available

    13. EXPLORE: PROCESS

    14. Packet Capture Using NetWitness Investigator

    15. Trace Analysis Using NetWitness Investigator Navigation Search

    16. TCP/IP Transaction Sessions • Connection-oriented • Sender • Breaks data into packets • Attaches packet numbers • Receiver • Acknowledges receipt; lost packets are resent • Reassembles packets in correct order

    17. TCP Three-Way Handshake 1 - SYN 2 - SYN/ACK 3 - ACK Host Server Synchronize (SYN) Acknowledge (ACK)

    18. TCP Connection Termination 1 – ACK/FIN 2 –ACK 3 –ACK/FIN Host Server 4 - ACK Acknowledge (ACK) Finish (FIN)

    19. TCP Connection Reset 1 - SYN 2 –SYN/ACK 3 - RST Host Server Synchronize (SYN) Acknowledge (ACK) Reset (RST)

    20. EXPLORE: CONTEXT

    21. IPv4 Addressing • Assigned to computers for identification on a network • 32-bit address space • Internet routing uses numeric IP addresses • Dotted decimal notation • Example: 192.168.0.10 • IP addresses in packet headers • A packet makes many hops between source and destination

    22. Network Protocol Examination • Normal Packet • Connecting to an FTP server • Port 53 (dns) in UDP • Three-way handshake completes • Packet Showing Evidence of Port Scan • Series of TCP packets, part of three-way handshake • Arrange segments in sequential order by source port • Destination ports also in sequential order • Classic TCP port scan

    23. Clear-Text Vs Encrypted Protocols • Clear-text Protocols • Are human readable • FTP, Telnet, Simple Mail Transfer Protocol (SMTP), HTTP, Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAPv4), Network Basic Input/Output System (NetBIOS), Simple Network Management Protocol (SNMP) • Encrypted Protocols • Are not human readable • Secure Shell (SSH), SSH File Transfer Protocol (SFTP), HTTP Secure (HTTPS)

    24. Summary • TCP/IP protocol analysis using NetWitness Investigator • Differentiating clear-text from cipher-text • Essential TCP/IP characteristics • IP networking protocol behavior • Network management tools