Chap 14 EPCF.ppt 1758KB Jun 23 2011 12:13:04 PM

Ethics, Privacy and
Computer Forensics
Chap 14 Network Basics For
Digital Investigation

Overview of Networks






Imagine a long long cord …. These are networks
Computer connected to a network is called host
NIC – network interface card is the primary
interface with a network
Use hubs, routers, etc. to connect networks of
computers
Computers connected to the global internet use a
protocol called TCP/IP





Enable communication of dissimilar networks
Common language of network talk
An IP address is the address of a host on the network
just like a phone number

Overview of Networks
 Routers

are highly susceptible to
attacks because they are critical to
communication
 Firewalls are security devices that block
service and traffic destined to a certain
port
 Network services include Telnet and FTP
 Hosts have logs that details network
transactions and their data and time


Network Technology


Attached Resource Computer Network (ARCNET)








Earliest network technology
Developed by Datapoint Corp in 1970’s
Used active and passive hubs in the topology
Based on token scheme (proprietary)
Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)

Ethernet







Most popular and accepted technology for networking
Each computer has a NIC and it is connected to a central hub,
switch or router
Variable speeds
Uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)
Like people at a dinner party, when two start talking at the
same time, both stop talking and then only one starts talking
again

A typical ARCNET configuration.

Network Technology



Fiber Distributed data Interface (FDDI)










Encoding pulses of light
Expensive but fast
Data travel in only one direction

Developed in mid-1980’s
High Speed backbone connection between
distributed LANs
Dual Counter Rotating Rings: one primary, one

secondary
Attach up to 1000 workstations in both directions
Multiple messages/tokens rotate at the same time

Token Passing
 Token

circulates on a Ring Topology
 Sender acquires free token, attaches
message and sends downstream
 Receiver copies message and
acknowledges same in busy token
 Original sender responsible for taking the
message off the ring and sending a free
token downstream
 Deterministic performance
 Good

for factories
 Can calculate maximum time to get to a unit


An FDDI network with primary and secondary token rings. During normal conditions, only
one of the rings is used and data travels in one direction. When a station or a cable
segment fails, the traffic loops to form a closed ring, moving data in the opposite
direction.

Network Technology
 Asynchronous

Transfer Mode (ATM)

 Uses

fiber optics and special equipment called
ATM switches
 Gigbts/sec communication rate
 Establishes a connection first
 ATM switch is connected to a large network
 Connection-oriented


protocol (over virtual
paths and/or channels)
 Backbone Technology; switch-based; fiber
based

Wireless
WLAN – uses RF technology
 WAP – Wireless Access Point –
connects to wired LAN; acts as a
wireless hub
 WLAN Adapters – wireless NICs with
antennas
 Wireless supports peer-to-peer
without WAPs


IEEE 802.11g
 Speeds

of 1-54 Mbps

 Uses the 2.4GHz band
 Is backwards compatible with IEEE
802.11b
 Ratified in June of 2003

802.11 Wireless Security Issues
 Easy

to “listen” for id and password
 Easy to mimic in order to gain access
to the wired Network
 Earliest Protection was WEP – Wired
Equivalent Privacy – which was easy
to crack

WPA
 Wi-Fi

Protected Access
 Replacement for WEP

 WPA password initiates encryption
 Encryption key changes every packet
 Much harder to crack than WEP
 Does not work in Ad Hoc Mode

Bluetooth
A

wireless standard; short range
 Used to connect network appliances,
printers, …
 Low Power; max speed – 1Mbps over 30
foot area or less
 Operates in the 2.4GHz band and can
interfere with 802.11b
 Connects devices point to point

A WLAN with two access points.

Wireless standards.


Multiple access points with overlapping coverage.

OSI Reference Model
Provides

useful way to describe and
think about networking
Breaks networking down into series
of related tasks
Each aspect is conceptualized as a
layer
Each task can be handled
separately

The OSI Communications
Reference Model
 OSI

– Open Systems Interconnection

Committee of ISO
 Reference adopted in 1978 (took 6 yrs)
 Resulted in very little actual product
(software)
 Is THE standard for describing
networks; the linqua franca of
networking world wide

Understanding Layers
Layering

helps clarify process of
networking
Groups related tasks &
requirements
OSI model provides theoretical
frame of reference
Clarifies

what networks are
Explains how they work

OSI Reference Model
Structure

Breaks

networked communications
into even layers:
Application
Presentation
Session
Transport
Network
Data

Link
Physical

OSI Reference Model
Structure

 Each

layer responsible for different
aspect of data exchange
 Each layer puts electronic envelope
around data as it sends it down layers
or removes it as it travels up layers for
delivery
 Each layer of OSI model
communicates and interacts with
layers immediately above and below it

OSI Reference Model
Structure
Interface

boundaries separate

layers
Individual layer communicates
only adjacent layers
“Peer layers” describes logical or
virtual communication between
same layer on both sending and
receiving computers

Relationships Among
OSI Layers

 Date

OSI Reference Model
Structure

is broken into packets or PDUs as it
moves down stack
PDU

stands for protocol data unit, packet data unit, or
payload data unit

 PDU

is self-contained data structure from one
layer to another
At

sending end, each layer adds special formatting or
addressing to PDU
At receiving end, each layer reads packet and strips
off information added by corresponding layer at
sending end

Application Layer
Layer

7 is top layer of OSI reference
model
Provides general network access
Includes set of interfaces for
applications to access variety of
networked services such as:
File

transfer
E-mail message handling
Database query processing

May

also include error recovery

Presentation Layer
 Layer

6 handles data formatting and
protocol conversion
 Converts outgoing data to generic
networked format
 Does data encryption and decryption
 Handles character set issues and
graphics commands
 May include data compression
 Includes redirector software that redirects
service requests across network

Session Layer
 Layer

5 opens and closes sessions
 Performs data and message exchanges
 Monitors session identification and security
Performs

logout

 Provides

name lookup and user login and

synchronization services on both

ends
 Determines which side transmits data,
when, and for how long
 Transmits keep-alive messages to keep
connection open during periods of inactivity

Transport Layer
Layer

4 conveys data from sender to
receiver
Breaks long data payloads into
chunks called segments
Includes error checks
Re-sequences chunks into original
data on receipt
Handles flow control

Network Layer
 Layer

3 addresses messages for delivery
 Translates logical network address into
physical MAC address
 Decides how to route transmissions
 Handles packet switching, data routing,
and congestion control
 Through fragmentation or segmentation,
breaks data segments from Layer 4 into
smaller data packets
 Reassembles data packets on receiving end

Data Link Layer
 Layer

2 creates data frames to send to
Layer 1
 On receiving side, takes raw data from
Layer 1 and packages into data frames
Data

frame is basic unit for network traffic on
the wire
See next slide for contents of typical data frame

 Performs

Cyclic Redundancy Check (CRC)
to verify data integrity
 Detects errors and discards frames
containing errors

Data Frame

Physical Layer
 Layer

1 converts bits into signals for
outgoing messages and signals into bits
for incoming messages
 Manages computer’s interface to medium
 Instructs driver software and network
interface to send data across medium
 Sets timing and interpretation of signals
across medium
 Translates and screens incoming data for
delivery to receiving computer

Actions of Each layer of
OSI Reference Model

OSI in Summary
 The

Reference Model breaks the
communication process into seven
distinct and independent layers
 Each layer’s functionality is well
defined as is its interface with
surrounding layers and peer layers
 Lower layers service upper layers in
sequence

Network interconnection hardware operates at various layers of
the OSI model.