Chap 14 EPCF.ppt 1758KB Jun 23 2011 12:13:04 PM
Ethics, Privacy and
Computer Forensics
Chap 14 Network Basics For
Digital Investigation
Overview of Networks
Imagine a long long cord …. These are networks
Computer connected to a network is called host
NIC – network interface card is the primary
interface with a network
Use hubs, routers, etc. to connect networks of
computers
Computers connected to the global internet use a
protocol called TCP/IP
Enable communication of dissimilar networks
Common language of network talk
An IP address is the address of a host on the network
just like a phone number
Overview of Networks
Routers
are highly susceptible to
attacks because they are critical to
communication
Firewalls are security devices that block
service and traffic destined to a certain
port
Network services include Telnet and FTP
Hosts have logs that details network
transactions and their data and time
Network Technology
Attached Resource Computer Network (ARCNET)
Earliest network technology
Developed by Datapoint Corp in 1970’s
Used active and passive hubs in the topology
Based on token scheme (proprietary)
Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)
Ethernet
Most popular and accepted technology for networking
Each computer has a NIC and it is connected to a central hub,
switch or router
Variable speeds
Uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)
Like people at a dinner party, when two start talking at the
same time, both stop talking and then only one starts talking
again
A typical ARCNET configuration.
Network Technology
Fiber Distributed data Interface (FDDI)
Encoding pulses of light
Expensive but fast
Data travel in only one direction
Developed in mid-1980’s
High Speed backbone connection between
distributed LANs
Dual Counter Rotating Rings: one primary, one
secondary
Attach up to 1000 workstations in both directions
Multiple messages/tokens rotate at the same time
Token Passing
Token
circulates on a Ring Topology
Sender acquires free token, attaches
message and sends downstream
Receiver copies message and
acknowledges same in busy token
Original sender responsible for taking the
message off the ring and sending a free
token downstream
Deterministic performance
Good
for factories
Can calculate maximum time to get to a unit
An FDDI network with primary and secondary token rings. During normal conditions, only
one of the rings is used and data travels in one direction. When a station or a cable
segment fails, the traffic loops to form a closed ring, moving data in the opposite
direction.
Network Technology
Asynchronous
Transfer Mode (ATM)
Uses
fiber optics and special equipment called
ATM switches
Gigbts/sec communication rate
Establishes a connection first
ATM switch is connected to a large network
Connection-oriented
protocol (over virtual
paths and/or channels)
Backbone Technology; switch-based; fiber
based
Wireless
WLAN – uses RF technology
WAP – Wireless Access Point –
connects to wired LAN; acts as a
wireless hub
WLAN Adapters – wireless NICs with
antennas
Wireless supports peer-to-peer
without WAPs
IEEE 802.11g
Speeds
of 1-54 Mbps
Uses the 2.4GHz band
Is backwards compatible with IEEE
802.11b
Ratified in June of 2003
802.11 Wireless Security Issues
Easy
to “listen” for id and password
Easy to mimic in order to gain access
to the wired Network
Earliest Protection was WEP – Wired
Equivalent Privacy – which was easy
to crack
WPA
Wi-Fi
Protected Access
Replacement for WEP
WPA password initiates encryption
Encryption key changes every packet
Much harder to crack than WEP
Does not work in Ad Hoc Mode
Bluetooth
A
wireless standard; short range
Used to connect network appliances,
printers, …
Low Power; max speed – 1Mbps over 30
foot area or less
Operates in the 2.4GHz band and can
interfere with 802.11b
Connects devices point to point
A WLAN with two access points.
Wireless standards.
Multiple access points with overlapping coverage.
OSI Reference Model
Provides
useful way to describe and
think about networking
Breaks networking down into series
of related tasks
Each aspect is conceptualized as a
layer
Each task can be handled
separately
The OSI Communications
Reference Model
OSI
– Open Systems Interconnection
Committee of ISO
Reference adopted in 1978 (took 6 yrs)
Resulted in very little actual product
(software)
Is THE standard for describing
networks; the linqua franca of
networking world wide
Understanding Layers
Layering
helps clarify process of
networking
Groups related tasks &
requirements
OSI model provides theoretical
frame of reference
Clarifies
what networks are
Explains how they work
OSI Reference Model
Structure
Breaks
networked communications
into even layers:
Application
Presentation
Session
Transport
Network
Data
Link
Physical
OSI Reference Model
Structure
Each
layer responsible for different
aspect of data exchange
Each layer puts electronic envelope
around data as it sends it down layers
or removes it as it travels up layers for
delivery
Each layer of OSI model
communicates and interacts with
layers immediately above and below it
OSI Reference Model
Structure
Interface
boundaries separate
layers
Individual layer communicates
only adjacent layers
“Peer layers” describes logical or
virtual communication between
same layer on both sending and
receiving computers
Relationships Among
OSI Layers
Date
OSI Reference Model
Structure
is broken into packets or PDUs as it
moves down stack
PDU
stands for protocol data unit, packet data unit, or
payload data unit
PDU
is self-contained data structure from one
layer to another
At
sending end, each layer adds special formatting or
addressing to PDU
At receiving end, each layer reads packet and strips
off information added by corresponding layer at
sending end
Application Layer
Layer
7 is top layer of OSI reference
model
Provides general network access
Includes set of interfaces for
applications to access variety of
networked services such as:
File
transfer
E-mail message handling
Database query processing
May
also include error recovery
Presentation Layer
Layer
6 handles data formatting and
protocol conversion
Converts outgoing data to generic
networked format
Does data encryption and decryption
Handles character set issues and
graphics commands
May include data compression
Includes redirector software that redirects
service requests across network
Session Layer
Layer
5 opens and closes sessions
Performs data and message exchanges
Monitors session identification and security
Performs
logout
Provides
name lookup and user login and
synchronization services on both
ends
Determines which side transmits data,
when, and for how long
Transmits keep-alive messages to keep
connection open during periods of inactivity
Transport Layer
Layer
4 conveys data from sender to
receiver
Breaks long data payloads into
chunks called segments
Includes error checks
Re-sequences chunks into original
data on receipt
Handles flow control
Network Layer
Layer
3 addresses messages for delivery
Translates logical network address into
physical MAC address
Decides how to route transmissions
Handles packet switching, data routing,
and congestion control
Through fragmentation or segmentation,
breaks data segments from Layer 4 into
smaller data packets
Reassembles data packets on receiving end
Data Link Layer
Layer
2 creates data frames to send to
Layer 1
On receiving side, takes raw data from
Layer 1 and packages into data frames
Data
frame is basic unit for network traffic on
the wire
See next slide for contents of typical data frame
Performs
Cyclic Redundancy Check (CRC)
to verify data integrity
Detects errors and discards frames
containing errors
Data Frame
Physical Layer
Layer
1 converts bits into signals for
outgoing messages and signals into bits
for incoming messages
Manages computer’s interface to medium
Instructs driver software and network
interface to send data across medium
Sets timing and interpretation of signals
across medium
Translates and screens incoming data for
delivery to receiving computer
Actions of Each layer of
OSI Reference Model
OSI in Summary
The
Reference Model breaks the
communication process into seven
distinct and independent layers
Each layer’s functionality is well
defined as is its interface with
surrounding layers and peer layers
Lower layers service upper layers in
sequence
Network interconnection hardware operates at various layers of
the OSI model.
Computer Forensics
Chap 14 Network Basics For
Digital Investigation
Overview of Networks
Imagine a long long cord …. These are networks
Computer connected to a network is called host
NIC – network interface card is the primary
interface with a network
Use hubs, routers, etc. to connect networks of
computers
Computers connected to the global internet use a
protocol called TCP/IP
Enable communication of dissimilar networks
Common language of network talk
An IP address is the address of a host on the network
just like a phone number
Overview of Networks
Routers
are highly susceptible to
attacks because they are critical to
communication
Firewalls are security devices that block
service and traffic destined to a certain
port
Network services include Telnet and FTP
Hosts have logs that details network
transactions and their data and time
Network Technology
Attached Resource Computer Network (ARCNET)
Earliest network technology
Developed by Datapoint Corp in 1970’s
Used active and passive hubs in the topology
Based on token scheme (proprietary)
Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)
Ethernet
Most popular and accepted technology for networking
Each computer has a NIC and it is connected to a central hub,
switch or router
Variable speeds
Uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)
Like people at a dinner party, when two start talking at the
same time, both stop talking and then only one starts talking
again
A typical ARCNET configuration.
Network Technology
Fiber Distributed data Interface (FDDI)
Encoding pulses of light
Expensive but fast
Data travel in only one direction
Developed in mid-1980’s
High Speed backbone connection between
distributed LANs
Dual Counter Rotating Rings: one primary, one
secondary
Attach up to 1000 workstations in both directions
Multiple messages/tokens rotate at the same time
Token Passing
Token
circulates on a Ring Topology
Sender acquires free token, attaches
message and sends downstream
Receiver copies message and
acknowledges same in busy token
Original sender responsible for taking the
message off the ring and sending a free
token downstream
Deterministic performance
Good
for factories
Can calculate maximum time to get to a unit
An FDDI network with primary and secondary token rings. During normal conditions, only
one of the rings is used and data travels in one direction. When a station or a cable
segment fails, the traffic loops to form a closed ring, moving data in the opposite
direction.
Network Technology
Asynchronous
Transfer Mode (ATM)
Uses
fiber optics and special equipment called
ATM switches
Gigbts/sec communication rate
Establishes a connection first
ATM switch is connected to a large network
Connection-oriented
protocol (over virtual
paths and/or channels)
Backbone Technology; switch-based; fiber
based
Wireless
WLAN – uses RF technology
WAP – Wireless Access Point –
connects to wired LAN; acts as a
wireless hub
WLAN Adapters – wireless NICs with
antennas
Wireless supports peer-to-peer
without WAPs
IEEE 802.11g
Speeds
of 1-54 Mbps
Uses the 2.4GHz band
Is backwards compatible with IEEE
802.11b
Ratified in June of 2003
802.11 Wireless Security Issues
Easy
to “listen” for id and password
Easy to mimic in order to gain access
to the wired Network
Earliest Protection was WEP – Wired
Equivalent Privacy – which was easy
to crack
WPA
Wi-Fi
Protected Access
Replacement for WEP
WPA password initiates encryption
Encryption key changes every packet
Much harder to crack than WEP
Does not work in Ad Hoc Mode
Bluetooth
A
wireless standard; short range
Used to connect network appliances,
printers, …
Low Power; max speed – 1Mbps over 30
foot area or less
Operates in the 2.4GHz band and can
interfere with 802.11b
Connects devices point to point
A WLAN with two access points.
Wireless standards.
Multiple access points with overlapping coverage.
OSI Reference Model
Provides
useful way to describe and
think about networking
Breaks networking down into series
of related tasks
Each aspect is conceptualized as a
layer
Each task can be handled
separately
The OSI Communications
Reference Model
OSI
– Open Systems Interconnection
Committee of ISO
Reference adopted in 1978 (took 6 yrs)
Resulted in very little actual product
(software)
Is THE standard for describing
networks; the linqua franca of
networking world wide
Understanding Layers
Layering
helps clarify process of
networking
Groups related tasks &
requirements
OSI model provides theoretical
frame of reference
Clarifies
what networks are
Explains how they work
OSI Reference Model
Structure
Breaks
networked communications
into even layers:
Application
Presentation
Session
Transport
Network
Data
Link
Physical
OSI Reference Model
Structure
Each
layer responsible for different
aspect of data exchange
Each layer puts electronic envelope
around data as it sends it down layers
or removes it as it travels up layers for
delivery
Each layer of OSI model
communicates and interacts with
layers immediately above and below it
OSI Reference Model
Structure
Interface
boundaries separate
layers
Individual layer communicates
only adjacent layers
“Peer layers” describes logical or
virtual communication between
same layer on both sending and
receiving computers
Relationships Among
OSI Layers
Date
OSI Reference Model
Structure
is broken into packets or PDUs as it
moves down stack
PDU
stands for protocol data unit, packet data unit, or
payload data unit
PDU
is self-contained data structure from one
layer to another
At
sending end, each layer adds special formatting or
addressing to PDU
At receiving end, each layer reads packet and strips
off information added by corresponding layer at
sending end
Application Layer
Layer
7 is top layer of OSI reference
model
Provides general network access
Includes set of interfaces for
applications to access variety of
networked services such as:
File
transfer
E-mail message handling
Database query processing
May
also include error recovery
Presentation Layer
Layer
6 handles data formatting and
protocol conversion
Converts outgoing data to generic
networked format
Does data encryption and decryption
Handles character set issues and
graphics commands
May include data compression
Includes redirector software that redirects
service requests across network
Session Layer
Layer
5 opens and closes sessions
Performs data and message exchanges
Monitors session identification and security
Performs
logout
Provides
name lookup and user login and
synchronization services on both
ends
Determines which side transmits data,
when, and for how long
Transmits keep-alive messages to keep
connection open during periods of inactivity
Transport Layer
Layer
4 conveys data from sender to
receiver
Breaks long data payloads into
chunks called segments
Includes error checks
Re-sequences chunks into original
data on receipt
Handles flow control
Network Layer
Layer
3 addresses messages for delivery
Translates logical network address into
physical MAC address
Decides how to route transmissions
Handles packet switching, data routing,
and congestion control
Through fragmentation or segmentation,
breaks data segments from Layer 4 into
smaller data packets
Reassembles data packets on receiving end
Data Link Layer
Layer
2 creates data frames to send to
Layer 1
On receiving side, takes raw data from
Layer 1 and packages into data frames
Data
frame is basic unit for network traffic on
the wire
See next slide for contents of typical data frame
Performs
Cyclic Redundancy Check (CRC)
to verify data integrity
Detects errors and discards frames
containing errors
Data Frame
Physical Layer
Layer
1 converts bits into signals for
outgoing messages and signals into bits
for incoming messages
Manages computer’s interface to medium
Instructs driver software and network
interface to send data across medium
Sets timing and interpretation of signals
across medium
Translates and screens incoming data for
delivery to receiving computer
Actions of Each layer of
OSI Reference Model
OSI in Summary
The
Reference Model breaks the
communication process into seven
distinct and independent layers
Each layer’s functionality is well
defined as is its interface with
surrounding layers and peer layers
Lower layers service upper layers in
sequence
Network interconnection hardware operates at various layers of
the OSI model.